Privacy Notice for Customers of AP Solutions

Privacy Policy AP Solutions GmbH Sp. z o.o. Oddział w Polsce

AP Solutions GmbH Sp. z o.o. Oddział w Polsce (“we”, “us”, “our”), making up Allianz Worldwide Partners SAS group, is a service company providing, among other things, assistance services. This privacy notice explains how and what type of personal data shall be collected and for what purposes and to whom personal data shall be made available/disclosed. Please read the information below carefully.

1. Who is the data controller?

A data controller is an entity which decides on personal data processing and is responsible for retention and use of personal data. AP Solutions GmbH Sp. z o.o. Oddział w Polsce is precisely a data controller.

2. What personal data will be collected?

We shall collect and process various categories of your personal data, the scope of which depends on the subject-matter of the contract or the services provided to you, as per the list below:

  • Surname (including surname at birth), first name(s)
  • PESEL (Personal ID )
  • Address of permanent residence and residence
  • Address of provision of service
  • Date of birth
  • Gender
  • Number, date of issue, expiry date, issuing body and type of identity document
  • Telephone numbers
  • Email address
  • Details of held driving license (category, date of issue, expiry date and document )
  • Details of credit/debit card and bank account
  • Vehicle registration number
  • Vehicle’s VIN number
  • Citizenship
  • Details of pursued business activities
  • Data collected at the time of a service request and indispensable to provide the service, including the details of the device (make and serial number), information on reported defect

 Depending on your contract and scope of service, we shall request solely the data indispensable in a given case.

3. How will we collect and use your personal data?

We shall process personal data provided to us by you or received by us without your involvement as explained and listed below:

Purpose and legal basis for processing Do we need your consent? Legal basis for processing
Conclusion and performance of the contract (e.g. examining advisability of provision of a service, providing the service, settling costs and processing of complaints) No

Article 6(1)(b) of GDPR*

To inform you, or enable AWP Group’s companies and selected third parties to inform you, about the products and services that, in our view, may be of interest to you, in accordance with your preferences in terms of reception of marketing information. You may change these preferences at any time. If you change your decision relating to the aforesaid preferences, including withdrawal of a consent to any of the aforesaid items, please notify us by clicking on the “Unsubscribe” link in each email message containing marketing information or by contacting us in the manner described in Clause 9 below.

Yes

Article 6(1)(a) of GDPR*, Article 6(1)(f) of GDPR* (direct marketing of our products and services constitutes our legitimate interest)

Fulfilling the obligations (e.g. tax, accounting and administrative obligations) arising under legal regulations

No Article 6(1)(c) of GDPR*
To spread risk through reinsurance or co- insurance No

Article 6(1)(f) of GDPR* (reducing insurance risk constitutes our legitimate interest)

To mitigate risk relating to economic sanctions through verification and application of other adequate measures examining whether the client is not subject to any restrictions or whether the contract does not violate any economic sanctions, through regular client audits and, at the stage of provision of the service, through performance of an analysis relating to application of financial sanctions to the client and, as applicable, the beneficiary prior to disbursement of damages or benefit

No Article 6(1)(f) of GDPR* (our legitimate interest is to mitigate the risk of financial and economic sanctions)
To examine client satisfaction No

Article 6(1)(f) of GDPR* (checking quality of services provided by us and the level of satisfaction of our clients constitutes our legitimate interest)

To determine and seek claims as well as to defend against claims. No

Article 6(1)(f) of GDPR* (the possibility to determine and seek claims as well as defend against claims constitutes our legitimate interest)

4. Who will have access to your personal data?

We shall ensure that your personal data are processed in the manner consistent with the purposes stated above.

For the purposes stated above, your personal data may be disclosed to the following third parties being data controllers: public authorities and other AWP Group’s companies.

For the purposes stated above, we may also make your personal data available to the following entities processing data at our request: other AWP Group’s companies, technical consultants, specialists, lawyers, service technicians, physicians and other subcontractors providing services to AWP in order to deliver services (service requests, IT services, postal services, document management, performance of a contract through provision of services to eligible persons) as well as entities and networks providing advertising services to enable them to send you marketing information as permitted under the national laws and regulations while taking into account your preferences in terms of communication. We shall not make your personal data available to unrelated third parties for their own marketing purposes without your consent.

Furthermore, we may share your personal data in the following cases:

  • in the case of scheduled or actual restructuring, merger, sale, joint venture, assignment, disposal or another disposition of our enterprise, assets or inventories in full or in part (also as part of bankruptcy or similar proceedings) or
  • in order to fulfil a duty arising under applicable laws and regulations, also with the competent ombudsman, should you file a complaint relating to a product or service we have sold

5. Where will my personal data be processed?

Your personal data may be processed in the territory of the European Economic Area (EEA) or outside it by the entities listed in Clause 4, subject to contractual restrictions relating to information confidentiality and security, in compliance with the applicable data protection laws and regulations. We shall not make your personal data available to the persons who are not authorized to process them.

Your personal data shall be transferred for the purpose of their processing to another company from AWP Group outside EEA each time in compliance with the approved binding corporate rules (BCR) that assure adequate personal data protection and are legally binding upon all AWP Group’s companies. Where the Group’s BCR do not apply, we shall take appropriate measures to assure adequate protection of your personal data transferred outside EEA at the same level that is assured within EEA. If you are interested in the security measures taken by us when transferring data outside EEA (e.g. standard contractual clauses), please contact us in the manner specified in Clause 9.

6. What are your rights in respect of your personal data?

If permitted under the applicable laws and regulations, you have the right to:

  • access your personal data in our possession and learn about the origin of these data and purposes of their processing as well as the details of the data controller(s), processor(s) and the entities to whom such personal data may be disclosed;
  • withdraw your consent at any time to the extent that your personal data are processed on the basis of a consent;
  • update or rectify your personal data so that they remain accurate at all times;
  • erase your personal data from our records if they are no longer required for the purposes stated above;
  • request restriction of processing of your personal data under certain circumstances, e.g. when you question accuracy of your personal data, over a period that enables us to check their accuracy;
  • obtain your personal data in the electronic format for your own needs or for the needs of a new service provider; and
  • file a complaint against us with the competent data protection authority. The President of the Personal Data Protection Office is such authority in

You may exercise these rights by contacting us in the manner specified in Clause 9 and stating your first name and surname, email address and the subject matter of your request. You may also file a data access request by completing a Data Access Request Form available at https://mondial-assistance.pl/polityka-prywatnosci-AWP-Polska.

7. How can you object to the processing of your personal data?

If permitted under the applicable laws and regulations, you have the right to file an objection to our processing of personal data and to request that we discontinue their processing (also for the purposes of direct marketing). Once we have received such request, we shall discontinue further processing of your personal data unless such processing is permitted under the applicable laws and regulations.

You may exercise the other rights specified in Clause 6 in the same manner.

8. How long do we keep your personal data?

We shall retain your personal data over a period of 6 years from the date of expiry or termination of a contract or the end date of the proceedings concerning provision of a service or examination of your complaint. The six-year period is related to the limitation period for pursuing claims in force in Poland and the need for archiving documents in compliance with the Accounting Act.

We shall not retain your personal data longer than is necessary and we shall retain them solely for the purposes for which we have collected them.

9. How can you contact us?

Should you have any questions relating to the manner in which we use your personal data, you may write to us to:

AP Solutions GmbH Sp. z o.o. Oddział w Polsce
ul. Konstruktorska 12
02-673 Warszawa

We have appointed the Data Protection Officer (DPO), who may be contacted via email or by post at:

Data Protection Officer

AWP P&C S.A. Branch in Poland
ul. Konstruktorska 12
02-673 Warszawa

E-mail: iodopl@mondial-assistance.pl

You may also contact us using the Data Access Request Form available at https://mondial-assistance.pl/polityka-prywatnosci-AWP-Polska.

10. How often do we update this data protection notice?

This privacy notice is reviewed and updated on a regular basis. We shall make sure that its up- to-date version is available on our website https://mondial-assistance.pl/polityka-prywatnosci-AWP-Polska at all times and, furthermore, we shall inform you in person about each important amendment to this privacy notice that may affect you. This privacy notice was most recently updated on 31 March 2023.

*GDPR or Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (OJ L 119, 4.5.2016, p. 1 and OJ L 127, 23.5.2018, p. 2).