I. Information about personal data protection.
1. The company DZI - Life Insurance JSC, UIC: 121518328, address: Sofia, 89B Vitosha Blvd., in its capacity of Personal Data Administrator, carries out its activities in strict compliance with the requirements of the Law on Protection of personal data and "Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data" (the "Regulation").
2. For the purposes of installing and using a DZI Mobile application, the Company processes your personal data on the following legal grounds:
Processing for purposes for which your consent is required is voluntary. Without your consent, we may not process your personal data for the purposes of using the mobile application. In case you do not proceed to registration in the mobile application, your data will not be processed and stored by DZI, as the information entered by you will be visible only to you and will be stored on your mobile device.
Upon your registration and consent, the application automatically (without your or the Administrator's human intervention) decides for you to activate all notifications and provide them - notifications, messages and others - in the menu "Notification Management". According to your wishes and interests, you can immediately after registration or during the entire use of the application, enable, disable and manage each of these features by deactivating them in the "Manage notifications" menu.
In case you refuse to give your consent to the processing of personal data, you will not be able to complete your registration in the application, through which your health card will be transformed into a virtual one and will allow you to take advantage of the bonus points available in the application and valid for the purchase of insurance products of your choice, special promotional offers from DZI partners, as well as a link to a website to book an appointment for consultation or filing an online claim.
Important: You can withdraw your consent at any time in accordance with the instructions set out in item 11.5 of these General Terms and Conditions, as well as when deleting the account and your data contained therein.
b) Fulfillment of legal obligations.
The processing ensuring fulfillment of legal obligations is necessary, for example, when the law stipulates obligations of the Administrator to retain or provide information upon receipt of a relevant order from the competent state or judicial authorities, while providing an opportunity to exercise the control powers of the competent government agencies and in the performance of legal obligations to retain and/or provide information related to you.
c) Legitimate interest.
The processing for the purposes related to the protection and implementation of the legitimate interests of the Administrator is necessary for the protection of his/her legitimate interests and/or of his/her contractors, as this is balanced in an appropriate way with your interests, as the data processing takes place within the scope strictly necessary for communication with you on issues related to the application, as well as for administration and servicing of received signals, complaints, requests and other correspondence and for realization and protection of the rights and legal interests of the Administrator.
3. By installing the Mobile application, each User should agree to the General Terms and Conditions of the application. DZI will process the data of the Users who have installed the application, and the data will be stored as follows, depending on their category:
3.1. Your mobile device stores health information provided by the activity software application built into the mobile device (e.g. Apple Health, Samsung Health, Google Fit, etc.)
3.2. The servers of the following DZI contractors - Sirma ICS JSC, DATICUM JSC and AKTA LTD, DZI will store the following categories of your personal data: telephone number (always), name, surname, email address, date of birth, gender (if provided) and such data only to identified clients of DZI - Life Insurance JSC - health card number, DZI Energy, Avatar level, DZI Pearls (balance), health record, consents granted, offers taken from DZI Store, participation in quizzes, friends, emergency contacts.
3.3. The categories of data that are processed by DZI for the purposes of using the Mobile application are divided into the following, according to the quality in which the User operates:
А) For users who use the application without identifying themselves as clients to the Administrator - DZI and who are not insured persons who have an active Good Health or Comprehensive Medical Care health insurance, DZI will process the following categories of personal data:
• First name
• Last name
• Phone number
• Email address
• Date of birth
B) For Users who use the application and have identified themselves as insured persons to the Administrator - DZI and who have an active Good Health or Comprehensive Medical Care health insurance, DZI will process the following categories of personal data:
· Health card number;
C) All Users may additionally enter the following optional categories of personal data in the application:
· Allergies to food and beverages
· Blood type
· Drug allergies
· Regular medication
The listed categories of personal data are optional in order to use the Mobile application, and to enter them, the User of the application expresses explicit consent by declaring that he/she is familiar with and accepts these General Terms and Conditions.
4. By digitizing their health card Users confirm that they are familiar with and agree to these General Terms and Conditions, and that they agree that the personal data provided can be processed by the Administrator for the purposes specified therein.
5. For the Users of the application who have identified themselves as clients of DZI and insured persons, DZI will provide them with special offers and promotional initiatives implemented on the Internet, as the Administrator uses a legal basis for the processing of personal data within the transmission of such data. - consent within the meaning of Article 6 (1) (a) of the GDPR.
The purpose of processing your data as a User who has digitized their Health or Comprehensive Medical Care health insurance card through the functionality "Add DZI health card" is to obtain information about games with prizes, special offers, promotional initiatives, discounts, new services, loyalty programs and facilitated use of the same. By checking the box for agreement with these rules and subsequent digitization of your Health Card, you confirm your consent to the processing of your personal data for the specified purpose. After your registration you will receive notifications from us in the application you use.
You can withdraw your consent to receive promotional offers from DZI at any time with effect from now on by sending an email to the following address: email@example.com or delete your account in the mobile application. Information about the possibility to unsubscribe is contained both in the application itself and on the DZI website www.dzi.bg. If you wish to request the deletion of the optional personal data provided by you, you can exercise your right by sending an email to the Data Protection Officer at the following address: firstname.lastname@example.org. As a result, the optional data provided by you will be deleted.
Term for storage of personal data.
In case you uninstall the Mobile application, the personal data provided by you will be stored for a period of 5 years from the date of uninstallation.
Recipients of personal data
DZI employees from the business units have direct access to the personal data of the Users of the Mobile application, and they are directly responsible for managing the activities for its development and maintenance. DZI works with contractors and developers who support the functionalities of the Mobile application. Such contractors are, for example, SIRMA ICS JSC, DATICUM JSC and AKTA LTD, from which DZI requires compliance with the highest standards for technical and organizational support for the protection of personal data provided. DZI does not transfer data to countries other than Bulgaria.
6. As a data subject, you have the following rights with regard to the processing of your personal data:
· Right of access to your personal data and provision of information for the purposes of processing, categories of personal data, recipients to whom personal data are disclosed, retention periods, etc.
· Right of correction - to request that your personal data be corrected if it is inaccurate or incomplete.
· The right to withdraw your consent to the processing of your personal data at any time when the processing is carried out on the basis of your consent.
· Right to be deleted (the “right to be forgotten”) - Your personal data should be deleted on the following grounds: personal data are no longer needed for the purposes for which they were collected/processed; when you deactivate and delete the application; when you withdraw your consent, when the processing of data is based on consent; where there is no other legal basis for processing; when the data have been processed illegally, etc.
· The right to limit the processing for a certain period of time, when the accuracy of the data is disputed or there is an objection to the processing based on the legitimate interests of the controller.
· Right to portability of personal data - to receive your personal data in a structured, widely used and machine-readable format, when they are processed in an automated manner on the basis of consent or contractual obligation, if there is a technical possibility to provide them.
· The right to object to the processing of your personal data when their processing is based on the legitimate interest of the controller. In the event that your objection relates to the processing of personal data for direct marketing and customer relationship management, we will unconditionally suspend their processing for these purposes.
· Right to appeal to the Commission for Personal Data Protection (CPDP) or to the court in connection with the processing of your personal data. You can get more information on the website of the Commission for Personal Data Protection: www.cpdp.bg, where you can file a complaint.
7. For all other issues related to the processing of personal data that are not regulated in these Rules, the provisions of Personal Data Protection Act and Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
8. Users may request information regarding the processing of personal data at any time in writing at the above address of the personal data controller or by email - email@example.com.
Detailed information on the protection of personal data and the exercise of your rights can be found in the "Information on personal data protection" on our website www.dzi.bg.