mpique_logo

PRIVACY POLICY

1. Data Controller

  • Titleholder: M. PIQUE CORREDURÍA TÉCNICA DE SEGUROS, S.A.

  • Registered office: Av. Caresmar, 3, 08700 Igualada (Barcelona)

  • VAT ID: A-58872573

  • Phone: 93 803 77 25

  • E-mail: mpique.seguros@mpique-sa.es

This policy explains how we handle the personal data of our clients, potential clients, contacts, policyholders, insured parties, beneficiaries, injured third parties and other interested parties in the context of the insurance brokerage business.

2. Origin of the data and responsibility of the informant

We obtain personal data directly from you or your legal representative, through forms, communications by post, telephone, email, WhatsApp, other electronic means or, where applicable, through insurance comparators, trade fairs and events, as well as from publicly accessible sources to the extent permitted.

You guarantee that the information provided is true, complete and up to date, and you are responsible for any damages that may be caused to the brokerage or third parties due to false or inaccurate data.

When you provide us with data of other persons (e.g. additional drivers, insured family members, employees of your company), you must have previously informed them of the communication of their data to the brokerage and of the basic aspects of this policy (responsible, purpose, possibility of exercising rights), and you must have a legitimate basis for doing so (contract, legitimate interest, consent where applicable).

3. Categories of data we process

The personal data that we may collect and process include, but are not limited to:

  • Identification and contact data: name, surname, address, e-mail, telephone numbers, gender, marital status, date and place of birth, nationality, family data related to the policy, ID card/passport, driver’s license, vehicle data (license plate, make, model, date of purchase, ownership, leasing/credit), call recording, navigation data (IP, identifiers, etc.).

  • Financial data: bank account data, card or other means of payment.

  • Risk data: information necessary to evaluate the risk and propose policies and premiums (license withdrawals, claims history, cancellations, use of the insured vehicle or property, data required in other lines of business).

  • Credit and anti-fraud data: financial and solvency information, records in solvency and credit files, information from anti-fraud databases.

  • Service information: quotes obtained, policies contracted, changes in coverage, status of receipts.

  • Claims-related information: data on reported claims, existence of bodily injury or other damage (to the extent necessary to advise the policyholder and handle the claim with the insurer).

  • Health and other special data: only when necessary for the contracting and management of health, life, accident, disability or other insurance policies that require an assessment of the state of health or similar circumstances, and always with an appropriate legal basis (execution of the insurance contract and, where appropriate, explicit consent or specific regulations).

  • Data relating to criminal offenses and convictions: insofar as they are necessary for risk assessment or fraud detection and prevention, in accordance with Article 10 RGPD and sectorial regulations.

  • Marketing and communications data: contact preferences, acceptance or opposition to receive commercial communications, participation in events or promotions.

  • Statistical and aggregated data: aggregated or anonymized information for statistical or analysis purposes, which does not allow you to be identified directly or indirectly.

4. Purposes of treatment

We will use your personal data only for the purposes described below and those compatible with them.

a) Commencement of brokerage and advisory relationship

  • Acquire customer status.

  • Evaluate the risks to be covered and propose appropriate policies and premiums.

  • To advise you objectively on the insurance products that best suit your needs.

  • Perform risk analysis and fraud detection and prevention.

  • If applicable, manage the payment of the premium to the insurance company.

b) Policy administration and management

  • Comprehensive management of policies: additions, modifications, renewals, cancellations.

  • Customer service (including communication by any means and sending communications related to your insurance).

  • Management of payments, collections, returns and recoveries.

  • Quality controls on the service provided.

c) Attention and management of claims and claims management

  • Processing of insurance and reinsurance claims.

  • Advice and defense against the insurance company.

  • Advice on the defense of claims arising from the contractual relationship.

  • Investigation and, if necessary, prevention of fraud.

d) Renewals

  • Contact to manage policy renewals.

  • Objective advice on the most appropriate products and coverage for each renewal.

  • If applicable, management of premium payment.

e) Compliance with legal and regulatory obligations

  • Comply with insurance and insurance distribution regulations, prevention of money laundering and financing of terrorism, tax, accounting and any other applicable regulations.

f) Marketing and advertising

  • Send suggestions and recommendations on insurance products or other services directly related to the insurance industry that may be of interest to you.

  • Invite them to contests, promotions, events or other loyalty actions related to our activity.

  • From time to time and always based on a reasonable expectation or your consent, send you informative content on topics related to our field (e.g. road safety, prevention, health, automotive) connected to your policies or interests.

You may object at any time to receiving commercial communications through the channels indicated in the Rights section.

5. Legal basis for processing

The bases that legitimize the treatment are:

  • Execution of a contract or application of pre-contractual measures

    • Processing necessary to evaluate risk, quote, contract, manage and renew policies.

    • Claims management, claims and defense against the insurer.

  • Compliance with legal obligations

    • Insurance regulations and insurance distribution.

    • Regulations for the prevention of money laundering and financing of terrorism.

    • Tax, accounting, commercial and any other regulations applicable to the sector.

  • Legitimate interest of the brokerage firm or third parties

    • Maintain relationships with clients and professional contacts.

    • Perform quality controls and internal analysis to improve the service, applying the minimum possible intrusion.

    • Prevent fraud and protect the security of insurance operations.

    • Send commercial communications about products and services similar to those already contracted when the LSSI allows it, taking into account your rights and expectations and always providing you with a simple means of opposition.

  • Consent

    • When required for certain processing of special categories of data (e.g., health data not covered by specific insurance regulations).

    • For commercial communications that cannot be based on legitimate interest according to the LSSI (for example, when there is no prior relationship or unrelated products).

    • When the regulations require explicit consent for certain specific transactions.

  • Establishment, exercise or defense of legal claims

    • Treatment necessary to formulate, exercise or defend judicial or extrajudicial claims.

6. Conservation periods

We will retain your personal data only for as long as necessary for the purposes for which it was collected and for as long as there is any possibility of a claim related to the insurance or contractual relationship.

In particular:

  • During the term of your policies and the processing of claims.

  • Subsequently, during the statute of limitations for legal liabilities (civil, commercial, tax, money laundering and other applicable).

During this time, the data may be kept blocked, accessible only to meet legal responsibilities or claims. Once these periods have elapsed, we will proceed to their deletion or anonymization, unless you have authorized specific processing for a longer period.

7. Data recipients

We may communicate your data, when necessary, to the following recipients:

  • Insurance and reinsurance companies.

  • Anti-fraud and sanctions database providers.

  • Credit reference agencies and solvency and credit files, when there is a legal basis to do so.

  • Recovery companies, in case of non-payment, complying with the applicable regulations.

  • IT services and systems companies, management platforms for insurance companies, software providers, hosting and maintenance.

  • Professional advisors (auditors, lawyers, tax advisors, experts, experts and media agencies).

  • Claims managers and third parties involved in the investigation and handling of claims.

  • Security Forces and Corps, Courts and Tribunals, General Directorate of Insurance and Pension Funds and other Administration bodies with competence in the matter, when there is a legal obligation or requirement.

  • Communication platforms and marketing and advertising service providers, always under our instructions and with processing assignment contracts.

  • Financial institutions for the management of collections and payments.

  • Satisfaction survey organizations and organizers of events related to our activity.

All these third parties will process the data exclusively for the indicated purposes and under our instructions, when acting as data processors, adopting the appropriate security measures.

8. International Transfers

We do not currently make international transfers of personal data outside the European Economic Area on a systematic basis.

If in the future it is necessary to use services from providers located outside the EEA or involving international transfers (e.g. certain cloud services or marketing tools), we will ensure that the data is transferred with appropriate safeguards by applying one of these mechanisms:

  • Standard contractual clauses approved by the European Commission.

  • European Commission adequacy decisions with respect to the country of destination.

  • Adherence of the provider to a framework recognized by the EU that offers equivalent guarantees (e.g., the EU-US Data Privacy Framework in force from time to time), or other instruments provided for in the GDPR. Data Privacy Framework in force at the time), or other instruments provided for in the GDPR.

In these cases, you will be informed in a more specific manner if required by the regulations.

9. Profiling and automated decisions

In the insurance market, it is common for insurance companies to use profiling techniques to calculate premiums, assess risks and detect fraud by comparing individual data with industry statistics and averages.

As a brokerage, we may use information about your risks, policies and claims to:

  • Evaluate which products and coverages best fit your needs.

  • Perform internal segmentations for analysis and service improvement purposes.

We do not make decisions that produce legal effects or significantly affect you based exclusively on automated processing, without human intervention, within the scope of our activity. When an insurance company applies automated decisions, it will indicate this in its own privacy policy and will inform you of:

  • The use of automated decisions.

  • Applied logic.

  • The consequences for you.

  • Your rights to obtain human intervention, express your point of view and challenge the decision.

10. Security measures

We have implemented appropriate technical and organizational measures to protect your data against loss, unauthorized use or access, alteration or disclosure, in line with the RGPD, the LOPDGDD and industry regulations.

Among others:

  • Access and authentication controls.

  • Internal security and confidentiality policies.

  • Personnel training.

  • Backups and perimeter protection measures.

  • Procedures for managing and notifying security breaches to the AEPD and, where appropriate, to the interested parties.

11. Rights of the interested parties

You may exercise the following rights free of charge:

  • Access: to obtain confirmation of whether we process your data and to access it.

  • Rectification: request the correction of inaccurate or incomplete data.

  • Deletion: request deletion of data in certain cases.

  • Opposition: oppose the processing based on legitimate interest, including the receipt of commercial communications.

  • Limitation of processing: request to restrict the use of your data in the cases provided for.

  • Portability: receiving your data in structured and machine-readable format and transmitting it to another controller, when the processing is based on contract or consent and is carried out by automated means.

  • Not to be subject to automated individual decisions, including profiling, in the cases provided for by law.

To exercise these rights, you may contact:

Indicating “Data protection” and attaching a copy of an identification document if necessary. In case of doubt about the identity or scope of the right exercised, we may request further clarification.

You also have the right to file a complaint with the Spanish Data Protection Agency (AEPD) if you consider that the processing of your data does not comply with the regulations: www.aepd.es.

12. Policy update

We reserve the right to modify this Privacy Policy to adapt it to regulatory changes, AEPD criteria or new processing purposes. The current version will be available on our website and may be requested at any time.

AIG

Multiriesgo

902 012 476

Cyberiesgo

914 381 284