Regulation of the European Parliament and of the Council 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter: GDPR) has been in effect since 25 May 2018. Accordingly, it is a top priority for Unum Życie TUiR S.A to ensure safety and security of personal data pertaining to in-force Customers and Prospects, Employees and Associates.

In that context, Privacy Policy was drafted to consolidate all the principles that guide us in that regard. The Policy contains information about the data collected and the rules governing data processing when using our web portal and application.

Unum Życie TUiR S.A. is not liable for privacy policies adopted by the owners of the websites linked on our websites. It is recommended that, when opening the websites of other entities, the User should read privacy policies relevant for those websites.

Should the Policy require any amendments, due revisions shall be made to the content herein.

ABOUT PERSONAL DATA CONTROLLER

Who is the controller of my personal data?

Unum Życie Towarzystwo Ubezpieczeń i Reasekuracji Spółka Akcyjna, with registered office in Warsaw, Poland: ul. Łucka 9, 00-842 Warszawa (hereinafter: Unum) is the controller of your personal data.

Data Controller can be contacted as follows:

Who is the contact person in all matters relating to personal data protection?

In all matters relating to the processing of personal data, in particular, the exercise of your rights related to the processing of personal data, you may contact a designated Unum Życie Data Protection Officer.

Robert Gromadzki is the Data Protection Officer (DPO). DPO can be contacted as follows:

  • E-mail: iod@unum.pl
  • Contact form, available at: https://www.unum.pl/kontakt/
  • Telephone: +48 800 33 55 33
  • In writing, to the address of Unum Życie office (with RODO [Polish for GDPR] annotation, preferably).

What rights do i have in connection with my personal data?

In connection with your data, you have a number of rights that you can exercise at all times, unless specified otherwise in applicable laws and regulations. Those include, first and foremost, the right to access and consult your personal data, the right to transfer, remove, rectify or restrict the processing of the data, as well as a number of other rights, as specified in the documents linked in this Policy.

When personal data is processed based on a declaration of consent, such consent can be withdrawn by the data subject at all times. Consent withdrawal does not infringe the lawfulness of processing carried out on the basis of the consent prior to its withdrawal.

At all times, data subject has the right to access their personal data and to rectify and delete the data, unless specified otherwise in applicable laws and regulations, as well as the right to restrict processing of the data, e.g. for marketing purposes, and the right to transfer their personal data.

Data subject has the right to file a complaint before the supervisory authority responsible for personal data protection oversight – the President of the Personal Data Protection Office (Polish: PUODO).

The purpose of personal data processing

Unum Życie will process information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Unum Życie will process personal data collected via the following communication channels:

  • Electronic and traditional mailing communication relating to post-issue service and other services. Unum Życie will only process personal data that is material for the case referred to in the mail. Personal data is processed on the legal basis of contract performance (GDPR Article 6, paragraph 1, letter b) and legitimate interest pursued by Unum Życie (GDPR Article 6, paragraph 1, letter f) by way of correspondence relating to Unum Życie economic activity.
  •  Telephone communication relating to post-issue service and other services. Personal data is processed on the legal basis of contract performance (GDPR Article 6, paragraph 1, letter b) and legitimate interest pursued by Unum Życie (GDPR Article 6, paragraph 1, letter f) by way of addressing the case reported.
    Please be informed that telephone calls can be recorded by Unum Życie. Relevant message is provided before the start of telephone interaction.

Data processed in connection with conclusion and execution of insurance contract

Unum Życie will process, primarily, the data presented in insurance applications and other documents related to the conclusion of insurance contract. Consequently, this involves some basic data such as the first and the last name or mailing addresses, but also some sensitive data including, in particular, health data of the life insured.

Personal data is processed on the legal basis of contract conclusion and execution (GDPR Article 6, paragraph 1, letter b). The data is processed in connection with insurance cover, execution of insurance contracts and performance of legal obligations that Unum Życie is required to comply with (including anti-money laundering measures), or our website services.

Detailed information concerning the purpose of and the basis for data processing is laid out in the following documents:

How is the data processed?

The data is processed primarily in connection with insurance underwriting, performance of insurance contracts, responding to queries and requests, payment of benefits and claims, compliance with legal and regulatory requirements (anti-money laundry and prevention of terrorism financing), and development of customized offers.
There will be no automated decision-making or profiling based on personal data.

With whom can personal data be shared?

The data is shared outside Unum Życie only when necessary and when the entity involved is authorized to receive the data. Those entities include, primarily, the reinsurers, public administration bodies and other state authorities, including law enforcement agencies; other insurance companies in connection with combating insurance fraud; and service providers used by Unum Życie, such as providers of medical certification services, IT services, legal services or consulting services.

Is the data transferred outside the European Economic Area?

Personal data may also be transferred to certain subcontractors of IT system providers who are located in countries outside the European Economic Area for which the European Commission did not state an adequate level of personal data protection.

Therefore, the transfer of personal data to these entities takes place on the basis of an appropriate contract, containing standard contractual clauses adopted by the European Commission. You may receive a copy of this agreement – in this case, please contact the Data Protection Officer.

DATA OF WEBSITE USERS

What types of data are processed?

In connection with content and service delivery via Unum Życie websites, the following types of data are processed:

  • System event records,
  • Cookies.

Anonymous use is only possible on generally accessible areas of individual websites and services. For user context functionalities, prior registration and a dedicated login are required.

What are system event records?

Chronological records of events and user actions are collected for the purpose of website and online application administration, including their security and proper operation, and for statistical purposes.

  • The scope of data includes, specifically:
  • IP address of the device from which the query came,
  • Device name,
  • User login,
  • Query arrival time,
  • The first line of HTTP request,
  • HTTP server response code,
  • Number of bytes sent by the server,
  • Address of the link from which the query came,
  • User browser information,
  • Information about errors that occurred during HTTP transaction,
  •  Website user activity.

The logs are collected for the purpose of website administration and accountability for user activity.

What are the cookies and for what purpose are they processed?

Cookies are information sent by the visited sites and saved in a selected folder on User’s device. The website does not have access to other files or data on User’s device.
Specifically, cookies can be used to:

  • Customize the content to User’s needs and preferences,
  • Ensure website safety and security,
  • Make measurements with a view to improving products and services. 

What types of cookies are used?

In terms of duration of cookie storage on User’s browser, two main types of cookies can be defined, as follows:

  • Session cookies, which are active on the User’s device until the User leaves the site or closes the web browser; and
  • Persistent cookies, which stay on the User’s device for a specified time or until deleted manually from the browser.

Unum Życie does not share the data related to cookies with any external entities (including the entities providing external cookies for Unum Życie purposes.)

How to disable cookies?

The default settings for the use of cookies in web browsers can be modified. However, this may lead to website malfunction. Instructions for cookie modifications on the most popular browsers can be found at the following addresses:

SAFETY AND SECURITY OF WEBSITE USE

What are the risks the users are exposed to?

The most serious risks for website Users is related to the following:

  • Malicious software (malware), installed on User’s device in an unauthorized way or without User’s control, in particular, with the purpose to take control over the device and, subsequently, monitor User’s activity, attempt to steal User’s data, impersonate the User for criminal or malicious purposes.
  • Criminal activities undertaken for gain or to harm the User by taking control over User account on the website or getting access to sensitive information.
  • Phishing attempts to trick the User into sharing their authentication data or elicit other unwanted outcomes.

What safeguards are applied to protect personal data transmission?

The forms used to collect personal data from Users involve transmission encryption mechanisms between the browser on User’s device and Unum Życie website. Thanks to this mechanism, the risk of data capture or modification by an unauthorized person is limited.

What data processing security measures are applied by Unum Życie?

Unum Życie applies a number of state-of-the-art security measures that guarantee security when using services and systems. Security is relevant to many areas, but it is particularly important for us to protect personal data shared with Unum Życie and collected via the websites. With the application of appropriate structural and technological solutions throughout data processing cycle, Unum Życie provides high standards of Customer safety and security.

To ensure data integrity and confidentiality, data access is limited to authorized personnel only and restricted to the scope necessary for their respective tasks and duties. The whole range of structural and technological solutions is applied to ensure that all operations on the processed data are registered and handled by authorized personnel.

What can users do to keep their devices safe and secure?

The devices used for website services should be duly secured. Relevant measures include:

  • Regular updating of the operating system and web browser,
  • Using anti-virus software,
  • Having a firewall enabled,
  • Applying measures to prevent unauthrized physical access.

What is some of the best practice when it comes to safety and security?

Considering the risks referred to above, Users should apply best practices for safety and security. In particular, Users should:

  • Refrain from opening attachments from unknown recipients,
  • Install new software from trusted sources only,
  • Use different and complex passwords, and change them regularly,
  • Have limited confidence in public Wi-Fi networks,
  • Not disclose their confidential data, unless absolutely safe,
  • Verify website security certificates,
  • Read carefully the wording of consent declarations required by the websites,
  • Be extra careful when it comes to phishing (impersonating a familiar recipient).

When a user is concerned, what can they do?

When a User feels concerned because they have identified a security issue, incident, or potential breach of security of information administered by Unum Życie, they should promptly report it to the following address: incydent@unum.pl.

Używamy pliki cookie

Używamy plików cookie i innych technologii śledzenia, aby poprawić jakość przeglądania naszej witryny, wyświetlać spersonalizowane treści i reklamy, analizować ruch w naszej witrynie i wiedzieć, skąd pochodzą nasi użytkownicy.