Information Note on the Processing of Personal Data
Last updated: 20.05.2026
RECREX GROUP
This information note is in accordance with Articles 12 and 13 of Regulation (EU) 2016/679 ("GDPR"). Data processing for claims is managed through our operational hubs.
Global Address
5th Enrique Larreta Street, 28036 Madrid, Spain
Data Protection Officer
dpo@recrex.group | office@recrex.net
RECREX SRL guarantees that:
- • It does not sell or transfer personal data to third parties for commercial purposes.
- • The application does not contain advertisements and does not use personal data for advertising purposes.
- • The data entered will not be duplicated unnecessarily.
- • No abusive collection (phishing); information is strictly for damage files management.
Processed Data and Legal Basis
| Data subject category | Data processed* | Legal basis(s) |
|---|---|---|
| MTPL insured | RCA policy number, license plate and/or chassis number, license photos, CNP, RCA or CASCO insurance (as the case may be), car registration number and book, name, surname, age, date of birth, gender, nationality, home address, correspondence address, handwritten signature, e-mail, telephone number. | Art. 6 (1)(b) GDPR – execution of contract; Art. 6 (1)(c) GDPR – legal obligation. |
| Motor vehicle driver guilty of accident | Name, surname, age, date of birth, gender, nationality, CNP, home address, correspondence address, handwritten signature, e-mail, telephone number. | Art. 6 (1)(b) GDPR; Art. 6 (1)(c) GDPR. |
| Injured persons | RCA policy, license plate/chassis, driver's license, CNP, insurance (RCA/CASCO), coupon, car book, IBAN code, medical documents, scene photographs (both vehicles), photos of damaged car, name, surname, age, date of birth, gender, nationality, home/correspondence address, handwritten signature, phone, e-mail, marital status, dependents info, birth/marriage/divorce certificates. | Art. 6 (1)(b) & (c) GDPR; Art. 9 (2)(f) and (g) for medical data. |
| Representatives (legal, agents, proxies) | E-mail, contact details, name and surname, address, CNP, ID card, home address, correspondence address, handwritten signature. | Art. 6 (1)(b) & (c) GDPR. |
*The list is indicative. Other data may be required depending on specificity. Veracity is guaranteed by the data subject; without data, we cannot open the file.
Purposes of Processing
- Online notification of damages and opening of the claim file.
- Fulfillment of legal obligations incumbent on the operator in the field of insurance (reporting to authorities).
- Establishing and exercising rights and legitimate interests before authorities, courts, insurers.
- Fraud prevention and anti-fraud checks.
- Managing communications between parties (Police, ASF, BAAR, bailiffs, other insurers).
Receiver
We may disclose data to business partners (IT cloud/hosting, telecom, accounting, legal services), other recipients upon portability requests, or state bodies (prosecutor, police, courts) upon express legal request.
Data may be transmitted to:
- Domestic or foreign insurers managing the claim file.
- Public authorities: ASF, BAAR, police, courts, bailiffs.
- Other insurers for anti-fraud verification where required by law.
- Third parties involved in repair formalities (repair facilities, consultants, lawyers).
Storage Period
Stored for the time necessary to settle the claim and comply with legal archiving obligations. After expiry, data is deleted or anonymized. Generally not kept for more than (5) years after contract termination, unless legally justified for longer.
International Transfers
Transfers outside the EEA only occur if an adequate level of protection is ensured via GDPR mechanisms (standard protection clauses). We transfer to countries with proven adequacy or use situational exemptions/consent.
Profiling and Automated Decisions
We do not currently make automated decisions that have a significant legal effect or impact on you.
Your Rights
(a) Right to be informed.
(b) Right of access (Art. 15 GDPR).
(c) Right to rectify inaccurate or incomplete data.
(d) Right to erasure ("right to be forgotten" - Art. 17 GDPR).
(e) Right to restriction of processing (Art. 18 GDPR).
(f) Right to data portability.
(g) Right to object to data processing (Art. 21 GDPR).
(h) Right against automated decisions/profiling.
(i) Right to go to court.
(j) Right to lodge a complaint with a Supervisory Authority.
Supervisory Authority Contact:
National Supervisory Authority for Personal Data Processing (A.N.S.P.D.C.P.)
Address: G-ral Blvd. Gheorghe Magheru nr. 28-30, Sector 1, Bucharest, Romania
Phone: +40.318.059.211 | Email: anspdcp@dataprotection.ro
Please note that:
(1) Exercise rights via written request to: office@recrex.net.
(2) Rights are not absolute. Founded requests are facilitated; unfounded ones are rejected with reasons provided.
(3) Response within one month, extendable based on complexity or volume.
(4) If identification is impossible without additional info, we are not obliged to comply.
© RECREX SRL
Last update: 20.05.2026