Privacy Notice
Companjon is an innovative, digitally-enabled Insurtech which has been established to offer insurance solutions to our business partners and end customers. We care about data and data privacy compliance is central to our company ethos. Companjon processes personal data as a matter of course to operate its business, when offering its services and when users visit this website. This Privacy Notice is designed to ensure compliance with the EU General Data Protection Regulation (GDPR) and UK General Data Protection Regulation (where applicable) and explains which data is processed for which purposes and what rights you have in relation to the processing of your personal data:
A. I. Data processing on the Companjon website: This section points out how Companjon collects and uses data when you visit this website.
A. II. Data processing in relation to our insurance solutions: This section covers the processing of data when you use our insurance solutions or services.
B. Your rights in relation to the processing of your personal data.
C. Changes to this Privacy Notice.
A. I. Data processing on the Companjon website
1. Who is responsible for the processing of your personal data?
Companjon Services DAC, company registration number 659078
Custom House Plaza, Harbourmaster Place, IFSC, Dublin 1, D01V9V4 (“Companjon”, “we”, “us”)
is the responsible controller for the processing of your personal data when you visit this website. You can direct any questions on data protection to the data privacy team of Companjon via email to dataprivacy@companjon.com
2. What data is collected and processed and for what purposes?
Automatically collected data/ server log files
When you visit our website, we automatically collect the following data which is relevant for system security and data security, in so-called log files of the web server:
- Network information (e.g. IP address, browser version)
- Session details (e.g. time stamps)
These log files are temporarily stored for the purposes of tracking malfunctions and enhancing system security, including detecting and tracing unauthorized access attempts and accesses to our web servers. The log files are deleted/overwritten unless a suspect case of unlawful access to our web servers has occurred.
This data processing is based on our legitimate interest to remove technical malfunctions, guarantee the system security of our website and detect and trace any unauthorised accesses or access attempts (Art. 6(1)f GDPR). We also process the data as necessary for compliance with a legal obligation (Art. 6(1)c GDPR).
Cookies and related technologies
We collect information through cookies and other similar technologies (e.g. pixel tags or links) when you visit our website or our customer self-service portal where you have given us your consent (Art. 6(1)a GDPR). These tools are used by Companjon and our third-party service providers to help enhance our insurance solutions and services, the functionality and performance of our website and to support more tailored advertising.
You can find more information on the cookies used on our website and how you can manage your cookies consent preference by viewing our Cookie Policy.
Web Forms
We use the service of HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA ("HubSpot") to collect limited information from you via online forms which enables us to provide you with digital content where you have requested this. HubSpot processes the data exclusively at our request. It is also in our legitimate interest to be aware of who our digital content reaches (Art. 6(1)f GDPR).
Please note: If you consent to provide information in this way to receive digital content from us, personal data may be transferred to service providers in third countries outside the EU or EEA.
The data we collect from you is your email address, last name, first name, company name, job title. We use this data to send you the content requested and to market future offers to you where you have consented to this. When we send you marketing information, we will always give you the option to opt-out of any future marketing.
Contact
You can contact us via the contact section on our website. We process the following data provided by you in the email: name, email address, the category of your request and your message(s). The data is processed to answer your request appropriately (Art. 6(1)b GDPR) and it is in our legitimate interest to manage and answer your enquiry (Art. 6(1)f GDPR).
Sharing content on social media
On our website, you will find social media icons to share content of your choice on Facebook, X formerly Twitter and LinkedIn. When clicking on the icons, you are directed to these social media networks where different privacy notices apply.
For how long do we store your personal data?
We store your data for as long as necessary for the purposes described in this privacy notice and according to the legal basis for processing your information. Personal data is deleted by us on a periodic basis according to regulatory requirements. See our cookie policy for details on how long we store cookies on your device.
3. Is your personal data transferred to third parties?
Whenever your personal data is transmitted to external recipients (service providers) that process the data on behalf of Companjon it is contractually ensured that your data is transmitted and processed in compliance with all applicable data protection laws.
The external service providers and processors (e.g. IT service providers, host providers, internet service providers, telecommunications providers, billing service providers, customer support service provider, marketing agencies) used by Companjon may also receive personal data as far as this is necessary to fulfil contractual and legal obligations (Art. 6(1)b,c GDPR) or covered by the legitimate interest of Companjon (Art. 6(1)f GDPR).
We share information to comply with requests of supervisory authorities, regulators, courts, and/or legal counsels if required to investigate, defend or prosecute a claim or investigation of potential fraudulent or criminal behaviour.
4. Is your data transferred to a third country outside of the EU or EEA when using our website?
Companjon is a pan-European provider of digital insurance solutions and processes your personal data in member states of the European Union (EU), the European Economic Area (EEA) and the United Kingdom.
Occasionally, it is necessary for our technical service providers or third parties to have access to the data stored in the EU (for analysis purposes, for technical support or to check the security of the services). Some of these service providers may be located in a third country outside the EU/ EEA. We take steps to ensure that any access of personal data outside the EU/EEA is carefully managed to protect your privacy rights and ensure that adequate safeguards are in place. This might include transfers or access in countries that are considered to provide adequate levels of data protection for your personal data as approved by the European Commission. Companjon adheres to the EU-U.S. Data Privacy Framework as set out by the U.S. Department of Commerce with respect to personal data that is transferred from the EEA to the United States within the scope of Data Privacy Framework.
To ensure an adequate level of data protection, Companjon implements appropriate and adequate technical (e.g. encryption) and contractual measures (definition of access rights on a need-to-know basis, documented instructions by Companjon) in such cases. Such processing is also performed in compliance with the European Data Protection Board’s Recommendations on Supplementary Measures (01/2020). For more information about data transfers and the safeguards we have put in place, please contact our data privacy team by emailing dataprivacy@companjon.com
5. Do you have an obligation to provide your data?
You do not have any obligation to provide your personal data when you visit our website. However, please note that you may not be able to use certain tools and features of the website if you do not provide your data.
6. Automated decision-making
When visiting our website, you will not be subject to any automated decision-making according to Art. 22 GDPR.
A. II. Data processing in relation to our insurance solutions
1. Who is responsible for the processing your personal data?
We work with a number of parties to provide you with our insurance solutions.
Our business partners
Companjon offers insurance solutions through its business partners. When you are provided with an insurance solution from us it is linked to a service or product that you have bought through one of these business partners. It is important that you check the privacy notice of the relevant business partner to see how your data is processed by them.
Our Insurance solutions
We team up with different insurance underwriters to provide customers with cover. Details of the insurer relevant to your solution can be found in the privacy notice attached to your terms and conditions for insurance.
Our official registration details are as follows:
Companjon Services DAC, company registration number 659078, Custom House Plaza, Harbourmaster Place, IFSC, Dublin 1, D01V9V4, Ireland.
Companjon Services DAC, trading as Companjon, is regulated by the Central Bank of Ireland. Company Services DAC is an insurance intermediary.
Companjon Services UK Branch is responsible for and acts as a data controller of personal data of our UK customers. Companjon Services UK Branch is a sister company of Companjon.
The official registration details are as follows:
Companjon Services UK Branch, company registration number BR024487, 4th Floor, 107 Fenchurch St, London EC3M 5JF, United Kingdom.
The way we process personal data can differ according to the arrangements with our various business partners and insurance underwriters. Depending on the nature of the data processing activity, the controller of your personal data may be Companjon on its own or acting in joint controllership with one of our business partners or insurance underwriting partners.
We will always strive to ensure that your data is handled appropriately and in accordance with relevant data protection law. In particular, we ensure the safeguarding of your rights as a data subject (see section B). Please refer to the privacy notice appended to the terms & conditions of your insurance cover for specific information on what parties process your personal data, what data they process and the legal basis for such processing.
If you require further information, you can contact our data privacy team via email at dataprivacy@compajon.com
2. Which data is collected and processed?
During the term of your customer relationship with us, Companjon processes your personal data as follows.
Insurance solution data
Companjon processes personal data that is required for the conclusion of insurance solutions and collects details of the products and services that are provided to you as well as information that you provide voluntarily (e.g. full name, country of residence, email address, mobile phone number, booking number, booking date (or purchase date), departure date, return date, cancellation date and time, ticket value, number of tickets, currency, one-way or return ticket, bus/train line, ticket type, departure station name, arrival station name), collectively "Insurance Solution Data". The Insurance Solution Data may be provided through our business partners and processed by Companjon to provide our services.
Note that when you enter into an insurance solution agreement with us for the benefit of third party individuals as their representative, we may also process personal data of these individuals, and you are required to inform them of the processing of their data in accordance with this privacy notice.
Communication Data
In order to provide the insurance services, Companjon collects and processes communication data about you (email address, content of messages provided to us via chat or email or any other channel of communications, metadata such as date and time).
Claims Data
Claims Data is information obtained from you for the processing and settlement of an insurance claim. In particular, this includes information on the incident or event, the amount of the loss, insured benefits, payment arrangements and payment information (such as International Bank Account Number), invoiced premiums, type of insurance benefit.
Customer Support & Service Data
When you submit a query or request to us in connection with your insurance solution, it is necessary for us to collect and generate personal data about you such as the nature of your query or request (e.g. customer support/troubleshooting request, policy cancellation request, refund request or policy amendment request), your email, full name, date of birth, the date of your query or request and other information relevant to your particular insurance solution for example, flight information or information pertaining to an insured activity.
Data from online services and activities
Through our online customer service portal, we collect information about your online activity using cookies and other similar devices, which can be controlled through internet browsers and by using our cookie preference centre on our website or portal. For detailed information on the cookies we use and the purposes for which we use them, see our Cookies Policy, which is available on our website.
3. For which purposes and on what legal basis are your data processed?
Companjon will process your personal data only to the extent that an applicable legal provision permits such processing, i.e. in accordance with the provisions of the GDPR and other applicable national legislation.
Data processing for the conclusion and performance of the contract
Companjon processes your personal data in order to be able to process and manage the Services in connection with insurance solutions (Solution Data, Communication Data, Claims Data, Customer Support and Service Data), Art. 6(1)b GDPR.
Data processing for statistics and data analytics purposes
To provide you with the insurance solutions, Companjon processes information from the solutions you have purchased, any claims you have made, communication with you and the products and services of business partners covered by the solutions, in order to provide you with the services and to be able to comprehensively take your preferences into account (data analysis purposes). Companjon will use pseudonymised and aggregated data for this purpose to the fullest extent possible. In any case, Companjon will take your interests into account in an appropriate manner. This processing of your data is based on Companjon’s legitimate interest (Art. 6(1)f GDPR).
Data processing for security reasons (including system performance)
Some of your personal data will be processed for security purposes in order to ensure the security of the IT systems used, or to analyse and improve the reliability and performance of the IT systems. In the event of an impairment of the IT systems, it may be necessary to use the data processed by Companjon for legal prosecution (Art. 6(1)c GDPR).
Data processing due to legal and regulatory requirements
The processing of your personal data may also be necessary to comply with legal obligations of Companjon (Art. 6(1)c and f GDPR). Such obligations are, for example, regulation, tax law, accounting and reporting obligations, conducting audits, compliance with governmental audits, prevention, detection and investigation of fraud and other requests from authorities or courts of law.
Data processing for legitimate interest purposes
We may process personal data where it is in our legitimate interest to do so. Where we process personal data for this purpose, we will assess the individual interests, rights and freedoms of the individuals whose data we are processing on this basis. Examples of where we may use this legal basis would be in the prevention, detection and identification of fraud or potential fraud/suspicious activities or in specific cases of direct marketing where we are lawfully permitted to use this legal basis. We may process personal data for performing surveys on customer satisfaction and requesting feedback for quality assurance purposes in order to improve the quality of our insurance solutions.
Personal data provided upon consent
Companjon will process personal data for one of more specific purposes where you have given us your consent to use it (Art. 6(1)a; Art. 7 GDPR). Where Companjon relies on your consent as our legal basis to process your personal data, you can withdraw your consent at any time without giving reasons. The lawfulness of the processing of your personal data up to the time of withdrawing your consent remains unaffected.
An example would be where you have given your consent to use certain cookies in accordance with our Cookies Policy.
In order to withdraw your consent, please use the mechanism provided as part of the consent collection process or alternatively email dataprivacy@companjon.com
4. Is your personal data transferred to third parties?
Your personal data will be processed by our employees (e.g. sales, customer services, claims, underwriting, marketing, legal, IT & management) for the processing purposes listed above.
Whenever your personal data is transmitted to external recipients (e.g. services providers, business partners, the insurer that process the data, on behalf of Companjon or for their own purposes, they are legally required to ensure that your data is transmitted and processed in compliance with all applicable data protection laws. Such service providers may include our IT providers, customer service and claims support, marketing agencies, internal audit, tax and consultancy providers etc.
We may also share your personal data on ad hoc basis with regulatory and government bodies where we are required to do so by law.
5. Is your data transferred to a third country outside of the EU or EEA?
Companjon is a pan-European provider of digital add-on insurance solutions and processes your personal data in member states of the European Union (EU), the European Economic Area (EEA) and the United Kingdom.
Occasionally, it is necessary for our technical service providers or third parties to have access to the data stored in the EU (for analysis purposes, for technical support or to check the security of the services). Some of these service providers may be located in a third country outside the EU/ EEA. We will take steps to ensure that any access of personal data outside the EU/EEA is carefully managed to protect your privacy rights and ensure that adequate safeguards are in place. This might include transfers or access in countries that are considered to provide adequate levels of data protection for your personal data as approved by the European Commission. Companjon adheres to the EU-U.S. Data Privacy Framework as set out by the U.S. Department of Commerce with respect to personal data that is transferred from the EEA to the United States within the scope of Data Privacy Framework.
To ensure an adequate level of data protection, Companjon implements appropriate and adequate technical (e.g. encryption) and contractual measures (definition of access rights on a need-to-know basis, documented instructions by Companjon) in such cases. Such processing is also performed in compliance with the European Data Protection Board’s Recommendations on Supplementary Measures (01/2020). For more information about data transfers and the safeguards we have put in place, please contact our data privacy team by emailing dataprivacy@companjon.com
6. How long will your data be stored?
Companjon will store your personal data for as long as it is necessary for the purposes for which they were collected, in particular as long as it is necessary for the implementation of the insurance contracts and services, including any legal retention periods and documentation obligations and any relevant statute of limitations. In addition, longer retention of your data may be necessary for the assertion, exercise or defence of legal claims (Art. 17(3)e GDPR). Companjon will therefore generally retain your data during ongoing legal proceedings or if such proceedings are imminent.
7. Do you have an obligation to provide your data?
Within the framework of the business relationship it is necessary for you to provide the personal data which is required for the lawful establishment, implementation and termination of insurance solutions and related services. Without such data, Companjon will usually have to refuse to conclude the insurance contract or to execute an instruction or will not be able to continue to service an existing contract and may have to terminate it.
8. Automated decision-making
We use means of automated decision making to manage your insurance solution (including our claims handling processes which are based on defined algorithms). This is particularly relevant for claims where no action is required on your side to submit the claim and our processes automatically identify your entitlement to the claim pay out under your insurance solution.
Automated decision making may also be used to determine your eligibility to purchase our insurance solutions through our Business Partner’s platforms and to determine the amount payable for your cover.
Where we use automated decision making, we respect the rights, freedoms and legitimate interests of policyholders. In particular, you have the right to challenge such decisions that affect you in a legal or significant way and have them reviewed by a member of our team.
You can direct such queries to the data privacy team of Companjon via email to customer@companjon.com or dataprivacy@companjon.com
9. Data Analysis and Machine Learning
We use data analysis to build, train and audit our algorithms (including those used in our Automated Decision-Making) and our machine-learning tools. The algorithms and tools we use help us do a number of things including:
- managing customer service queries e.g. by building data sets in order to make use of Artificial Intelligence through a chatbot service, enabling us to classify topics that our customers are enquiring about and assign pre-defined responses formulated by us;
- managing claims e.g. assessing claims, determining claim amount payable: and
- monitoring and improving our services e.g. looking at how to improve the customer experience
B. Your rights in relation to the processing of your personal data
As a data subject, you can assert a number of rights under the applicable data protection law in relation to your personal data. If you wish to make use of these rights, please contact dataprivacy@companjon.com
Right of access (Art. 15 GDPR): You have the right to ask for access to the personal data stored about you. This information concerns, among other things, the categories of personal data processed, the purposes for which the personal data is processed, the source of the personal data, if not collected directly from you, and, if applicable, the recipients to whom your personal data has been transmitted. You can also obtain a copy of your data.
Right to rectification (Art. 16 GDPR): You can request the rectification of incorrect personal data and the completion of incomplete personal data concerning you.
Right to erasure (Art. 17 GDPR): Subject to the conditions of Art. 17 GDPR, you can request the deletion of your personal data. This may be the case, for example, if the personal data is no longer necessary for the purposes for which it was collected or otherwise processed, if you withdraw your consent, which is the basis for the processing of the personal data, and there is no other legal basis for the processing, if you object to the processing of your personal data and there are no overriding legitimate reasons for the processing. If you object to the processing of your personal data for the purposes of direct marketing or if we have processed the personal data unlawfully. Companjon may refuse to delete your personal data if the processing of your personal data is necessary to ensure compliance with a legal or regulatory obligation or to assert, exercise or defend legal claims.
Right to restriction of processing (Art. 18 GDPR): Furthermore, you may have a right to limit the processing of your personal data, i.e. to tag the personal data stored with the aim of limiting their future processing. One of the conditions specified in Art. 18 GDPR must be met for this purpose.
Right to withdraw consent (Art. 7(3) GDPR): When you have given consent to a processing of your personal data, you can withdraw such consent at any time and without giving reasons. This does not affect the lawfulness of processing based on your consent until withdrawal.
Right to data portability (Art. 20 GDPR): You may also have a right to obtain the personal data concerning you that you have provided, made available in a structured, common and machine-readable format. You may transfer this personal data to another responsible party at your discretion. In addition, you can demand that your personal data will be transferred directly to another controller, insofar as this is technically possible (right to data transferability, Art. 20 GDPR).
Right to object (Art. 21 GDPR): You may object to the processing of your personal data at any time for reasons arising from your specific situation, provided that the processing is based on the legitimate interests of Companjon or those of a third party. In this case, Companjon will no longer process your personal data, unless there are compelling reasons for continued processing which outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims (Art. 21 GDPR). Your right to withdraw your consent to processing is possible at any time irrespective of this right of objection.
Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint at the supervisory data protection authority regarding the data processing carried out by Companjon if you believe that it infringes applicable data protection law.
C. Changes to this Privacy Notice
Companjon may change or update this Privacy Notice from time to time. We advise you to check this Privacy Notice on a periodic basis.
Last updated: November 2023