MIB Insurance Group – Privacy Policy


All companies forming part of the MIB Insurance Group (hereinafter referred to as MIB, us, our or we) recognize that your privacy is important. It is our objective to protect both the privacy and the confidentiality of your Personal Data that we as a company process in connection with the services we offer. MIB’s services consist mainly of insurance & reinsurance broking, risk management, risk consultancy & advisory services, insurance underwriting and insurance claims management. MIB Insurance Group consists of MIB Management Services Limited (C-36808), Mediterranean Insurance Brokers (Malta) Limited (C-3540) and MIB Insurance Agency Limited (C-42111).

Further to this, for MIB to arrange insurance cover and handle insurance claims, we are re-quired, together with other players in the insurance industry, to use and share Personal Data. 

Throughout the insurance lifecycle, with respect to prospective or actual policyholders, benefi-ciaries under a policy, their relatives, claimants and other parties to a claim, MIB will receive Personal data. Moreover, references to ‘individuals’ in this statement includes any living person from the preceding list, whose Personal Data MIB receives in connection with the services it provides under its engagements with its clients. This Privacy Policy lays out MIB’s uses of this personal data and the disclosures it makes to other insurance market players and other third parties. 

Contact Information

MIB Insurance Group,
53, MIB House,
Abate Rigord Street,
Ta’ Xbiex, XBX 1122,
Malta (EU).

We are the data controllers in respect of the Personal Data we receive in connection with the services provided under the relevant engagement with our clients.

Types of Personal Data Processed

MIB collects and processes various Personal Data, of which, such data may fall under one of the following categories: -

• Individual
Name, address, other contact details (including email and telephone details, amongst others), family details, date & place of birth, gender, marital status, employer, relationship to the policy-holder, job title & employment history, claimant, beneficiary or insured. 

• Identification
Identification numbers issued by government agencies (including ID number, social security, passport number, driver’s license number, amongst others).

• Financial
Bank account details, payment card details, income and other information pertaining to financial personal data. 

• Insured Risk (Health Data)
Existing or former physical/mental medical conditions, medical procedures history, personal habits relevant to insurance (including smoking, consumption of alcohol, amongst others), disa-bility information, prescription information and medical history. 

• Insured Risk (Criminal Records) 
Criminal proceedings resulting in convictions (including driving offences, amongst others).

• Insurance Contract (Policy)
Details pertaining to quotes individuals receive and policies obtained by said individuals.

• Credit & Anti-Fraud
Fraud convictions, crimes and sanctions received from various sources (including regulators, amongst others) and credit history.

• Loss history 
Previous claims history (including criminal records information, health data and other special categories).

• Existing claims 
Current claims information (including criminal records information, health data and other special categories). 

• Marketing
In certain scenarios where consent is required, whether the person has consented to receive marketing from MIB. 

• Website & communication
Information of your visits to our websites and any information collected using cookies and other tracking technologies (including your IP address & domain name, operating system, traffic data, web logs, amongst others).

Personal Data Sources

MIB collects and receives various Personal Data from various sources, such as:

  • Individuals and their family relatives via telephone, written communication and/or online.
  • Individuals’ employers.
  • Individuals’ trade or professional associations of which they are a member of.
  • In the event of a claim, 3rd parties including the other party to the claim (claim-ant/defendant), witnesses, experts (including medical experts), loss adjusters, lawyers and claims handlers. 
  • Other insurance market players, such as insurers and reinsurers, amongst others.
  • Credit reference agencies (to the extent MIB is taking any credit risk).
  • Anti-fraud databases and other third-party databases, including sanctions lists.
  • Government agencies, such as vehicle registration authorities and tax authorities.
  • Claim forms.
  • Public accessible information such as open electoral registers.
  • Business information & research tools.
  • Introducers; and
  • Website forms. 

Purpose and use of Personal Data

In accordance with the General Data Protection Regulation, an entity requires certain legal grounds to be legally permitted to process Personal Data. In this section, the purposes for which MIB uses Personal Data, how such data is shared, and the legal basis upon which we process the information is explained. Kindly note that MIB will disclose Personal Data internally (that is, to the extent of the company) and, if necessary, to contractors, service providers and other en-tities that perform activities on our behalf. 


In order to facilitate the insurance cover and the processing of insurance losses, unless another legal ground applies, MIB relies on the data subject’s consent to process. It may be necessary that we require consent in order for us to be able to share information with other players of the insurance industry, such as insurers, reinsures and intermediaries, that need to process the in-formation to properly undertake their role. MIB relies on your consent, unless another legal ba-sis is satisfied, to process special categories of personal data (including Criminal Records Data) and profiling. 

You may withdraw your consent to such processing at any time by notifying our Data Protection Officer using the contact details found in the ‘Contact’ section below. Please understand that such withdrawal is unconditional, and therefore concerned insurers or reinsures would be pro-hibited from continuing to provide you with an insurance cover. 

In the scenario that you provide MIB with data pertaining to another person other than yourself, you agree to inform such other person of our use of their Personal Data and to obtain such con-sent on our behalf. 


Insurance market players calculate premiums by benchmarking client’s attributes against other clientele’s attributes and propensities for the eventuality of insured events. This provides insur-ance market participants to analyze and collect data of all concerned insureds, beneficiaries or claimants to model such propensities. Accordingly, such information may be used by MIB in or-der to match and ultimately create the models required, and subsequently used, to formulate the premium pricing. Special Categories of personal data and Criminal Records information may be used by MIB in such modeling process. 


MIB ascertains that Personal Data is secure by having electronic, physical and procedural safe-guards in place. These safeguards will vary depending on the sensitivity, format, location, amount, distribution and storage of the Personal Data, and include measures designed to keep Personal Data protected from unauthorized access. If appropriate, the safeguards include the encryption of communications via Secure Sockets Layer, encryption of information during stor-age, firewalls, access controls, separation of duties, and similar security protocols. We restrict access to Personal Data to personnel and third parties that require access to such information for legitimate, relevant business purposes. 

Retention Periods

Our retention periods for Personal Data are based on commercial factors and legal require-ments and is in normal circumstances that of 10 years. We retain Personal Data for as long as is necessary for the processing purpose for which the information was collected, and any other permissible, related purpose including but not restricted to compliance with legal obligations. In the scenario that Personal Data is no longer required, MIB either irreversibly anonymizes the data or entirely deletes such data. 

Personal Data transfers (Cross-Territorial)

In order to provide the required services MIB may transfer Personal Data to, or permits access to Personal Data from, countries outside the European Economic Area (hereinafter referred to as EEA). MIB cannot guarantee that these countries’ data protection mechanisms and legislation offer the same level of protection for Personal Data as offered in the EEA. We have taken all measures possible to safeguard your Personal Data as set out in this Privacy Policy Statement by recipient entities outside the EEA.

The European Union allows us to freely transfer Personal Data to certain countries outside the EEA. These countries have been approved by the European Union Commission and classified as providing essentially equal protections as the data protection offered by EEA data protection legislation. 

Your Rights

MIB strives to maintain Personal Data that is updated and complete. If you need to update your Personal Data, kindly contact us at dataprotection@mibgroup.com.mt to have such information updated.

Under certain conditions, individuals have the right to request MIB to:
  1. Further explain how MIB uses and processes their Personal Data;
  2. Provide details of the Personal Data we possess about the individual;
  3. Update Personal Data;
  4. Delete Personal Data that is no longer necessary; 
  5. Restrict manner Personal Data is processed whilst an individual’s enquiry is being han-dled;
  6. Withdraw consent, where such consent is the basis upon which processing is carried out;
  7. Object to direct marketing
  8. Object to the processing of Personal Data that MIB carries out on the basis of having a legitimate interest (subject to the exception that reasons for the processing outweighs the individuals’ fundamental rights). 

These rights are subject to certain exemptions to safeguard the MIB’s interest and the public interest. We will respond to most requests within 30 days.

In the scenario that we are unable to resolve an enquiry or a complaint, individuals have the right to contact Malta’s Data Protection Regulator, the Office of Information and Data Protection Commissioner.

Third Party Websites

As you are aware, MIB websites may provide links to other third-party websites. Kindly note that MIB cannot be held liable for third party policies or processing of personal information. In light of this, we suggest that any third-party policies are checked prior to submitting any re-quested personal information. 


MIB understands that an individual may have questions, requests or complaints regarding our Privacy Policy Statement (or any MIB privacy procedures). 

In such case, kindly write to our Data Protection Officer at the following address:

The Data Protection Officer
MIB Insurance Group,
53, MIB House,
Abate Rigord Street,
Ta' Xbiex, XBX1122

or communicate your query/concerns on;

T: +356 234 33 234
E: dataprotection@mibgroup.com.mt

Privacy Notice Updates

This Privacy Notice is subject to change at any time. If we modify our privacy policy, we will post the updated information here, with a revised date. In the scenario that such changes are material to this privacy statement, we may notify you by posting a notice online and/or by sending an email. Whilst protecting your personal data is a main concern, we encourage you to periodically review this privacy policy statement.