top of page

corevanta

Data Protection Policy

Data Protection Principles

Corevanta adheres to internationally recognized data protection principles:

Lawfulness, Fairness, and Transparency

  • Data processed lawfully and transparently

  • Clear communication about data use purposes

  • Fair processing aligned with user expectations

Purpose Limitation

  • Data collected for specific, explicit, and legitimate purposes

  • No processing beyond stated purposes without consent

  • Regular review of processing activities

Data Minimization

  • Only necessary data is collected and processed

  • Regular assessment of data requirements

  • Deletion of unnecessary or outdated information

Accuracy

  • Data kept accurate and up to date

  • Regular verification of information quality

  • Prompt correction of identified errors

Security

  • Appropriate technical and organizational measures

  • Protection against unauthorized access, alteration, or destruction

  • Regular security assessments and improvements

Storage Limitation

  • Data retained only as long as necessary

  • Clear retention schedules and deletion procedures

  • Regular review of stored information

Data Categories

Client Data

  • Survey reports and risk assessments

  • Claims and loss adjustment records

  • Technical documentation and analysis

  • Commercial and financial information

Personal Data

  • Contact information and professional details

  • Communication records and preferences

  • Website usage and interaction data

  • Authentication and access logs

Processing Lawful Bases

  • Contract performance and service delivery

  • Legitimate business interests

  • Legal compliance requirements

  • Explicit consent where required

Data Subject Rights:

Access Rights

  • Right to obtain confirmation of processing

  • Access to personal data and processing information

  • Copy of data in accessible format

Correction and Deletion

  • Right to rectify inaccurate data

  • Right to erasure in specific circumstances

  • Right to restrict processing

Portability and Objection

  • Right to data portability where applicable

  • Right to object to processing for marketing

  • Right to object to automated decision-making

International Transfers

  • Adequate protection for international data transfers

  • Standard contractual clauses or adequacy decisions

  • Additional safeguards for high-risk jurisdictions

Data Breach Response

  • Incident detection and assessment procedures

  • Authority notification within 72 hours (where required)

  • Communication to affected individuals when necessary

  • Documentation and lesson-learned processes

bottom of page