Privacy policy

This Privacy Policy aims to provide clear, precise, and transparent information regarding the processing of personal data carried out by SMART INSURANCE CORREDURÍA DE SEGUROS, S.L. (hereinafter, “Heymondo”) as the Data Controller, in order to provide you with a better service. This includes offering information about different types of insurance, depending on your trip and destination, in accordance with Regulation (EU) 2016/679, the General Data Protection Regulation (GDPR), and the applicable national laws on data protection and insurance distribution.

Who is the Data Controller?

ControllerSMART INSURANCE CORREDURÍA DE SEGUROS, S.L.
Tax ID (NIF)B-66843798
AddressCalle Álava, 140, 2º 4ª, 08018, Barcelona (Spain)
Email[email protected]

What categories of personal data do we process?

  1. Identification data: name, surname, ID/NIE/passport, date of birth.
  2. Contact details: email, phone number, postal address.
  3. Additional insured persons’ data: name, surname, ID document, and date of birth.
  4. Browsing data: IP address, browser, device information, and cookies.
  5. Special categories of data (if applicable): health data, only if voluntarily provided in medical questionnaires to assess pre-existing conditions (Articles 6.1.a, 6.1.b, and 9.2.a GDPR).
  6. Employment and professional data: for recruitment processes.
  7. Data provided through the ethics channel: reported facts and possible informant data.

For what purposes do we process your data and what is the legal basis?

The personal data provided by users of this website may be processed by Heymondo for the following purposes, depending on the type of data provided and the user’s interactions with Heymondo through the website https://heymondo.com/.

1. Sending reminders after an unfinished insurance simulation

  • Data processed: Identification and contact details (email and name), and data related to the simulated insurance.
  • Purpose: To contact users who started a travel insurance quote or simulation but did not complete it, reminding them they can finalize the process. No more than two reminders will be sent, and only the data provided during the simulation will be used.
  • Legal basis: Application of pre-contractual measures at the request of the data subject.

2. Calculation and presentation of insurance offers

  • Data processed: Identification and contact data necessary for preparing and presenting the offer, and any information provided by the user to personalize the quote.
  • Purpose: To calculate and present personalized travel insurance offers based on the information provided, enabling the user to evaluate and purchase the most suitable product.
  • Legal basis: Application of pre-contractual measures at the request of the data subject.

3. Contracting and execution of policies

  • Data processed: Identification and contact details provided by the user to complete and manage the policy.
  • Purpose: To manage the contracting and execution of the policy.
  • Legal basis: Necessary for the performance of a contract.

4. Medical questionnaire for coverage of pre-existing conditions

  • Data processed: Health data and identification/contact details necessary to evaluate potential pre-existing medical conditions.
  • Purpose: To collect and assess medical information provided by the user to determine whether certain coverages related to pre-existing conditions can be included or excluded, and to adapt the policy terms accordingly.
  • Legal basis: Consent.
  • Grounds for processing special category data: Consent.

5. Personalized recommendations and profiling with internal sources

  • Data processed: Identification data, information on preferences, browsing habits, and cookies.
  • Purpose: To analyze user information in order to offer travel insurance recommendations aligned with their interests and preferences (e.g., by destination). This helps improve user experience and tailor offers.
  • Legal basis: Heymondo’s legitimate interest in better understanding you to provide services suited to your current circumstances and needs. For details on the legitimate interest assessment, contact ([email protected]).

6. After-sales management, claims, and customer support

  • Data processed: Identification and contact details, user-provided information, and policy data.
  • Purpose: To handle incidents, claims, and queries related to the contracting and use of travel insurance, including claims management and other post-sales processes, as well as website or policy-related inquiries.
  • Legal basis: Necessary for the correct development of the contractual relationship between the user and Heymondo, and to comply with insurance industry regulations.

7. Sending commercial communications about similar products

  • Data processed: Contact details.
  • Purpose: To send marketing communications related to travel insurance products similar to those previously contracted, in order to keep customers informed about updates, improvements, or promotions.
  • Legal basis: Legitimate interest and, in accordance with Article 21 of the Law on Information Society Services and Electronic Commerce (LSSI), the possibility to send commercial communications about similar products or services when a prior contractual relationship exists, offering an opt-out option.

8. Sending commercial communications to non-customers

  • Data processed: Contact details.
  • Purpose: To send promotional information about travel insurance to individuals who are not yet customers, provided they have consented to receive such communications.
  • Legal basis: Explicit consent of the data subject.

9. Fraud prevention

  • Data processed: Identification and contact data (name, surname, and email address), financial and economic data, and data derived from the relationship with Heymondo.
  • Purpose: Processing related to fraud control and prevention activities.
  • Legal basis: Heymondo’s legitimate interest in preventing and protecting itself against fraud. For details on the legitimate interest assessment, contact ([email protected]).

10. Compliance with legal obligations (accounting, tax, insurance distribution, DORA)

  • Data processed: Identification and contact data, service transactions, usage data, and financial data.
  • Purpose: To comply with Heymondo’s legal obligations related to the provision of travel insurance services, including managing withdrawal requests under Law 22/2007 and fulfilling Law 50/1980.
  • Legal basis: Compliance with legal obligations.

11. Recruitment processes

  • Data processed: Identification and contact data, academic background, professional experience, and any other information included in the CV or provided during the recruitment process.
  • Purpose: To process personal data when you apply for a job vacancy at Heymondo.
  • Legal basis: Application of pre-contractual measures during the recruitment phase. If we wish to keep your CV for future opportunities after the process ends, your consent will be required.

12. Communication to third-party companies

  • Data processed: Identification, contact, and financial data, as well as any other information necessary to manage the contracted service.
  • Purpose: To correctly deliver the contracted service, we may need to share your data with third parties such as insurers, reinsurers, fraud prevention companies, banks, consulting or auditing firms, financial risk management entities, debt collection and claims settlement companies, the Insurance Compensation Consortium, and public or regulatory authorities. We may also share your data within our corporate group for internal administrative purposes.
  • Legal basis: When shared with another data controller for service provision (e.g., an insurer), the basis is contractual execution. When required by authorities, it is legal compliance. For fraud control or debt recovery, the basis is Heymondo’s legitimate interest in minimizing risk.

13. Statistical analysis

  • Data processed: Anonymized data for this purpose; cookies may also be used.
  • Purpose: To send or invite users to participate in surveys or interviews to improve our services, assess satisfaction, and understand perceptions of Heymondo and the insurance market in general. This enables us to enhance service quality.
  • Legal basis: Legitimate interest when using anonymized data to improve our offerings. For analytical cookies, the legal basis is consent provided through the corresponding pop-up or banner.

14. Ethical or confidential whistleblowing channel

  • Data processed: Data used to manage internal reports, whether you are the whistleblower or the reported person. Confidentiality of the whistleblower’s identity and personal data is expressly guaranteed; this information will not be shared with those involved or with third parties outside the process.
  • Purpose: To manage and/or process reports submitted through Heymondo’s whistleblowing channel or to enforce the company’s Code of Ethics.
  • Legal basis: Compliance with Law 2/2023.
  • Grounds for processing special category data: In cases where special category data (Article 9 GDPR) are processed, this is justified by essential public interest—such as when reports include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, or data concerning sexual life or orientation.

How long do we retain your data?

Personal data will be kept as long as the contractual or pre-contractual relationship with the user remains in effect, or until deletion is requested, consent is withdrawn, or objection is exercised—unless retention is required by law or necessary for the establishment, exercise, or defense of legal claims.

If the user withdraws consent or exercises their right to erasure, their data will remain blocked and available only to judicial authorities for the legally established periods to address any liabilities arising from processing.

For further details on retention periods, please contact us at ([email protected]).

Who are the recipients of your data?

  • Insurance companies (independent controllers): for policy issuance, risk coverage, and claims management.
  • Underwriting agencies: acting on behalf of insurers as independent controllers.
  • Service providers (payments, customer support, analytics, marketing, fraud detection): only for necessary functions under Article 28 GDPR.
  • Judicial, tax, or administrative authorities: where legally required.
  • Corporate acquirers or entities in restructuring processes: subject to confidentiality or consent requirements.

What are your privacy rights?

You are entitled to the following rights under the GDPR (Articles 12 and following) and the LOPDGDD:
Access: to know what data we process.

  • Rectification: to correct inaccurate or incomplete data.
  • Erasure (“right to be forgotten”): to delete data with no ongoing legal or contractual obligations.
  • Restriction of processing: to pause processing while certain issues are resolved.
  • Data portability: to receive data in an interoperable format.
  • Objection: to object to processing based on legitimate interest or for marketing purposes.
  • Withdrawal of consent: without affecting the legality of prior processing.
    You can exercise these rights by email ([email protected]) or by post to the indicated address. If we have difficulty identifying you, we may request a form of identification in order to confirm your identity and properly process your request.

Finally, you may file a complaint with the Spanish Data Protection Agency (AEPD) if you believe your rights have been violated.

International data transfers

Heymondo processes your data within the European Economic Area (EEA) and generally uses service providers also located within the EEA or in countries recognized by the European Commission as providing an adequate level of protection (Article 45 GDPR).

If it becomes necessary to engage providers in countries without an adequacy decision, we require them to guarantee appropriate protection levels by signing the Standard Contractual Clauses adopted by the European Commission (Implementing Decision (EU) 2021/914) or by using other suitable safeguards under Articles 46 and following of the GDPR.

How do we protect your information?

Heymondo applies appropriate technical and organizational measures to ensure the security of your personal data, including encryption, firewalls, access control, and internal policies aligned with the DORA framework and the ISO/IEC 27001 standard.

We also work exclusively with technology providers that demonstrate adequate security levels through certifications such as ISO/IEC 27001, further reinforcing the protection of our systems and services.

Updates to this policy

Heymondo may modify or update this policy, informing users through reasonable means (e.g., website notice, email) when changes are significant.

Last updated: October 15, 2025

Download the exclusive Clements Heymondo App for clients!
Google PlayStore badge
AppStore badge

Requires iOS 15.6, Android 9 or above

Copyright © 2025 Clements Heymondo.
Disclaimer
Privacy Policy
Terms and conditions
Cookies
Advisories

These plans are underwritten by Starr Indemnity & Liability Company, a Texas domiciled corporation (NAIC Company Code: 38318: TX license number: 93542) with its principal place of business at 399 Park Avenue, 2nd Floor, New York, NY 10022. Starr Indemnity & Liability Company is currently authorized to do business in all states, the District of Columbia and Puerto Rico. Not all coverages may be available in all jurisdictions. This website contains only a brief description of the coverages available under each plan, and the policy will contain reductions, limitations, exclusions, and termination provisions. These plans provide insurance coverage during the covered trip. You may have coverage from other sources that provide you with similar benefits but may be subject to different restrictions depending upon your other coverage. You may wish to compare the terms of these policies with your existing life, health, home, and automobile insurance policies. If you have any questions about your current coverage, call your insurer or insurance agent or broker.

Plans are administered by Starr Underwriting Agency, Inc., a New York corporation (FL license numbers: W021905; L046723) with its principal place of business at 399 Park Avenue, 2nd Floor, New York, NY 10022. Starr Underwriting Agency, Inc. is doing business as Starr Services Insurance Agency, Inc. in California (CA license number: 0D73884) and Starr Insurance Agency, Inc. in Nevada and Utah. If you have any questions about the plans offered on this website you may contact Starr Underwriting Agency, Inc. at the following: Toll-free customer hotline: 866-466-7891 or email at [email protected].

Plans are distributed by Clements & Co., a Washington, D.C. corporation (D.C. license numbers: 150519) with its principal place of business at 1220 L Street NW, Suite 1200 West, Washington, D.C. 20005. Clements & Co. is doing business as Clements & Co., in California (CA license number: 0C30520).