Privacy Notice

Companjon is an innovative, digitally-enabled Insurtech offering tailored add-on solutions to our business partners and end customers. This Privacy Notice covers different processing activities performed by different Companjon entities (as specified in the "Who is responsible for the processing of your personal data" section(s)). We care about data and data privacy compliance is central to our company ethos. Companjon processes personal data as a matter of course to operate its business, when offering its services and when users visit this website. This Privacy Notice is designed to ensure compliance with the EU General Data Protection Regulation (GDPR) and explains which data is processed for which purposes and what rights you have in relation to the processing of your personal data:

A. I. Data processing on the Companjon website: This section points out how Companjon collects and uses data when you visit this website.

A. II. Data processing in relation to our add-on insurance products: This section covers the processing of data when you use our add-on insurance products or services.

B. Your rights in relation to the processing of your data

C. Amendments of this Privacy Notice

A. I. Data processing on the Companjon website

1. Who is responsible for the processing of your personal data?

Companjon Services DAC, company registration number 659078
Custom House Plaza, Harbourmaster Place, IFSC,
Dublin 1, D01V9V4, Ireland (“Companjon Services”, “we”, “us”) info@companjon.com

is the responsible controller for the processing of your personal data when you visit this website. You can direct any questions on data protection to the data privacy officer of Companjon via email to dpo@companjon.com.

2. What data is collected and processed and for what purposes?

Automatically collected data/ server log files

When you visit our website, we automatically collect the following data which is relevant for system security and data security, in so-called log files of the web server:

- Network information (e.g. IP address, browser version)

- Session details (e.g. time stamps)

These log files are temporarily stored for the purposes of tracking malfunctions and enhancing system security, including detecting and tracing unauthorized access attempts and accesses to our web servers. The log files are deleted/ overwritten unless a suspect case of unlawful access to our web servers has occurred until then.

This data processing is based on our legitimate interest to remove technical malfunctions, guarantee the system security of our website and detect and trace any unauthorised accesses or access attempts (Art. 6(1)(f) GDPR). We also process the data as necessary for compliance with a legal obligation (Art. 6(1)(c) GDPR).

Website analytics

Subject to your consent (Art. 6(1)(a) GDPR), we use Google Analytics to find out more about how our website is used and to identify how we can improve it. Google Analytics is a tool provided by Google LLC,1600 Amphitheatre Parkway in Mountain View, California, United States(“Google”) that helps website owners to understand how their visitors engage with them. Google Analytics may use a set of cookies (see section 8) to collect information and report site usage statistics without personally identifying individual visitors to Google.

For these purposes, Google collects the following data when you visit our website:

- Number of users and sessions
- Peak times of visits
- Session duration
- Operating systems
- Device models
- Geography

Also, subject to your consent (Art. 6(1)a GDPR), we use a LinkedIn Insight tag provided by LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, United States (“LinkedIn”). This tag helps us to find out more about how our website is used and to identify how we can improve it. The LinkedIn Insight Tag is a piece of lightweight JavaScript code that we have added to our websites so we can see how our LinkedIn adverts are performing and track viewers of our adverts on LinkedIn to the visitors to our website.

Where you opt in to allow use of our Performance and Analytics cookies, LinkedIn collects information from our website and reports site usage statistics back to us without personally identifying individual visitors. Apart from setting your browser so that it does to not store cookies, you can use this opt-out link to prevent your data from being used by Google Analytics or by LinkedIn. Google provides additional information on Google Analytics here. LinkedIn provides additional information on its use of the LinkedIn Insight tag here.

Web Forms

Subject to your consent (Art. 6(1)a GDPR), we use the service HubSpot to collect limited information from you via online forms which enables us to provide you with digital content where you have requested this. HubSpot processes the data exclusively at our request.

Please note: If you consent to provide information in this way, personal data may be transferred to service providers in third countries. These third countries may not have an adequate level of data protection equivalent to the protections afforded to you under GDPR.

The data we collect from you is your email address, first name, last name, company name, job title and industry. We use this data to send you the content requested and to market future offers to you where you have consented to this. When we send you marketing information we will always give you the option to opt-out of any future marketing.

Contact

You can contact us via contact section on our website. We process the following data provided by you in the email: name, email address, the category of your request and your message(s). The data is processed to answer your request appropriately (Art. 6(1) b GDPR) and our legitimate interest to manage and answer your enquiry (Art. 6(1)(f) GDPR).

Sharing content on social media

On our website, you will find social media icons to share content of your choice on Facebook, Twitter or LinkedIn. When clicking on the icons, you are directed to these social media networks where different privacy notices apply. We do not use social plugins.

3. For how long do we store your data?

The described data processing is based on the performance of your insurance agreement (Art. 6(1)(b) GDPR).

We store your data as long as necessary for the purposes described in this privacy notice. In particular, we store your data as long as necessary for responding to your contact request and performing your insurance agreement, including handling your claims. In case of statutory retention obligations, e.g. resulting from regulatory, tax or accounting laws applicable for Companjon, longer retention periods securely holding your information may apply. See section 8 for information on how long we store cookies on your device.

4. Is your personal data transferred to third parties?

Whenever your personal data is transmitted to external recipients (companies) that process this data on behalf of Companjon it is contractually ensured that your data is transmitted and processed in compliance with all applicable data protection laws.

The external service providers and processors (e.g. IT service providers, host providers, internet service providers, telecommunications providers, billing service providers, customer support service provider, marketing agencies) used by Companjon may also receive personal data as far as this is necessary to fulfil contractual and legal obligations (Art. 6(1) b), c) GDPR) or covered by the legitimate interest of Companjon (Art. 6(1)(f) GDPR).

We share information to comply with requests of supervisory authorities, regulators, courts, and/ or legal counsels if required to investigate, defend or prosecute a claim.

5. Is your data transferred to a third country outside of the EU or EEA when using our website?

When you use our website, your data is not transferred to any countries outside of the European Union or the European Economic Area, except where it is necessary for our technical service providers to have access to the data stored in the EU (for hosting services, for analysis purposes, for technical support or to check the security of the services). Some of these service providers may be located in a third country outside the EU/ EEA. To ensure an adequate level of data protection, Companjon implements appropriate and adequate technical (e.g. encryption) and contractual measures (definition of access rights on a need-to-know basis, documented instructions by Companjon) in such cases.

6. Do you have an obligation to provide your data?

You do not have any obligation to provide your personal data when you visit our website. However, please note that you may not be able to use certain tools and features of the website if you do not provide your data.

7. Automated decision-making

When visiting our website, you will not be subject to any automated decision-making according to Art. 22 GDPR.

8. Cookies, Pixels

Cookies, pixels, web beacons and similar technology (collectively "cookies" for the purpose of this privacy notice) are small text files that are stored on your computer, mobile device or other device when you visit a website or use an app. Some of these cookies can be recognised by websites when you visit them. Cookies can be set by the owner of the website ("first party cookies") or in some cases by third party services ("third party cookies") the website owner allows to track your preferences or provide other functionality such as analytics.

Some cookies are necessary to ensure the proper functioning of a website while other cookies enable improved experience of a website through statistical analytics and tailored advertising. We use a so-called analysis cookie in relation to website analytics (see above).

You can choose within your browser whether you wish to enable Cookies or not. To manage website Cookies effectively, you will need to refer to specific web browser information to allow, reject, disable or delete Cookies. Generally, the settings portion of the toolbar on most web browsers or the help section of your browser’s website will provide you with information to manage and disable Cookies. If you do not accept all cookies, only the necessary cookies shall remain to ensure the continued and proper functioning of the website. Please be aware that if you disable Cookies it may affect other users if the device is shared.

Below, you can find more information on the cookies used on our website.

Name of cooking

Issued by

Purpose

Storage period

Gatsby-gdpr-google-analytics

Companjon

This cookie documents if you have enabled or disabled the use of the Google Analytics cookies.

6 months


_ga


Google Analytics


Google Analytics is Google’s analytics tool that helps website owners to understand how their visitors engage with them. Google Analytics may use a set of cookies to collect information and report site usage statistics about our website.


2 years


_gid


Google Analytics


According to Google, both cookies are used to distinguish users. For more detailed information, see here.


24 hours


li_fat_id


LinkedIn


Used for tracking visitors to our website from Companjon adverts on LinkedIn. Analytics are reported from LinkedIn back to Companjon and data provided to us is aggregated and anonymised.



30 days



9. Vimeo video player

When we show video content on our website to provide you with information on Companjon and our products and services, we use the Vimeo video player, an application provided by Vimeo, Inc. (https://vimeo.com). Viewing the content embedded on our website does not require the acceptance of third party cookies. When you leave or website to view content on https://vimeo.com, Vimeo's privacy notice applies.

A. II. Data processing in relation to our add-on insurance products

1. Who is responsible for the processing your personal data?

Companjon Insurance DAC, company registration number 669679
Custom House Plaza, Harbourmaster Place, IFSC,
Dublin 1, D01V9V4, Ireland ("Companjon Insurance"), as insurer,

and

Companjon Services DAC, company registration number 659078
Custom House Plaza, Harbourmaster Place, IFSC,
Dublin 1, D01V9V4, Ireland ("Companjon Services"), as agent of the insurance, are responsible controllers for the processing of your personal data.

Companjon Insurance and Companjon Services (together "Companjon", "we", "us") have entered into a joint controller agreement according to Art. 26 GDPR.

You can direct any questions on data protection at the data privacy officer of Companjon via email to dpo@companjon.com.

2. Which data is collected and processed?

During the term of your customer relationship with us, Companjon processes your personal data as follows.

Insurance Data

Companjon processes personal data that is required for the conclusion of insurance policies and collects details of the products and services that are provided to you as well as information that you provide voluntarily (e.g. full name, country of residence, email address, mobile phone number, booking number, booking date (or purchase date), departure date, return date, cancellation date and time, ticket value, number of tickets, currency, one-way or return ticket, bus line, departure station name, arrival station name), collectively "Insurance Data". The Insurance Data may be provided through our Business Partners and processed by Companjon to provide the insurance services.

Note that when you enter into an insurance agreement with us for the benefit of third party individuals as their representative, we may also process personal data of these individuals, and you are required to inform them of the processing of their data in accordance with this privacy notice.

Communication Data

In order to provide the insurance services, Companjon collects and processes communication data about you (email address, content of messages, metadata such as date and time).

Claims Data

Claims Data is information obtained from for the processing and settlement of a reported insurance claim. In particular, this includes information on the incident or event, the amount of the loss, insured benefits, payment arrangements, invoiced premiums, type of insurance benefit.

3. For which purposes and on what legal basis are your data processed?

Companjon will process your personal data only to the extent that an applicable legal provision permits such processing, i.e. in accordance with the provisions of the GDPR and other applicable national legislation.

Data processing for the conclusion and performance of the contract

Companjon processes your personal data in order to be able to process and manage the Services in connection with insurance solutions (Insurance Data, Communication Data, Claims Data), Art. 6(1)(b) GDPR.

Data processing for statistics and data analytics purposes

To provide you with the insurance services, Companjon processes information from the insurance policies you have purchased, any claims you have made, communication with you and the products and services of business partners covered by the insurance policies, in order to provide you with the insurance services and to be able to comprehensively take your preferences into account (data analysis purposes). Companjon will use pseudonymised and aggregated data for this purpose to the fullest extent possible. In any case, Companjon will take your interests into account in an appropriate manner. This processing of your data is based on Companjon’s legitimate interest (Art. 6(1)(f) GDPR).

Data processing for security reasons (including system performance)

Some of your personal data will be processed for security purposes in order to ensure the security of the IT systems used, or to analyse and improve the reliability and performance of the IT systems. In the event of an impairment of the IT systems, it may be necessary to use the data processed by Companjon for legal prosecution (Art. 6(1)(c) GDPR).

Data processing due to statutory law requirements (compliance)

The processing of your personal data may also be necessary to comply with legal obligations of Companjon (Art. 6(1)(c) and f GDPR). Such obligations are, for example, regulation, tax law, accounting and reporting obligations, conducting audits, compliance with governmental audits and other requests from authorities or courts of law.

Personal data provided upon consent

Companjon will process personal data that you voluntarily provide within the scope of a granted consent until you withdraw your consent (Art. 6(1)(a); Art. 7 GDPR). Once you have given your consent to the processing of your personal data, you can withdraw it at any time without giving reasons. The lawfulness of the processing of your data up to the time of revocation remains unaffected.

You can send your withdrawal to the address given in the consent form or to the contact information given under section 1 [https://www.companjon.com/cont...]. Upon receipt of the withdrawal, the performance or features of the Services originally covered by the consent may no longer be available for you.

4. Is your personal data transferred to third parties?

Whenever your personal data is transmitted to external recipients (companies) that process this data on behalf of Companjon it is contractually ensured that your data is transmitted and processed in compliance with all applicable data protection laws.

The external service providers and processors (e.g. insurance distribution partners, IT service providers, internet service providers, telecommunications providers, billing service providers, customer support service provider, marketing agencies) used by Companjon may also receive personal data as far as this is necessary to fulfil contractual and legal obligations (Art. 6(1) b), c) GDPR) or covered by the legitimate interest of Companjon (Art. 6(1)(f) GDPR).

We share information with tax authorities and auditors as required by law (Art. 6(1) c) GDPR) or in our legitimate interest (Art. 6(1)(f) GDPR). We also share information to comply with requests of supervisory authorities, regulators, courts, and/ or legal counsels if required to investigate, defend or prosecute a claim or allegation of non-compliance. In relation to the investigation of suspected fraud or financial crime, we may also share information with law enforcement agencies and other insurance companies.

5. Is your data transferred to a third country outside of the EU or EEA?

Companjon is a pan-European provider of digital add-on insurance solutions and processes your personal data exclusively in member states of the European Union (EU) and the European Economic Area (EEA). Occasionally, it is necessary for our technical service providers to have access to the data stored in the EU (for analysis purposes, for technical support or to check the security of the services). Some of these service providers may be located in a third country outside the EU/ EEA. To ensure an adequate level of data protection, Companjon implements appropriate and adequate technical (e.g. encryption) and contractual measures (definition of access rights on a need-to-know basis, documented instructions by Companjon) in such cases.

6. How long will your data be stored?

Companjon will store your personal data for as long as it is necessary for the purposes for which they were collected, in particular as long as it is necessary for the implementation of the insurance contracts and services, including any legal retention periods and documentation obligations and any relevant statute of limitations. In addition, longer retention of your data may be necessary for the assertion, exercise or defence of legal claims (Art. 17(3)(e) GDPR). Companjon will therefore generally retain your data during ongoing legal proceedings or if such proceedings are imminent.

7. Do you have an obligation to provide your data?

Within the framework of the business relationship it is necessary for you to provide the personal data which is required for the lawful establishment, implementation and termination of insurance contracts and related services. Without such data, Companjon will usually have to refuse to conclude the insurance contract or to execute an instruction or will not be able to continue to service an existing contract and may have to terminate it.

8. Automated decision-making

We use means of automated decision making to manage your insurance policy (including our claims handling processes). Where we do so, we respect the rights, freedoms and legitimate interests of policyholders. In particular, you have the right to challenge such decisions and have them reviewed by our staff.

B. Your rights in relation to the processing of your data

As a data subject, you can assert a number of rights under the GDPR. If you wish to make use of these rights, please contact the Companjon entity named as responsible controller for the processing activity using the contact details specified above.

- Right of access (Art. 15 GDPR): You have the right to ask for access to the data stored about you. This information concerns, among other things, the categories of data processed, the purposes for which the data is processed, the source of the data, if not collected directly from you, and, if applicable, the recipients to whom your data has been transmitted. You can also obtain a copy of your data.

- Right to rectification (Art. 16 GDPR): You can request the rectification of incorrect personal data and the completion of incomplete personal data concerning you.

- Right to erasure (Art. 17 GDPR): Subject to the conditions of Art. 17 GDPR, you can request the deletion of your data. This may be the case, for example, if the data is no longer necessary for the purposes for which it was collected or otherwise processed, if you withdraw your consent, which is the basis for the processing of the data, and there is no other legal basis for the processing, if you object to the processing of your data and there are no overriding legitimate reasons for the processing. If you object to the processing of your data for the purposes of direct marketing or if we have processed the data unlawfully. Companjon may refuse to delete your personal data if the processing of your personal data is necessary to ensure compliance with a legal or regulatory obligation or to assert, exercise or defend legal claims.

- Right to restriction of processing (Art. 18 GDPR): Furthermore, you may have a right to limit the processing of your data, i.e. to tag the personal data stored with the aim of limiting their future processing. One of the conditions specified in Art. 18 GDPR must be met for this purpose.

- Right to withdraw consent (Art. 7(3) GDPR): When you have given consent to a processing of your data, you can withdraw such consent at any time and without giving reasons. This does not affect the lawfulness of processing based on your consent until withdrawal.

- Right to data portability (Art. 20 GDPR): You may also have a right to obtain the data concerning you that you have provided, made available in a structured, common and machine-readable format. You may transfer this data to another responsible party at your discretion. In addition, you can demand that your data will be transferred directly to another controller, insofar as this is technically possible (right to data transferability, Art. 20 GDPR).

- Right to object (Art. 21 GDPR): You may object to the processing of your data at any time for reasons arising from your specific situation, provided that the processing is based on the legitimate interests of Companjon or those of a third party. In this case, Companjon will no longer process your data, unless there are compelling reasons for continued processing which outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR). Your right to withdraw your consent to processing is possible at any time irrespective of this right of objection.

- Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint at the supervisory data protection authority regarding the data processing carried out by Companjon if you believe that it infringes applicable data protection law.

C. Amendment of this Privacy Notice

The Companjon Group may change or update this Privacy Notice from time to time. In the event of updates that substantially change the way your personal data is processed, Companjon will inform you of these changes before applying the modified processing to your data.

Last updated: May 25, 2021