INFORMATION REGARDING THE PROCESSING OF PERSONAL DATA (PROTECTION OF NATURAL PERSONS) REGULATION (EU) 2016/679 WHEN USING YDROGIOS WEBSITE

Ydrogios Insurance Company (Cyprus) Ltd hereby informs every visitor / user of this website (hereinafter referred to as "the Webite") that the processing of personal data of individuals is governed by the relevant provisions of the applicable Cyprus Legislation on Personal Data, as ascribed in the Regulation (EU) no. 2016/679, as well as the relevant decisions, instructions, regulatory acts enacted by Supervisory Authority for the Protection of Personal Data together with the below mentioned conditions.

"Processor" and "Controller" refers only to Ydrogios Insurance Company (Cyprus) Ltd, from Ydrogios House, Medousis Street 2, 6059 Larnaca, tel. 24200826, fax. 24828290, email: [email protected]

"Subject of Data" means any natural person who is directly related to the personal data been processed.

"Data Protection Officer" refers to the person designated by the processor to participate properly and in a timely manner in all matters relating to the protection of personal data, contact details of Ydrogios House, Medousis Street 2, 6059 Larnaca, tel. 24200826, fax 24828290, email [email protected]

Personal Data Collected and Processed on the Web by Ydrogios:

Ydrogios ensures fair, secure and legal collection and processing of personal data through its Website. It shall implement all necessary and appropriate technical and organizational security measures to ensure confidentiality of information contained in the database, with such measures being reviewed at regular intervals and upgraded in line with technological developments.

Personal information is information that directly or indirectly identifies the Subject / User of this Website, such as name, email address, postal address, or telephone.

Keeps a record and processes personal data provided by the Subjects / users of this Website. Personal data are processed only with Subject’s consent and to the extent necessary for the purpose and period required in each case. Moreover, the collection is limited to personal data absolutely necessary for implementing the action or service requested by the Subject (see "Purpose of Processing" below).

Purpose of Processing:

1. Communicate with the Visitor / user, when absolutely necessary such as in case forms available on the Website have been electronically submitted. (such as a complaint form, a positive comment, a communication, a recruitment request, etc.)

2. Selection and evaluation of candidates for recruitment purposes.

3. It may process Subject’s personal data in order to:

• Perform statutory audits as required by regulations and instructions from the supervisory authority.
• Prevent, deter and suppress unlawful activities and operations and / or insurance fraud.
• Upgrade and maintain high quality services.
• Research and statistical analysis of data.
• Under legitimate conditions, to promote its services and products.

The collection and processing of Subjects' personal data is strictly for the purposes stated above and solely to the extent necessary to effectively serve those purposes.

Subjects' personal data is retained only for the time required to accomplish the purposes of collection and processing. They are safely deleted once the processing is completed, unless the legislation in force provides for continued observance for a longer period of time.

Personal Data of Minors

This Website is neither intended nor designed to be used by minors. Ydrogios website has no intention of collecting, processing or knowingly maintaining personal data of minors who may have access to its Website.

However, since is not feasible for Ydrogios to secure/confirm use of the Website by minors who possibly can pass through it their personal data are therefore required and expected to receive the consent of the parents or guardians in advance. Moreover, adults are required to exercise the expected and proper supervision of minors under their care when browsing on the Internet and in particular on this Website.

Data Security

Ydrogios in the course of processing personal data ensures that such processing is conducted in a manner that safeguards their security and privacy. Ydrogios shall take all appropriate organizational and technical measures for data security and protection from accidental leakage, theft or fraudulent destruction, accidental loss, alteration, unauthorized disclosure or access and any other form of unfair treatment.

While every effort is being made to organize and technically protect personal data, Ydrogios cannot guarantee the absolute security of the data transmitted to its site, as the transmission of information over the Internet is not completely secure.

Data Receivers

Ydrogios Insurance Company (Cyprus) Ltd will transmit your personal data solely for the purposes set forth herein, with whom confidentiality agreements are in place for the performance of their duties:

• Authorized employees under its supervision.
• Authorized external partners, natural or legal persons, e.g. doctors, private and/or public hospitals, lawyers, auditors, legal advisers or insurance agents.
• Affiliated companies or contracted or cooperating companies.
• Reinsurance companies and / or reinsurance intermediaries with whom has entered into or is about to conclude reinsurance contracts.

Disclosure Obligation Stemming from Law and/or Regulation

Regardless of the above, disclosure of personal data is mandatory in the following cases:

• In any case, with the written consent of the Subject.
• In case of legal proceedings, between Ydrogios and the Subject or the Supervisory Authority.
• If a court order is issued, where information should be provided to competent bodies and / or the superintendent authorities under the provisions of relevant Laws.
• When information is required for reasons of public interest or to protect the interests of the insurance company under the Laws.
• To avoid misleading the users of the Website or to prevent loss of life or possibility of serious injury
• To use them in a manner enabling proper operation and maintenance of its system’s security, including preventing or stopping an attack on its systems or networks.

Cookies

Cookies are small files stored by your Browser on your computer, tablet, mobile phone, and generally the device you are browsing through our web pages (www.ydrogios.com.cy, www.ydrogiosextranet.com, www.ydrogiosinsurance. info)

Each cookie contains information such as the name of the website from which it generated, its "lifespan" (ie how long it will stay on your device), and a value, usually a number.

In fact, cookies allow websites to store various anonymous information such as visitor's preferences or when visiting the website again.

On our website, cookies are used to improve the operation and functionality of the Website.

In any case, we cannot verify your personal identity from cookies. Cookies are stored only on your own device (computer, tablet, mobile phone), and the Website does not keep any file or database with your personal data

While browsing our Website, third-party organizations and companies may produce their own anonymous cookies to control the functionality of their apps and to personalize them in accordance to your choices.

For example, when you browse www.ydrogios.com.cy and you choose to go to a social or informational network such as Facebook or GoogleMaps, then these services produce their own cookies to remember your connection with them and record your activities.

Due to the nature of cookies, www.ydrogios.com.cy has no control or access to these cookies from third parties, and no other organization can access the data stored in them. These third companies and organizations have their own Cookies and Privacy Policy. For example, for third party Facebook cookies, you will find the User Policy here: http://www.facebook.com/help/cookies

Useful links for cookies

• Google Ad Settings: https://www.google.com/ads/preferences/?hl=en
• Managing advertising agency cookies for the US: http://www.aboutads.info/choices
• Managing advertising agency cookies for the EU: http://www.youronlinechoices.com/uk/your-ad-choices
• All About Cookies - http://www.aboutcookies.org (in English).

Linking to Third Party Sites

Any connection to Ydrogios’ Webite through links, hyperlinks, banners with any other third-party website does not imply that the Website assumes any responsibility for the policy of these websites for protecting and managing personal data.

Subjects should take appropriate measures and care to be informed about the protection and management of their data from the above websites.

Rights of the Subject of Data

• Revoke your consent to process your personal data (it is understood that withdrawal of consent does not affect the legitimacy of the processing based on your consent given prior to revocation)
• Receive a confirmation from the controller that your personal data collected and related to you are being processed, if this is not the case, you also have the right to access and update this data upon your request.
• Request from the Controller to correct any inaccurate data and/or duly complete your personal data.
• Request from the controller to delete or restrict the processing of personal data concerning you without undue delay if they are no longer necessary in relation to the purpose they have been collected or submitted, if you withdraw your consent, if you object to processed, or if there are no longer any imperative and legitimate reasons for processing, if an unlawful processing has been performed, if the data is to be deleted under Law or if you question the accuracy of the data and their limitation until they are verified by the Controller. Subject to the exceptions of Articles 17 (3) and 18 (2) of the Regulation.
• Receive your personal data that you have provided to the controller in a readable electronic form and forward them to another processor without objection from the controller to whom they were provided. Also ask for the direct transmission of personal data from one controller to another, if technically feasible.
• To object to the processing of your personal data, especially for direct marketing purposes, including profile training if this relates to direct marketing.

The above stated rights could be exercised with your written request to the Data Protection Officer via fax: 24 828290 828290 or [email protected] or Ydrogios House, Medousis Street 2, 6059 Larnaca, by registered mail. The DPO is obliged to respond within one (1) month of receipt of your request. This period may be extended by two (2) more months, if necessary, taking into account the complexity of the request and/or the sum of your requests.

Supervisory Authority

If the subject wishes to communicate on any matter related to the protection of personal data, he or she may contact the Commissioner's office.

Office of the Commissioner for Personal Data Protection

Iasonos 1, 1082 Nicosia

P.O. Box 23378, 1682 Nicosia

Tel: +357 22818456

Fax: +357 22304565

Email: [email protected]

Modify and / or update this update

This update may be modified and / or updated from time to time so Subjects must be informed of its content and check for any changes whenever entering the Site of Ydrogios.

• PERSONAL DATA PROTECTION POLICY
• Procedure for Accessing Personal Data
• Personal Data Access Request Form