Protection of Personal Data

Protection of Personal Data

Personal Data Processing Policy of the Motor Insurers’ Fund

Last updated: 15/05/2025

  1. Introduction

The Motor Insurers’ Fund (hereinafter referred to as “MIF”, “we”, “us”, or “our”) as the Data Controller is committed to safeguarding your right to privacy and ensuring that the processing of your personal data is conducted in a transparent and secure manner. Personal data (hereinafter referred to as “Data” or “Personal Data”) refers to any information relating to an identified or identifiable natural person, in particular by reference to an identifier such as a name, identification number, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

This Personal Data Processing Policy (hereinafter the “Policy”) provides an overview of how and why we collect and process your Personal Data. It also includes information regarding third parties who may receive your Data as well as your rights under applicable national data protection laws and the European General Data Protection Regulation (“GDPR”). Further Processing Notices may be provided to you at a later stage that highlight specific uses of your personal information.

When we state that your personal data is subject to “processing”, this includes any operation or set of operations performed on such data such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, making available, alignment, combination, restriction, erasure, or destruction.

Please note that this Policy applies to:

  • individuals who have submitted or intend to submit a claim to the MIF,
  • uninsured drivers or owners of uninsured vehicles,
  • individuals involved in any way in claim cases managed by the MIF (e.g., witnesses, police officers, injured persons, and drivers or passengers of the vehicles involved),
  • customers of insurance companies who received a 7-day written notice in the event of policy cancellation,
  • individuals who have submitted a claim or intend to submit a claim to the MIF in the context of Liquidation/Insolvency of a Cyprus insurance company or an insurance company which is under Liquidation/Insolvency and it operates in Cyprus under Freedom of Services or Freedom of Establishment,
  • policyholders (insured persons) of of Cyprus insurance companies under Liquidation/Insolvency or insurance companies that are under Liquidation/Insolvency and operate in Cyprus under the Freedom of Services or Freedom of Establishment
  • individuals who are involved in any way in cases of claims handled by MIF in the context of Liquidation/Insolvency of a Cyprus insurance company or an insurance company which is under Liquidation/Insolvency and it operates in Cyprus under Freedom of Services or Freedom of Establishment (eg witnesses, police officers, injuries and drivers or passengers of vehicles involved)
  • users of the MIF website.
  1. Motor Insurers’ Fund

We are an organization registered in the Republic Cyprus under registration number HE2377 as a private company limited by guarantee having its registered office at 23 Zenon Sozos Street, Nicosia, P.O. Box 22025, 1516 Nicosia.

The MIF was established in 1969 and continues to operate under the provisions of the Motor Vehicles (Third Party Insurance) Law 96 (I) / 2000, as amended (hereinafter referred to as “Motor Vehicles Law”).

The MIF has been established to compensate in certain occasions, individuals who have suffered vehicle or other property damage, personal injuries and death due to road traffic accidents with uninsured vehicles, unidentified vehicles or vehicles insured with insurance companies under liquidation.

In case have any questions or want more details about how we use your personal information, you can contact our Data Protection Officer at: dpo@mif.org.cy.

  1. Principles of Personal Data Processing

When collecting sensitive personal data, we are bound by the General Data Protection Regulation (EU) 2016/679 (GDPR). Taking all necessary organizational measures into account, we proceed with the processing stage based on the following principles of personal data processing:

  • Processed lawfully, fairly, and in a transparent manner;
  • Collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes for which the insurance entity collects the data;
  • Collected only to the extent that is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
  • Accurate and, where necessary, kept up to date;
  • Retained only for as long as necessary for the purposes for which the data was collected;
  • Processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing, accidental loss, destruction, or damage, using appropriate technical or organizational measures;
  • When transferring your personal data either to another country or to a party processing data on behalf of the organization, we take the necessary steps to protect your data, such as entering into data processing agreements.
  1. What Personal Data do we collect, how we obtain it

We will collect and process only the necessary categories of Data required under our relationship with you. The categories of Personal Data we collect, and process may include the following:

  • General identification and contact information: Name, address, contact details (phone number and/or email), ID number or ARC, date of birth, occupation, gender. Information and contact details of third parties who are identified in any way as drivers, vehicle details, as well as information collected through our website via the use of cookies.
  • Personal Data for handling claims received by the MIF: Vehicle registration number, vehicle type and make, driver’s license type, insurance policy number, insurance company, current income (in cases of loss of earnings due to an accident, for the assessment of future income loss). Police/fire service/other competent authority report, expert report, insurance company details, medical certificates, diagnostic test results, accident photographs, copy of driver’s license, copy of vehicle ownership title.
  • Special categories of data or sensitive data include information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a person, health data, or data concerning a natural person’s sex life or sexual orientation.

In order to provide fair and adequate compensation for any bodily injuries suffered as a result of a road traffic accident, we may request Personal Data that reveals health-related information and/or injuries of claimants and other individuals involved.

  • In case of fatal accident, the MIF will request the disclosure of certain Personal Data of dependents of the applicant/victim (spouse and/or children) for the purposes of the fair and just quantification of compensation for the loss suffered by the dependents.

We collect Personal Data from the following sources:

  • Directly from you or your representatives (e.g., lawyers): via claim forms, phone communications, letters, emails, and any other correspondence we may have with you or your representatives, either in person or directly from the data subjects.
  • From third parties: such as public authorities, law enforcement agencies, and any other public or private organizations, medical experts, legal advisors (e.g., in cases where you are not insured with us but are making a claim against our insured due to an accident), lawyers, banks, or the Department of Road Transport.
  • From publicly available sources: such as the Registrar of Companies and Official Receiver, the Land Registry, Bankruptcy Registry, commercial registries, the press, mass media, and the internet. This data is collected and processed lawfully.
  • From other equivalent bodies: such as Green Card Bureaux, Compensation Bodies, Guarantee Funds, and Insolvency Funds of insurance companies.
  1. Purposes of Processing and Legal Bases

We collect and process Personal Data in order to manage and handle claims effectively from individuals whose vehicles or other property have been damaged, or who have suffered physical injury or passed away (compensation to beneficiaries), as a result of road traffic accidents involving uninsured vehicles, unknown vehicles, or vehicles insured by insurance companies under liquidation. In some cases, these claims may also fall within the scope of the Green Card system.

To process the above-mentioned Data lawfully, we rely on one or more of the following legal bases:

  1. Compliance with our Legal Obligations

The Fund is subject to various national and European laws, including EU Directives and Regulations, as well as the Motor Vehicles (Third Party Liability Insurance ) Law, L. 96(I)/2000.

The MIF has a legal obligation in certain cases to compensate individuals whose vehicles or property have been damaged, or who have suffered bodily injury or death due to a traffic accident involving uninsured, unknown, or liquidated-insured vehicles. In fulfilling this legal duty, the MIF must process specific categories of Personal Data.

  1. Legitimate Interests

We process Personal Data to safeguard the legitimate interests pursued by us or by third parties.

These legitimate interests include:

  • Managing claims submitted to the MIF;
  • Exercising or defending legal claims;
  • Implementing IT security measures, including asset protection ,network/system security, and hardware security;
  • Ensuring the physical safety of our premises and the security of our personnel;
  • Taking measures for the prevention of crime and fraud, such as detecting fraudulent claims.

III. Legal Claims

We may process Personal Data for the establishment, exercise, or defense of legal claims before courts and competent authorities.

  1. Consent

We may request your consent to collect and process your Personal Data. Please note that you have the right to withdraw your consent at any time. Any processing carried out before the withdrawal of consent will remain unaffected.

  1. Public Interest

The MIF was established to compensate, under certain conditions, individuals whose property (including vehicles) was damaged, or who suffered bodily injury or death (with compensation paid to their beneficiaries) due to road traffic accidents involving uninsured, unknown, or liquidated-insured vehicles — individuals who would otherwise be left uncompensated.

Our services aim to ensure fair and proper compensation for individuals involved in traffic accidents, regardless of the insurance status of the person responsible for the incident. Additionally, the Fund contributes significantly to reducing the number of uninsured vehicles in the Republic of Cyprus.

  1. Recipients of Your Personal Data

We may disclose your Personal Data to any of the following selected third parties:

  • Agents, partners, suppliers, and service providers, such as:
    • debt collection agencies
    • independent consultants and investigators
    • engineers and damage assessors
    • medical experts
    • insurance companies
    • reinsurance intermediaries
    • file management service providers
    • IT support providers
    • software vendors
    • search engine providers who help us improve and optimize our website
    • any third-party service provider offering services to the MIF
  • Our professional advisors and auditors, such as external legal counsel and accountants
  • Governmental bodies and law enforcement authorities
  • Courts, competent authorities, arbitrators, or other judicial committees
  • Uninsured drivers involved in the incident related to your claim with the MIF
  • Other equivalent entities, including:
    • Green Card Bureaux
    • Compensation Bodies
    • Guarantee Funds
    • Insolvency Funds of insurance companies

We will never share your Personal Data for purposes that are contrary to those described in this Policy, and we will not do so without informing you in advance.

In the context of our relationship, your Personal Data may be transferred to public authorities, investigators, reinsurance companies, and others acting as data processors on our behalf, in accordance with our agreements.

Transfers of personal data abroad may occur when cooperating with third-party providers, reinsurers, lawyers, or expert assessors located outside Cyprus.

In any case of data transfer to third parties, all necessary safeguards will be taken, ensuring that:

  • Only the necessary data is shared,
  • The conditions for lawful and fair processing are always met,
  • Recipients have provided written assurances that they comply with the General Data Protection Regulation (GDPR).

Exceptions apply in cases where the data disclosure is required by legal or regulatory obligations.

  1. Personal Data of Other Individuals

If you provide the MIF with Personal Data of another individual, such as a passenger involved in an accident, please note that it is your responsibility to inform that individual about the contents of this Policy and to ensure that they have been informed and understand how the MIF processes their Personal Data.

  1. Transfer of your Personal Data to a Third Country or to an International Organisation

We may transfer your Personal Data to countries not providing an adequate level of protection to Personal Data. Where appropriate, we will take steps to ensure that Personal Data transferred is subject to appropriate safeguards, such as entering into Data transfer agreements. In cases where we use Data transfer agreements or similar safeguards, we may be able to supply you with a copy or a specimen of such, if you contact us at dpo@mif.org.cy.

  1. Retention of Your Personal Data

As a general rule, the Fund retains your Personal Data only for the period necessary to complete the relevant claim, unless a longer retention period is required by legal or regulatory obligations. This applies even in cases where compensation is discontinued for any reason.

In alignment with the General Data Protection Regulation (GDPR), we have established retention periods based on the type of processing involved. The criteria considered in determining these timeframes include providing you with the best possible service, our operational needs, our legal obligations, and the protection of the legitimate interests of the Fund.

For specific information about the applicable retention periods, please contact the Data Protection Officer (DPO) of the Fund.

  1. Your Rights Regarding the Protection of Personal Data

The General Data Protection Regulation (GDPR) grants you specific rights concerning your personal data. In response, the Fund has established a mechanism to ensure your requests are addressed, as follows:

  1. Right to Access

You have the right to access your personal data that we hold. At any time, you may request and receive a copy of your data, especially if held in electronic form.

  1. Right to Rectification

You have the right to correct or update your personal data. Throughout your relationship with the Fund, you may review your data and request corrections or the completion of incomplete or inaccurate information, supported by the necessary documentation.

  • Right to Erasure (Right to be Forgotten)

You can request the deletion of some or all of your data. However, the Fund is obligated to delete only the data that falls within our Data Deletion Policy.

  1. Right to Restrict Processing

You may request the restriction of processing your data, especially if its accuracy is disputed or the data is no longer needed by the Fund but must be retained for legal claims.

  1. Right to Object

You may object to the processing of your personal data at any time. Upon exercising this right, processing will stop immediately unless the Fund demonstrates compelling legitimate grounds or the data is required for legal proceedings.

  1. Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another organization. The data will be deleted afterward in accordance with the Fund’s Data Deletion Policy.

  • Right to Withdraw Consent

You may withdraw your consent for the processing of your data at any time. This withdrawal does not affect the legality of processing based on your consent before it was withdrawn. Please note that withdrawal of consent may affect or lead to the termination of certain services.

  • Right to Submit a Complaint

You have the right to file a complaint regarding the processing of your personal data with the Commissioner for Personal Data Protection at:

Office of the Commissioner for Personal Data Protection
Kipranoros 15, 1061
P.O. Box 23378, 1682 Nicosia
Tel.: +357 22818456 | Fax: +357 22304565
Email: commissioner@dataprotection.gov.cy

To exercise any of the above rights or if you need further information about your rights, you may contact our Data Protection Officer (DPO) at our registered office address or via email at: dpo@mif.org.cy.

  1. Children

We recognize the importance of protecting children’s privacy. We may collect Personal Data related to children when handling claims, only if we have first obtained the consent of their parents or legal guardians, or such collection is permitted under applicable laws.

  1. Cookies

To enhance the user experience of our website, we may use cookies.

A cookie is a unique numerical code that is transferred to your browser in order to track your interests and preferences and to recognize you as a visitor to our website.

We use cookies for the following purposes:

  • Essential Functions: These cookies are necessary for the operation of our website.
Cookie Duration Description
cookieyes-consent 1 year CookieYes sets this cookie to remember users’ consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about the site visitors.
rc::a Never Expires This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::c session This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
_GRECAPTCHA 6 months Google Recaptcha service sets this cookie to identify bots to protect the website against malicious spam attacks.
rc::f Never Expires This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
rc::b session This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
wordpress_test_cookie session WordPress sets this cookie to determine whether cookies are enabled on the users’ browsers.
  • Analytics / Performance: These allow us to count visitors and see how they use our website. This helps us improve user experience, for example, by ensuring users find what they are looking for easily.
Cookie Duration Description
_ga 1 year 1 month 4 days Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_gid 1 day Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website’s performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
  • Functionality: These are used to recognize returning users to our website. This allows us to personalize content and remember your preferences (e.g., language selection and high-visibility settings).
Cookie Duration Description
_gat 1 minute Google Universal Analytics sets this cookie to restrain request rate and thus limit data collection on high-traffic sites.

Our website may set various types of third-party cookies, whose function we do not control. These may include:

  • Google Analytics – We use Google Analytics to collect data about how the site is used. This data does not include personally identifiable information. You can view Google’s Privacy Policy here: www.google.com/policies/privacy.

Cookies will only be stored if the user consents to their use by activating the relevant cookies in the pop-up banner when visiting our website.

You may change your preferences or withdraw your consent for the use of cookies at any time via the cookie pop-up banner located at the bottom of the site. However, please note that restricting or blocking cookies may impact the website’s functionality or performance or prevent you from using certain services provided through the site. It may also affect our ability to improve the site to meet user preferences and performance goals.

  1. Changes to the Personal Data Processing Policy

Changes in legislation or technological developments may require us to update this Policy.

Please check this Policy regularly, as it may be updated at any time to reflect such changes.

The revised Policy will be published on our website at: www.mif.org.cy
You may also request a printed copy of the latest version of the Policy.

  1. Contacting MIF

To exercise any of your rights or if you have questions regarding the use of your Personal Data, please contact us at: info@mif.org.cy

You may also contact our Data Protection Officer at: dpo@mif.org.cy