This Personal Data Protection Policy (hereinafter referred to as the “Policy”) establishes the rules for the processing of personal data by LLC “Insurance Broker BNC Group” (ID No. 405766087, legal address: 21 Konstantine Kapaneli Street, Vake District, Tbilisi; hereinafter referred to as the “Company”), including the standards for their collection, storage, use, provision to third parties, and protection.
The Company, as a Data Controller defined by the Georgian Law “On Personal Data Protection”, acts in accordance with this law and other applicable sub-legislative normative acts. It is of utmost importance for us to ensure the confidentiality and security of the personal data of data subjects (natural persons), including customers, employees, and partners.
- Principles of Data Processing
The Company adheres to the following fundamental principles of personal data processing:
1. Lawfulness and Fairness: Data processing is conducted in a lawful, transparent, and fair manner.
1.2. Clear Purpose: Data are processed only for clearly defined, legitimate, and legally permissible purposes.
1.3. Proportionality: We process only the data that is necessary and sufficient to achieve the stated purpose.
1.4. Accuracy: We ensure the accuracy and, if necessary, the updating of data.
1.5. Retention Period: Data are stored only for the period necessary for the purpose of processing.
1.6. Security: We take the necessary organizational and technical measures to protect the data. - Data Collection and Processing Purposes
The Company collects and processes personal data for the following legitimate purposes and legal grounds:
1. Performance of a contract (Article 5, sub-point ‘b’ of the Law): To provide you with products/services and to fulfill the obligations under the contract. This includes the issuance, collection, and administration of insurance policies.
2.2. Legal Obligation (Article 5, sub-point ‘c’ of the Law): To comply with the requirements of Georgian legislation, including tax, accounting, and financial monitoring (AML) laws.
2.3. Legitimate Interest (Article 5, sub-point ‘e’ of the Law): To protect our legitimate interests, such as fraud prevention, ensuring security, and improving services.
2.4. Direct marketing communications (Article 12 of the Law): In order to offer our insurance products and services, the Company processes your contact information (e-mail, telephone number) in accordance with the requirements of Article 12 of the Law. This activity is carried out only if you have previously, in writing or electronically, expressed your consent to receive such communications. You can easily refuse direct marketing messages at any time; for this, please see Article 5 of this Policy.
2.5. Consent (Article 5, sub-point ‘a’ of the Law): Based on your clear, informed, and free consent, if data processing is not permitted on another legal basis.
Types of Data Collected:
2.6. Identification Data: Name, surname, personal number, date of birth, residential address, contact information (phone, email).
2.7. Financial Data: Bank details, information related to payments.
2.8. Special Category Data (Health Data): Only if this is necessary for the conclusion and provision of health and life insurance contracts. The basis for processing this data is the special norms provided for in Article 6 of the Law. - Data Retention Period
The Company retains personal data only for the period necessary to achieve the purpose for which they were collected. The data retention period is determined by the following rules:
1. Data necessary for the performance of a contract are retained for the duration of the contract and for the period established by law after its termination (e.g., periods provided for by tax and accounting legislation).
3.2. Data processed for marketing purposes are retained until the data subject opts out. - Data Disclosure to Third Parties
The Company protects the confidentiality of data and does not disclose your personal data to third parties without your consent, except for cases provided for by law or circumstances provided for in this Policy.
We may disclose or transfer your personal data to the following third parties:
1. Insurance Companies: For the purpose of providing insurance services to you, based on your consent and/or for the performance of the contract to which you are a party, your data will be transferred to the relevant insurance company/companies. This includes data necessary to conclude, implement, or settle claims related to an insurance policy.
4.2. Service Providers: Third parties who provide us with services to support our operations (e.g., IT services, audit services, consulting services). In this case, we ensure that these providers act in accordance with our instructions and maintain the confidentiality of the data. A data processing agreement will be concluded with them.
4.3. Government Agencies and Regulators: In cases provided for by law, based on a court decision, enforcement order, or a request from a state body. - Data Subject’s Rights
As a data subject, you have the following rights in accordance with the Georgian Law “On Personal Data Protection”:
1. Right to Information (Access): The right to receive information about the processing of your data.
5.2. Right to Rectification, Updating, Addition, Blocking, and Deletion of Data: The right to request the correction or deletion of inaccurate, incomplete, outdated, or unlawfully processed data.
5.3. Right to Request Cessation of Processing and/or Deletion of Data: The right to request the cessation of processing and/or deletion of data if there is no longer a legal basis for processing.
5.4. Right to Withdraw Consent: If data processing is based on your consent, you have the right to withdraw that consent at any time.
5.5. Right to Object: The right to object to the processing of your data if the processing is carried out on the basis of legitimate interests, especially for direct marketing purposes.
5.6. Right to Data Portability: The right to receive your data in a structured, commonly used, and machine-readable format, or to request their direct transfer to another controller.
5.7. Right to Lodge a Complaint: The right to file a complaint with the Personal Data Protection Service if you believe your rights are being violated.
To exercise your rights, please contact us using the contact information provided at the end of this Policy. - Data Security
The Company takes all necessary organizational and technical measures to ensure the security of personal data to protect it from unlawful or accidental destruction, modification, disclosure, unauthorized access, and any other unlawful form of processing.
Security measures include, but are not limited to: internal data protection policies, regular employee training, access control, delegation of authority, data encryption, antivirus programs, and the creation of backup copies. - Amendments to the Policy
The Company reserves the right to amend or update this Policy at any time. The changes come into effect upon their publication on the website. In the case of significant changes, data subjects will be notified through additional means of communication. - Contact Information
If you have questions regarding this Policy or wish to exercise your rights, please contact us:
1. Company Name: LLC “Insurance Broker BNC Group”
8.2. Legal Address: 21 Konstantine Kapaneli Street, Vake District, Tbilisi
8.3. Email: info@bnc.ge
8.4. Phone: 032 205 31 83
Consent to Personal Data Processing
By agreeing to this Policy, you confirm that you have read the Personal Data Protection Policy of LLC “Insurance Broker BNC Group” and fully agree to the rules and conditions for processing your personal data. You consent to the processing of your data for the purposes stated in the Policy, including for the provision of insurance services and for receiving direct marketing communications, except in cases where you opt out of receiving such communications.