Tokenschild OÜ Privacy Policy
Tokenschild OÜ strives to protect the privacy and the confidentiality of the personal
data that it processes in connection with the services it provides. The processing of
personal data is governed by the General Data Protection Regulation 2016/679 (the
‘GDPR’). This privacy notice explains how we use any personal data we collect about
you.
Who are we?
Tokenschild OÜ is an insurance business consultancy registered at Harju maakond,
Tallinn, Kesklinna linnaosa, Veskipos tn 2-1002, 10138, Estonia. The company
registry code is 16649085.
Tokenschild OÜ acts as the data controller in respect of the personal data we collect,
this means that we decide how your personal data is processed, and for what
purposes as described herein.
How do we use your personal data?
Tokenschild OÜ services consist of insurance mediation activities, the introducing,
proposing or carrying out other work preparatory to the conclusion of contracts of
insurance, and concluding such contracts, assisting in the administration and
performance of such contracts and various advisory activities. To carry out these
activities’ Tokenschild OÜ is required to process personal data. Personal data means
data which relates to a living individual who can be identified from that data, or from
that data and other information which the data controller is in possession of, or is likely
to come into the possession of.
Tokenschild OÜ relies on a number of legal grounds under the GDPR when processing
such personal data, primarily contractual necessity, legitimate interests and compliance
with legal obligations. Tokenschild OÜ’s legitimate interests throughout the insurance
lifecycle are to ensure that you are within our acceptable risk profile, to determine the
likely risk profile and appropriate insurer and insurance product, to correspond with
you and other market participants in order to facilitate the placing of your insurance
policy, and also to assist you in assessing and making claims.
We only collect and process sensitive personal data where it is critical for the delivery
of insurance products and services we provide to you and as allowed under the GDPR.
If you object to use of this data then we will be unable to offer you that product or
service.
When do we share your information?
Insurance is the pooling and sharing of risk in order to provide protection against a
possible eventuality. To do this, information, including your personal data, needs to be
shared between different insurance market participants. The insurance market is
committed to safeguarding that information. Below is a link to the London Insurance
Market Core Uses Information Notice which is designed to help you understand the
complexities of the insurance market and how various insurance market participants
may process your personal data in respect of core activities that take place throughout
the insurance lifecycle.
London Insurance Market Core Uses Information Notice
Outsourcing
In order to fulfil its services, it is necessary for Tokenschild OÜ to outsource some of its
activities. Tokenschild OÜ carefully selects and manages all of its sub-contractors.
Cross border transfers
During the insurance lifecycle Tokenschild OÜ and insurers and our/their agents may
process your personal data outside of the European Economic Area (EEA). If we
transfer your personal data outside of the EEA, we will ensure an adequate level of
protection is in place to protect your personal data with safeguards such as, but not
limited to:
• Transferring to a non-EEA country with privacy laws that give the same protection as
the EEA;
• Putting in place contractual protections that ensures the security of any data passed.
How long do we keep your personal data for?
We will keep your personal data securely for as long as is necessary (up to 10 years) to
fulfill the lawful purposes for which it was obtained. In some limited cases, it may be
necessary to retain your personal data for longer if we need to hold it for liability claim
purposes. Our retention periods for personal data are based on legitimate business
needs and legal requirements. If you consent to receiving marketing from us, any
information we use for this purpose will be held by us until you notify us that you no
longer wish to receive marketing information from us.
Your rights
Unless subject to an exemption under the GDPR, you have the following rights with
respect to your personal data:
• to request a copy of your personal data which Tokenschild OÜ holds about you;
• to request that Tokenschild OÜ corrects any of your personal data if it is found to be
inaccurate or out of date;
• to request your personal data to be erased where under Tokenschild OÜ’s Retention
Policy it is no longer necessary for Tokenschild OÜ to retain such data;
• to object where permissible to the processing of your personal data at any time;
• to request that Tokenschild OÜ provides you with your personal data, and where
possible, to transmit the data directly to another data controller (known as the right to
data portability);
• where there is a dispute in relation to the accuracy or processing of your personal
data, to request a restriction is placed on further processing;
• to object to the processing of your personal data by automated individual decision-making and profiling.
If you are not satisfied with our use of your personal data or our response to any
request by you to exercise any of your rights as described above, or if you think that
we have breached the GDPR, then you also have the right to complain to the Estonian
Data Protection Inspectorate.
The contact details are as follows:
Estonian Data Protection Inspectorate
39 Tatari St., 10134 Tallinn,
Republic of Estonia
Tel: +372 627 4135
Email: info@aki.ee
Further details about data protection can be found at https://www.aki.ee/en.
To exercise all relevant rights, or to raise queries or complaints,
you contact us by email at info@tokenschild.com.
Changes to our Privacy Policy
This Privacy Policy is under regular review and subject to change at any time, it was
last updated on 15 January 2023.