Privacy Policy
Privacy Policy
Customer Privacy Policy
Customer Privacy Policy
1. AOP Commitment
For AOP – Insurance Broker, Lda, hereinafter referred to as AOP, the privacy and protection of the personal data of its customers and involved parties is very important. AOP is committed to complying with all applicable legislation on privacy and personal data protection, GDPR – EU Regulation 2016/679 of April 27, 2016. With this privacy policy, AOP aims to make public the protection mechanisms and data processing practices it intends to use in relation to natural persons, whether as applicants, policyholders, insured persons, covered persons, beneficiaries, or in any other capacity.
2. AOP Responsibility in the processing of personal data
The data controller of personal data will be AOP, which provides you with the service and offers products and, within that scope, decides which data is collected, processing means, and purposes for which the data is used, in the cases identified in point 4 below.
In certain cases, AOP will act as a processor, processing your data on behalf of another entity, which will act as the data controller, namely insurance companies, when AOP provides them services within the scope of managing and executing an insurance contract in which the data subject is a party (for example, for claims management purposes). In such cases, we recommend consulting the privacy policy and/or other information on the processing of your data with the data controllers.
3. Essential concepts
3.1. What is personal data?
Personal data is any information, of whatever nature or on any medium, relating to an identified natural person. A person may be identified, directly or indirectly, by an identifier, such as name, legal number, location, genetic, mental)
3.2. Who are the data subjects of personal data processed by AOP?
The data subjects are the natural persons to whom the personal data relates.
For example, as data controller, AOP may process personal data whose subjects are its customers (natural persons), who contract AOP services and products, its former customers, and its potential customers. As a processor, AOP may process personal data whose subjects are policyholders, beneficiaries or insured persons, according to a given insurance contract, or persons indicated as witnesses in the event of claims.
3.3. What types of personal data are processed?
1 -Identification data, of policyholders, insured persons, injured parties and beneficiaries, as necessary (for example: name, address, place of birth, nationality, dual nationality, citizen card, gender, date of birth, telephone contact, e-mail, taxpayer number, marital status, profession);
2 -Claims record data in the life line (for example: death record, death certificate, deed of heirs, medical report, funeral agency receipt, accident report, autopsy report and blood alcohol and toxicology test results, payment order to be completed by the beneficiary, IBAN proof);
3 -Claims record data in the health line (for example: insured person's health history, medical reports, supporting documents for claim settlement);
4 -Claims record data in the workers' compensation line (for example: insurance activation date and claim description, salary, premiums, extras, gratuities, meal allowance, supporting data for claim settlement);
4 -Claims record data in the personal accidents line (for example: claim description, medical information, claim supporting documentation, legal beneficiaries);
5 -Claims record data in the motor line (for example: Auto DAA claim report data, identification of injured third parties, identification of witnesses);
6 -Claims record data in other lines (for example: claims reporting data);
7 -Insured object identification data (for example: type of vehicle, type of aircraft, type of vessel, license plate, brand, model, year of manufacture, chassis number, registration date, engine capacity, number of seats/power, policy number, identification of other insured objects such as jewelry, artwork, dwelling, household contents, or animals);
8 -Collection data (for example: NIB/IBAN, bank, swift, signature, account holder name, address, policy number);
9 -Health and lifestyle data
10 -Call recording data
4. Processing of Personal Data
AOP, as controller of personal data, processes it in the following situations:
1 – To enter into a contract or to carry out pre-contractual steps at your request.
Within the scope of its activity of providing and offering services, AOP may need to process your personal data, namely:
In the Registration and proof of commercial transactions and pre-contractual information, which includes (for example):
• responses to information requests made by customers or potential customers;
• simulation requests for presenting insurance proposals;
Monitoring contract management and execution, which includes (for example):
• presentation of insurance proposals, according to the customer's interests;
2 - Compliance with legal obligations
In the exercise of its activity, AOP is subject to legal and regulatory obligations and compliance with them may imply the processing of personal data for these purposes, such as:
• Tax obligations – Withholding, payment or declaration;
• Legal obligations – Requests from Public Authorities
• Prevention and combating of money laundering and terrorist financing
3 – Promote AOP activity
With the aim of better serving its customers, AOP may use your personal data to improve and develop its activity and defend its legal rights and interests, such as:
• Maintenance and Improvement of service quality
• Marketing and communication
• Complaint management and monitoring of judicial proceedings
4 – Communication and Commercial Promotion
5 - Data processing as processor
When AOP acts on behalf of other entities, namely insurance companies, the processing of personal data will be determined by them, as data controllers. AOP's obligation in these cases will be to process personal data according to the instructions of the data controllers.
6. Processing Regime
The personal data collected by AOP is subject to lawful and transparent processing, in compliance with the provisions of the legislation.
Data may be processed in an automated manner.
Data processing is limited to what is strictly necessary and in accordance with the purpose that legitimized its collection.
In order for AOP to fulfill all its duties and provide you with the best possible service, it may have to communicate or grant access to your personal data to other entities; AOP will only communicate or grant access to your personal data to the following entities:
• Service providers (for example, contracted services in data center management).
• Insurance and/or reinsurance companies with which insurance or reinsurance contracts have been entered into;
• Public authorities, such as, for example, Tax Authorities or Judicial Courts.
AOP will only communicate personal data that is indispensable for the provision of contracted services or for compliance with legal obligations to which it is subject.
7. Purpose, type and retention period of data
AOP will only process your personal data for the purposes set out below and only for the period of time necessary to fulfill those purposes:
Registration and Proof of Commercial Transactions and Pre-contractual Information
Monitoring contract management and execution
Commercial prospecting
Marketing and communication
Complaint management and monitoring of judicial proceedings
Service quality improvement
Compliance with Legal Obligations
You can consult the detail of the type of data and retention periods here.
8. Rights of data subjects
Regarding personal data collected and processed, in accordance with this privacy policy, AOP makes available to data subjects all provided rights, namely those set out in the GDPR:
8.1. Right to information and access
The personal data subject, whenever requested, has the right to obtain and be informed in a brief, concise and transparent manner regarding the purposes of processing, the recipients to whom this data will be disclosed, the data retention periods, the source where it was not obtained directly, and other information provided by law and the GDPR.
8.2. Right to rectification
The data subject, whenever they verify or consider that their personal data is incorrect or incomplete, may request its rectification or that it be completed.
8. 3. Right to erasure
Provided that the purpose that motivated the collection of personal data has already ceased or is no longer necessary, you may request the erasure of your personal data.
In these cases, AOP will erase your data, except for exceptions provided by law that prevent erasure:
1. exercise of freedom of expression and information;
2. compliance with a legal obligation requiring processing and applicable to AOP;
3. reasons of public interest in the area of public health;
4. archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, insofar as the exercise of the right to erasure seriously impairs the achievement of the objectives of that processing; or
5. establishment, exercise or defense of a right in legal proceedings.
8.4. Right to restriction of processing
In certain situations, you may request restriction of access to personal data or suspension of processing activities. For example, in cases where you contest the accuracy of your personal data, or where you have objected to processing, until it is verified whether AOP's legitimate interests prevail over yours.
8.5. Right to data portability
According to cases provided by law, you have the right to receive personal data concerning you and that you have provided to AOP in a structured, commonly used and machine-readable format.
You also have the right to request that AOP transmit this data to another controller, provided this is technically possible.
8.6. Right to object
The personal data subject has the right to object to the processing of their personal data at any time, on grounds relating to their particular situation, when that processing is based on AOP's legitimate interest or when it is carried out for purposes other than those for which the data was collected, but which are compatible with them.
In such cases, AOP will cease processing your personal data, unless there are legitimate reasons to carry out such processing and these prevail over your interests.
You may also object, without needing justification, to the processing of your data for direct marketing purposes.
8.7. Right to withdraw your consent
In cases where data processing is based on your consent, you may withdraw consent at any time.
If you decide to withdraw consent, your personal data will no longer be processed, except as provided by law or on another basis, such as contract or legitimate interest.
8.8. Right to lodge complaints with the supervisory authority
You have the right to lodge complaints with the competent supervisory authority regarding matters related to the processing of your personal data.
In Portugal, the competent supervisory authority is the National Data Protection Commission.
For more information, access www.cnpd.pt.
9.How can you exercise your rights?
Through the following channels:
• E-mail: you can exercise your rights by e-mail, to the address [rgpd@aopseguros.pt].
• Letter: you can exercise your rights by letter, addressed to AOP and sent to Rua Santa Maria 1740, 4535-400 Santa Maria de Lamas
Exercising your rights is free of charge.
10. Indirect collection of your personal data
It is possible that AOP has collected your personal data through third parties or by other means, even if you are not an AOP customer.
This will happen, for example, in cases where your contact is provided by a family member or third-party entity, when you are a beneficiary of a particular insurance policy.
Whenever AOP has the first opportunity, it may provide this to you in person or refer you to the website, where this policy should be available.
11.Security, technical and organizational measures
In order to ensure the protection of your personal data made available to it, AOP has adopted various security, technical and organizational measures in order to protect personal data against undue access, destruction, loss, manipulation, disclosure or any other form of unlawful processing.
In cases where AOP subcontracts other entities to provide services involving the transfer of personal data, those entities will be required to adopt the necessary technical and organizational measures in order to protect personal data against destruction, loss, alteration, disclosure, unauthorized access or any other type of unlawful processing.
12.Responsibility for services and websites
We advise you to consult the rules on the use of cookies contained on the AOP website, and you may also consult AOP's Cookie Policy here.
The AOP website may eventually contain links to other third-party websites, products or services. AOP has no relationship with these third parties, nor are they covered by this Privacy Policy.
1. AOP Commitment
For AOP – Insurance Broker, Lda, hereinafter referred to as AOP, the privacy and protection of the personal data of its customers and involved parties is very important. AOP is committed to complying with all applicable legislation on privacy and personal data protection, GDPR – EU Regulation 2016/679 of April 27, 2016. With this privacy policy, AOP aims to make public the protection mechanisms and data processing practices it intends to use in relation to natural persons, whether as applicants, policyholders, insured persons, covered persons, beneficiaries, or in any other capacity.
2. AOP Responsibility in the processing of personal data
The data controller of personal data will be AOP, which provides you with the service and offers products and, within that scope, decides which data is collected, processing means, and purposes for which the data is used, in the cases identified in point 4 below.
In certain cases, AOP will act as a processor, processing your data on behalf of another entity, which will act as the data controller, namely insurance companies, when AOP provides them services within the scope of managing and executing an insurance contract in which the data subject is a party (for example, for claims management purposes). In such cases, we recommend consulting the privacy policy and/or other information on the processing of your data with the data controllers.
3. Essential concepts
3.1. What is personal data?
Personal data is any information, of whatever nature or on any medium, relating to an identified natural person. A person may be identified, directly or indirectly, by an identifier, such as name, legal number, location, genetic, mental)
3.2. Who are the data subjects of personal data processed by AOP?
The data subjects are the natural persons to whom the personal data relates.
For example, as data controller, AOP may process personal data whose subjects are its customers (natural persons), who contract AOP services and products, its former customers, and its potential customers. As a processor, AOP may process personal data whose subjects are policyholders, beneficiaries or insured persons, according to a given insurance contract, or persons indicated as witnesses in the event of claims.
3.3. What types of personal data are processed?
1 -Identification data, of policyholders, insured persons, injured parties and beneficiaries, as necessary (for example: name, address, place of birth, nationality, dual nationality, citizen card, gender, date of birth, telephone contact, e-mail, taxpayer number, marital status, profession);
2 -Claims record data in the life line (for example: death record, death certificate, deed of heirs, medical report, funeral agency receipt, accident report, autopsy report and blood alcohol and toxicology test results, payment order to be completed by the beneficiary, IBAN proof);
3 -Claims record data in the health line (for example: insured person's health history, medical reports, supporting documents for claim settlement);
4 -Claims record data in the workers' compensation line (for example: insurance activation date and claim description, salary, premiums, extras, gratuities, meal allowance, supporting data for claim settlement);
4 -Claims record data in the personal accidents line (for example: claim description, medical information, claim supporting documentation, legal beneficiaries);
5 -Claims record data in the motor line (for example: Auto DAA claim report data, identification of injured third parties, identification of witnesses);
6 -Claims record data in other lines (for example: claims reporting data);
7 -Insured object identification data (for example: type of vehicle, type of aircraft, type of vessel, license plate, brand, model, year of manufacture, chassis number, registration date, engine capacity, number of seats/power, policy number, identification of other insured objects such as jewelry, artwork, dwelling, household contents, or animals);
8 -Collection data (for example: NIB/IBAN, bank, swift, signature, account holder name, address, policy number);
9 -Health and lifestyle data
10 -Call recording data
4. Processing of Personal Data
AOP, as controller of personal data, processes it in the following situations:
1 – To enter into a contract or to carry out pre-contractual steps at your request.
Within the scope of its activity of providing and offering services, AOP may need to process your personal data, namely:
In the Registration and proof of commercial transactions and pre-contractual information, which includes (for example):
• responses to information requests made by customers or potential customers;
• simulation requests for presenting insurance proposals;
Monitoring contract management and execution, which includes (for example):
• presentation of insurance proposals, according to the customer's interests;
2 - Compliance with legal obligations
In the exercise of its activity, AOP is subject to legal and regulatory obligations and compliance with them may imply the processing of personal data for these purposes, such as:
• Tax obligations – Withholding, payment or declaration;
• Legal obligations – Requests from Public Authorities
• Prevention and combating of money laundering and terrorist financing
3 – Promote AOP activity
With the aim of better serving its customers, AOP may use your personal data to improve and develop its activity and defend its legal rights and interests, such as:
• Maintenance and Improvement of service quality
• Marketing and communication
• Complaint management and monitoring of judicial proceedings
4 – Communication and Commercial Promotion
5 - Data processing as processor
When AOP acts on behalf of other entities, namely insurance companies, the processing of personal data will be determined by them, as data controllers. AOP's obligation in these cases will be to process personal data according to the instructions of the data controllers.
6. Processing Regime
The personal data collected by AOP is subject to lawful and transparent processing, in compliance with the provisions of the legislation.
Data may be processed in an automated manner.
Data processing is limited to what is strictly necessary and in accordance with the purpose that legitimized its collection.
In order for AOP to fulfill all its duties and provide you with the best possible service, it may have to communicate or grant access to your personal data to other entities; AOP will only communicate or grant access to your personal data to the following entities:
• Service providers (for example, contracted services in data center management).
• Insurance and/or reinsurance companies with which insurance or reinsurance contracts have been entered into;
• Public authorities, such as, for example, Tax Authorities or Judicial Courts.
AOP will only communicate personal data that is indispensable for the provision of contracted services or for compliance with legal obligations to which it is subject.
7. Purpose, type and retention period of data
AOP will only process your personal data for the purposes set out below and only for the period of time necessary to fulfill those purposes:
Registration and Proof of Commercial Transactions and Pre-contractual Information
Monitoring contract management and execution
Commercial prospecting
Marketing and communication
Complaint management and monitoring of judicial proceedings
Service quality improvement
Compliance with Legal Obligations
You can consult the detail of the type of data and retention periods here.
8. Rights of data subjects
Regarding personal data collected and processed, in accordance with this privacy policy, AOP makes available to data subjects all provided rights, namely those set out in the GDPR:
8.1. Right to information and access
The personal data subject, whenever requested, has the right to obtain and be informed in a brief, concise and transparent manner regarding the purposes of processing, the recipients to whom this data will be disclosed, the data retention periods, the source where it was not obtained directly, and other information provided by law and the GDPR.
8.2. Right to rectification
The data subject, whenever they verify or consider that their personal data is incorrect or incomplete, may request its rectification or that it be completed.
8. 3. Right to erasure
Provided that the purpose that motivated the collection of personal data has already ceased or is no longer necessary, you may request the erasure of your personal data.
In these cases, AOP will erase your data, except for exceptions provided by law that prevent erasure:
1. exercise of freedom of expression and information;
2. compliance with a legal obligation requiring processing and applicable to AOP;
3. reasons of public interest in the area of public health;
4. archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, insofar as the exercise of the right to erasure seriously impairs the achievement of the objectives of that processing; or
5. establishment, exercise or defense of a right in legal proceedings.
8.4. Right to restriction of processing
In certain situations, you may request restriction of access to personal data or suspension of processing activities. For example, in cases where you contest the accuracy of your personal data, or where you have objected to processing, until it is verified whether AOP's legitimate interests prevail over yours.
8.5. Right to data portability
According to cases provided by law, you have the right to receive personal data concerning you and that you have provided to AOP in a structured, commonly used and machine-readable format.
You also have the right to request that AOP transmit this data to another controller, provided this is technically possible.
8.6. Right to object
The personal data subject has the right to object to the processing of their personal data at any time, on grounds relating to their particular situation, when that processing is based on AOP's legitimate interest or when it is carried out for purposes other than those for which the data was collected, but which are compatible with them.
In such cases, AOP will cease processing your personal data, unless there are legitimate reasons to carry out such processing and these prevail over your interests.
You may also object, without needing justification, to the processing of your data for direct marketing purposes.
8.7. Right to withdraw your consent
In cases where data processing is based on your consent, you may withdraw consent at any time.
If you decide to withdraw consent, your personal data will no longer be processed, except as provided by law or on another basis, such as contract or legitimate interest.
8.8. Right to lodge complaints with the supervisory authority
You have the right to lodge complaints with the competent supervisory authority regarding matters related to the processing of your personal data.
In Portugal, the competent supervisory authority is the National Data Protection Commission.
For more information, access www.cnpd.pt.
9.How can you exercise your rights?
Through the following channels:
• E-mail: you can exercise your rights by e-mail, to the address [rgpd@aopseguros.pt].
• Letter: you can exercise your rights by letter, addressed to AOP and sent to Rua Santa Maria 1740, 4535-400 Santa Maria de Lamas
Exercising your rights is free of charge.
10. Indirect collection of your personal data
It is possible that AOP has collected your personal data through third parties or by other means, even if you are not an AOP customer.
This will happen, for example, in cases where your contact is provided by a family member or third-party entity, when you are a beneficiary of a particular insurance policy.
Whenever AOP has the first opportunity, it may provide this to you in person or refer you to the website, where this policy should be available.
11.Security, technical and organizational measures
In order to ensure the protection of your personal data made available to it, AOP has adopted various security, technical and organizational measures in order to protect personal data against undue access, destruction, loss, manipulation, disclosure or any other form of unlawful processing.
In cases where AOP subcontracts other entities to provide services involving the transfer of personal data, those entities will be required to adopt the necessary technical and organizational measures in order to protect personal data against destruction, loss, alteration, disclosure, unauthorized access or any other type of unlawful processing.
12.Responsibility for services and websites
We advise you to consult the rules on the use of cookies contained on the AOP website, and you may also consult AOP's Cookie Policy here.
The AOP website may eventually contain links to other third-party websites, products or services. AOP has no relationship with these third parties, nor are they covered by this Privacy Policy.
1. AOP Commitment
For AOP – Insurance Broker, Lda, hereinafter referred to as AOP, the privacy and protection of the personal data of its customers and involved parties is very important. AOP is committed to complying with all applicable legislation on privacy and personal data protection, GDPR – EU Regulation 2016/679 of April 27, 2016. With this privacy policy, AOP aims to make public the protection mechanisms and data processing practices it intends to use in relation to natural persons, whether as applicants, policyholders, insured persons, covered persons, beneficiaries, or in any other capacity.
2. AOP Responsibility in the processing of personal data
The data controller of personal data will be AOP, which provides you with the service and offers products and, within that scope, decides which data is collected, processing means, and purposes for which the data is used, in the cases identified in point 4 below.
In certain cases, AOP will act as a processor, processing your data on behalf of another entity, which will act as the data controller, namely insurance companies, when AOP provides them services within the scope of managing and executing an insurance contract in which the data subject is a party (for example, for claims management purposes). In such cases, we recommend consulting the privacy policy and/or other information on the processing of your data with the data controllers.
3. Essential concepts
3.1. What is personal data?
Personal data is any information, of whatever nature or on any medium, relating to an identified natural person. A person may be identified, directly or indirectly, by an identifier, such as name, legal number, location, genetic, mental)
3.2. Who are the data subjects of personal data processed by AOP?
The data subjects are the natural persons to whom the personal data relates.
For example, as data controller, AOP may process personal data whose subjects are its customers (natural persons), who contract AOP services and products, its former customers, and its potential customers. As a processor, AOP may process personal data whose subjects are policyholders, beneficiaries or insured persons, according to a given insurance contract, or persons indicated as witnesses in the event of claims.
3.3. What types of personal data are processed?
1 -Identification data, of policyholders, insured persons, injured parties and beneficiaries, as necessary (for example: name, address, place of birth, nationality, dual nationality, citizen card, gender, date of birth, telephone contact, e-mail, taxpayer number, marital status, profession);
2 -Claims record data in the life line (for example: death record, death certificate, deed of heirs, medical report, funeral agency receipt, accident report, autopsy report and blood alcohol and toxicology test results, payment order to be completed by the beneficiary, IBAN proof);
3 -Claims record data in the health line (for example: insured person's health history, medical reports, supporting documents for claim settlement);
4 -Claims record data in the workers' compensation line (for example: insurance activation date and claim description, salary, premiums, extras, gratuities, meal allowance, supporting data for claim settlement);
4 -Claims record data in the personal accidents line (for example: claim description, medical information, claim supporting documentation, legal beneficiaries);
5 -Claims record data in the motor line (for example: Auto DAA claim report data, identification of injured third parties, identification of witnesses);
6 -Claims record data in other lines (for example: claims reporting data);
7 -Insured object identification data (for example: type of vehicle, type of aircraft, type of vessel, license plate, brand, model, year of manufacture, chassis number, registration date, engine capacity, number of seats/power, policy number, identification of other insured objects such as jewelry, artwork, dwelling, household contents, or animals);
8 -Collection data (for example: NIB/IBAN, bank, swift, signature, account holder name, address, policy number);
9 -Health and lifestyle data
10 -Call recording data
4. Processing of Personal Data
AOP, as controller of personal data, processes it in the following situations:
1 – To enter into a contract or to carry out pre-contractual steps at your request.
Within the scope of its activity of providing and offering services, AOP may need to process your personal data, namely:
In the Registration and proof of commercial transactions and pre-contractual information, which includes (for example):
• responses to information requests made by customers or potential customers;
• simulation requests for presenting insurance proposals;
Monitoring contract management and execution, which includes (for example):
• presentation of insurance proposals, according to the customer's interests;
2 - Compliance with legal obligations
In the exercise of its activity, AOP is subject to legal and regulatory obligations and compliance with them may imply the processing of personal data for these purposes, such as:
• Tax obligations – Withholding, payment or declaration;
• Legal obligations – Requests from Public Authorities
• Prevention and combating of money laundering and terrorist financing
3 – Promote AOP activity
With the aim of better serving its customers, AOP may use your personal data to improve and develop its activity and defend its legal rights and interests, such as:
• Maintenance and Improvement of service quality
• Marketing and communication
• Complaint management and monitoring of judicial proceedings
4 – Communication and Commercial Promotion
5 - Data processing as processor
When AOP acts on behalf of other entities, namely insurance companies, the processing of personal data will be determined by them, as data controllers. AOP's obligation in these cases will be to process personal data according to the instructions of the data controllers.
6. Processing Regime
The personal data collected by AOP is subject to lawful and transparent processing, in compliance with the provisions of the legislation.
Data may be processed in an automated manner.
Data processing is limited to what is strictly necessary and in accordance with the purpose that legitimized its collection.
In order for AOP to fulfill all its duties and provide you with the best possible service, it may have to communicate or grant access to your personal data to other entities; AOP will only communicate or grant access to your personal data to the following entities:
• Service providers (for example, contracted services in data center management).
• Insurance and/or reinsurance companies with which insurance or reinsurance contracts have been entered into;
• Public authorities, such as, for example, Tax Authorities or Judicial Courts.
AOP will only communicate personal data that is indispensable for the provision of contracted services or for compliance with legal obligations to which it is subject.
7. Purpose, type and retention period of data
AOP will only process your personal data for the purposes set out below and only for the period of time necessary to fulfill those purposes:
Registration and Proof of Commercial Transactions and Pre-contractual Information
Monitoring contract management and execution
Commercial prospecting
Marketing and communication
Complaint management and monitoring of judicial proceedings
Service quality improvement
Compliance with Legal Obligations
You can consult the detail of the type of data and retention periods here.
8. Rights of data subjects
Regarding personal data collected and processed, in accordance with this privacy policy, AOP makes available to data subjects all provided rights, namely those set out in the GDPR:
8.1. Right to information and access
The personal data subject, whenever requested, has the right to obtain and be informed in a brief, concise and transparent manner regarding the purposes of processing, the recipients to whom this data will be disclosed, the data retention periods, the source where it was not obtained directly, and other information provided by law and the GDPR.
8.2. Right to rectification
The data subject, whenever they verify or consider that their personal data is incorrect or incomplete, may request its rectification or that it be completed.
8. 3. Right to erasure
Provided that the purpose that motivated the collection of personal data has already ceased or is no longer necessary, you may request the erasure of your personal data.
In these cases, AOP will erase your data, except for exceptions provided by law that prevent erasure:
1. exercise of freedom of expression and information;
2. compliance with a legal obligation requiring processing and applicable to AOP;
3. reasons of public interest in the area of public health;
4. archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, insofar as the exercise of the right to erasure seriously impairs the achievement of the objectives of that processing; or
5. establishment, exercise or defense of a right in legal proceedings.
8.4. Right to restriction of processing
In certain situations, you may request restriction of access to personal data or suspension of processing activities. For example, in cases where you contest the accuracy of your personal data, or where you have objected to processing, until it is verified whether AOP's legitimate interests prevail over yours.
8.5. Right to data portability
According to cases provided by law, you have the right to receive personal data concerning you and that you have provided to AOP in a structured, commonly used and machine-readable format.
You also have the right to request that AOP transmit this data to another controller, provided this is technically possible.
8.6. Right to object
The personal data subject has the right to object to the processing of their personal data at any time, on grounds relating to their particular situation, when that processing is based on AOP's legitimate interest or when it is carried out for purposes other than those for which the data was collected, but which are compatible with them.
In such cases, AOP will cease processing your personal data, unless there are legitimate reasons to carry out such processing and these prevail over your interests.
You may also object, without needing justification, to the processing of your data for direct marketing purposes.
8.7. Right to withdraw your consent
In cases where data processing is based on your consent, you may withdraw consent at any time.
If you decide to withdraw consent, your personal data will no longer be processed, except as provided by law or on another basis, such as contract or legitimate interest.
8.8. Right to lodge complaints with the supervisory authority
You have the right to lodge complaints with the competent supervisory authority regarding matters related to the processing of your personal data.
In Portugal, the competent supervisory authority is the National Data Protection Commission.
For more information, access www.cnpd.pt.
9.How can you exercise your rights?
Through the following channels:
• E-mail: you can exercise your rights by e-mail, to the address [rgpd@aopseguros.pt].
• Letter: you can exercise your rights by letter, addressed to AOP and sent to Rua Santa Maria 1740, 4535-400 Santa Maria de Lamas
Exercising your rights is free of charge.
10. Indirect collection of your personal data
It is possible that AOP has collected your personal data through third parties or by other means, even if you are not an AOP customer.
This will happen, for example, in cases where your contact is provided by a family member or third-party entity, when you are a beneficiary of a particular insurance policy.
Whenever AOP has the first opportunity, it may provide this to you in person or refer you to the website, where this policy should be available.
11.Security, technical and organizational measures
In order to ensure the protection of your personal data made available to it, AOP has adopted various security, technical and organizational measures in order to protect personal data against undue access, destruction, loss, manipulation, disclosure or any other form of unlawful processing.
In cases where AOP subcontracts other entities to provide services involving the transfer of personal data, those entities will be required to adopt the necessary technical and organizational measures in order to protect personal data against destruction, loss, alteration, disclosure, unauthorized access or any other type of unlawful processing.
12.Responsibility for services and websites
We advise you to consult the rules on the use of cookies contained on the AOP website, and you may also consult AOP's Cookie Policy here.
The AOP website may eventually contain links to other third-party websites, products or services. AOP has no relationship with these third parties, nor are they covered by this Privacy Policy.
Insurance intermediary registered, on 27-01-2007, in the ASF register - Insurance and Pension Funds Supervisory Authority, in the category of Insurance Broker, under no. 607145230, authorized for the Life and Non-Life branches, verifiable at www.asf.com.pt © 2026 Aop
Insurance intermediary registered, on 27-01-2007, in the ASF register - Insurance and Pension Funds Supervisory Authority, in the category of Insurance Broker, under no. 607145230, authorized for the Life and Non-Life branches, verifiable at www.asf.com.pt © 2026 Aop
Insurance Intermediary registered on 27-01-2007 in the ASF register - Insurance and Pension Funds Supervisory Authority, under the category of Insurance Broker, under no. 607145230, authorized for the Life and Non-Life lines, verifiable at www.asf.com.pt © 2026 Aop
Insurance Intermediary registered on 27-01-2007 in the ASF register - Insurance and Pension Funds Supervisory Authority, under the category of Insurance Broker, under no. 607145230, authorized for the Life and Non-Life lines, verifiable at www.asf.com.pt © 2026 Aop