Get app Get app Join us!

Privacy Policy

Last updated on 13.11.2025.

Who is your Personal data controller?

Your personal data controller is Balcia Insurance SE (we, Balcia, insurer), registered in Latvia with the registration number 40003159840, legal address K.Valdemara Street 63, Riga, LV-1010, Latvia.

Phone: +372 57 779 090

E-mail: [email protected]

Please refer to the last section of this document for more information about the countries where we operate and the relevant contact details.

HOW TO CONTACT OUR DATA PROTECTION OFFICER?

If you have any questions related with personal data processing done by Balcia, you can contact our data protection officer by sending an e-mail to [email protected].

WHY DO WE PROCESS YOUR PERSONAL DATA AND ON WHAT BASIS?

We process your personal data for the following purposes:

(a) Provision of our services (including: your identification; conclusion and performance of the insurance contract; contract administration; communication with you in relation to contract conclusion or performance; insurance risk assessment and premium calculation; assessment and calculation of insurance claims).
Legal basis: conclusion and performance of a contract.

(b) Preparation and delivery of a new insurance contract offer.
Legal basis: your consent or Balcia’s legitimate interests (depending on the specific case).

(c) Prevention of misuse of Balcia’s services (including: prevention and detection of fraud; application of enhanced risk management measures to certain client profiles).
Legal basis: Balcia’s legitimate interests, fulfilment of a legal obligation, or performance of a task carried out in the public interest (depending on the specific case).

(d) Examination and administration of client complaints.
Legal basis: fulfilment of a legal obligation.

(e) Risk management (including within internal control and governance systems).
Legal basis: fulfilment of a legal obligation or Balcia’s legitimate interests (depending on the specific case).

(f) Improvement of services, business processes, and user experience (including: elimination of technical failures; conducting market research; enhancement of pricing models).
Legal basis: Balcia’s legitimate interests.

(g) Ensuring security and digital resilience (including implementation of physical and cybersecurity measures).
Legal basis: fulfilment of a legal obligation or Balcia’s legitimate interests (depending on the specific case).

(h) Protection of Balcia’s rights and interests (including: bringing, maintaining, and enforcing claims; debt recovery (including out-of-court); enforcement activities; assignment of claims).
Legal basis: Balcia’s legitimate interests.

(i) Direct marketing and advertising purposes (for example: sending commercial communications; approaching potential clients; delivering location-based content or offers).

Legal basis: consent or Balcia’s legitimate interests (where applicable).

(j) Fulfilment of obligations established by laws and regulations.
Legal basis: fulfilment of a legal obligation or performance of a task carried out in the public interest (depending on the specific case).

(k) Quality control of client service (including: monitoring of call content; verification of information provided to clients).
Legal basis: Balcia’s legitimate interests.

WHAT PERSONAL DATA DO WE PROCESS?

We typically process the following categories of personal data:

(a) Identification data (e.g., full name and surname, national identification number, date of birth, age).

(b) Contact data (e.g., telephone number, e-mail address, postal address).

(c) Offer data (e.g., information provided when requesting an insurance quote or before concluding an insurance contract, such as details about the object to be insured, desired coverage, and relevant risk factors needed to prepare an individual offer).

(d) Contract and policy data (e.g., policy number; insurance product type; policy period; details of the insured object (e.g., information about a vehicle, immovable property, or other insured item); information about policyholder, insured person, beneficiary and relevant third parties; coverage limits, deductibles, premiums, discount; history of policy offers, renewals, amendments or cancellations).

(e) Financial and payment data (e.g., bank account number, payment history and outstanding balances; information about the payer; claim payment amount, recipient, and date).

(f) Claim and event data (e.g., details of the occurred event (including date, location description); information about damages (including description, invoices, photos, repair estimates); evidence (including witness statements, police reports, expert opinions); limited health-related data strictly necessary for assessing the claim; data of third parties involved in the event (e.g., injured party, vehicle owner, driver); correspondence and supporting documents related to the claim).

(g) Risk management data (i.e., information necessary for managing risks relevant for our business (incl., misuse of services, fraud, technical disruptions, counterparty default, etc.)).

(h) Communication data (e.g., recordings of incoming and outgoing calls; correspondence (including via emails, letters, online chats)).

(i) Technical, device and digital interaction data (e.g., activity logs; IP address; application version; operating system; device model and type; browser information; cookie and similar-technology data; login credentials); network connection information (e.g., mobile, Wi-Fi)).

(j) Geofencing data (e.g., device location; interaction with defined geographic zones (“geofences”); hashed customer profile references; responses to marketing actions (e.g., whether a push notification was received, opened, or ignored)).

(k) Marketing and profiling data (e.g., marketing preferences; participation in campaigns, surveys, or promotions; Identifiers linked to marketing campaigns (e.g., internal campaign ID, segment ID)); statistics.

(l) Regulatory and legal compliance data (e.g., data related to customer complaints; regulatory investigation data; audit-related data; sanctions screening data).

HOW DO WE COLLECT YOUR PERSONAL DATA?

We collect personal data mainly in two ways:

(a) Directly (i.e., from you).
This occurs, for example, when you:

- apply for or use our services;
- submit an insurance claim;
- communicate with us (e.g., by phone, e-mail, mail, online chat, via our website, mobile application, or other channels);
- participate in our marketing campaigns, surveys, or other initiatives;
- use our website, mobile application, or self-service tools;
- otherwise interact with us in connection with our services.

(b) Indirectly (i.e., from other sources).
In certain cases, we may obtain your personal data from third parties or publicly available sources. These may include:

- brokers, agents, or other intermediaries involved in the insurance process;
- experts, repair shops, or service providers involved in claim handling;
- other insurance companies or financial institutions;
- public authorities and supervisory bodies (e.g., data protection authority, law enforcement agencies, courts, etc.);
- publicly available databases and registers (e.g., company, vehicle, or property registers);
- third parties related to an insured event (e.g., witnesses, injured parties, medical institutions, doctors, etc.);
- third parties involved in the provision of our services or daily operations (e.g., payment service providers, marketing service providers, identity verification providers, fraud prevention services, etc.);
- any other lawful sources, provided that the collection and use of such data complies with applicable data protection laws, including the General Data Protection Regulation (GDPR).

IS IT MANDATORY TO PROVIDE PERSONAL DATA?

In accordance with insurance regulatory enactments:

- we have the right and obligation to collect data concerning insured persons or beneficiaries included in insurance contracts or declarations submitted by policyholders prior to conclusion of an insurance contract, for the purpose of insurance risk assessment or for the performance of an insurance contract, for example, claims handling process;

- by entering into a contract, a policyholder or an insured person is obliged to provide all the information regarding the circumstances the insurer has requested and that is necessary for the insurer, in order to assess the probability of the occurrence of insurance risk and is important for entering into an insurance contract;

- we have an obligation to verify the occurrence of the insured event prior to the payment of the indemnity or refusal to pay the indemnity;

- the insured person is obliged to submit to the insurer all documents describing the occurrence of the insured event, including documents containing special categories of personal data (such as personal data concerning health condition) as well as other information requested by the insurer.

If the policyholder or an insured person does not provide the information requested by the insurer:

- the insurance proposal cannot be provided, and the insurance contract cannot be concluded, as the insurer is unable to assess the probability of the occurrence of the insured event nor the payable insurance premium;

- insurance indemnity cannot be paid as the insurer is unable to verify the occurrence of the insured event nor assess the amount of the indemnity.

WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

- In cases and to the extent specified by law we might transfer your personal to persons or institutions duly authorized by law, for example, supervisory authority, law enforcement institutions etc.

- In cases when it is necessary for the performance of the insurance contract, claims handling, debt collection, legal proceedings, for example, to obtain information from state registries or other public or private institutions, to assess the possibility of insurance risk occurrence, the amount of payable insurance premium, to recover debts, we might transfer your personal data to third parties, such as medical institutions, claim handlers, experts, lawyers, debt collectors, banks etc. in accordance with regulatory enactments and our legitimate interests.

- We might use authorised processors for processing of your personal data related to provision of our services, for example, postal services, services of archiving, translators, legal consultants, claim handlers etc. In such cases, we ensure that such processors provide sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing meets the requirements of the applicable law, including General Data Protection Regulation, and ensure the protection of the rights of the data subjects.

- In the event of an insured risk occurring under the MTPL insurance, we may, in accordance with the requirements of applicable laws and regulations, disclose your personal data to our Green Card correspondent or our representative who is responsible for handling and settling claims on behalf of Balcia in the country where the insured risk occurred.

- To prepare and send you a new insurance contract offer, we may share your personal data with third parties (including insurance offer aggregation intermediaries) in order to conduct market research and calculate the most suitable offer for you.

Your personal data may be transferred to third countries (outside the European Union) for the purpose of claim settlement:
(a) within the framework of the Green Card system;
(b) in travel insurance cases specified in the insurance terms and conditions, such as reimbursement of medical expenses, repatriation of the insured person to their home country, or repatriation of mortal remains.

FOR HOW LONG DO WE PROCESS YOUR PERSONAL DATA?

Your personal data will be processed no longer than necessary. The data storing period may depend on the concluded insurance contract, the legitimate interest of Balcia or the applicable law (for example, claims limitation period specified in insurance regulatory enactments, civil law, bookkeeping regulatory enactments etc.).

If you decide to terminate the insurance contract and discontinue using our services, we may continue to process your personal data in accordance with the requirements of applicable laws and regulations.

If you withdraw the consent you have previously given, we may continue to process your personal data obtained while your consent was still valid, if such processing is necessary to protect our legitimate interests.

IS THERE AUTOMATED DECISION MAKING INVOLVED IN THE PROCESSING OF YOUR PERSONAL DATA?

Some of your personal data might be subjected to the automated decision making, for example, when evaluating the possibility of the insurance risk occurrence or evaluating the amount of the payable premium and for Balcia to ensure the best and the most appropriate insurance proposals.

You have the right to obtain human intervention on the part of Balcia, to express your point of view and to contest the decision made based on automated decision-making process.

HOW DO WE ENSURE SECURITY OF YOUR PERSONAL DATA?

In order to process your personal data, we have implemented appropriate organizational and technical measures to guarantee personal data security, including protection against unauthorized or unlawful personal data processing, accidental loss or destruction of personal data.

WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

In accordance with the General Data Protection Regulation, as a data subject you have the right to:

- request from Balcia access to personal data. This means that you can request for us to inform you whether we process your personal data, provide you with a copy of your personal data we process, provide information about your personal data processed by us (for example, what data about you and for what purposes we collect, to whom we disclose your personal data, whether we transfer this data outside the European Union and other information);

– request the rectification of your personal data from Balcia. This means that if you notice that the personal data we process about you is incorrect or inaccurate, you may ask us to correct or complete such data;

– request the erasure of your personal data from Balcia. This means that you may ask us to delete your personal data in cases where such data is no longer necessary for the purposes for which it was collected — for example, when you have withdrawn your consent, when you object to our processing of your personal data, when you believe that we are processing your personal data unlawfully, or in other similar cases. In certain situations, we may not be obliged to delete your personal data — for example, when such processing is necessary to comply with applicable legal requirements;

- request from Balcia restriction of processing concerning your personal data. This means that you can request us to restrict the processing of your personal data, except for storage, in cases you contest the accuracy of your personal data, you believe your personal data is being processed unlawfully, your personal data is no longer necessary for the purposes it was collected for, you object to processing of your personal data until it is checked, whether our legitimate reasons override your reasons. During the period of the restriction of processing of your personal data, we might not be able to provide you with our services;

- object to processing of your personal data. This means that you can object on grounds relating to your particular situation, at any time to to the processing of your personal data which is based on your consent or our legitimate interests. In such cases, we might not be able to provide you with our services;

- data portability. This means that you can request us to provide you personal data related to you which you have provided to us in a systematized, normally used and machine readable format, you can also request us to transfer your personal data to another data controller where it is technically feasible if the processing has been based on your consent or the contract and processing is carried out by automated means.

– withdraw your consent at any time. You have the right to withdraw your consent to the processing of personal data at any moment, if consent is the legal basis for such processing. Please note that the withdrawal of consent does not affect the lawfulness of processing carried out on the basis of your consent before its withdrawal.

You can exercise your rights as a data subject by contacting us in writing using contact information mentioned above.

RIGHT TO LODGE A COMPLAINT

If you have any concerns about the processing of your personal data, we encourage you to contact us first using the contact details provided above. We will carefully review your complaint and do our best to resolve the issue in a fair and timely manner.

However, if you believe that your personal data is being processed in violation of applicable data protection laws, you also have the right to lodge a complaint directly with a supervisory authority.

The main supervisory authority for Balcia Insurance SE is the Data State Inspectorate of the Republic of Latvia (Datu valsts inspekcija):
Address: Elijas iela 17, Riga, LV-1050, Latvia
Website: www.dvi.gov.lv
Email: [email protected]

If you reside in another EU/EEA country, or if the alleged infringement took place there, you may also submit your complaint to the data protection authority of that country. A list of EU data protection authorities is available on the website of the European Data Protection Board (EDPB) at https://edpb.europa.eu

DO WE USE COOKIES ON OUR WEBSITE?

Yes, we use cookies on our website. To learn more, read our Cookie policy.

WHERE WE OPERATE

Lithuania — Balcia Lithuania Branch
Registration No.: 304498010
Address: Perkūnkiemio g. 5, Vilnius, LT-12129, Lithuania
Tel.: +370 5200 0630
E-mail: [email protected]

Poland — Balcia Poland Branch
National Court Register (KRS): 0000493693
NIP: 5263124162 | REGON: 147065333
Address: Al. Jerozolimskie 96, 00-807 Warsaw, Poland
Tel.: +48 222 742 222
E-mail: [email protected]

France — Balcia France Branch
Registration No.: R.C.S. Nanterre 797 882 016 | SIRET: 797 882 016 00018
Address: 86 rue Anatole France, 92300 Levallois-Perret, France
Tel.: +33 (0)1 75 33 40 89
E-mail: [email protected]

Germany — Balcia Germany Branch
Registration No.: HRB 49268
Address: Senefelder Str. 17, 63322 Rödermark, Germany
Tel.: +49 (0)6074 91765 0
E-mail: [email protected]

Spain — Operations carried out under the freedom to provide services
Tel.: +371 6703 0500
E-mail: [email protected]

Italy — Operations carried out under the freedom to provide services
Tel.: +371 6703 0500
E-mail: [email protected]