Legal · Apps

Privacy Policy Poli.

How the Poli app by International-brokers.com processes personal data, in line with the EU GDPR (2016/679) and Greek Law 4624/2019.

All appsΕλληνικά
GDPR
Compliance
TLS
Encrypted in transit
EU
Data region

Last updated

May 12, 2026

Version 1.0 · Application exclusively for internal business use.

1. Introduction

The Poliapplication ("the App") is developed and distributed by International-brokers.com("we", "the company"), an insurance brokerage registered in Greece. The App is used exclusively for internal business operations by authorized employees and partners of the company.

This Privacy Policy describes how we collect, process, store and protect personal data in the context of the App's operation, in compliance with the EU General Data Protection Regulation (GDPR — Regulation 2016/679) and Greek Law 4624/2019.

Data Controller: International-brokers.com
Email: info@international-brokers.com
Phone: +30 210 8733000
Address: 77 Alexandras Avenue, 11474, Athens, Greece

2. Who can use the App

Poli is an internal business tool. It is distributed via Apple Business Manager (Custom App for Business) exclusively to authorized employees and partners of International-brokers.com.

The App is not intended for:

  • Clients / insured persons as end-users
  • Children under 16
  • Individuals not authorized by the company

3. Data we collect and process

The App processes the following data categories in the course of insurance work:

3.1 User data (company employee)

  • Employee email — Authentication, audit trail
  • Name, role — UI display, audit logs
  • Login activity (timestamps, IP) — Security, audit
  • Biometric ID (Face ID / Touch ID) — Local authentication; we do not store this
  • Push notification tokens — New-task notifications

3.2 Client / insured-person data

The App processes data of the company's clients for the purposes of insurance intermediation, in accordance with our client agreement:

  • Identification data — Name, VAT ID, tax office, ID card / passport
  • Contact details — Email, phone numbers, addresses
  • Policies — Policy numbers, coverages, premiums, dates
  • Financial — Bank accounts, payments, IBAN
  • Claims — Claim history, compensation
  • Communications — Email correspondence, phone calls (via VoIP), notes
  • Documents — Damage photos, contracts, invoices, medical receipts
  • Location — Property / vehicle addresses (not user GPS)

3.3 Technical data

  • Error logs (anonymized)
  • Device information (iOS / macOS version, model)
  • Network connectivity status
  • Crash reports (via Apple)

4. Legal basis for processing

The processing is based on:

  • Contract with the client (Art. 6(1)(b) GDPR) — performance of insurance intermediation
  • Legal obligation (Art. 6(1)(c) GDPR) — record-keeping obligations under insurance law (Greek Law 4583/2018, IDD)
  • Legitimate interest (Art. 6(1)(f) GDPR) — operation and security of the business information system
  • Consent (Art. 6(1)(a) GDPR) — for specific uses such as promotional activities (where applicable)

For sensitive health data(in health-insurance cases) we rely on Art. 9(2)(h) GDPR (necessary for the provision of health services) and the data subject's consent.

5. Device permissions

The App requests the following permissions on the user's (employee's) device:

  • Camera — Scanning policies / documents, video calls
  • Microphone — VoIP calls to clients / insurers
  • Location (when in use) — Address lookup
  • Calendar — Scheduling meetings / reminders
  • Face ID / Touch ID — Secure app sign-in
  • Apple Events (macOS) — Document handling with cloud drive services
  • Downloads folder (macOS) — Automatic document storage
  • Network — Communication with our servers

We do not request or access: Photos library, Contacts framework, Bluetooth, Apple Health data.

6. Categories of data recipients

To deliver its services, the App works with the following categories of third-party processors:

  • Cloud infrastructure provider — Database, authentication and file storage · EU
  • AI service providers— Document analysis and translation · USA (with GDPR DPA & SCCs)
  • Email service providers — Delivery and validity verification · USA (with GDPR DPA)
  • Maps & geocoding provider — Address lookup · EU / USA (with appropriate safeguards)
  • AADE (Greek Tax Authority) — VAT lookup · Greece (legal obligation)
  • Apple platform — App distribution and push notifications · EU / USA

Each of the above is bound by a Data Processing Agreement (DPA) under Art. 28 GDPR and — where required — Standard Contractual Clauses (SCCs) for transfers outside the EU.

All communications are transmitted over strong encryption (TLS / HTTPS).

A list of the specific recipients is available on request at info@international-brokers.com (Art. 15 GDPR).

7. Where data is stored

  • Primary data store: Secure cloud infrastructure located in the EU (Germany)
  • Files (PDFs, damage photos): Secure cloud storage located in the EU
  • On-device: Data cache for offline operation, with device-level encryption
  • Backups: Automatic daily encrypted backups

8. Retention periods

  • Policies (active + history): For the full term + 5 years after expiry
  • Client data: For the duration of the relationship + 5 years after termination
  • Claims: 10 years after settlement (statute of limitations)
  • Financial records: 10 years (tax law)
  • Email correspondence: 5 years (unless tied to an active matter)
  • System logs: 30 days (auto-cleanup)
  • VoIP call metadata: 3 years
  • Call recordings: Not retained (unless specifically requested for a defined purpose)

After the retention period, data is securely deleted or anonymized.

9. Data subject rights

Under the GDPR, every person whose data we process (clients, employees, partners) has the following rights:

  • Access (Art. 15) — request to info@international-brokers.com, response within 30 days
  • Rectification (Art. 16) — submit requested changes
  • Erasure("right to be forgotten", Art. 17) — subject to the exceptions in Art. 17(3) (legal obligations)
  • Restriction of processing (Art. 18) — suspension of processing in specific cases
  • Portability (Art. 20) — receive your data in a structured, commonly used format
  • Objection (Art. 21) — to processing based on legitimate interest
  • Withdraw consent — where processing is based on consent
  • Lodge a complaint with the Greek DPA — www.dpa.gr

To exercise your rights:
Email: info@international-brokers.com
Post: 77 Alexandras Avenue, 11474, Athens, Greece
Phone: +30 210 8733000

10. Security measures

We apply appropriate technical and organizational measures to protect data:

Technical:

  • Strong encryption (TLS) for all communications
  • Application sandboxing per platform standards
  • Device-level encryption for on-device data
  • Per-row / per-user access policies in the database
  • Biometric authentication (Face ID / Touch ID) in-app
  • Multi-factor authentication (MFA) for admin access
  • Daily backups and disaster recovery procedures
  • Encryption at rest for all files

Organizational:

  • Need-to-know access — authorized employees only
  • Audit logs for all significant actions
  • NDAs signed by all employees
  • Data protection training for staff
  • Incident response plan for breaches

In the event of a data breach:

  • Notification of the Greek DPA within 72 hours (Art. 33 GDPR)
  • Notification of affected persons if there is a high risk

11. Cookies & local storage

The Poli app itself does not use cookies (it is not a web app). It uses on-device local storage for:

  • User preferences (theme, layout)
  • Report cache for offline use
  • Authentication tokens

All local data is protected by device-level encryption and is removed when the user uninstalls the app or signs out.

12. Transfers outside the EU

As noted in Section 6, some of our processors (mainly AI and email services) are based in the USA. For these we rely on:

  • Standard Contractual Clauses (SCCs) issued by the European Commission (2021 versions)
  • EU-US Data Privacy Framework (DPF) where applicable
  • Supplementary technical measures as recommended by the EDPB

We do not transfer data to countries lacking an adequate level of protection.

13. Children

The App is a business tool. It is not intended for children under 16. We do not knowingly collect data from children.

In the context of adult-client insurance, we may process children's data (e.g. family health insurance). In those cases:

  • Consent is given by parents / guardians
  • Children's data is handled with particular care
  • It is never used for any marketing / promotional purpose

14. Changes to this policy

We reserve the right to amend this Policy. Changes will be published on this page with an updated date at the top.

For material changes we will notify employee-users via in-app notice.

15. Contact

For any data-protection question or regarding this Policy:

International-brokers.com
Email: info@international-brokers.com
Web: international-brokers.com
Phone: +30 210 8733000
Address: 77 Alexandras Avenue, 11474, Athens, Greece

Supervisory Authority

You have the right to lodge a complaint with the:

Hellenic Data Protection Authority (HDPA)
Kifissias 1-3, 11523, Athens
Email: contact@dpa.gr
Phone: +30 210 6475 600
Web: www.dpa.gr

my-policies.commy-policies.com

my-policies.com — Independent Insurance Brokers

Company

  • Home
  • Who we are
  • Why us

Legal

  • Privacy policy
  • Apps privacy
  • Public documents
© 2026 my-policies.com
All rights reserved
my-policies.commy-policies.com
  • About
  • Why us
  • Blog
  • Policy Payments
  • e-Shop
    • Vehicles
      • Cars
      • Motorcycles
    • Health
      • Health · International
      • Group Health
    • Travel
      • Travel
      • Business Travel
    • LifeComing soon
Admin access

Admin sign-in for content and publishing.

Open admin
🇬🇷EL🇬🇧EN
Request a quote
Menu
🇬🇷EL🇬🇧EN
  • About
  • Why us
  • Blog
  • Policy Payments
  • e-Shop
    • Vehicles
      • Cars
      • Motorcycles
    • Health
      • Health · International
      • Group Health
    • Travel
      • Travel
      • Business Travel
    • LifeComing soon
Request a quoteOpen admin