Privacy policy

1. Who We Are?

Masterisk UAB (“we”, “us”, or “our”) is a Lithuanian company, acting as a Managing General Agent of Fortegra Europe Insurance Company SE (Insurer), an insurance undertaking established in Malta, to underwrite, establish and execute insurance policies in Lithuania. Although our products are primarily provided to legal entities, we process personal data relating to natural persons associated with those entities (such as directors, shareholders, representatives, or guarantors) in the course of our activities.

We are committed to protecting your privacy. This Privacy Policy explains how we process and protect the personal data information we collect, how we meet our obligations regarding data protection and the rights of our customers in respect of their Personal Data in compliance with the General Data Protection Regulation (EU 2016/279) (GDPR).

2. Contact Details

Data Controller

Masterisk UAB
Ukmergės g. 283, Vilnius county, Lithuania
Email: info@masterisk.lt
Phone: +370 604 00 785

Joint Controller

Fortegra Belgium Insurance Company NV, authorised under code 3251 and regulated by the National Bank of Belgium, registered with Crossroads Bank of Enterprises under company number 1007742896 (RPR Brussels). Bastion Tower, Place du Champ de Mars 5, 1050 Brussels, Belgium.
For privacy issues, email: dpofficer@fortegra.onmicrosoft.com

3. What Personal Data We Collect?

We collect various types of personal data concerning individuals associated with the legal entity applying for our insurance services. The specific data collected will depend on the nature of the insurance product and the requirements of the underwriting process. This may include, but is not limited to:

Identification and Contact Data
  • Full name, surname, date of birth, personal identification code, nationality of individuals such as directors, shareholders, beneficial owners, or authorized signatories;
  • Residential address, email address, telephone numbers (mobile, landline) of such individuals;
Professional and Employment Data
  • Current and previous employer details, job title, employment history of associated individuals;
  • Business registration details (for sole traders, directors, beneficial owners, or other relevant persons within the legal entity);
  • Professional licenses or certifications where relevant to the legal entity's operations or the individual's role.
Financial and Economic Data
  • Bank account details (account number, IBAN, SWIFT/BIC) related to the legal entity or, where necessary, individuals associated with it;
  • Credit history, credit scores, and other solvency-related information obtained from credit reference agencies for the legal entity and, where legally permissible and relevant, its key individuals;
  • Details of income, assets, liabilities, and other financial statements pertaining to the legal entity and, as required for underwriting, its associated individuals;
  • Information about financial transactions relevant to the insurance product (e.g., payment of premiums by the legal entity).
Business-Specific Data

(for individuals associated with the legal entity applying for insurance products)

  • Company ownership structure, roles within the company (e.g., director, shareholder, ultimate beneficial owner, authorized representative);
  • Information about the financial performance of the legal entity;
  • Details of contracts or projects for which the insurance policy is required by the legal entity.
Insured Risk and Claims Data
  • Information related to the underlying contract or obligation related to the insurance policy (e.g. construction contract details, legal requirements) provided by the legal entity;
  • Information about past claims related to similar insurance policies involving the legal entity or associated individuals;
  • Information regarding fraud convictions, allegations of crimes, or sanctions details obtained from relevant databases or authorities concerning the legal entity or its associated individuals.
Technical and Usage Data
  • Information collected automatically when you (as a representative of a legal entity) visit our website or interact with our online services, such as IP addresses, browser type, operating system, device identifiers, pages visited, time spent on site, and referring URLs. This is typically collected via cookies and similar technologies.
Other Information
  • Any other information concerning associated individuals that you voluntarily provide to us or that is necessary for the performance of our services and compliance with legal obligations related to the legal entity’s insurance policy application.

4. How We Collect Personal Data?

We collect personal data from various sources, including:

  • Directly from you: when a legal entity (or you as a sole trader) applies for an insurance policy through its representatives, provides us with documents, communicates with us via phone, email, or our website;
  • From the Insurer: the Insurer may provide us with information necessary to process the application or manage its policy;
  • From third parties:
    • Publicly available sources (e.g. Lithuanian Registry of Legal Entities);
    • Credit reference agencies and fraud prevention agencies and databases;
    • Claims managers (including law firms)
    • Other insurance market participants: such as brokers or reinsurers, if relevant.

5. For What Purposes Do We Process Your Personal Data and On What Legal Bases?

We process your personal data for the following purposes:

  • Underwriting, issuing and managing insurance policies (performance of a contract (Art. 6(1)(b) of GDPR) if you act as a sole trader; our legitimate interest to ensure appropriate insurance management for your represented legal entity (Art. 6(1)(f) of GDPR));
  • Due diligence, sanctions and anti-money laundering checks (legal obligation (Art. 6(1)(c) of GDPR));
  • Assessing risk and financial status (legal obligation (Art. 6(1)(c) of GDPR));
  • Communication and responding to inquiries (our legitimate interest to properly manage communication and inquiries (Art. 6(1)(f) of GDPR));
  • Legal and regulatory compliance (legal obligation (Art. 6(1)(c) of GDPR));
  • Handling and evaluating claims (if applicable) (performance of a contract if you act as a sole trader (Art. 6(1)(b) of GDPR); our legitimate interest to properly manage contract concluded with your represented legal entity (Art. 6(1)(f) of GDPR)).

Please note that in limited circumstances, and where no other lawful basis applies, we may rely on your explicit consent for specific processing activities (Article 6(1)(a) of GDPR) - you will be separately informed about it in such cases. Where consent is the lawful basis, you have the right to withdraw your consent at any time.

Please note additionally, that where we collect your personal data on the basis of performance of an insurance contract or following the legal obligation, if you do not provide us with such personal data, we will not be able to conclude and properly execute such an insurance contract with you or your represented legal entity, where applicable. In case you have any questions on what data you need to provide to us, you can always contact us through contact details provided in section 2 above or directly ask our employee with whom you are in direct contact regarding our services.

6. With Whom We Share Personal Data

Your personal data may be shared with:

  • the Insurer, the underwriting insurer or its group companies;
  • Public authorities or regulators in Lithuania, Malta, or the EU;
  • Auditors, legal advisers, and compliance consultants;
  • IT and data hosting providers under appropriate data protection agreements;
  • Sanctions, AML/CTF, fraud, or credit check agencies;
  • Reinsurers or third-party claims handlers (where applicable).

All recipients are bound by contracts and (or) applicable data protection legislation to safeguard your data.

Since the Insurer is established in Malta (an EU Member State), your data remains within the European Economic Area (EEA). If any data is transferred outside the EEA (e.g., for IT support or hosting, or shared within the Insurer’s group), it will be ensured that appropriate safeguards are applicable or implemented, such as:

  • the country to which the data is transferred is covered by the European Commission adequacy decisions;
  • Standard Contractual Clauses (SCCs);
  • Other GDPR-compliant mechanisms such as binding corporate rules or others.

7. Retention Periods

Retention periods for personal data are based on business needs and legal requirements. We retain your personal data for as long as is necessary for the processing purpose(s) for which the information was collected (e.g. till the expiry of statutory limitation period to bring a claim for insurance indemnity plus 1 year).

When personal data is no longer needed, we will either irreversibly anonymise the data (in which case we may further retain and use the anonymised information) or securely destroy the personal data. If you have questions about specific data retention periods for specific data – you can always contact us through contact details provided in the section 2 of this Privacy Policy.

8. Your Rights

As a data subject under GDPR, you have the right to:

  • Access your personal data (Article 15 of GDPR);
  • Request rectification of personal data (Article 16 of GDPR);
  • Request erasure of your data (“right to be forgotten”) (Article 17 of GDPR);
  • Request restriction of processing (Article 18 of GDPR);
  • Request data portability (Art. 20 of GDPR);
  • Object to processing (Art. 21 of GDPR);
  • Withdraw your consent at anytime where the processing of your data is based on consent.
  • You also have the right to lodge a complaint with the supervisory authority – State Data Protection Inspectorate (Lithuania), website: https://vdai.lrv.lt/, email: ada@ada.lt.

To exercise these rights, please contact us at: info@masterisk.lt.

9. Automated Decision-Making

We do not use automated decision-making or profiling in our underwriting or claims processes that produce legal or similarly significant effects.

10. Our Website

In some instances, we will automatically collect certain types of personal data when you visit our website. Automated technologies may include the use of Web server logs to collect IP addresses, “cookies” and Web beacons. The collection of this personal data will allow us to improve the effectiveness of our Website including refining the content.

11. Changes to This Privacy Policy

We may update this Privacy Policy to reflect legal, technical, or operational changes. Any material updates will be clearly communicated via our website or directly where appropriate.