Personal data security policy
In accordance with Law no. 677/2001, CMC GRUP RISK ADVISOR SRL processes personal data, respecting the principles set out below, for legitimate purposes. The processing of personal data shall respect the legal requirements and in conditions that ensure security, privacy and the rights of the subjects.
Security measures taken by CMC GRUP RISK ADVISOR SRL:
1. Space security. The premises where CMC GRUP RISK ADVISOR operates its activities are provided with an alarm connected to a security company. The access into the premises is based on a code known only by the user and this way the security company can identify the person who enters.
2. In the areas where personal data is processed the access of external persons is forbidden.
3. Each user of personal data has access to information based on sharing criteria of the portfolio of clients and hierarchical levels.
4. Access to the IT system is based on username and password.
5. Access to database SIMBA (soft through which the portfolio is managed) is based on username and password and hierarchical levels.
6. Information is not used by other persons than those under contract with CMC GRUP RISK ADVISOR, which requires each employee/agent to ensure confidentiality during the contract and 24 months after its termination.
7. The information is sent out to insurance companies exclusively in the interest of customers / potential customers for the negotiation and conclusion of insurance policies.
8. The company which manages SIMBA and E-SIMBA assumes responsibility by respecting total confidentiality of the information it has access to.
9. Backups are made for all insurance policies issued and other related documents, which are archived and accessed by operators based on hierarchical levels.
10. During the training courses the operator shall inform the users about the Law no. 677/2001 and Law no. 182/2002 referring to protection of classified information.
11. For information protection, antiviruses are installed and the users end their working session when leaving from work.
The processing of personal data is subject to the following principles:
• Notification. The operator of personal data shall be notified by the National Supervisory Authority for Personal Data Processing.
• Legality. The processing of personal data is made pursuant to and in accordance with the legal provisions.
• Well-determined goal. Any processing of personal data is made for preparing proposals and insurance contracts.
• Confidentiality. The users who process personal data have a confidentiality clause in their contract.
• The consent of the person concerned. Any processing of personal data, except for the ones listed in Law no. 677/2001, can be performed only if the data subject has consented expressly and unequivocally to that processing.
• Information. Informing people is done by those users who process personal data of the person concerned.
• Protection of persons concerned. Data subjects have the right to interfere with the data processed by CMC GRUP operators if the data is not real. Data subjects have the right of opposing, the right not to be subject to an individual decision and also the right to address the National Supervisory Authority for Personal Data Processing or the court for defending right guaranteed by law.
• Security. Security measures of personal data shall be such as to ensure adequate security of personal data processed.
The data will be made available to state agencies if there is a request from them in this regard.