I. Name and address of controller
The controller as defined by the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:
Breakwater Insurance Brokers Ltd.
140 Franklin Roosevelt Av.
P.O. Box 50080CY
II. General information on data processing
1. Scope of personal data processing
As a rule, we collect and utilise our users' personal data only if this is required to provide a functional website as well as our content and services. Personal data of our users are regularly gathered and used only on a statutory basis. One exception applies in cases in which there is no apparent statutory basis and processing of the data can only be legitimised by means of consent.
2. Legal basis for processing of personal data
If we obtain consent for processing of personal data from the data subject, point (a) of Article 6 (1) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
In the event of processing of personal data that is required for fulfilment of a contract to which the data subject is party, point (b) of Article 6 (1) GDPR serves as the legal basis. This also applies to processing measures that are required in order to perform pre-contractual actions.
If processing of personal data is required in order to fulfil a legal obligation that is incumbent upon our company, point (c) of Article 6 (1) GDPR serves as the legal basis.
In the event that vital interests of the data subject or of another natural person necessitate the processing of personal data, point (d) of Article 6 (1) GDPR serves as the legal basis.
If processing is required in order to uphold a legitimate interest of our company or of a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interest, point (f) of Article 6 (1) GDPR serves as the legal basis for processing.
3. Erasure of data and period stored
The personal data of the data subject are erased or blocked as soon as the purpose of storage ceases to apply. Storage can additionally be carried out if the European or national legislature has made provisions for this in Union regulations, acts or other rules to which the controller is subject. Blocking or erasure of the data is also carried out if a storage period specified by the aforementioned standards expires, unless it is necessary to continue storing the data in order to conclude or fulfil a contract.
III. Provision of the website and creation of log files
1. Description and scope of data processing
Each time our website is accessed, our system automatically records data and information from the computer system of the accessing computer.
The following data are gathered here:
Information on the browser type and the version used
(1) The user's operating system
(2) The user's IP address
(3) The data and time of access
(4) Websites from which the user's system reaches our website
(5) Websites that are accessed by the user's system via our website
The data are also stored in the log files of our system. These data are not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for temporary storage of the data and log files is point (f) of Article 6 (1) GDPR.
3. Purpose of data processing
Temporary storage of the IP address by the system is necessary in order to enable delivery of the website to the user's computer. To this end, the user's IP address must be stored for the duration of the session.
Storage in log files is carried out in order to ensure that the website works properly. In addition, we use the data to help us optimise the website and to ensure the security of our IT systems. No evaluation of the data for marketing purposes is performed in connection with this.
These purposes also account for our legitimate interest in data processing as per point (f) of Article 6 (1) GDPR.
4. Period saved
The data are erased as soon as they are no longer needed to fulfil the purpose for which they were gathered. In the event of data recording for provision of the website, this is the case when the respective session is ended.
In the event of data storage in log files, this is the case after no more than 365 days.
IP addresses are fully logged for a maximum of 24 hours. Thereafter, anonymisation is performed by erasing the last octet so that it is no longer possible to associate with the accessing client.
5. Option of objection and rectification
Data recording to provide the website and storage of data in log files are absolutely essential to operation of the website. Consequently, there is no possibility of objection on the part of the user.
IV. Rights of the data subject
You have the right:
•pursuant to Article 15 GDPR to request information on your personal data that is processed by us. In particular, you may request information on the purposes of the processing, on the categories of personal data, on the categories of recipients to whom your personal data have been or will be disclosed, on the envisaged period stored, on the existence of the right to request rectification, erasure, restriction of processing or to object, on the existence of the right to lodge a complaint, on the source of your data if they are not collected by us and on the existence of automated decision-making, including profiling and any meaningful information about the particulars thereof;
•pursuant to Article 16 GDPR to request prompt rectification of inaccurate personal data or completion of your personal data that is stored by us;
•pursuant to Article 17 GDPR to request the erasure of your personal data that are stored by us, provided that processing is not required for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
•pursuant to Article 18 GDPR to request the restriction of processing of your personal data, if you contest the accuracy of the data, if the processing is unlawful but you oppose its erasure and we no longer need the data but you require them for the establishment, exercise or defence of legal claims or if you have objected to processing pursuant to Article 21 GDPR;
•pursuant to Article 20 GDPR to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller;
•pursuant to Article 7 (3) GDPR to withdraw the consent you have already granted us at any time. The result of this will be that we are no longer permitted to continue the data processing that was based on this consent in future and
•pursuant to Article 77 GDPR to lodge a complaint with a supervisory authority. To do so, you may generally contact the supervisory authority of your habitual residence or place of work or our company headquarters.
Right to object (to advertising)
Provided that your personal data are processed based on the legitimate interests under point (f) of Article 6 (1) GDPR, you have the right pursuant to Article 21 GDPR to object to the processing of your personal data to the extent that there are grounds for this relating to your particular situation or if the objection is to direct marketing. In the latter case, you have a general right to object that will be enforced by us without specifying a particular situation.
If you would like to assert your right to withdraw or object, it is sufficient to send an email to firstname.lastname@example.org.
Changes to data protection standards
If any change to these data protection standards become necessary in future, you will always be able to find the latest version here.