Jesteś tutaj: Strona główna | Privacy Notice for Customers of AP Solutions

Privacy Notice for Customers of AP Solutions

Information on the processing of personal data of Clients by AP Solutions GmbH sp. z o.o. Branch in Poland (GDPR information clause)

The protection of your personal data is important to us. Below you will find information on how your personal data is processed and your rights under data protection laws.

This information clause may be updated from time to time. Therefore, we ask you to read its content regularly. The last row indicates the date this clause was last updated.

1. Who is the Data Controller? (is responsible for your personal data)

AP Solutions GmbH sp. z o.o. Branch in Poland with its registered office at 12 Konstruktorska Street, 02-673 Warsaw (hereinafter also referred to as: "APS" or "Administrator")

You can contact us by letter at the address above. We have appointed a Data Protection Officer who can be contacted by email or letter at the following addresses:

Data Protection Officer

AP Solutions GmbH sp. z o.o. Branch in Poland

Konstruktorska 12, 02-673 Warsaw,
e-mail: iodopl@mondial-assistance.pl

2. List of personal data processing activities in which we act as the Data Controller

Purposes of processing Legal basis
Conclusion and performance of an agreement concluded by the Administrator or provision of assistance services on the basis of an agreement concluded by the Administrator with a third party – including, in particular, verification of the legitimacy of the provision of the service, organization and performance of the service and settlement of costs.

Article 6(1)(b) GDPR*, if the data processing is necessary for the conclusion and performance of a contract concluded directly with you or to take action at your request prior to its conclusion

Article 6(1)(f) of the GDPR – if the data processing is necessary for the implementation of the legitimate interest of APS, consisting in the performance of a contract concluded with a third party, on the basis of which APS is obliged to provide assistance services to authorized persons (including you), in particular to receive and handle the report and to organize and perform assistance services.
Implementation of marketing of APS's own products and services

Article 6(1)(f) of the GDPR, i.e. our legitimate interest consisting in the right to direct commercial information to you, including direct marketing to the extent resulting from the so-called marketing consent expressed by you in accordance with Article 398 of the Electronic Communications Law.

If you wish to withdraw your marketing consent, you may contact us at the address indicated in point 1 of this clause.
Fulfilment of legal obligations incumbent on APS, in particular tax, accounting and administrative obligations

Article 6(1)(c) of the GDPR, i.e. the performance of legal obligations incumbent on the Administrator resulting from the provisions of law, in particular the provisions of tax law and the Accounting Act.
Verification of the customer's presence on sanction lists  Article 6(1)(c) of the GDPR, i.e. the fulfilment of legal obligations incumbent on the Controller resulting from the provisions of law.
Customer satisfaction survey Article 6(1)(f) of the GDPR, i.e. our legitimate interest in examining the quality of the services we provide and the level of customer satisfaction with these services. The survey is carried out to the extent resulting from the so-called marketing consent expressed by you in accordance with Article 398 of the Electronic Communications Law.
Handling of complaints, requests and complaints Article 6(1)(f) of the GDPR, i.e. our legitimate interest in handling complaints, notifications and improving the quality of services.
Determination, investigation and defence of claims Article 6(1)(f) of the GDPR, i.e. our legitimate interest in being able to establish, pursue and defend against possible claims.

Ensuring high quality customer service and training of call center operators, as well as evidentiary purposes (the ability to demonstrate the findings made) – for these purposes, we will record and monitor conversations with the customer

 Article 6(1)(f) of the GDPR, i.e. our legitimate interest in ensuring high standards of customer service, training of call centre operators and the ability to demonstrate the arrangements made during the telephone conversation.

3. Categories of data recipients

In connection with the implementation of the indicated purposes, your personal data may be disclosed to the following entities, which act as separate controllers:

  • public authorities, other entities from the Allianz group, subcontractors, i.e. entities providing repair services or medical services.

In connection with the implementation of the indicated purposes, we may also transfer your personal data to the following entities that act as processors on our instructions:

  • other entities from the Allianz group, technical consultants, experts, lawyers, other subcontractors providing services to the Administrator in order to carry out activities (applications, IT services, postal services, document management, performance of a contract by providing services to an authorized person) or
  • Advertising services entities and networks – to send you marketing information, to the extent permitted by applicable law and in accordance with your communication preferences. We do not pass on your data to unaffiliated third parties for their own marketing purposes without your consent.

In addition, we may transfer your personal data in the following cases:

  • in the event of a planned or actual reorganization, merger, sale, joint venture, assignment, disposal or other disposition of all or a portion of our business, assets or stock (including in bankruptcy or similar proceedings), or
  • to comply with legal obligations, including transferring data to a competent authority if you make a complaint about a product or service we have provided to you.

4. Where is your personal data processed?

Your personal data may be processed both within and outside the European Economic Area (EEA), always subject to contractual confidentiality and security restrictions, in accordance with applicable data protection laws.

Where we transfer your personal data for processing outside the EEA to another entity in the Allianz group, this is done on the basis of Allianz-approved Binding Corporate Rules, known as the Allianz Privacy Standard (Allianz'BCR), which ensure an adequate level of protection of personal data and are legally binding on all companies in the Allianz group. The content of Allianz BCE can be consulted at Binding Corporate Rules (allianz-partners.com)

If the Allianz BCR does not apply in a particular case, we will take other appropriate measures to ensure that the transfer of your personal data outside the EEA takes place with a level of protection equivalent to that applicable in the EEA.

Information about the safeguards applied in connection with such a transfer of data (e.g. standard contractual clauses) can be obtained by contacting us as indicated in section 1 of this clause.

5. Data retention period

We will retain your personal data for as long as it is necessary to fulfil the above-mentioned purposes, set out in clause 2 of this clause, in particular, we will:

  1. for the purpose of concluding and performing the contract, in particular the provision of assistance services – until the date of termination or expiry of the agreement;
  2. for marketing purposes – no longer than until the Administrator's legitimate interest ceases, and in particular no longer than until the consent granted on the basis of the provisions of the Electronic Communication Act is withdrawn, an effective objection to the processing of personal data is lodged or the purpose of processing ceases to exist – whichever occurs first;
  3. in order to fulfil the legal obligations incumbent on the Administrator, in particular tax, accounting and administrative obligations – for periods resulting from the applicable provisions of law, including the provisions specifying the deadlines for storing accounting documentation;
  4. for the purpose of verification on the sanctions lists – for the period resulting from the provisions of law imposing obligations on the Administrator in this regard;
  5. for the purpose of customer satisfaction surveys – no longer than until the Administrator's legitimate interest ceases, and in particular no longer than until the consent granted on the basis of the provisions of the Electronic Communications Act is withdrawn, an effective objection to the processing of personal data is lodged or the purpose of processing ceases to exist – whichever occurs first;
  6. for the purpose of considering complaints, complaints and applications – until the date of completion of the complaint, complaint or application procedure;
  7. in order to ensure high quality customer service, including for training purposes - no longer than until the Administrator's legitimate interest ceases to exist.

After the completion of the above purposes, we may store your personal data for a period corresponding to the limitation period for any claims, only to the extent necessary to establish, pursue or defend against claims and ensure accountability – i.e. the possibility of demonstrating that we process your data in accordance with the provisions of the GDPR.

This period may be extended in the event of interruption of the limitation period or the initiation of proceedings before the competent authority or court – until its final conclusion. For more information, please contact us.

6. What rights do you have?

To the extent permitted by applicable law or regulation, you have the right to:

  • access to your personal data that we hold and learn about the origin of this data, the purposes of their processing, as well as information about the data controller(s), the processor(s) and the entities to whom they may be disclosed;
  • withdraw your consent at any time if your personal data is processed on the basis of consent;
  • update or correct your personal data so that it is always correct;
  • delete your personal data from our records if it is no longer needed for the purposes indicated above;
  • request the restriction of the processing of your personal data in certain circumstances, e.g. when you contest the accuracy of your personal data, for a period of time that allows us to verify its accuracy;
  • obtain your personal data in electronic format for your own needs or that of a new insurer;
  • submit a complaint or complaint to the relevant data protection authority with us. In Poland, this authority is the President of the Office for Personal Data Protection.

In addition, in the scope of automated decision-making, you have the right to contest it, obtain a justification for it, to present your position to us or to request that our employee analyze your situation and make a decision.

You can exercise these rights by contacting us in accordance with the detailed information provided in clause 1 of this clause, providing your name, e-mail address and the subject of your request.

7. Objection to data processing

To the extent permitted by applicable law or regulation, you have the right to object to our processing of your personal data or to request that we stop processing it (including for direct marketing purposes). You may exercise this right in the same way as the other rights set out in clause 6 of this clause.

8. Security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or total loss, destruction or unauthorized access by third parties. Our security measures are constantly being improved in line with technological developments.

9. Data Acquisition Sources

As a rule, we obtain personal data directly from you, in particular in connection with reporting the need to use the assistance service.

In addition, your personal data may be obtained from a third party with whom the Administrator has concluded an agreement for the provision of assistance services to its customers (including you), to the extent necessary to provide the assistance service.

The Administrator receives from this entity in particular the following categories of personal data: name and surname, contact details, identification data and data necessary to accept the application and provide the assistance service.

10. Information on automated decision-making, including profiling

The Administrator does not use your data for automated decision-making, including profiling.

11. Obligation to provide data

Providing personal data is voluntary, but necessary in order to enable the conclusion and performance of the contract.

This Information Clause is regularly reviewed and updated. We will ensure that the current version of our website is https://www.mondial-assistance.pl/polityka-prywatnosci-awp-polska-eng always available, and we will inform you personally of any important changes that may affect you.
This Clause was last updated on 08.04.2026.

* Whenever we use the term "GDPR" in this clause, we mean Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (Journal of Laws of the Republic of Poland). OJ L 119, 04.05.2016, p. 1 and OJ L 119, p. OJ L 127, 23.05.2018, p. 2)