Personal Data Protection

1. Rhapsody Insurance s.r.o. as an independent Insurance Broker (hereinafter referred to as the "Insurance Broker") acts in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/ES (hereinafter referred to as the "GDPR"), as well as in accordance with the legal regulations or binding rules that have been or will be adopted at the level of the European Union or in the Czech Republic for the purpose of implementing or adapting this Regulation.

2. Personal data means any information relating to data subjects from which the subject can be identified. In the case of the Insurance Broker's clients (hereinafter referred to as "Client"), this may include, for example, information necessary for identifying and verifying the identity of a person who is a member of the Client’s statutory body, or a person authorized to act on behalf of the Client’s company. It may also include personal data provided to the Insurance Broker with the knowledge of the Client’s contact persons - legal entities and/or the Client’s employees - legal entities (such as name, surname, title, and contact information) when such data was necessary for the mediation and management of the relevant product in the respective area of insurance and to the extent required. Personal data may also include the provided personal data of third parties - business partners of the Client's company.

3. Personal data provided by the Client to the Insurance Broker may be used by the Insurance Broker only for the purposes of fulfilling its legal obligations, for the purposes of performing its activities, in particular in the preparation and administration of insurance contracts mediated for the Client, as well as in cases of the Insurance Broker's legitimate interest.

4. The Insurance Broker is entitled, under the conditions stipulated by applicable legal regulations, to transfer personal data provided to it by the Client for further processing to third parties (recipients) who process personal data exclusively for the purpose of performing the activity for which such recipient was authorized by the Insurance Broker and mainly on the basis of agreement on the processing of personal data and/or to fulfil the Insurance Broker’s legal or contractual obligations, and/or based on the Client's consent for the processing of personal data granted to the Insurance Broker, and/or based on the Insurance Broker’s legitimate interest.
Recipients pursuant to the previous sentence include or may include, in particular:
- insurers or reinsurers as providers of relevant insurance products,
- cooperating bonded agents (in cases where the Insurance Broker also performs its intermediary activities through these persons),
- providers of accounting, legal, tax, or auditing services for the Insurance Broker,
- providers of information and communication systems and technical infrastructure for the Insurance Broker (e.g., IT services, etc.).

5. Personal data provided to insurers may be further processed, used and transferred by insurers within their financial groups or to their partners, including their transfer outside the European Union, as well as to their reinsurers and third parties from whom they draw external services.

6. Personal data will be stored for a period in accordance with applicable legislation, for the time necessary or permitted in terms of the purpose for which it was collected, but not longer than (i) the period of limitation in any procedure related to the contractual relationship between the Insurance Broker and the Client or intermediated insurance contracts, (ii) or the extended period in the event of any ongoing legal proceedings (iii) or the period determined by a legal obligation that the Insurance Broker is obliged to fulfil.

7. When processing personal data, the Insurance Broker respects the increased level of protection of personal data provided by the Client and observes the following principles in particular:
- personal data are processed in a way that ensures their adequate security and that prevents any unauthorized or accidental access, their modification, destruction or loss, unauthorized transmission or any other unauthorized processing or misuse of them,
- when processing personal data, the necessary technical and organizational measures are observed to ensure their security against possible risks of their misuse,
- persons who have access to the Client's company's personal data are informed of their obligations when processing this data, in particular the obligation of confidentiality.

8. The Client is entitled, under the conditions set by the GDPR or related and applicable legal provisions in accordance with Section 1 above, to request a review, correction, update, modification, restriction, or deletion of any personal data provided.
The Client may exercise his rights by sending an electronic request to the email address info@rhapsodyinsurance.cz or by submitting a written request to the Insurance Broker's correspondence address. The Insurance Broker will respond to the Client's request in accordance with applicable legal regulations.

In the event of any misconduct, all persons whose personal data are processed by the Insurance Broker have the right to file a complaint with the supervisory authority pursuant to Article 57, Section 1, Letter f) of the GDPR. The relevant supervisory authority in the Czech Republic is the Office for Personal Data Protection, Pplk. Sochora 27, 170 00 Prague 7, Tel.: +420 234 665 800, email: posta@uoou.cz.

9. If necessary, the Insurance Broker will provide full cooperation in interactions and negotiations with the Office for Personal Data Protection and with data subjects or other entities affected by the processing of personal data. The Insurance Broker will make every effort to remedy any unlawful situation concerning the processing of personal data and will do so immediately if such a situation arises.