Privacy Notice

Companjon is an innovative, digitally-enabled insurtech which has been established to offer embedded insurance solutions to our business partners and end customers. We care about data and data privacy compliance is central to our company ethos. Companjon processes personal data as a matter of course to operate its business, when offering its services and when users visit this website. This Privacy Notice is designed to ensure compliance with the EU General Data Protection Regulation (GDPR) and UK Data Protection Act (where applicable) and explains which data is processed for which purposes and what rights you have in relation to the processing of your personal data:

A. I. Data processing on the Companjon website: This section points out how Companjon collects and uses data when you visit this website.

A. II. Data processing in relation to our embedded insurance solutions: This section covers the processing of data when you use our add-on insurance solutions or services.

B. Your rights in relation to the processing of your data

C. Changes to this Privacy Notice

A. I. Data processing on the Companjon website

1. Who is responsible for the processing of your personal data?

Companjon Services DAC, company registration number 659078

Custom House Plaza, Harbourmaster Place, IFSC, Dublin 1, D01V9V4 (“Companjon Services”, “we”, “us”)

Contact: info@companjon.com

is the responsible controller for the processing of your personal data when you visit this website. You can direct any questions on data protection to the data privacy officer of Companjon via email to dpo@companjon.com.

2. What data is collected and processed and for what purposes?

Automatically collected data/ server log files

When you visit our website, we automatically collect the following data which is relevant for system security and data security, in so-called log files of the web server:

  • Network information (e.g. IP address, browser version)
  • Session details (e.g. time stamps)

These log files are temporarily stored for the purposes of tracking malfunctions and enhancing system security, including detecting and tracing unauthorized access attempts and accesses to our web servers. The log files are deleted/overwritten unless a suspect case of unlawful access to our web servers has occurred.

This data processing is based on our legitimate interest to remove technical malfunctions, guarantee the system security of our website and detect and trace any unauthorised accesses or access attempts (Art. 6(1)f GDPR). We also process the data as necessary for compliance with a legal obligation (Art. 6(1)c GDPR).

Website analytics

Subject to your consent (Art. 6(1)a GDPR), we use Google Analytics to find out more about how our website is used and to identify how we can improve it. Google Analytics is a tool provided by Google LLC,1600 Amphitheatre Parkway in Mountain View, California, United States(“Google”) that helps website owners to understand how their visitors engage with them. Google Analytics may use a set of cookies (see section 8) to collect information and report site usage statistics without personally identifying individual visitors to Google.

For these purposes, Google collects the following data when you visit our website:

  • Number of users and sessions
  • Peak times of visits
  • Session duration
  • Operating systems
  • Device models
  • Geography

Also, subject to your consent (Art. 6(1)a GDPR), we use a LinkedIn Insight tag provided by LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085, United States (“LinkedIn”). This tag helps us to find out more about how our website is used and to identify how we can improve it. The LinkedIn Insight Tag is a piece of lightweight JavaScript code that we have added to our websites so we can see how our LinkedIn adverts are performing and track viewers of our adverts on LinkedIn to the visitors to our website.

Where you opt in to allow use of our Performance and Analytics cookies, LinkedIn collects information from our website and reports site usage statistics back to us without personally identifying individual visitors.

Apart from setting your browser so that it does to not store cookies, you can use this opt-out link to prevent your data from being used by Google Analytics or by LinkedIn. Google provides additional information on Google Analytics here. LinkedIn provides additional information on its use of the LinkedIn Insight tag here.

Web Forms

We use the service of HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA ("HubSpot")to collect limited information from you via online forms which enables us to provide you with digital content where you have requested this. HubSpot processes the data exclusively at our request. It is also in our legitimate interest to be aware of who our digital content reaches to (Art. 6(1)f GDPR).

Please note: If you consent to provide information in this way, personal data may be transferred to service providers in third countries. These third countries may not have an adequate level of data protection equivalent to the protections afforded to you under GDPR.

The data we collect from you is your email address, last name, first name, company name, job title. We use this data to send you the content requested and to market future offers to you where you have consented to this. When we send you marketing information we will always give you the option to opt-out of any future marketing.

Contact

You can contact us via the contact section on our website. We process the following data provided by you in the email: name, email address, the category of your request and your message(s). The data is processed to answer your request appropriately (Art. 6(1)b GDPR) and it is in our legitimate interest to manage and answer your enquiry (Art. 6(1)f GDPR).

Sharing content on social media

On our website, you will find social media icons to share content of your choice on Facebook, Twitter or LinkedIn. When clicking on the icons, you are directed to these social media networks where different privacy notices apply.

For how long do we store your data?

We store your data for as long as necessary for the purposes described in this privacy notice and according to the legal basis for processing your information. See Section 8 for information on how long we store cookies on your device.

3. Is your personal data transferred to third parties?

Whenever your personal data is transmitted to external recipients (service providers) that process the data on behalf of Companjon it is contractually ensured that your data is transmitted and processed in compliance with all applicable data protection laws.

The external service providers and processors (e.g. IT service providers, host providers, internet service providers, telecommunications providers, billing service providers, customer support service provider, marketing agencies) used by Companjon may also receive personal data as far as this is necessary to fulfil contractual and legal obligations (Art. 6(1)b,c GDPR) or covered by the legitimate interest of Companjon (Art. 6(1)f GDPR).

We share information to comply with requests of supervisory authorities, regulators, courts, and/or legal counsels if required to investigate, defend or prosecute a claim or investigation of potential fraudulent or criminal behaviour.

4. Is your data transferred to a third country outside of the EU or EEA when using our website?

When you use our website, your data is not transferred to any countries outside of the European Union or the European Economic Area, except where it is necessary for our technical service providers to have access to the data stored in the EU (for hosting services, for analysis purposes, for technical support or to check the security of the services). Some of these service providers may be located in a third country outside the EU/EEA. To ensure an adequate level of data protection, Companjon implements appropriate and adequate technical (e.g. encryption) and contractual measures (definition of access rights on a need-to-know basis, documented instructions by Companjon) in such cases. Such processing is also performed in compliance with the European Data Protection Board’s Recommendations on Supplementary Measures (01/2020).

If you give your explicit consent for us to process your personal information for marketing purposes, this data may be processed outside of the EU / EEA.

5. Do you have an obligation to provide your data?

You do not have any obligation to provide your personal data when you visit our website. However, please note that you may not be able to use certain tools and features of the website if you do not provide your data.

6. Automated decision-making

When visiting our website, you will not be subject to any automated decision-making according to Art. 22 GDPR.

7. Cookies, Pixels and related technologies

Cookies, pixels, web beacons and similar technology (collectively "cookies" for the purpose of this privacy notice) are small text files that are stored on your computer, mobile device or other device when you visit a website or use an app. Some of these cookies can be recognised by websites when you visit them. Cookies can be set by the owner of the website ("first party cookies") or in some cases by third party services ("third party cookies") the website owner allows to track your preferences or provide other functionality such as analytics.

Some cookies are necessary to ensure the proper functioning of a website while other cookies enable improved experience of a website through statistical analytics and tailored advertising. We use some analysis cookies in relation to website analytics (see above). When you visit our website you will be asked to confirm your cookie preferences though our cookie consent management centre.

You can also choose within your browser whether you wish to accept cookies which are not strictly necessary or not. To manage website cookies effectively, you will need to refer to specific web browser information to allow, reject, disable or delete cookies. Generally, the settings portion of the toolbar on most web browsers or the help section of your browser’s website will provide you with information to manage and disable cookies. If you do not accept all cookies, only the necessary cookies shall remain to ensure the continued and proper functioning of the website. Please be aware that if you disable cookies it may affect other users if the device is shared.

You can find more information on the cookies used on our website in our separate Cookies Policy.

8. Youtube video player

When we show video content on our website to provide you with information on Companjon and our products and services, we use the Youtube video player, an application provided by Youtube LLC, 901 Cherry Ave.

San Bruno, CA 94066. Viewing the content embedded on our website requires the acceptance of functional cookies. When you leave our website to view content on https://www.youtube.com/, Youtube’s privacy notice applies.

A. II. Data processing in relation to our embedded insurance products

1. Who is responsible for the processing your personal data?

Companjon Services DAC is responsible for and acts as a data controller of personal data of our EEA customers.

The official registration details are as follows:

Companjon Services DAC, company registration number 659078, Custom House Plaza, Harbourmaster Place, IFSC,Dublin 1, D01V9V4, Ireland. Companjon Services DAC, trading as Companjon, is authorised by the Central Bank of Ireland as an insurance intermediary.

Companjon Services UK Branch is responsible for and acts as a data controller of personal data of our UK customers.

The official registration details are as follows:

Companjon Services UK Branch, company registration number BR024487, 4th Floor, 107 Fenchurch St, London EC3M 5JF, United Kingdom.

Companjon Services UK Branch is Appointed Representative of Advent Solutions Management Limited.

Companjon Services DAC and Companjon Services UK Branch are referred to as ‘Companjon’, 'we', ‘us’.

We do not underwrite our add on insurance solutions ourselves, but instead we partner with an insurer who underwrites your add on insurance solution. Our solutions are distributed by and are tailored to the needs of the customers of our business partners. Please note that the, Companjon, the insurer and our business partners are independent data controllers of the information collected to enter into and service your add on insurance solution.

Please refer to your add on solution terms & conditions and the relevant business partners privacy notice for information on how either of those parties process your personal data.

As part of your add on solution we may also provide you with additional, non-insurance related services. The privacy notice contained in your add on solution policy documents will provide you with further information regarding the data protection relationship between us and the relevant service provider. We do not act as an insurance intermediary (for our EEA business) or an appointed representative of Advent Solutions Management Limited (for our UK business only) in that instance.

If you hold a number of different add on solutions with Companjon, these solutions contract and non-insurance services may be underwritten by different Insurers and provided by different service providers. Please refer to your add on solution policy documents for information on how the Insurer processes your personal data.

If you require further information you can contact our Data Protection Officer via email at dpo@companjon.com.

2. Which data is collected and processed?

During the term of your customer relationship with us, Companjon processes your personal data as follows.

Embedded solution data

Companjon processes personal data that is required for the conclusion of add on solutions and collects details of the products and services that are provided to you as well as information that you provide voluntarily (e.g. full name, country of residence, email address, mobile phone number, booking number, booking date (or purchase date), departure date, return date, cancellation date and time, ticket value, number of tickets, currency, one-way or return ticket, bus/train line, ticket type, departure station name, arrival station name), collectively "Solution Data". The Solution Data may be provided through our business partners and processed by Companjon to provide our services.

Note that when you enter into an add on solution agreement with us for the benefit of third party individuals as their representative, we may also process personal data of these individuals, and you are required to inform them of the processing of their data in accordance with this privacy notice.

Communication Data

In order to provide the insurance services, Companjon collects and processes communication data about you (email address, content of messages, metadata such as date and time).

Claims Data

Claims Data is information obtained from for the processing and settlement of a reported insurance claim. In particular, this includes information on the incident or event, the amount of the loss, insured benefits, payment arrangements, invoiced premiums, type of insurance benefit.

Customer Support & Service Data

When you submit a query or request to us in connection with your add on solution, it is necessary for us to collect and generate the following personal data about you such as the nature of your query or request (e.g. customer support/troubleshooting request, policy cancellation request, refund request or policy amendment request), your email, full name, date of birth and flight information for authentication purposes; and the date of your query and request.

3. For which purposes and on what legal basis are your data processed?

Companjon will process your personal data only to the extent that an applicable legal provision permits such processing, i.e. in accordance with the provisions of the GDPR and other applicable national legislation.

Data processing for the conclusion and performance of the contract

Companjon processes your personal data in order to be able to process and manage the Services in connection with insurance solutions (Solution Data, Communication Data, Claims Data, Customer Support and Service Data), Art. 6(1)b GDPR.

Data processing for statistics and data analytics purposes

To provide you with the add on solutions, Companjon processes information from the solutions you have purchased, any claims you have made, communication with you and the products and services of business partners covered by the solutions, in order to provide you with the services and to be able to comprehensively take your preferences into account (data analysis purposes). Companjon will use pseudonymised and aggregated data for this purpose to the fullest extent possible. In any case, Companjon will take your interests into account in an appropriate manner. This processing of your data is based on Companjon’s legitimate interest (Art. 6(1)f GDPR).

Data processing for security reasons (including system performance)

Some of your personal data will be processed for security purposes in order to ensure the security of the IT systems used, or to analyse and improve the reliability and performance of the IT systems. In the event of an impairment of the IT systems, it may be necessary to use the data processed by Companjon for legal prosecution (Art. 6(1)c GDPR).

Data processing due to legal and regulatory requirements

The processing of your personal data may also be necessary to comply with legal obligations of Companjon (Art. 6(1)c and f GDPR). Such obligations are, for example, regulation, tax law, accounting and reporting obligations, conducting audits, compliance with governmental audits, prevention, detection and investigation of fraud and other requests from authorities or courts of law.

Data processing for legitimate interest purposes

We may process personal data where it is in our legitimate interest to do so. Where we process personal data for this purpose, we will assess the individual interests, rights and freedoms of the individuals whose data we are processing on this basis. Examples of where we may use this legal basis would be in the prevention of fraud or potential fraud or in specific cases of direct marketing where we are lawfully permitted to use this legal basis.

Personal data provided upon consent

Companjon will process personal data that you voluntarily provide within the scope of a granted consent until you withdraw your consent (Art. 6(1)a; Art. 7 GDPR). Once you have given your consent to the processing of your personal data, you can withdraw it at any time without giving reasons. The lawfulness of the processing of your data up to the time of revocation remains unaffected.

In order to withdraw your consent, please use the mechanism provided as part of the consent collection process or alternatively email dpo@companjon.com.

4. Is your personal data transferred to third parties?

Your personal data will be processed by our employees (e.g. sales, claims, underwriting, marketing, legal, IT & management) for the processing purposes listed above.

Whenever your personal data is transmitted to external recipients (services providers, business partners, the insurer or Advent Solutions Management Limited (UK only)) that process the data, on behalf of Companjon or for their own purposes, they are legally required to ensure that your data is transmitted and processed in compliance with all applicable data protection laws. Such service providers may include our IT providers, customer service and claims support, marketing agencies, internal audit, tax and consultancy providers etc..

We may also share your personal data on ad hoc basis with regulatory and government bodies where we are required to do so by law.

5. Is your data transferred to a third country outside of the EU or EEA?

Companjon is a pan-European provider of digital add-on insurance solutions and processes your personal data exclusively in member states of the European Union (EU) and the European Economic Area (EEA). Occasionally, it is necessary for our technical service providers to have access to the data stored in the EU (for analysis purposes, for technical support or to check the security of the services). Some of these service providers may be located in a third country outside the EU/ EEA. To ensure an adequate level of data protection, Companjon implements appropriate and adequate technical (e.g. encryption) and contractual measures (definition of access rights on a need-to-know basis, documented instructions by Companjon) in such cases. Such processing is also performed in compliance with the European Data Protection Board’s Recommendations on Supplementary Measures (01/2020).

6. How long will your data be stored?

Companjon will store your personal data for as long as it is necessary for the purposes for which they were collected, in particular as long as it is necessary for the implementation of the insurance contracts and services, including any legal retention periods and documentation obligations and any relevant statute of limitations. In addition, longer retention of your data may be necessary for the assertion, exercise or defence of legal claims (Art. 17(3)e GDPR). Companjon will therefore generally retain your data during ongoing legal proceedings or if such proceedings are imminent.

7. Do you have an obligation to provide your data?

Within the framework of the business relationship it is necessary for you to provide the personal data which is required for the lawful establishment, implementation and termination of add on insurance solutions and related services. Without such data, Companjon will usually have to refuse to conclude the insurance contract or to execute an instruction or will not be able to continue to service an existing contract and may have to terminate it.

8. Automated decision-making

We use means of automated decision making to manage your insurance policy (including our claims handling processes). Where we do so, we respect the rights, freedoms and legitimate interests of policyholders. In particular, you have the right to challenge such decisions and have them reviewed by our staff.

B. Your rights in relation to the processing of your data

As a data subject, you can assert a number of rights under the General Data Protection Regulation. If you wish to make use of these rights, please contact dpo@companjon.com.

  • Right of access (Art. 15 GDPR): You have the right to ask for access to the data stored about you. This information concerns, among other things, the categories of data processed, the purposes for which the data is processed, the source of the data, if not collected directly from you, and, if applicable, the recipients to whom your data has been transmitted. You can also obtain a copy of your data.
  • Right to rectification (Art. 16 GDPR): You can request the rectification of incorrect personal data and the completion of incomplete personal data concerning you.
  • Right to erasure (Art. 17 GDPR): Subject to the conditions of Art. 17 GDPR, you can request the deletion of your data. This may be the case, for example, if the data is no longer necessary for the purposes for which it was collected or otherwise processed, if you withdraw your consent, which is the basis for the processing of the data, and there is no other legal basis for the processing, if you object to the processing of your data and there are no overriding legitimate reasons for the processing. If you object to the processing of your data for the purposes of direct marketing or if we have processed the data unlawfully. Companjon may refuse to delete your personal data if the processing of your personal data is necessary to ensure compliance with a legal or regulatory obligation or to assert, exercise or defend legal claims.
  • Right to restriction of processing (Art. 18 GDPR): Furthermore, you may have a right to limit the processing of your data, i.e. to tag the personal data stored with the aim of limiting their future processing. One of the conditions specified in Art. 18 GDPR must be met for this purpose.
  • Right to withdraw consent (Art. 7(3) GDPR): When you have given consent to a processing of your data, you can withdraw such consent at any time and without giving reasons. This does not affect the lawfulness of processing based on your consent until withdrawal.
  • Right to data portability (Art. 20 GDPR): You may also have a right to obtain the data concerning you that you have provided, made available in a structured, common and machine-readable format. You may transfer this data to another responsible party at your discretion. In addition, you can demand that your data will be transferred directly to another controller, insofar as this is technically possible (right to data transferability, Art. 20 GDPR).
  • Right to object (Art. 21 GDPR): You may object to the processing of your data at any time for reasons arising from your specific situation, provided that the processing is based on the legitimate interests of Companjon or those of a third party. In this case, Companjon will no longer process your data, unless there are compelling reasons for continued processing which outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR). Your right to withdraw your consent to processing is possible at any time irrespective of this right of objection.
  • Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint at the supervisory data protection authority regarding the data processing carried out by Companjon if you believe that it infringes applicable data protection law.

C. Changes to this Privacy Notice

Companjon may change or update this Privacy Notice from time to time. You strongly advise you to check this Privacy Notice on a period basis.

Last updated: June 20, 2022