PRIVACY POLICY

COMMITMENT TO PROTECTING YOUR PRIVACY

You are now using the website of CoverMy, where we offer personalized services as well as information about our company and our services. Transparency and integrity in the processing of your personal data are very important to us. We comply with data protection regulations, in particular the EU General Data Protection Regulation (“GDPR”), the regulations of the Irish Data Protection Act, the Consumer Insurance Contract Act (“CICA”) and all other relevant laws.

In this privacy policy we describe the types of information and personal data that were used during your visit to our above-mentioned website, as well as the rights you have in relation to your personal data.

When this privacy policy refers to “Petcover” and/or “we” and/or “us”, it always refers to Petcover EU Agentur GmbH.

I. RESPONSIBILITY FOR PERSONAL DATA

Our Data Protection Officer (“DPO”) can be contacted via the email address provided below.

The responsibility for the processing of personal data lies with

Petcover EU Agency GmbH,
Ared Street 16/18, 2544 Leobersdorf, Austria.
DPO: Andrew Pearce,
[email protected]

II. BASIC PRINCIPLES

We process your personal data only in accordance with data protection regulations, if permitted by law, or if you have given your consent. This also applies to the processing of personal data for marketing and advertising purposes.

As part of our online services, we may also collect information that, as understood, does not allow for your personal identification. In certain cases – particularly when combined with other data – this information may nevertheless be considered “personal data” within the meaning of data protection laws. Furthermore, we may also collect information via online services that does not allow us to identify you directly or indirectly; this applies, for example, to aggregated information from all users of this website.

III. WHAT DATA DO WE PROCESS? FOR WHAT PURPOSES AND ON WHAT LEGAL BASIS DOES THE PROCESSING TAKE PLACE?

You can use certain public areas of our online service without providing us with your personal data (such as name, postal address, or email address). However, in this case, we need to collect and store certain information to enable you to access our online service. We use certain analytics tools on our website and have integrated third-party features. Furthermore, we offer certain features within our online service that require us to collect personal data.

We collect and process personal data in our internet service to the following extent:

1. 1. 1. Log files: When you visit our website, our web server automatically stores data and information about the device and browser you are using. This may include technical information such as browser type, system type, and IP address. We process this technical information in the log files of our systems. We process this technical information to enable you to access our internet service, to ensure the functionality of our internet service and the security of our IT systems, and to optimize our internet service. The legal basis for this data processing is Article 6(1)(f) GDPR.
      2. Registration, Offer, Application Process : As part of our online service, we offer you the opportunity to receive a cost estimate for your desired insurance coverage and an offer to conclude an insurance contract. For this purpose, we request your name, email address, and further details about you and the risk to be insured. This is necessary to determine your insurability or, depending on the application, the amount of your potential insurance premium. The processing of this data is necessary in any case to provide you with the requested cost estimate and, if applicable, to send you a suitable offer by email with further information on concluding an insurance contract. This process therefore serves as preparation for the conclusion of a potential insurance contract between us. The legal basis for the data collection and processing is therefore Article 6(1)(b) GDPR.
      3. Insurance Contract Including Claims Management : If you wish to accept the offer, you have the option of concluding the insurance contract directly online with us, as already explained in the application process. In this context, after receiving our legal offer, you can also submit your payment details for the insurance premiums due and accept our offer online. You will also be asked to provide your telephone number so that we can contact you regarding your insurance policy if necessary. After concluding your insurance contract, you can access further information about your account at any time – particularly in connection with the insurance policy you have taken out – and, if applicable, add further information or request to add supplementary premiums to your insurance contract. We will then send you the insurance policy by email. To access your account and manage your insurance contract, for example, for billing or claims processing, we may re-enter the data you already provided during registration and/or application (particularly for identification purposes). Furthermore, we will request additional personal information and supporting evidence for your claim to prevent fraudulent claims. The legal basis for the conclusion of the insurance contract between you and us is Art. 6 paragraph 1 lit. b GDPR.
      4. Policy administration : During the time your insurance policy is active with us, we may need to process policy changes, and for this we will need to collect additional personal information.
      5. Contact after starting the registration process : If you have already started entering the information required for your offer, including your email address, but have not yet completed the application, we may contact you to remind you to complete it, provided you have agreed to receive product updates and offers from us. The legal basis for this is therefore your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can unsubscribe from further non-essential emails from us at any time.
      6. Contact Support : You can also contact us via the contact form on the website or by telephone. We collect all data you provide and store it as necessary to process your request. Calls are recorded for quality assurance and training purposes. If necessary, the data will be stored for a longer period after processing is complete to preserve evidence. The legal basis for this is Article 6, paragraph 1, letters a, b, and f of the GDPR.
      7. Fraud Prevention : In certain cases, we store and process the personal data collected from prospective customers, even if no insurance contract is concluded. This serves to detect and prevent fraud, attempted fraud, and/or other harmful and/or illegal activities. This serves our legitimate interests in preventing fraud and other illegal and harmful behaviour. The legal basis is Article 6(1)(f) GDPR.
      8. Promotional Information via Email : If you have consented to receive product updates and offers from us, we process your email address and, where applicable, the information contained in your account based on your corresponding consent, in order to send you information about our services, offers, and activities in the area of household and liability insurance. You can unsubscribe from further non-essential emails from us at any time. In addition, we may evaluate the data collected during the delivery and retrieval of our emails for analytical purposes and to improve our communication. Your personal data in connection with an email subscription will not be shared with third parties for any purpose other than to enable us to technically send messages via our technical providers and to analyse the results of our communication. We process your data exclusively for the selection of personalized content and for sending product updates and offers within the scope of your consent. The legal basis for this is Article 6(1)(a) GDPR.
      9. Statistical Evaluations : Where necessary, we may evaluate your personal data to assess your preferences and thus enable interest-based marketing, personalized communication, and the continuous optimization of our business processes in statistical form. We do this to better understand what our customers expect from us. Furthermore, these evaluations help us detect fraud and improve and maintain security. We carry out this data processing to protect our legitimate interests; the legal basis is Article 6(1)(f) GDPR.
      10. Social Plugins : On our website, we may use plugins from social networks that allow you to interact with content from our online service (also known as “social plugins”). If you are registered and logged into the respective social network, you can communicate directly with the social network. You can also prevent social plugins from loading by using browser add-ons, such as the script blocker “NoScript” (http://noscript.net/). The legal basis for providing social plugins on our online service is our legitimate interest in designing our online service to meet the needs of our users, Art. 6 para. 1 lit. f GDPR.
          1. Facebook Social Plugin : A Facebook plugin may be integrated into our website. Facebook is operated by Facebook, Inc. (1601 South California Avenue, Palo Alto, CA 94304, USA – “Facebook”). The Facebook plugin can be recognized by the Facebook logo or the “Like” or “Share” button. Furthermore, as the operator of this internet service, we have no knowledge of the data transmitted or its use by Facebook. Further information on Facebook’s use of data can be found in Facebook’s privacy policy.
          2. Instagram Social Plugin : An Instagram plugin may be integrated into our website. The operator of Instagram is Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). These plugins are marked with an Instagram logo. Website elements from Instagram are recognizable by the Instagram logo and the text on the website element itself. Further information on the use of data by Instagram can be found in Instagram’s privacy policy.
          3. Twitter Social Plugin : This website may integrate social plugins from the social network Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”). These buttons can be recognized by terms such as “Twitter” or “Follow” in conjunction with a stylized blue bird on this website. These social plugins allow you to share comments on pages of our website or to follow us on Twitter. When you open a page on our website that contains such a button, your browser automatically establishes a direct connection to Twitter’s servers. Twitter transmits the content of the Twitter plugin directly to your browser, which may allow Twitter to associate your visit to our website with your user account. Please note that as the operator of this website, we have no knowledge of the data transmitted by Twitter or its use. Further information on Twitter’s use of data can be found in Twitter’s privacy policy.
          4. LinkedIn Social Plugin : This website may also integrate social plugins from the LinkedIn social network, operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). LinkedIn plugins can be recognized on our website by the LinkedIn logo or the “Recommend” button. These social plugins allow you to share recommendations for pages on our website or to follow us on LinkedIn. This could allow LinkedIn to associate your visit to our website with your user account. When you visit a page on our website that contains such a button, your browser automatically establishes a direct connection to LinkedIn’s servers. LinkedIn transmits the content of its social plugin directly to your browser. Please note that as the operator of this website, we have no knowledge of the data transmitted by LinkedIn or its use. Further details on data collection (purpose, scope, further processing, use) as well as your rights and settings options can be found in LinkedIn’s privacy policy.
          5. Facebook Page : In addition to our website, we maintain a presence on Facebook (“Company Page”), and our website may contain links to this Company Page. When you access the Company Page, Facebook processes personal data, potentially even if you are not logged into Facebook when you access it. We receive statistics from Facebook that are detailed regarding the content but are based solely on aggregated information about the use of our Company Page on Facebook. These statistics may show, for example, how often or, where applicable, how many visitors accessed the Company Page, or how individual pieces of content on this page were clicked or rated. Based on these statistics, we cannot see which specific individuals visited the Company Page, clicked on individual pieces of content, or rated them. However, as is often the case with Facebook, the Company Page does show which Facebook users rated or commented on content. Further information on Facebook’s data usage is provided in the Privacy Policy.
          6. Other legitimate interests : If necessary, we may process your data beyond the purposes mentioned above to protect our legitimate interests or the interests of third parties; this is based on Article 6(1)(f) GDPR. Some of our legitimate interests are:
             1. the assertion of legal claims and the defence against legal disputes;
             2. the prevention and investigation of crimes;
             3. the management and further development of our business activities, including risk management;
             4. the prevention of fraud;
             5. the ability to identify and correct technical errors in the system;
             6. the possibility of offering customer support (which is also based on the customer’s consent pursuant to Art. 6 paragraph 1 lit. a GDPR); and the possible disclosure of information in the context of a company transaction or merger;
             7. and the possible disclosure of information in connection with a corporate transaction or merger.
          7. Cookies : To make our services as user-friendly as possible, we use cookies during our internet service. Cookies are small text files that are stored in your internet browser after you visit our website and can be assigned to your computer. A cookie contains a unique string of characters that allows your browser to be clearly identified during repeated use of our online service. Since cookies are stored on your computer or, if necessary, on your device, you have control over their use. You can configure your browser to notify you when cookies are being set, making their use transparent. You can delete stored cookies at any time (this can also be done automatically). Furthermore, you can completely refuse the storage of cookies via your browser settings. Further information about the cookies we use, their purpose and the legal basis has been compiled for you below. Please note that some cookies are necessary for our website to function and therefore cannot be disabled (“essential cookies”). Other cookies are used by us for analysis and marketing purposes and can be disabled via our cookie banner when you first log in to our website.
          8. Analytics and area measurement, (re-)marketing : When you visit or use our internet service, we or our authorized service providers may use cookies, pixels or other similar technologies to provide you with a better, faster and safer user experience or to show you advertising as explained below.
          9. Advertising networks : In particular, we may use third-party providers such as advertising networks and ad exchange programs that allow us to offer you advertising on third-party websites. With your consent, the operators of these external advertising networks and ad exchange programs may use third-party cookies, pixels, or similar technologies to collect data (Art. 6 para. 1 lit. a GDPR). In some cases, we place cookies or a pixel on our own website to identify instances where a user arrives at our website via advertising on another website and completes certain activities (e.g., registration, request for a quote, or contract conclusion) in order to compensate the advertising partner, in which we have a legitimate interest (Art. 6 para. 1 lit. f GDPR).
          10. Google Analytics : We use the Google Analytics web analytics service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics stores information about your use of this website (including your IP address) in cookies. (Information about cookies can be found at the top of this privacy policy.) The information stored in cookies by Google Analytics is transmitted to, stored on, and analysed by Google on servers in the United States. We would like to inform you that Google Analytics has been extended for our website to anonymize the collection of IP addresses (IP masking). IP addresses are normally shortened or abbreviated before being stored or, depending on the application, transmitted to the USA on Google’s servers in the member states of the European Union or, where applicable, contracting states of the European Economic Area. Only in exceptional cases will the full/unshortened IP address be transmitted to Google servers in the USA, and even then, the IP address will be shortened before being stored. At our instruction, Google uses the transmitted data to evaluate your use of our website, compile a report on website activity, and provide us with other services related to website activity. (Therefore, we have a data processing agreement with Google.) The use of Google Analytics thus serves to continuously improve our website and optimize your user experience. These activities are in our legitimate interest regarding data processing (Art. 6 para. 1 lit. f GDPR). Furthermore, by clicking a button on our website’s cookie banner, you expressly consent to the processing of the collected data by Google in the manner and for the purposes described above (Art. 6 para. 1 lit. a GDPR).If you only want to disable or change Google Analytics with regard to the presentation of content tailored to your interests, including advertising, you can adjust this under “Google Ads on the web” in the Google Ads settings. Further information on the purpose and scope of data collection, as well as further processing and use by Google, including information on your rights or, if applicable, configuration options to protect your personal data, can be found at the following links: http://www.google.com/analytics/terms/de.html and https://policies.google.com/privacy?hl=en-US .
          11. Google Tag Manager : We also use Google Tag Manager. This service allows website tags to be managed via an interface. Google Tag Manager only implements tags. This means that Google Tag Manager does not place cookies and does not collect any personal data. Google Tag Manager triggers other tags that may collect data, but Google Tag Manager does not access this data. If you deactivate tracking for specific websites at the domain or browser level (see details on disabling cookies above), this will not affect all tracking tags implemented with Google Tag Manager.
          12. Google AdWords / Conversion Tracking : On our website, we also use the online advertising program “Google AdWords” and its conversion tracking feature, after obtaining your consent (Art. 6 para. 1 lit. a GDPR). Google AdWords places a cookie or pixel on your computer or, depending on the circumstances, on the storage of your mobile device if you were referred to our website via a Google ad. These cookies expire after 30 days. They do not serve as personal identifiers. If the user visits certain pages of our website and the cookie is still active, both we and Google can see that you clicked on the ad and were redirected to our site. We, as well as all other Google AdWords customers, receive different cookies. Therefore, the cookies used by our Google ads cannot be tracked beyond our website. The information gathered through conversion tracking is used to generate conversion statistics for us. This tells us the total number of users who clicked on an ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that would allow for individual identification. If you do not wish to participate in conversion tracking, you can disable the conversion cookie in your browser settings. Further information can be found in the Google Privacy Policy. You can also adjust your Google Advertising settings in Google Ads.
          13. Facebook Pixel : After obtaining your consent, our website uses a remarketing pixel from Facebook. This pixel establishes a direct connection to Facebook’s servers during your visit to our website. This transmits information to Facebook’s servers that you have visited this website, and Facebook associates this information with your personal Facebook user account. To protect your privacy, we do not use the so-called “extended targeting,” which could enrich this information with further personal data (e.g., email address).Further information on the collection and use of data by Facebook, as well as your corresponding rights and options for protecting your privacy, can be found in Facebook’s Data Policy. Alternatively, you can deactivate or adjust these functions here. The legal basis for this data processing is in any case Article 6 Paragraph 1 Letter a GDPR.
          14. Twitter : On our website, we use a marketing tool from Twitter, with your consent (legal basis Art. 6 para. 1 lit. a GDPR), to display interest-based advertising (“Twitter ads”) to you during your visit to the Twitter social network. For this purpose, a Twitter pixel has been implemented on the website. This pixel establishes a direct connection to the Twitter servers when you visit the website. The Twitter server is informed that you have visited our website, and Twitter assigns this information to your personal Twitter user account. To protect your privacy, we do not use the so-called “tailored audience” function, which could enrich this information with further personal data (e.g., email address). You can find more information about the Twitter pixel here. For information on the collection and use of data by Twitter, as well as your associated rights and options for protecting your privacy, please read Twitter’s privacy policy. Alternatively, you can deactivate this in your Twitter account settings. You must be logged in to Twitter to do this.

IV. ARE YOU OBLIGED TO PROVIDE US WITH YOUR DATA?

The information required for concluding an insurance contract, as well as the information sent by email, can be found in the respective areas of the internet service (e.g., in an online form) and are marked as mandatory information; without the required information, we cannot allow you to use the respective functionality.

V. WHO RECEIVES YOUR DATA?

Depending on the type of personal data processed by our company, only specific departments or organizational units have access to your personal data. These include, in particular, our specialist departments responsible for providing our services, as well as our IT department. Based on the concept of roles and permissions, access within our company is limited to the functionalities and scope necessary for the respective processing purpose.

We may also transfer your personal data to third parties outside our company to the extent permitted by law. These external recipients may include, in particular:

• Affiliated companies (in particular Petcover EU Ltd), to which we transfer personal data for internal administrative purposes, administration and servicing of our insurance product, data analysis, marketing, back office, the provision of hosting services, and IT services necessary for the operation of this website;
• service providers we engage, e.g., in the areas of marketing, IT (in particular hosting or disaster recovery), or payment processing, who provide us with services on a specific contractual basis, which may include the processing of personal data (in particular, we use payment service providers for incoming payments). Some of these providers may have facilities outside the EU/EEA, in particular in the USA, Australia, or India;
• non-public and public bodies, to the extent that we are legally obliged to transfer your personal data;
• insurance companies (“insurers”) that insure you. In order for our insurers to insure you, it may be necessary to provide our insurers with information about your insurance contract and your claims.

In summary:

The insurer is permitted, within the scope of its agreement with you under this contract, to collect personal information about you, including:

• Name, address, contact details, date of birth and required coverage;
• financial information such as bank details;
• details of each claim.

The insurer collects and processes your personal data for the purpose of insurance and claims management.

All phone calls can be monitored and recorded, and the recordings can be used for fraud prevention and detection, training, and quality control purposes.

Your personal data may be shared with third parties who provide services for the insurer or process information on the insurer’s behalf (for example, for premium collection and claims validation, or for communication purposes related to your insurance coverage). The insurer ensures that your data remains secure and is not used for purposes other than those stated in the privacy policy.

Some third-party providers that process your data on behalf of the insurer may also do so outside the European Economic Area (“EEA”). This transfer and processing is protected by EU standard contractual clauses, which aim to guarantee the same level of data protection as within the EU.

The insurer will only retain your personal data for as long as it deems necessary to fulfil the purposes for which the personal data was collected (including compliance with legal obligations).

The insurer will share your information if required by law. The insurer may disclose your information to law enforcement agencies if they request it, or to third parties in connection with actual or threatened legal action, provided this can be done without violating data protection regulations.

We only transfer your data to external recipients to the extent that this processing is necessary for legally permissible purposes.

VI. IS AN AUTOMATED DECISION-MAKING PROCESS USED?

We use automated decision-making in connection with the provision of our online service. Automated decision-making, as defined in Article 22 of the GDPR, may include profiling, which is any type of automated processing where personal data is used to evaluate certain aspects of a natural person. This automated decision-making is based, among other factors, on the information you provide during the application process. We use automated decision-making to evaluate the information you provide and calculate your individual risk profile in order to determine whether we can grant you insurance coverage and, if so, what your coverage amounts and premiums will be, or to process any claims you submit.

Under certain applicable laws, you may be entitled to certain safeguards related to automated decision-making. Specifically, you may be able to request that the result of the automated decision-making process be recalculated by a human to express your views, or to contest the result of the automated decision-making process and receive notification of the outcome of the contestation. To exercise these rights or to obtain further information about automated decision-making, please contact us using the information provided below. By applying for insurance, you confirm that you understand that automated decision-making or profiling may be used as described in this policy, and you consent to CoverMy’s use of these methods.

VII. WILL DATA BE TRANSFERRED TO COUNTRIES OUTSIDE THE EU/EEA?

In certain cases, information may be transferred to recipients in so-called “third countries.” Third countries are countries outside the EU or the EEA, and it cannot be automatically assumed that their data protection levels are equivalent to those of the European Union.

Insofar as the transmitted information contains personal data and we are not legally obligated to carry out such a transfer, we ensure, prior to the transfer, that the required adequate level of data protection is ensured in the respective third country or by the recipient in the third country. This can result, in particular, from a so-called “adequacy decision” by the European Commission, which establishes an adequate level of data protection for a third country as a whole. Alternatively, we can base the data transfer on the so-called “EU Standard Contractual Clauses”.

VIII. HOW LONG WILL YOUR DATA BE STORED?

In general, we only store your personal data if we have a legitimate interest in doing so and your interests in not having your data override that legitimate interest.

Furthermore, we may continue to store your data without legitimate interest where we are legally obligated to do so (e.g., to comply with archiving requirements). We will delete your personal data without any action required on your part as soon as access to the data is no longer necessary to fulfil the purpose of processing, or if the storage is otherwise unlawful.

The personal data we are required to store to comply with retention obligations will be stored until the end of the relevant retention period. If we store personal data solely for the purpose of fulfilling archiving tasks, this data is normally blocked, so that access is only possible when necessary for the purpose of fulfilling the retention obligation.

IX. WHAT RIGHTS DO YOU HAVE?

1. Right to object pursuant to Article 21 GDPR: You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions pursuant to Article 22 GDPR. If you object, we will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims. If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, the personal data in question will no longer be processed for such purposes. You have the option, in connection with the use of information society services and notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated applications using technical specifications.
2. Withdrawal of consent: If you have given us your consent (e.g., in connection with receiving information by email), you can withdraw this consent at any time with effect for the future. Our email information usually contains a corresponding link in each of our non-essential communications. You can also contact us by other means, e.g., by post or email using one of the contact options listed on the first page of this privacy policy.
3. Further rights of data subjects: Based on the following provisions, you as a data subject have the right:
   • to obtain information about your stored personal data, Art. 15 GDPR;
   • to have incorrect or incomplete data corrected, Art. 16 GDPR;
   • to request the erasure of personal data, Art. 17 GDPR;
   • to restrict processing, Art. 18 GDPR;
   • to data portability, Art. 20 GDPR.

   These rights are subject to the terms and conditions set out in this privacy policy, as well as any regulatory instructions relating to specific processing and data retention.

   To exercise these rights, you can contact us at any time, e.g. via one of the contact options listed at the beginning of this privacy policy.

   Furthermore, you have the right to lodge a complaint with the competent supervisory authority for data protection at any time in accordance with Article 77 GDPR.

X. CHANGES TO THE PRIVACY POLICY

We may change this privacy policy at any time by posting the revised privacy policy on this website and indicating the effective date of the revised privacy policy.