Privacy Policy

Last updated on 13.11.2025.

Who is your Personal data controller?

Your personal data controller is Balcia Insurance SE (we, Balcia, insurer), registered in Latvia with the registration number 40003159840, legal address K.Valdemara Street 63, Riga, LV-1010, Latvia.

Phone: +48 22 274 22 22

E-mail: info@balcia.pl

Please refer to the last section of this document for more information about the countries where we operate and the relevant contact details.

HOW TO CONTACT OUR DATA PROTECTION OFFICER?

If you have any questions related with personal data processing done by Balcia, you can contact our data protection officer by sending an e-mail to dpo.contact@balcia.com.

WHY DO WE PROCESS YOUR PERSONAL DATA AND ON WHAT BASIS?

We process your personal data for the following purposes:

(a) Provision of our services (including: your identification; conclusion and performance of the insurance contract; contract administration; communication with you in relation to contract conclusion or performance; insurance risk assessment and premium calculation; assessment and calculation of insurance claims).
Legal basis: conclusion and performance of a contract.

(b) Preparation and delivery of a new insurance contract offer.
Legal basis: your consent or Balcia’s legitimate interests (depending on the specific case).

(c) Prevention of misuse of Balcia’s services (including: prevention and detection of fraud; application of enhanced risk management measures to certain client profiles).
Legal basis: Balcia’s legitimate interests, fulfilment of a legal obligation, or performance of a task carried out in the public interest (depending on the specific case).

(d) Examination and administration of client complaints.
Legal basis: fulfilment of a legal obligation.

(e) Risk management (including within internal control and governance systems).
Legal basis: fulfilment of a legal obligation or Balcia’s legitimate interests (depending on the specific case).

(f) Improvement of services, business processes, and user experience (including: elimination of technical failures; conducting market research; enhancement of pricing models).
Legal basis: Balcia’s legitimate interests.

(g) Ensuring security and digital resilience (including implementation of physical and cybersecurity measures).
Legal basis: fulfilment of a legal obligation or Balcia’s legitimate interests (depending on the specific case).

(h) Protection of Balcia’s rights and interests (including: bringing, maintaining, and enforcing claims; debt recovery (including out-of-court); enforcement activities; assignment of claims).
Legal basis: Balcia’s legitimate interests.

(i) Direct marketing and advertising purposes (for example: sending commercial communications; approaching potential clients; delivering location-based content or offers).

Legal basis: consent or Balcia’s legitimate interests (where applicable).

(j) Fulfilment of obligations established by laws and regulations.
Legal basis: fulfilment of a legal obligation or performance of a task carried out in the public interest (depending on the specific case).

(k) Quality control of client service (including: monitoring of call content; verification of information provided to clients).
Legal basis: Balcia’s legitimate interests.

WHAT PERSONAL DATA DO WE PROCESS?

We typically process the following categories of personal data:

(a) Identification data (e.g., full name and surname, national identification number, date of birth, age).

(b) Contact data (e.g., telephone number, e-mail address, postal address).

(c) Offer data (e.g., information provided when requesting an insurance quote or before concluding an insurance contract, such as details about the object to be insured, desired coverage, and relevant risk factors needed to prepare an individual offer).

(d) Contract and policy data (e.g., policy number; insurance product type; policy period; details of the insured object (e.g., information about a vehicle, immovable property, or other insured item); information about policyholder, insured person, beneficiary and relevant third parties; coverage limits, deductibles, premiums, discount; history of policy offers, renewals, amendments or cancellations).

(e) Financial and payment data (e.g., bank account number, payment history and outstanding balances; information about the payer; claim payment amount, recipient, and date).

(f) Claim and event data (e.g., details of the occurred event (including date, location description); information about damages (including description, invoices, photos, repair estimates); evidence (including witness statements, police reports, expert opinions); limited health-related data strictly necessary for assessing the claim; data of third parties involved in the event (e.g., injured party, vehicle owner, driver); correspondence and supporting documents related to the claim).

(g) Risk management data (i.e., information necessary for managing risks relevant for our business (incl., misuse of services, fraud, technical disruptions, counterparty default, etc.)).

(h) Communication data (e.g., recordings of incoming and outgoing calls; correspondence (including via emails, letters, online chats)).

(i) Technical, device and digital interaction data (e.g., activity logs; IP address; application version; operating system; device model and type; browser information; cookie and similar-technology data; login credentials); network connection information (e.g., mobile, Wi-Fi)).

(j) Geofencing data (e.g., device location; interaction with defined geographic zones (“geofences”); hashed customer profile references; responses to marketing actions (e.g., whether a push notification was received, opened, or ignored)).

(k) Marketing and profiling data (e.g., marketing preferences; participation in campaigns, surveys, or promotions; Identifiers linked to marketing campaigns (e.g., internal campaign ID, segment ID)); statistics.

(l) Regulatory and legal compliance data (e.g., data related to customer complaints; regulatory investigation data; audit-related data; sanctions screening data).

HOW DO WE COLLECT YOUR PERSONAL DATA?

We collect personal data mainly in two ways:

(a) Directly (i.e., from you).
This occurs, for example, when you:

- apply for or use our services;
- submit an insurance claim;
- communicate with us (e.g., by phone, e-mail, mail, online chat, via our website, mobile application, or other channels);
- participate in our marketing campaigns, surveys, or other initiatives;
- use our website, mobile application, or self-service tools;
- otherwise interact with us in connection with our services.

(b) Indirectly (i.e., from other sources).
In certain cases, we may obtain your personal data from third parties or publicly available sources. These may include:

- brokers, agents, or other intermediaries involved in the insurance process;
- experts, repair shops, or service providers involved in claim handling;
- other insurance companies or financial institutions;
- public authorities and supervisory bodies (e.g., data protection authority, law enforcement agencies, courts, etc.);
- publicly available databases and registers (e.g., company, vehicle, or property registers);
- third parties related to an insured event (e.g., witnesses, injured parties, medical institutions, doctors, etc.);
- third parties involved in the provision of our services or daily operations (e.g., payment service providers, marketing service providers, identity verification providers, fraud prevention services, etc.);
- any other lawful sources, provided that the collection and use of such data complies with applicable data protection laws, including the General Data Protection Regulation (GDPR).

IS IT MANDATORY TO PROVIDE PERSONAL DATA?

In accordance with insurance regulatory enactments:

- we have the right and obligation to collect data concerning insured persons or beneficiaries included in insurance contracts or declarations submitted by policyholders prior to conclusion of an insurance contract, for the purpose of insurance risk assessment or for the performance of an insurance contract, for example, claims handling process;

- by entering into a contract, a policyholder or an insured person is obliged to provide all the information regarding the circumstances the insurer has requested and that is necessary for the insurer, in order to assess the probability of the occurrence of insurance risk and is important for entering into an insurance contract;

- we have an obligation to verify the occurrence of the insured event prior to the payment of the indemnity or refusal to pay the indemnity;

- the insured person is obliged to submit to the insurer all documents describing the occurrence of the insured event, including documents containing special categories of personal data (such as personal data concerning health condition) as well as other information requested by the insurer.

If the policyholder or an insured person does not provide the information requested by the insurer:

- the insurance proposal cannot be provided, and the insurance contract cannot be concluded, as the insurer is unable to assess the probability of the occurrence of the insured event nor the payable insurance premium;

- insurance indemnity cannot be paid as the insurer is unable to verify the occurrence of the insured event nor assess the amount of the indemnity.

WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

- In cases and to the extent specified by law we might transfer your personal to persons or institutions duly authorized by law, for example, supervisory authority, law enforcement institutions etc.

- In cases when it is necessary for the performance of the insurance contract, claims handling, debt collection, legal proceedings, for example, to obtain information from state registries or other public or private institutions, to assess the possibility of insurance risk occurrence, the amount of payable insurance premium, to recover debts, we might transfer your personal data to third parties, such as medical institutions, claim handlers, experts, lawyers, debt collectors, banks etc. in accordance with regulatory enactments and our legitimate interests.

- We might use authorised processors for processing of your personal data related to provision of our services, for example, postal services, services of archiving, translators, legal consultants, claim handlers etc. In such cases, we ensure that such processors provide sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing meets the requirements of the applicable law, including General Data Protection Regulation, and ensure the protection of the rights of the data subjects.

- In the event of an insured risk occurring under the MTPL insurance, we may, in accordance with the requirements of applicable laws and regulations, disclose your personal data to our Green Card correspondent or our representative who is responsible for handling and settling claims on behalf of Balcia in the country where the insured risk occurred.

- To prepare and send you a new insurance contract offer, we may share your personal data with third parties (including insurance offer aggregation intermediaries) in order to conduct market research and calculate the most suitable offer for you.

Your personal data may be transferred to third countries (outside the European Union) for the purpose of claim settlement:
(a) within the framework of the Green Card system;
(b) in travel insurance cases specified in the insurance terms and conditions, such as reimbursement of medical expenses, repatriation of the insured person to their home country, or repatriation of mortal remains.

FOR HOW LONG DO WE PROCESS YOUR PERSONAL DATA?

Your personal data will be processed no longer than necessary. The data storing period may depend on the concluded insurance contract, the legitimate interest of Balcia or the applicable law (for example, claims limitation period specified in insurance regulatory enactments, civil law, bookkeeping regulatory enactments etc.).

If you decide to terminate the insurance contract and discontinue using our services, we may continue to process your personal data in accordance with the requirements of applicable laws and regulations.

If you withdraw the consent you have previously given, we may continue to process your personal data obtained while your consent was still valid, if such processing is necessary to protect our legitimate interests.

IS THERE AUTOMATED DECISION MAKING INVOLVED IN THE PROCESSING OF YOUR PERSONAL DATA?

Some of your personal data might be subjected to the automated decision making, for example, when evaluating the possibility of the insurance risk occurrence or evaluating the amount of the payable premium and for Balcia to ensure the best and the most appropriate insurance proposals.

You have the right to obtain human intervention on the part of Balcia, to express your point of view and to contest the decision made based on automated decision-making process.

HOW DO WE ENSURE SECURITY OF YOUR PERSONAL DATA?

In order to process your personal data, we have implemented appropriate organizational and technical measures to guarantee personal data security, including protection against unauthorized or unlawful personal data processing, accidental loss or destruction of personal data.

WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

In accordance with the General Data Protection Regulation, as a data subject you have the right to:

- request from Balcia access to personal data. This means that you can request for us to inform you whether we process your personal data, provide you with a copy of your personal data we process, provide information about your personal data processed by us (for example, what data about you and for what purposes we collect, to whom we disclose your personal data, whether we transfer this data outside the European Union and other information);

– request the rectification of your personal data from Balcia. This means that if you notice that the personal data we process about you is incorrect or inaccurate, you may ask us to correct or complete such data;

– request the erasure of your personal data from Balcia. This means that you may ask us to delete your personal data in cases where such data is no longer necessary for the purposes for which it was collected — for example, when you have withdrawn your consent, when you object to our processing of your personal data, when you believe that we are processing your personal data unlawfully, or in other similar cases. In certain situations, we may not be obliged to delete your personal data — for example, when such processing is necessary to comply with applicable legal requirements;

- request from Balcia restriction of processing concerning your personal data. This means that you can request us to restrict the processing of your personal data, except for storage, in cases you contest the accuracy of your personal data, you believe your personal data is being processed unlawfully, your personal data is no longer necessary for the purposes it was collected for, you object to processing of your personal data until it is checked, whether our legitimate reasons override your reasons. During the period of the restriction of processing of your personal data, we might not be able to provide you with our services;

- object to processing of your personal data. This means that you can object on grounds relating to your particular situation, at any time to to the processing of your personal data which is based on your consent or our legitimate interests. In such cases, we might not be able to provide you with our services;

- data portability. This means that you can request us to provide you personal data related to you which you have provided to us in a systematized, normally used and machine readable format, you can also request us to transfer your personal data to another data controller where it is technically feasible if the processing has been based on your consent or the contract and processing is carried out by automated means.

– withdraw your consent at any time. You have the right to withdraw your consent to the processing of personal data at any moment, if consent is the legal basis for such processing. Please note that the withdrawal of consent does not affect the lawfulness of processing carried out on the basis of your consent before its withdrawal.

You can exercise your rights as a data subject by contacting us in writing using contact information mentioned above.

RIGHT TO LODGE A COMPLAINT

If you have any concerns about the processing of your personal data, we encourage you to contact us first using the contact details provided above. We will carefully review your complaint and do our best to resolve the issue in a fair and timely manner.

However, if you believe that your personal data is being processed in violation of applicable data protection laws, you also have the right to lodge a complaint directly with a supervisory authority.

The main supervisory authority for Balcia Insurance SE is the Data State Inspectorate of the Republic of Latvia (Datu valsts inspekcija):
Address: Elijas iela 17, Riga, LV-1050, Latvia
Website: www.dvi.gov.lv
Email: info@dvi.gov.lv

If you reside in another EU/EEA country, or if the alleged infringement took place there, you may also submit your complaint to the data protection authority of that country. A list of EU data protection authorities is available on the website of the European Data Protection Board (EDPB) at https://edpb.europa.eu

DO WE USE COOKIES ON OUR WEBSITE?

Yes, we use cookies on our website. To learn more, read our Cookie policy.

WHERE WE OPERATE

Lithuania — Balcia Lithuania Branch
Registration No.: 304498010
Address: Perkūnkiemio g. 5, Vilnius, LT-12129, Lithuania
Tel.: +370 5200 0630
E-mail: info@balcia.lt

Poland — Balcia Poland Branch
National Court Register (KRS): 0000493693
NIP: 5263124162 | REGON: 147065333
Address: Al. Jerozolimskie 96, 00-807 Warsaw, Poland
Tel.: +48 222 742 222
E-mail: info@balcia.pl

France — Balcia France Branch
Registration No.: R.C.S. Nanterre 797 882 016 | SIRET: 797 882 016 00018
Address: 86 rue Anatole France, 92300 Levallois-Perret, France
Tel.: +33 (0)1 75 33 40 89
E-mail: info@balcia.fr

Germany — Balcia Germany Branch
Registration No.: HRB 49268
Address: Senefelder Str. 17, 63322 Rödermark, Germany
Tel.: +49 (0)6074 91765 0
E-mail: info@balcia.de

Spain — Operations carried out under the freedom to provide services
Tel.: +371 6703 0500
E-mail: spain@balcia.com

Italy — Operations carried out under the freedom to provide services
Tel.: +371 6703 0500
E-mail: italy@balcia.com

COOKIE POLICY

Last updated: 17.03.2026.

1. INTRODUCTION

This Cookie Policy (also “Policy”) explains how Balcia Insurance SE, registration number: 40003159840, registered address: Krišjāņa Valdemāra iela 63, Riga, LV-1010, Latvia (also the “Company”, “Balcia”, or “we”), uses cookies and similar technologies on our website and mobile application (together, the “Online Application” or “Application”).

We encourage you to read this Policy carefully to understand what cookies and similar technologies are, why they are used, and how you can manage them.

If you continue using the Online Application, we may assume that you have read, understood, and agree to the provisions described in this Cookie Policy.

If you have any questions or need further clarification, please feel free to contact us at: dpo.contact@balcia.com.

2. WHAT ARE COOKIES?

Cookies are small text files that are stored on your device (for example, a computer, smartphone, tablet, or other device capable of storing information) when you access a website or mobile application.

Cookies perform a number of important functions. For example, they may: - remember a user and their previous interactions with a website or application; - retain information entered into online forms; - keep track of items placed in an online shopping cart; - identify users when they log into secure online services; - support the security and proper functioning of online services; - help webpages load more efficiently; or - enable the display of content or advertisements tailored to a user’s interests.

In addition to traditional browser cookies, there are other tracking technologies that operate in a technically different manner but serve similar purposes. These may include, for example: - local storage objects (LSOs), sometimes referred to as “flash cookies”; - software development kits (SDKs) used within mobile applications; - pixel tags or pixel trackers (including pixel GIFs); - social media plug-ins (such as “like” or sharing buttons); and - device fingerprinting technologies.

For ease of reference, this Cookie Policy uses the term “cookies” to refer collectively to cookies and similar technologies, unless stated otherwise.

3. TYPES OF COOKIES

Cookies can be classified in different ways (for example, depending on their purpose; who sets them; and how long they remain on your device). Understanding the different types of cookies helps you better understand how cookies function and how you can manage your preferences. The following subsections describe the most common categories in more detail.

(a) Based on Purpose

One of the most common classifications of cookies is based on their purpose. This classification is important because it determines whether your consent is required.

1) Strictly Necessary Cookies
Strictly necessary cookies are essential for the operation of the Online Application or for providing a service that you have explicitly requested. These cookies enable core functions such as keeping a user logged in during a session, remembering cookie consent choices, ensuring secure data transmission, and remembering items in a shopping cart. Because these cookies are necessary for the proper functioning of the Online Application, they do not require your consent.

2) Optional Cookies
Optional cookies are not essential for the basic functioning of the Online Application. They are used only if you provide your consent. Optional cookies typically include:

• Preference (Functional) Cookies – remember your settings and preferences (such as language or region) to provide a more personalized experience;
• Statistics (Analytics) Cookies – collect information about how users interact with the Online Application to help improve its performance and usability;
• Marketing Cookies – track users across websites or applications to display relevant advertisements and measure campaign effectiveness.

(b) Based on Origin

First-Party Cookies – set by the Online Application you are visiting. In our case, these cookies are set by us.

Third-Party Cookies – set by external service providers whose tools or services are integrated into the Online Application.

(c) Based on Duration

Session Cookies – temporary cookies that are deleted when you close your browser or end your session.

Persistent Cookies – cookies that remain stored on your device for a defined period or until you delete them manually.

4. HOW WE USE COOKIES

We use both strictly necessary cookies and optional cookies.

A detailed list of the cookies used, including their purpose, category, and retention period, is provided in the table below. This table covers cookies that may be used across Balcia Online Application (including balcia.com, balcia.lv, balcia.lt, balcia.ee and balcia.pl). The exact cookies used may vary depending on the country-specific domain, language version, and integrations active at the relevant time.

5. MANAGING YOUR COOKIE PREFERENCES

Strictly necessary cookies do not require your consent. Optional cookies are used only if you have provided your consent. You can manage your cookie preferences in the following ways:

(a) Consent management tool

You can manage your cookie preferences using our consent management tool. This tool allows you to accept or reject optional cookies and to control specific categories. The tool is available via the banner displayed when you first visit the Online Application.

Your selected preferences will be saved. You may review and change your choices at any time by reopening the consent management tool via the following link: Consent Management.

(b) Browser settings

You may also manage cookies through your browser settings, including deleting or blocking cookies.

Please note that restricting strictly necessary cookies may affect the functionality of the Online Application and may prevent certain features from working properly.

(c) Previously set cookies

Blocking cookies prevents new cookies from being stored, but does not delete existing ones. To remove previously stored cookies, you must manually clear them in your browser settings.

If you delete or block cookies, you may be asked to set your cookie preferences again during your next visit.

6. COOKIES AND PERSONAL DATA

Information collected through cookies and similar technologies may constitute personal data (for example, IP address, device identifiers, or usage data). Where such information qualifies as personal data, it is processed in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

For more information about how we process personal data, please refer to our Privacy Policy.

7. CHANGES TO THIS COOKIE POLICY

We may update this Cookie Policy from time to time. The updated version will always be published on the Online Application. We recommend reviewing this Policy periodically to stay informed about how we use cookies.

8. FURTHER QUESTIONS

If you have any questions regarding this Cookie Policy or our use of cookies and similar technologies, please contact us at the email address provided above.

List of Cookies Used on the Online Application

This table covers cookies that may be used across Balcia Online Application (including balcia.com, balcia.lv, balcia.lt, balcia.ee and balcia.pl). The exact cookies used may vary depending on the country-specific domain, language version and integrations active at the relevant time.