For your kind consideration
PRIVACY POLICY
Last updated: June 2022
This Privacy Policy describes Global Insurance Broker’s (GIB) policies and procedures on collecting, using and disclosing personal information when using our services. This policy stipulates how GIB seeks to meet its obligations regarding data protection. It also covers the rights of GIB’s customers (by customers, we are refereeing to current, prospective, customer beneficiaries, family members, claimants and/or other interested persons) in respect of personal data throughout all processes executed. Personal data is treated in line with the General Data Protection Regulation (GDPR).
At the outset, we would like to inform you that we use your personal data to provide and improve our services. Using such services, you agree to the collection and use of information per this Privacy Policy.
Anonymization: Irreversibly de-identifying personal data such that the person cannot be identified by using reasonable time, cost, and technology either by the controller or by any other person to identify that individual. The personal data processing principles do not apply to anonymized data as it is no longer personal data. |
Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to Global Insurance Brokers Ltd. |
Cookies are small files that are placed on your computer, mobile device or any other device by a website, containing the details of your browsing history on that website among its many uses. |
Country refers to: Malta |
Cross-border processing of personal data: Processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the European Union where the controller or processor is established in more than one Member State; or processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State; |
Data Controller: The natural or legal person, public authority, agency or any other body, which alone or jointly with others, determines the purposes and means of the processing of personal data. |
Data Processor: A natural or legal person, public authority, agency or any other body which processes personal data on behalf of a Data Controller. |
Device means any device that can access the our web-services such as a computer, a cellphone or a digital tablet. |
Each “local supervisory authority” will still maintain in its own territory, and will monitor any local data processing that affects data subjects or that is carried out by an EU or non-EU controller or processor when their processing targets data subjects residing on its territory. Their tasks and powers includes conducting investigations and applying administrative measures and fines, promoting public awareness of the risks, rules, security, and rights in relation to the processing of personal data, as well as obtaining access to any premises of the controller and the processor, including any data processing equipment and means. |
Group Undertaking: Any holding company together with its subsidiary. |
Lead supervisory authority: The supervisory authority with the primary responsibility for dealing with a cross-border data processing activity, for example when a data subject makes a complaint about the processing of his or her personal data; it is responsible, among others, for receiving the data breach notifications, to be notified on risky processing activity and will have full authority as regards to its duties to ensure compliance with the provisions of the EU GDPR; |
“Main establishment as regards a controller” with establishments in more than one Member State, the place of its central administration in the Union, unless the decisions on the purposes and means of the processing of personal data are taken in another establishment of the controller in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment; |
“Main establishment as regards a processor” with establishments in more than one Member State, the place of its central administration in the Union, or, if the processor has no central administration in the Union, the establishment of the processor in the Union where the main processing activities in the context of the activities of an establishment of the processor take place to the extent that the processor is subject to specific obligations under this Regulation; |
Personal Data Any information relating to an identified or identifiable natural person (“Data Subject“) who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
Processing: An operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of the data. |
Pseudonymization: The processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. Pseudonymization reduces, but does not completely eliminate, the ability to link personal data to a data subject. Because pseudonymized data is still personal data, the processing of pseudonymized data should comply with the Personal Data Processing principles. |
Sensitive Personal Data: Personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. Those personal data include personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. |
Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used. |
Service refers to the Website. |
Supervisory Authority: An independent public authority which is established by a Member State pursuant to Article 51 of the EU GDPR; |
Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit). |
Website refers to Global Insurance Brokers, accessible from globalinsbro.com.mt |
You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. |
The data protection principles outline the basic responsibilities for organisations handling personal data. Article 5(2) of the GDPR stipulates that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”
Lawfulness, Fairness and Transparency: Personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject.
Purpose Limitation: Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data Minimization: Personal data must be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. The Company must apply anonymization or pseudonymization to personal data if possible, to reduce the risks to the data subjects concerned.
Accuracy: Personal data must be accurate and, where necessary, kept up to date; reasonable steps must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified in a timely manner.
Storage Period Limitation: Personal data must be kept for no longer than is necessary for the purposes for which the personal data are processed.
Integrity and Confidentiality: Taking into account the state of technology and other available security measures, the implementation cost, and likelihood and severity of personal data risks, the Company must use appropriate technical or organizational measures to process Personal Data in a manner that ensures appropriate security of personal data, including protection against accidental or unlawful destruction, loss, alternation, unauthorized access to, or disclosure.
Accountability: Data controllers must be responsible for and be able to demonstrate compliance with the principles outlined above.
- We would like to inform that GIB will only collect and process personal data for and to the extent necessary for the execution of specific tasks/process.
Data subjects will always be informed accordingly; moreover it is the data subject him/herself together with their appointed agent and/or representative who would supply such data. Data may also be received from insurers and their agents; open source data, third party data processors and via background verification searches we may conduct in relation to compliance and AML requirements. Data may also be obtained via the Electoral Register, Transport Malta and/or other sources which are not limited to the insurance sphere.
Other source of data which may be collected are the following:
- Usage Data: Usage Data may include information such as Your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device’s unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data. We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.
- Tracking Technologies and Cookies:
We use Cookies and similar tracking technologies to track the activity on Our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze Our Service. The technologies We use may include:
Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
Flash Cookies. Certain features of our Service may use local stored objects (or Flash Cookies) to collect and store information about Your preferences or Your activity on our Service. Flash Cookies are not managed by the same browser settings as those used for Browser Cookies. For more information on how You can delete Flash Cookies, please read “Where can I change the settings for disabling, or deleting local shared objects?” available at
Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).
Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser.
The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.
Your information, including Personal Data, is processed within GIB’s operating offices. Information is retained on servers located within the Maltese jurisdiction which fall under the rules and regulations established by GDPR. GIB takes all necessary steps to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
Relevant Personal data may only be shared with third parties including insures (refer to Computer Link Agreements), loss adjusters and loss assessors, advisors, insurance brokers, agents and service providers/processors. Internal auditors and regulatory bodies and law enforcement authorities may under certain specific circumstance require to disclose personal data if required to do so by law or in response to valid requests by public authorities.
Security of Your Personal Data
The security of Your Personal Data is important to Us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, We cannot guarantee its absolute security.
GIB shall ensure that data subjects shall be able to:
- View the Personal Data held by the Company on the particular user;
- Request that any Personal Data that is inaccurate, irrelevant or out of date be amended or deleted; and
- Choose to stop using the services and have his or her Personal Data deleted, if such deletion is permissible by law and/or will not prejudice GIB’s position at Law.
- We will store the personal data of data subjects until your consent is explicitly withdrawn in writing. In the event that a data subject, please proceed to contact us so that we will proceed to remove your details from our records and systems.
Company employees who have access either to the databases that store data subject-related information shall comply with internal Personal Data Protection Policies.