FAIR PROCESSING NOTICE
Fair Processing Notice
Nebula MGA
At Nebula MGA, we are committed to protecting your personal data and respecting your privacy. This notice explains how we collect, use, store, and share your personal data in compliance with the General Data Protection Regulation (GDPR).
1. Who We Are
Nebula MGA acts as a data controller when processing personal data.
Contact Details:
Nebula MGA
1 Alhambra Plaza, Suite PH Coral Gables FL 33134, USA
Email: compliance@nebulamga.com
Phone: +1 7862479092
Data Protection Officer (DPO): Alicia Sciannimanica
2. What Personal Data We Collect
We may collect and process the following types of personal data:
Identity Data: Name, date of birth, identification numbers.
Contact Data: Address, phone number, email address.
Financial Data: Bank account details, payment information.
Risk Data: Information related to insured risks (e.g., property details, medical history, or business operations).
Transaction Data: Details of policies, claims, and payments.
Special Category Data: Health or other sensitive data necessary for underwriting or claims management.
3. How We Use Your Personal Data
We process your personal data for the following purposes:
Underwriting and risk assessment.
Policy administration, including issuing and managing reinsurance policies.
Claims handling and settlement.
Compliance with legal and regulatory obligations.
Fraud prevention and detection.
Statistical analysis and reporting for business improvement.
4. Legal Basis for Processing
We process your personal data based on one or more of the following legal bases:
Contractual necessity: To fulfill our obligations under reinsurance agreements.
Legal obligations: To comply with applicable laws and regulations.
Legitimate interests: To operate and improve our business, provided these do not override your rights.
Consent: For specific purposes, where required.
5. Sharing Your Data
We may share your data with:
Insurance brokers, reinsurers, and other insurance market participants.
Third-party service providers (e.g., IT services, claims adjusters).
Regulators and legal authorities, as required by law.
Other parties where necessary for the administration of your policy or claims.
We ensure that any third parties processing your data comply with GDPR obligations through appropriate contractual agreements.
6. International Transfers
Your data may be transferred outside the European Economic Area (EEA). In such cases, we ensure adequate protection by using standard contractual clauses or other lawful transfer mechanisms.
7. Data Retention
We retain your personal data only as long as necessary to fulfill the purposes outlined in this notice and to comply with legal, regulatory, or reporting requirements.
8. Your Rights
Under GDPR, you have the following rights:
Access: Request access to your personal data.
Rectification: Request correction of inaccurate or incomplete data.
Erasure: Request deletion of your data in certain circumstances.
Restriction: Request restriction of processing in specific cases.
Data Portability: Receive your data in a structured, machine-readable format.
Objection: Object to processing based on legitimate interests or direct marketing.
Withdraw Consent: Where processing is based on consent, you can withdraw it at any time.
To exercise your rights, please contact us using the details above.
9. Automated Decision-Making
We do not use automated decision-making processes that have a legal or significant effect on you.
10. Changes to This Notice
We may update this notice from time to time. The latest version will always be available on our website at www.nebulamga.com
11. Complaints
If you have concerns about our data processing practices, you can contact our DPO. You also have the right to lodge a complaint with your local data protection authority.