Who we are
Citadel Insurance p.l.c. and its subsidiary companies (hereinafter referred to as ‘Citadel’, ‘us’, ‘we’, ‘our’, ‘the Company’) is the Controller of the data that you may provide us at any time, including when visiting and using this website, such as where you provide information to acquire a quote and purchase insurance cover.
Information collected about you
You may visit our website www.citadelplc.com without telling us who you are directly and/or revealing any other information about you. However, when visiting our website, we may record your internet protocol address (hereinafter referred to as the ‘IP Address’). If you download information from our website, we may also collect the following information (hereinafter referred to as the ‘Download Data’):
- The date and time you accessed the website;
- The details of the requested web page and/or download;
- Whether your request was successful or not.
Other than the information stipulated above, we will only collect personal data that you voluntarily submit to us, such as where you submit your details to receive a quote, to purchase insurance cover, to send us queries or questions, or to create an account for online services that is available on our website. Therefore, we may collect information falling into the following categories of personal data:
- Basic identifying details;
- Contact details;
- Information about your family and family relationships;
- Professional background;
- Insurance history and insurance needs;
- Information about your lifestyle;
- Financial details;
- Medical information;
- Telephone correspondence, if and when it is recorded;
- CCTV footage, when visiting our branches or head office.
The information that you are requested to provide is necessary to take steps at your request prior to entering into a contract, or for the proper performance of your contract of insurance, or to enable the Company to provide you with the service that you request, depending on the circumstances. Therefore, failure to provide the Company with the requested information might render the Company unable to accede to your requests.
Purposes and Legal Bases for Processing
Any information that you supply to the Company on any form (such as proposal form or claim form) or otherwise, whether in writing or verbally, may be processed for all or any of the following purposes:
On the basis that processing is necessary to perform the contract of insurance or to take steps at your request prior to entering into a contract, the Company may process your data to assess risk; underwrite and issue present and future contracts of insurance; collect premiums and submit other bills; assess, defend and/or settle any claims or benefits made under your policy, also through the processing of additional information; assess and respond to your queries; and transfer data to and receive data from other insurance and reinsurance companies to underwrite your contract of insurance.
On the basis that processing is necessary to comply with its legal obligations, the Company may process your data to assess, handle and/or settle any third party claims; store accounting records for tax purposes and disclose relative data to tax authorities if called upon to do so; carry out due diligence, where necessary; and prevent, detect, suppress and/or report insurance fraud or any other criminal activity as is required by law.
On the basis that processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party, the Company may process your data to establish, exercise and/or defend legal action brought by you, an insured or a third party against the Company; carry out research (and compile statistics) for the internal management of resources, for performing actuarial science, and for the development and improvement of the Company’s products and services; and take steps to safeguard the integrity of your data, and to protect the Company’s data systems.
If you provided your consent on the proposal form (or subsequently) the Company may use your data to inform you by direct marketing about the Company’s range of products and services including those of our affiliated companies, associates, agents and intermediaries or other carefully selected organisations.
Recipients and Sources of Data
The personal data that you submit through this website will be received by the host of the website and transmitted to the Company.
Such data may then be disclosed or shared by the Company, only as is strictly necessary in line with the purposes outlined above, with the Company’s employees, subsidiaries, associates, intermediaries, joint controllers, the Company’s external actuaries, consultants, legal advisors, auditors, risk assessors, loss adjusters and surveyors, repairers, healthcare and other medical institutions and professionals, banks, credit referencing agencies, risk intelligence agencies, the Malta Insurance Association and other insurance and reinsurance companies, other professionals, and public, legal and/or judicial authorities. The Company may also disclose your data to third parties if it is called upon to do so by a competent authority, or by a Court or tribunal, only to the extent required and allowed by law.
The Company makes every effort to store personal data only for as long as it is necessary for the purposes outlined above. If the Company does not provide you a quote on your proposal, or provides you a quote which you do not accept, the Company will store the data provided by you for fives (5) years. In line with industry practice and following termination of your policy (if any), the Company erases, destroys, or makes anonymous all data howsoever received after taking into consideration whether:
- There are any ongoing insurance claims, or any potential for such claims;
- There are any disputes, both in relation to third parties and in relation to the Company, whether in Court, at arbitration, or otherwise, or any potential for disputes, including without limitation, those relating to the contract of insurance;
- The Company has any further obligations towards other insurance companies, its reinsurers, its intermediaries, the Malta Insurance Association, its service providers, and/or any third parties;
- The Company has extinguished its legal obligations towards you, its service providers and/or any third parties;
- The Company has any further legal obligations arising out of, among others, tax law, law relating to money laundering, and the MFSA rules and regulations for the insurance industry.
You have the right to:
- Acquire access to your data, including confirmation from the controller as to whether data about you is being processed and to receive further information about that processing;
- Amend inaccurate personal data;
- Request the erasure of data processed about you, on the basis of certain grounds, such as where the data is no longer necessary for the purposes for which it was collected or where consent for processing that requires consent has been withdrawn, among other grounds;
- Request the data controller to restrict its processing activities on your data, on the basis of certain grounds, such as where the accuracy of the data is contested;
- Receive the personal data provided by you in a structured, commonly used and machine-readable format or to request that such data is transferred in such format to another data controller;
- Withdraw your consent to processing that is based on your consent, such as direct marketing;
- File a complaint with us and/or with the competent data protection supervisory authority (i.e. the Office of the Information and Data Protection Commissioner by clicking here);
- Object to processing that is carried out for the legitimate interests of the controller, by reference to your specific situation. You may, at all times, object to direct marketing.
Should you wish to exercise any of your rights, you may do so by sending us an email on firstname.lastname@example.org or by contacting our Data Protection Officer directly.
It is important to note that, in certain circumstances, you may not be able to exercise your rights as stipulated above or you may be able to exercise such rights but only in a limited manner, as dictated by law, such as where such right requests may prejudice the rights and freedoms of third parties.
The Company engages in insurance industry standard profiling, wherein the assessment of risk is made partially by automated means. However, all final decisions which produce any legal effects on data subjects, including without limitation, the decision on whether to underwrite a risk and issue a contract of insurance, are taken with human intervention.
Our website makes use of "cookies", which are pieces of information that a website transfers to your computer’s system for record keeping purposes.
Most web browsers are initially set to accept cookies. However, you can set your browser to block all or certain cookies or to notify you when they are sent.
We undertake to implement appropriate measures and safeguards for the purpose of protecting the confidentiality, integrity and availability of all data processed. All our employees and data processors, who have access to and are associated with the processing of personal data, are further obliged to respect the confidentiality of our clients’ and visitors' personal data.
Links to other websites
In Case of Queries
In the event that you require any further information or seek clarifications with respect to how we process your data, do not hesitate to contact us. The Company also has a Data Protection Officer. If you wish to address him directly, you may do so by:
Telephone: (+356) 2759 5000 (ext: 601)
Post: Citadel Insurance DPO, 170, Pater House, Psaila Street, Birkirkara, BKR 9077, Malta.