en bg
CALL CENTRE 24/7   +359 (2) 950 50 10

Confidentiality policy

Coris Bulgaria Ltd.

We would like to express our gratitude for your interest in our company.

Data Protection is of particular high priority in Process Management at CORIS Bulgaria Ltd., hereinafter referred to as "CORIS". The use of the CORIS websites is possible without any reference to personal data; however, if a data subject wants to use special corporate services through our website, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address or telephone number of the data subject, is always in accordance with the General Data Protection Regulation (GDPR, subject to country-specific data protection regulations.

With this Privacy Statement, our company would like to inform the general public of the nature, scope and purpose of the personal data we collect, use and process.

In addition, data subjects are informed through this statement of data protection and their rights.

As an administrator, CORIS applies a number of technical and organizational measures to provide the most complete protection of our personal data in relation to our engagement. Internet-based data transmissions may, however, generally have gaps, so that absolute protection may not be guaranteed. For that reason, each data subject is free to transfer personal data through an alternative, which means, for example, by phone.

1. Definitions

The CORIS Privacy Statement is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection statement must be legible and comprehensible to the general public as well as to our customers and business partners. To ensure this, we would first like to explain the terminology used.

In this privacy statement we use the following terms:

(a) Personal data

Personal data means any information relating to an identified or identifiable natural person ("data subject"). Any individual may be identified directly or indirectly, in particular by reference to identifier, such as name, identification number, location data, an online identifier or one or more factors specific to the individual such as physiological, genetic, mental, economic, cultural or social identity that individual.

(b) Data Subject

Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

In progress Processing is any operation or set of operations that is performed with personal data or a set of personal data, whether automated or not such as collecting, enrolling, organizing, structuring, storing, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combining, limiting, deleting or destroying.

(d) Limitation of processing

The limitation of processing is to tag the stored personal data with view the limitation of their future processing.

e) Profiling

Profiling means any form of automated processing of personal data, which consists in the use of personal data for the assessment of certain personal aspects related to an individual, and in particular to analyze or anticipate aspects related to the work of the individual in the workplace, the state, health, personal preferences, interests, reliability, behavior, location or movement.

i) Pseudonymization

Pseudonymization is the processing of personal data in such a way, that personal data can no longer be attributed to a particular individual without the use of additional information, provided that such information is provided the additional information is kept separately and subject to the relevant technical requirements and organizational measures to ensure that personal data are not attributed to an identified or identifiable natural person.

(g) Controller or administrator responsible for processing

The controller or administrator responsible for the processing is either physical or a legal person, a public body, an agency or any other body which either alone or together with others, determines the purposes and means of processing personal data.

h) Processor

The processor is a natural or legal person, a public body, an agency or other person authority which processes personal data on behalf of the controller.

k) Recipient

The recipient is a natural or legal person, public body, agency or other body to which personal data is disclosed, whether it be a third party or not. However, government bodies that may receive personal data in the within the framework of a specific investigation in accordance with EU or Member State legislation are not considered as recipients; processing these the data of these public authorities comply with applicable data protection rules in accordance with the purposes of the processing.

(l) Third Party

The third party is a natural or legal person, a public authority, an agency or a body other than the data subject, controller, processor, and persons under the direct authority of the controller or processor are empowered to do so to process personal data.

(m) Consent

The consent of the data subject is any given free, specific, and an unambiguous indication of the data subject's wishes with which he or she through a statement or through clear positive action, accepts the processing of personal data relating to it.

2. Whom to contact for your personal information.

If you have questions about the use of your personal information, you can send a request to “CORIS” at the following address:

"CORIS "Bulgaria Ltd

With an address of registration: 1421 Sofia, 92, D. Hadzhikotsev Str.,ent. 1, floor 2, apt. 3

Address of correspondence: Sofia 1606, 1-Yakov Kraykov Str

Phone: +359 2 950 50 10

Email: gdpr@coris.bg

Web site: www.coris.bg

Personal data we collect:

Depending on your relationship with us (for example, as a user who holds an insurance policy, an insured or a claimant who is not an insurance policyholder, a witness, a commercial or an insurance intermediary, or a designated agent or other person related to our work), personal data obtained for you and your relatives may include:

• Basic Identity Information or Contact Information

Your name, address, email and phone number, gender, marital status, date and place of birth, passwords (including for our systems), education, physical characteristics, activity data such as history of your driving experience , photos, job descriptions, skills and experience, professional licenses and memberships, relationship with the policyholder, insured or claimant, date and cause of death, injury or disability.

• Identification numbers issued by government bodies or agencies

Single Identity Number (Personal Identification Number), personal ID of a foreigner, identity card number, military license number or driving license or other license number, copy of identity document or other identification document.

• Financial information and detailed bank account information

Payment card number, bank account number and bank account details, credit history and credit rating, assets, income, and other financial information.

• Medical status and health status

Current or previous physical or mental health status, health status, injury or disability information, medical manipulations, personal habits (for example, smoking or alcohol consumption), medical prescriptions you use or have used, and medical history.

• Other sensitive information

In some cases, we may receive sensitive information about your membership in trade unions, religious organizations, political views, family medical history, or genetic information (for example, if you apply for third party insurance as a marketing partner that may be commercial, religious or political organization). We may also obtain information about your criminal record or civil lawsuits during the fraud prevention, detection and investigation procedures. We could also get sensitive information that you have voluntarily provided or provided to medical, health and healthcare establishments (for example, by expressing preference for medical treatments based on your religious beliefs).

• Telephone records

Phone calls to our representatives and call centers.

• Prevention and investigation of crime, including fraud and money laundering

For example, we may be required to provide certain information to law enforcement.

• Information that allows us to provide certain products and services

Location and identification of insured property (for example, property address, vehicle registration number or ID number), travel preparation information, including booking number, age categories of the persons you wish to insure, claims, detailed information about insurance coverage / risks, causes of loss, previous accidents or losses, your status as a director or partner or other type of property or management days Organization and other types of insurance that you own.

• Marketing preferences and customer feedback

You can let us know about your marketing preferences, voluntarily fill in a survey of your customer satisfaction level. It is also possible for us to contact you in order to receive feedback on the services we provide and / or your opinion on new services offered. However, we would like to inform you that we will seek to contact you with marketing purposes, primarily to protect your interests and increase the level of service you provide.

• Social network profile and app information

Certain personal information about you may be obtained when you use our Apps or Social Network Content, including your social network account username and profile photo, and other personal information you provide us with. If you choose to link your account to a social network organized by another social network service provider with your account (s) to any “CORIS” Electronic Services, we will be provided with personal data from your Social Account network, which may also include personal data - part of your social network profile or your friends' accounts.

3. How we use personal information

We use personal data to:

• Communicate with you and others as part of our work.

• Send / provide important information about changes to our policies, other Terms, changes to “CORIS” Electronic Services and other administrative information.

• Make decisions on whether to make a specific insurance and to provide assistance services, including assessment, processing and settling claims in cases where we settle disputes on claims.

• Evaluate your solvency and process the payment of the insurance premium and other types of payments.

• Provide improved quality, training and security (for example, with regard to recorded and viewing phone calls to our contact phones).

• Providing crime prevention, detection and investigation, including fraud and money laundering,  commercial risk management and analysis.

• Conduct marketing research and analyzes, including customer satisfaction surveys.

• Provide you with marketing information (including information about other products and services offered by certain third party partners) according to the preferences you have chosen.

• Ensure your identification to the persons you send messages to through the use of “CORIS” Electronic Services.

• Encourage the use of social sharing features.

• Manage our infrastructure and business activities and comply with internal policies and procedures, including those related to audit, finance and accounting, billing and debt collection, IT systems, data hosting and web sites, business continuity and management of reports, documentation and printed copies.

• Deal with complaints and consider requests for access to or correction of data.

• Comply with the applicable legislation and legal obligations (including legislation outside the Republic of Bulgaria), such as those on measures against money laundering and terrorist financing or personal data protection, with statutory procedures and in response to requests from state and local authorities, public authorities (including those outside the Republic of Bulgaria).

• Identify and protect legal rights, protect our activities or those of our group or our insurance business partners, our rights, confidentiality, safety or property and / or those of our group, yours or others, and in search of court satisfaction or of limiting our damages.

4. Provision of personal data in other countries

Due to the global scale of our activity, for the purposes set out above, we may provide personal data to persons located in other countries (including Canada, the United States and other countries with a different legal protection regime for information than the country you are in). For example, we may provide personal data to process claims on international travel insurance and to provide emergency medical assistance while abroad. We can provide information at an international level to companies in our group, service providers, business partners and government or public authorities.

5. Sharing personal data

“CORIS” may provide personal data to:

• Companies and agents of the group

For business, employment and marketing purposes, “CORIS” may provide personal data to other APRIL EMEA network agents or companies in its group. A list of companies in the APRIL EMEA group that may have access to personal data can be obtained by contacting us in the order specified in this Policy. “CORIS” is responsible for the management and security of shared personal data. Access to personal data within the group is limited and is only used by persons who need access to such information for purposes of the company's business, including for marketing purposes.

Other countries such as insurers and intermediaries

In the course of marketing, insurance, and claim processing, “CORIS” may provide personal data to third parties such as other insurers, reinsurers, insurance and reinsurance agents and other intermediaries or agents, appointed representatives, distributors, marketing partners and financial institutions, securities trading companies, hospitals, medical clinics and other business partners. This provision of personal data is most often needed in connection with your insurance services and is in the defense of your rights under insurance contracts.

Our service providers

Third parties - external service providers such as medical workers, accountants, actors, auditors, experts, lawyers and other external professional consultants, service providers providing medical care and travel, service providers related to customer contact centers , information technology systems, hosting and maintenance providers, print, advertising, marketing and market research and market analysis services, banks and financial institutions serving all of the waste and, third parties responsible for administering claims or management of documentation, individuals, investigating insurance claims and experts, construction consultants, engineers, investigators, court consultants, translators and other such third parties as traders and suppliers of outsourcing services that help us in the conduct of our business.

Recipients of social sharing information

Such recipients are your friends associated with your social networking account, other website users, and your social network service providers that are related to your social sharing activity, such as when you link your account to a social a network organized by another social network service provider with your CORIS eService account, or when you connect to your “CORIS” eService account using your account on another social network. When linking your “CORIS” Electronic Services account and your account to another social network, you allow us to provide data to the service provider that supports your account in the other social network, and you state that you understand the fact that the processing the data we provide will be performed in accordance with the privacy policy of the other social network service provider's website. If you do not want your personal information to be provided to other users or other social network service providers, please do not link your account to another social network with your CORIS eService account and do not share on social networks via CORIS "Electronic Services.

State authorities and third parties involved in lawsuits

“CORIS” may also provide personal data to state or other public institutions (including, but not limited to, employee compensation commissions, law enforcement agencies, tax authorities and criminal investigating authorities) and third parties involved in civil trials , and their accountants, auditors, lawyers and other advisors and representatives whom we consider necessary to: (a) comply with applicable law, (b) compliance with the applicable procedures, (c) fulfillment of requests by public or state bodies, including public and state authorities outside the Republic of Bulgaria, (d) application and observance of our terms, (e) protect our rights, confidentiality, safety or property and / or those of our group of companies, yours or others, and (f) seek legal redress or limit our damage.

Other third countries

We can provide personal data to payment recipients, emergency services (fire, police and emergency medical care), retailers, medical networks, medical providers, travel agents, credit bureaux, credit reporting and other individuals involved in accidents that are the subject of a claim as well as buyers and prospective buyers or other parties in a real or proposed reorganization, merger, sale, joint venture, transfer, transfer or other transaction relating to all or part of the business assets or shares.

You can also share personal data through forums, Internet chat (chat) and blogs and other “CORIS” Electronic Services where you can upload information and materials (including, but not limited to, Social Network Content). Please note that information uploaded by you or disclosed through these services will become publicly available information and will be available to visitors and users of CORIS Electronic Services and the public. We urge you to be very careful when deciding to disclose your personal data or other information through the use of CORIS Electronic Services.

6. Data protection

“CORIS” will take appropriate technical, physical, legal and organizational measures in accordance with the applicable privacy and data protection legislation. Unfortunately, when transferring data over the Internet or storing it in storage systems, data security cannot be guaranteed at 100%. If you have reason to believe that your data obtained during our relationship is no longer protected (for example, if you believe that the security of your personal data was compromised or compromised), please let us know immediately this. (See the "Who to Contact Your Personal Information" section above).

When “CORIS” provides personal data to a service provider, the service provider is carefully selected and required to implement appropriate measures, in accordance with applicable law, to protect privacy and data security.

7. Preservation of personal data

“CORIS” takes reasonable steps to ensure that the personal data we process is reliable for the purpose for which it is used and that it is accurate and complete in accordance with the need to meet the objectives of this Privacy Policy. “CORIS” will retain personal data for as long as is necessary to achieve the purposes set forth in this Privacy Policy unless the law requires or authorizes longer storage and retention periods.

8. Right of rectification

Each data subject shall have the right granted by the European legislator to obtain without undue delay from the controller the correction of inaccurate personal data relating to him or her. Given the purpose of the processing, the data subject may have incomplete personal data filled in, including by providing a supplementary statement. If a data subject wishes to exercise this right of correction, he or she, please contact our Data Protection Officer or other employee at any time.

9. Personal data of other persons

When you provide personal data to others, you agree to: (a) notify the individuals of the contents of this Privacy Policy; and (b) obtain the lawful consent to collect, use, disclose and transfer (including disclosure in other countries), or otherwise processing the personal data of these individuals in accordance with this Privacy Policy.

10. Customer Satisfaction Survey

We will provide you with an uninterrupted opportunity to inform us of your opinion on the services provided. You can also contact us by email: operations@coris.bg or gdpr@coris.bg or by writing to us at: “CORIS Bulgaria” 1606 1, "Yakov Kraykov" Str. let us know about your recommendations, satisfaction or complaints.

Receiving messages (such as SMS text messages) / phone calls / mails from us: If you no longer wish to receive any messages / phone calls / post messages from KORIS from now ahead - you can withdraw your registration of receiving such messages, by contacting us at the addresses above.

11. Requests for access and correction of data, exercise of the right to delete, limit processing and questions and concerns.

You have the right to access, correct and disagree with disclosure, or to wish to delete or hide your personal data for any reason. Please contact us as described above in the "Who to Contact Your Personal Information" section on with such requests or if you have any questions or concerns about the way we process and / or disclose your personal information. Please note that some personal data may not be subject to access, corrections, objections, deletions or hide under local privacy and data protection laws.

You have the right to ask CORIS to delete the personal data related to you when one of the following reasons is applicable: 1) personal data is no longer necessary for the purposes for which it was collected or otherwise processed; 2) You, as a data subject, have withdrawn your consent on which the processing of the data is based when your consent is the basis for processing and there is no other legal basis for the processing; 3) You - as a data subject - have objected to the processing and there are no legitimate grounds for the processing that have an advantage; 4) personal data has been tampered with; (5) personal data must be deleted in order to comply with a legal obligation under European Union law or the law of a Member State that applies to CORIS as a personal data controller; 6) personal data have been gathered in connection with the provision of information society services. We would like to inform you that there are hypotheses where we have reason to deny the deletion of your personal data.

You also have the right to request from Administrator to restrict the processing of your personal data when: 1) the accuracy of your personal data is being challenged by you for a period that allows CORIS to verify the accuracy of the personal data; 2) processing is unlawful, but you do not want personal data to be erased, but instead require a limitation of use; 3) “CORIS” as an administrator no longer requires personal data for the purpose of processing, but you require them for the establishment, exercise or protection of legal claims;4) You have objected to the treatment pending verification that the legitimate grounds of CORIS have an advantage over your interests as a personal data subject; 5) In addition, the data subject is entitled to receive information

- Whether the personal data have been transferred to a third country or not.

12. Period for which personal data will be stored

The criteria used to determine the period of storage of personal data are:

- the relevant mandatory retention period, after the expiry of this period, the relevant data is routinely deleted as long as there is no more necessary for the performance of the contract or for the opening of a contract.

13. Providing personal data as statutory or contractual requirements;

Requirement required to conclude a contract; Obligation under contracts where personal data must be provided; possible consequences of failure to provide such data.

We clarify that the provision of personal data is required in part by law (e.g tax provisions) or may also result from contractual arrangements (e.g, information about the contractual partner). Sometimes it may be necessary to conclude a contract where the data subject provides us with personal data that must subsequently be processed by us.

The data subject is, for example, obliged to provide us with personal data when our company signs a contract with it. The lack of provision of personal data would lead to the fact that the contract with the individual cannot be concluded.

Our Data Protection Officer should explain to the data subject whether the provision of personal data is required by law or contract.

In the exercise of your legal rights as data subjects we would like to take into account the fact that the services provided by CORIS are directly related and entirely dependent on the correctness and accuracy of the personal data you provide.

14. Third Party Services

This "Privacy Policy" is not and we are not responsible for the confidentiality, information or other practices of third parties, including third parties who manage the websites or services to which “CORIS” Electronic Services communicate.

Please note that we are not responsible for the policies and practices for collecting, using and disclosing personal data (including information security policies) to other organizations such as Facebook®, Twitter®, Apple®, Google®, Microsoft® , RIM / Blackberry® and everyone other application developer, application provider, social networking platform provider, operating system providers, wireless service providers, or electronic device manufacturers, including any personal data that you disclose to other organizations through or in connection with CORIS Electronic Services.

15. Use of “CORIS” Electronic Services by Minors

“CORIS” Electronic Services are not intended for persons under eighteen (18) years of age and we ask such persons not to provide personal data through CORIS Electronic Services.

16. Changes to the Privacy policy

We periodically review this Privacy Policy and reserve the right to make changes at any time in connection with changes in our business and legal requirements. We will publish the updates on our website.

Please look at the "LAST UPDATE" date at the bottom left of the current "Privacy Policy" to see when the last correction was made.


Last updated 29.03.2019.


Coris can
help you, if:

  • You are to travel abroad
  • You want safety and comfort
  • You need assistance