Data Protection Policy and Declaration of Consent regarding the processing of data according to the General Data Protection Regulation (GDPR)
1. Information on the processing of data
accurART Kunstversicherungsmakler (Europe) AG („accurART Europe“) is committed to safeguard your personal data. The processing of your personal data shall always be in accordance with the applicable data protection regulations, especially with the General Data Protection Regulation (GDPR).
This Data Protection Policy applies for the use of our services as Fine Art Insurance Broker and is based on the Broker Letter of Record concluded between you and accurART Europe as well as for all pre-contractual measures. It furthermore applies for the use of our company websites www.accurart-ib.ch, www.accurart-ib.li and www.accurart-ib.com.
Processing data means elicitation, storage, usage and conveyance of personal data. Personal data means any information relating to an identified or identifiable natural person. For example name, address, profession, family status, bank account information, communication data or policy numbers.
“Special categories” of personal data means health data, data related to religion, labour union or party membership, racial or ethnical origin, sex life and sexual orientation or genetic and biometric data. We do not process “special categories” of personal data!
Our services require data processing. The initiation, conclusion and supervision of an insurance contract is not possible without the processing of personal data.
We process personal data exclusively for the purpose of carrying out the Broker Letter of Record and the services preceding the Broker Letter of Record (pre-contractual measures).
The necessity and scope of data processing depend on the Broker Letter of Record.
Your consent also serves to share your information with third parties, such as insurers with whom we collaborate as part of our broker activities.If we commission third parties to process data on the basis of a so-called “contract processing contract”, we do so according to Art. 28 GDPR.
3. Legal basis of processing
Insofar as we obtain the consent of a data subject for the processing of personal data, Article 6 paragraph 1 lit. a GDPR is the legal basis.
If the processing of personal data is required to fulfil a contract of which the data subject is a party, Article 6 (1) lit. b GDPR is the legal basis. This also applies to processing, required to carry out pre-contractual measures.
Insofar as processing of personal data is required to fulfil a legal obligation to which our company is subject, Article 6 (1) lit. c GDPR is the legal basis.
In the event that vital interests of the data subject or any other natural person require the processing of personal data, Article 6 (1) lit. d GDPR is the legal basis.
If processing is necessary to safeguard the legitimate interests of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not prevail over the first interest, then Article 6 (1) lit. f GDPR is the legal basis for processing. The legitimate interest of our company lies in the execution of our business activities.
4. Responsible and Data Protection Officer
Responsible for the processing of your personal data within the meaning of Art. 4 No. 7 GDPR is accurART Kunstversicherungsmakler (Europe) AG, Gewerbeweg 15, 9490 Vaduz, Liechtenstein.
You can reach us by post, by e-mail at email@example.com or by phone +423 230 31 40.
If you wish to object to the collection, processing or use of your data by us in accordance with this Data Protection Policy as a whole or for individual measures, please address your objection directly to the responsible person. You can save or print this Data Protection Policy at any time.
You can reach our Data Protection Officer via email: firstname.lastname@example.org.
5. Co-operation with other bodies in the transmission and reception of data
In the context of requests for quotations, tenders, cover requests, contract conclusions, contract management and processing of claims and losses etc. it may be necessary to transfer your data to other bodies or to receive data from them. This is:
- Insurers and reinsurers
- Cooperating insurance brokers and tipsters
- Technical service providers
- Financial services institutions
- Lawyers, accountants, auditors
- Ombudsmen and Financial Market Authority
- Experts and surveyors/average agents
Your data will only be disclosed to the extent necessary for the purpose of the processing.
You represent your unconditional and express consent to the direct exchange of data between us and you and the third parties listed in this declaration of consent by not contradicting this declaration. In particular, you authorize insurers to transfer data directly to the aforementioned recipient group.
You can withdraw your consent to data processing at any time form-free in whole or in part without giving any reasons for the future. A revocation of consent may result in the Broker letter of Record being unable to be carried out or no longer being able to be carried out properly in accordance with its contractual provisions.
6. Period for which your personal data will be stored
We store your personal data for the duration of our contractual relationship. Thereafter, your personal data will be restricted for further use and will be available for the purposes outlined in Art. 17 and 18 GDPR only.
These purposes include, in particular, the observance of statutory retention periods as well as the assertion, exercise and defence of legal claims, for example, proof of due consultation.
Statutory periods of limitation are up to 30 years, statutory retention periods up to 10 years. Proof of due consultation is stored as long as claims may be asserted.
If your data is no longer needed for the above purposes and all retention periods have expired, it will be routinely blocked or deleted.
7. Rights of the data subject
Information to personal data
We are happy to provide you with information about your personal data stored by accurART Europe. You shall have the right to request information from us at any time as to which personal data we process. In this case, you are entitled to be informed according to Article 15 (1) GDPR. You also have the right to request information about whether your personal data has been transferred to a third country or an international organization. In this connection, you may request information about appropriate guarantees in connection with the data transfer, according to Article 46 GDPR.
Right to rectification and completion
You shall have the right to demand the correction of incorrect or the completion of incomplete personal data stored by us immediately according to Article 16 GDPR.
Right to erasure („right to be forgotten“)
You shall have the right to demand that we delete your personal data immediately. We are required to comply with this request and to delete your personal information, unless we are legally obliged or entitled to further process your data. For details, please refer to Article 17 GDPR.
Right of restriction of processing
You shall have the right to demand from us the restriction of processing, if the legal requirements under Article 18 GDPR are met.
Right to data portability
If you wish, we will provide you with your personal data we processed in a structured, common and machine-readable format.
If, in accordance with Article 19 GDPR, you have claimed your right to rectify delete or limit the processing of your personal data, we are obliged to notify all recipients to whom your personal data has been disclosed about this rectification, deletion or limitation, unless this proves impossible or involves disproportionate effort. You shall have the right to be informed about these recipients.
Right to object
You shall have the right, for reasons that arise from your particular situation, to object against the processing of your personal data, which have been processed pursuant to Article 6 paragraph 1 lit. e or f GDPR at any time. We will no longer process your personal information in this case, unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims.
If we process your personal data in order to operate direct marketing, you have the right to opt out from this processing at any time. If you do so, your personal data will no longer be processed for these purposes.
Right to withdraw your data protection consent
You have the right to withdraw your Declaration of Consent at any time. Your withdrawal does not affect the legality of the processing carried out on the basis of this Data Protection Policy before your revocation.
Automated decision-making, including profiling
We do not use out automated individual decision making or profiling.
8. Right of complaint
You have the right to lodge a complaint with the Data Protection Controller at any time. The supervisory authority responsible for us is:
Data Protection Office:
Städtle 38, 9490 Vaduz, Lichtenstein.
You can reach the Data Protection Office by post, by e-mail at email@example.com or by phone at +423 236 60 90.
9. Corporate Website / Google Analytics
accurART Europe processes personally identifiable information in connection with the use of the Company Website solely to answer your inquiries, to improve our corporate website or to communicate with you. All automatic information that accurART Europe receives and stores will only be evaluated for internal purposes, unless a data disclosure to third parties is compatible with the Data Protection Act.
We do not use Google Analytics, the web analysis service of Google Inc.
Cookies are information transmitted from our web server or third-party web servers to users’ web browsers and stored there for later retrieval. Cookies are small files or other types of information storage. Cookies are used for security purposes or to operate our corporate website (for example, for optimal presentation of the website on different devices) or to save your decision when confirming our cookie banner.
We use “session cookies” which are stored for the duration of the current visit on our website only and partially enable the use of our website in the first place. In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and storage period. Session cookies are deleted when you finish using our website and close the browser at the latest.
If you do not want cookies to be stored on your computer, you can deactivate the corresponding option in the system settings of your browser. Cookies already saved on your computer,may be deleted in the system settings of your browser. Please note that the deactivation of cookies can lead to functional restrictions of our company website.
11. Data security
We make every effort to ensure the security of your data within the framework of applicable data protection laws and technical possibilities.
Your personal data will be transmitted encrypted by us. We use SSL (Secure Socket Layer), but point out that the data transmission in the Internet (for example the communication via e-mail) may have security gaps. A complete protection of data against the access by third parties is not possible.
To safeguard your data, we maintain technical and organizational security measures in accordance with Art. 32 GDPR, which we periodically adapt to the state of the art. The servers we use are regularly backed up carefully.
Vaduz, August 2018