Politica de Securitate

General Provisions

Insurance and Reinsurance Broker "MGP Broker" SRL (hereinafter referred to as the Broker), fiscal code 1008600020368, located in Chisinau, M. Kogalniceanu St. 73/2, Republic of Moldova, postal code MD-2001, phone: 022 93 01 91, website: www.easig.md, email: info@easig.md, hereby informs you about the processing of your personal data and the rights you have in accordance with Law no. 133 of July 7, 2011 on the protection of personal data and other related regulations.

Chapter I: Purposes and Legal Basis of Processing

The Personal Data Security Policy (hereinafter referred to as the Policy) is approved by the Broker's administration, which operates based on the current legislation: Insurance Activity Law No. 92/2022 of 07.04.2022, Law on Mandatory Civil Liability Insurance for Vehicle Damage No. 106/2022 of 21.04.2022, Civil Code of the Republic of Moldova Chapter XXV, Articles 1822-1916

This Policy is adopted, including for the Broker's compliance with the provisions of the Personal Data Protection Law No. 133 of 08.07.2011, and the Government Decision of the Republic of Moldova on the Requirements for Ensuring the Security of Personal Data when Processing it within Personal Data Information Systems No. 1123 of 14.12.2010.

1.1 Purpose and Objectives of the Policy

The purpose of the Policy is to guarantee and protect the fundamental rights and freedoms of individuals, especially the right to private, family, and personal life, regarding the processing of personal data. The Policy is an integral part of the Broker's development strategy, as compromising the security of personal data will affect its ability to provide services. Thus, the objectives of the Policy are the availability, integrity, and confidentiality of information, including personal data processed by the Broker, information systems, and IT processes. The Policy establishes a set of rules determining the way personal data is collected, classified, and processed, as well as the protection measures for such data.

This Policy extends to and applies to all employees of the Broker and its delegates (assistants), and its regulations represent a standard for them. Each employee of the Broker must sign confidentiality agreements/obligations related to the protection of information that the Broker holds and processes.

Internal regulations and procedures aim to implement this Policy, not replace it.

This policy will be supplemented, updated, and constantly aligned with the legislation of the Republic of Moldova. The policy is not superior to the legislation of the Republic of Moldova.

1.2 Terms and Definitions

Consent: Any manifestation of free, explicit, and unconditional will, in written or electronic form, in accordance with the requirements of the electronic document, through which the data subject agrees to have their personal data processed.
Personal data: Any information related to an identified or identifiable natural person (data subject). An identifiable person is one who can be identified, directly or indirectly, by reference to an identification number or one or more specific elements of their physical, physiological, mental, economic, cultural, or social identity.
User: A person authorized by the Broker, in accordance with the applicable procedures and regulations, to process personal data on behalf of the Broker.
Security: The technical and organizational measures for personal data security are established in such a way as to ensure an adequate level of security for the personal data processed, concerning accidental or unlawful destruction, loss, alteration, disclosure, or unauthorized access.
Database (Personal Data Record System): Any structured set of personal data accessible according to specific criteria, whether centralized, decentralized, or distributed based on functional or geographical criteria.

Chapter II: Personal Data Security Policy

The security of personal data of clients, employees, partners, and other persons with whom the Broker has legal relationships is guaranteed, maintained, and ensured independently and/or through contracting legal acts with third parties.

2.1 Collection of personal data

The contractor (client), by paying the insurance premium and/or signing the insurance contract, expresses their willful consent for the processing of their personal data by the Broker and/or for the data to be processed by third-party companies in accordance with the applicable legislation and only for the purpose described in point 2.2.

A. Ordinary personal data:

First name, last name, patronymic
Gender
Date and place of birth
Citizenship
IDNP (Personal Identification Number)
Driver's license details
Registration certificate details

Data regarding owned assets
Bank details
Signature
Phone/Fax number
Address (domicile/residence)
Email address

Additionally, in order to improve the quality of its services and ensure the security of personal data, the Broker will use video recordings in its office and audio recordings of all calls.

2.2 The Broker will process the personal data mentioned above for the following purposes:

Providing insurance services to clients, i.e., issuing insurance contracts (other legal operations such as contract modifications, additional agreements, contract termination; issuing invoices and other primary accounting documents); refusal by the client of the personal data processing by the Broker is equivalent to the impossibility of providing intermediary insurance services.
Conclusion of partnership contracts (other legal operations such as contract modifications, contract termination; issuing invoices and other primary accounting documents)
Conclusion of mandate contracts with insurers (other legal operations such as contract modifications, contract termination; issuing invoices and other primary accounting documents)
Preparation of financial and statistical reports
Conducting market studies or direct marketing
Organization of promotional campaigns to promote the Broker's image

2.3 Transmission of personal data

Personal data may be transmitted to state institutions to which the Broker is subordinated and that monitor the Broker's activity in accordance with the applicable legislation (National Commission for Financial Markets, National Bank of Moldova, Tax Service, National Bureau of Statistics), only for statistical purposes and solely to comply with the obligations arising from the applicable legal framework.

The transmission of personal data to third parties will be carried out both in physical form (paper documents, insurance contracts) and electronic form (reports), in accordance with the Broker's internal procedures, respecting all security standards to avoid information leaks, human errors, and the destruction or distortion of personal data.

Chapter III: Personal Data Security Measures

All personal data, systems, and processes within the Broker are adequately and continuously protected.

All Broker employees are responsible for ensuring the security of personal data and IT systems within the scope of their job responsibilities, in accordance with the individual employment contract, the job description, and the Broker's internal regulations.

Personal data is used only with hardware and software acquired and used legally, in accordance with their intended purpose and for fulfilling job duties within the Broker.

Any use/processing of personal data is possible only after the user identification. The Broker's management prepares a nominal list specifying all users of the software and hardware.

The user will only have access to personal data necessary for performing their job duties. The user is not authorized to access, obtain, copy, download, use, or transmit personal data for any purposes other than job-related ones. These provisions remain valid during and after the user's relationship with the Broker ends.

Chapter IV: Rights of Personal Data Subjects

BAR MGP BROKER SRL ensures the processing of personal data in strict compliance with the provisions of Law No. 133 of 08.07.2011 on the protection of personal data and the internal policy on data protection and information security.

In accordance with Articles 12-18 of Law No. 133 of 08.07.2011 on the protection of personal data, the data subject has the right to information, access, and opposition regarding their personal data.

Exercise of rights:

To exercise one or more rights regarding the processing of personal data, including the right to delete data, the data subject may submit a written, dated, and signed request (complaint) either in paper form or electronically (using an advanced electronic signature) to the operator's office at M. Kogălniceanu 12, Chisinau, or via email: info@easig.md.

Any written complaint addressed to the operator will be processed appropriately, in accordance with its internal procedures.

In order to ensure quality services and comply with legal provisions, especially in the field of preventing and combating money laundering and terrorist financing, all responses provided to the operator are mandatory. Refusal by the data subject to provide the personal data required for fulfilling the proposed/requested activity may result in the impossibility of providing insurance services and/or achieving other data processing purposes by the operator.

Chapter V: Final Provisions

To maintain an adequate level of security, the Broker will continuously assess risks, adjusting internal regulations accordingly to the reality.

The implementation of this Policy falls under the responsibility of the Broker's administration.

Violation of the provisions of this policy will result in the punishment of the responsible individuals in accordance with civil, contravention, and criminal legislation.

The policy comes into effect from the moment it is presented to the employees and assistants of the Broker.

If any of the clauses above is found to be null or invalid, this will not affect the validity of the other clauses.