-
S4-1
To effectively manage the identified impacts, risks, and opportunities, PZU Group has policies and regulations in place to ensure transparency, ethical conduct, and the protection of consumer rights. Below are the key policy categories directed at consumers and end-users.
Human rights and consumer protection
Respect for human rights is a fundamental principle in building relationships with key stakeholder groups of PZU Group. One of the stakeholder groups over which PZU Group has the most significant impact is its clients. PZU Group implemented the „Human Rights Policy in PZU Group”, which complies with UN Guiding Principles on Business and Human Rights and OECD Guidelines for Multinational Enterprises. This policy is further detailed in Section 8.3.3. „Managing own workforce”.
PZU Group builds relationships with clients based on equal treatment, respect for diversity, and ensures that PZU Group products and services are nondiscriminatory. An extensive branch network, including locations in smaller towns, provides easy access to financial services, helping to prevent financial exclusion. Most of these services are also available via remote service channels, particularly via mojePZU application and through dedicated hotlines.
Certain products offered by PZU are designed for groups particularly vulnerable to human rights violations, such as elderly individuals, children, or persons with disabilities. Human rights compliance risks are also considered in investment decisions regarding corporate engagements, as part of an analysis of the full spectrum of factors affecting the value of financial instruments. The customer relationships from a product perspective is also part of the operational risk management and compliance system.
Data protection and privacy
These policies establish guidelines for processing, storage, and security of client data. They ensure compliance with the General Data Protection Regulation (GDPR). PZU Group also maintains guidelines for handling data-related requests, reacting to security incidents, and ensuring a high level of privacy protection. Employees responsible for data processing have access to the policy through an internal database, enabling its proper observance.
Complaint handling and customer support
PZU and PZU Życie implement principles that regulate the organization of receiving, registering, considering and reporting complaints submitted by clients to PZU directly or through external institutions, as well as principles of handling complaints from clients of multiagents. Monthly complaint reports are reviewed by management, allowing for trend identification and customer service improvements.
PZU Customer Ombudsman ensures fair and transparent resolution of reported issues, enhancing trust in PZU services. The principles are supplemented by guidelines defining the stages and participants in the process of receiving and considering complaints, the rules for registering and assigning complaints with the support of the Central Office Service system and the Claims Settlement System. The priorities are effective communication, transparency and timely issues resolution that enhance customer satisfaction.
Alior Bank and Bank Pekao also have Customer Ombudsman who deal with the most difficult and nonstandard cases that require an individual approach. Each complaint is thoroughly verified, and Alior Bank, when responding to rejected complaints, explains its position in detail, referring to, for example, the content of concluded agreements, regulations or the fee and commission schedule. If, despite the explanations sent, the customer does not agree with Alior Bank’s decision, they may appeal against the position contained in the response to the complaint by submitting a new notification to the bank or by filing an appeal to the Alior Bank Customer Ombudsman.
The „Customer Experience Management Policy in PZU Group” optimizes products and services to improve customer satisfaction. This policy applies across all PZU business segments, eliminating communication barriers and enhancing customer interactions.
A similar role is carried out by the „CRM Policy,” which improves customer relationship management across PZU Group. Through advanced analytical tools and personalization strategies, this policy enhances customer loyalty and builds long-term relationships.
Additionally, to ensure high service standards, PZU Pomoc has implemented the „Customer Service Quality Policy,” which focuses on building an efficient organization based on best quality management practices and understanding customer needs and expectations
Marketing and product management
In the area of insurance, the PZU Group has policies in place to manage and supervise insurance products, which define the principles for creating, modifying, monitoring and reviewing products that must be followed to ensure compliance with the regulations of the products offered and to protect the interests of customers. In particular, they ensure that the insurance products created and introduced to the offer meet the needs of target customer groups, have distribution channels adapted to the characteristics of the target customer groups and that constant monitoring of the functioning of products is carried out after their introduction to the market in order to ensure that they continue to meet the needs and requirements of customers and to effectively identify any irregularities in the product that may negatively affect customers in order to mitigate them.
Access to credit information
Alior Bank and Bank Pekao strive to provide services in a competent and professional manner. The solutions they propose to their clients are in line with consumer protection requirements. All contract templates and APR calculations are adapted to the Consumer Credit Act, minimizing the risk of customers imposing free credit sanctions (Article 45 of the Consumer Credit Act – in the event of a violation by the lender of the consumer’s rights, specifically concerning the omission or inclusion of incorrect provisions as mandated by law, the borrower, upon submitting a proper request, shall repay the loan without interest or any other charges due to the lender).
The most frequently raised allegations regarding consumer credit include:
- violation of Article 30, Section 1, Point 7 of the Consumer Credit Act – incorrect indication of total amount payable by the consumer, as determined on the date of the conclusion of the consumer credit agreement, and the actual annual percentage rate (APR), arising from the unauthorized (as alleged by the consumers) practice of the Bank charging interest on the financed commission for the granting of the loan (crediting and charging interest on the commission for granting the loan), or on other financed costs
- violation of Article 30, Section 1, Point 10 of the Consumer Credit Act – failure to provide a condition determining credit cost changes resulting from early repayment or the application of free credit sanctions.
On February 13, 2025, the Court of Justice of the European Union (CJEU) issued a ruling in case C-472/23 regarding the application of free credit sanctions. The CJEU ruling grants significant discretion to national courts in adjudicating individual cases. The Group will monitor developments in CJEU and national court rulings regarding free credit sanctions and analyze the impact of these rulings on PZU Group’s position in ongoing proceedings.
Below and on the following pages is an extended description of key policies operating within PZU Group
(the highest function in the organization responsible for implementing policies is the Management Board of the respective unit)
PZU and PZU Życie have Product Management System Principles in place, the purpose of which is to support the assurance of meeting the requirements for protecting customers’ interests within the scope of insurance products held.
The provisions of the document, defining the framework for the proper organization of the product management system, include in particular the activities required throughout the product life cycle – from the process of creating insurance products, through their introduction to the market, sale, service, including handling claims and complaints. The application of the Principles supports prudent and stable product management, including related risks.
The Principles address the requirements specified in the KNF Recommendations on the product management system, as well as the requirements resulting from the Commission Delegated Regulation (EU) 2017/2358 supplementing Directive (EU) 2016/97 of the European Parliament and of the Council with regard to product oversight and governance requirements for insurance companies and insurance distributors.
The Management Boards of PZU and PZU Życie are responsible for the implementation and application of the requirements resulting from the Policy, respectively
The Marketing Policies of PZU Group establish rules for conducting marketing activities and ensuring communication consistency regarding products and services. The documents define advertising and promotional standards, their primary objective is support of PZU Group’s entities’ strategy implementation.
The policies also specify guidelines for advertising ethics and compliance with legal regulations to ensure transparency and accuracy in marketing messages. The policies apply to all marketing activities within PZU Group (excluding Link4, Alior Bank and Bank Pekao), including advertisements, promotions and informational materials. No exemptions were specified, meaning all organizational entities must comply with the defined principles.
The policy execution is overseen by the Group Director or the appropriate Managing Director who oversees the execution of marketing activities and ensures their compliance with established standards. The document references Advertising Ethics Code, best practices for marketing materials and „Compliance Guidelines” in order to eliminate misinformation and unethical marketing practices.
The policy includes customer interests by ensuring reliable communication and marketing activities compliance with regulations. It prevents misleading coustomers and promotes fair advertising standards.
PZU Group has implemented the „CRM Collaboration Policy” to define the principles of customer relationship management and enhance cooperation among the Group’s entities. This document focuses on optimizing customer service processes and ensuring a consistent approach at all stages of customer interactions. A key component of this policy is the effective use of analytical tools, allowing for service personalization and better alignment of CRM activities with individual customer needs.
The policy covers all PZU Group entities (excluding Alior Bank and Bank Pekao) and their activities related to customer relationship management. No exclusions were indicated, which meant that each entity was required to apply the same standards and procedures.
The document addresses customer needs, emphasizing high service quality and building long-term, trust-based relationships. Enhancing CRM processes aims to increase customer satisfaction and loyalty toward PZU Group, contributing to better business performance and a positive corporate image.
PZU SA and PZU Życie have implemented principles to define the approach to the processing, storage and protection of personal data of customers and end users. The document contains detailed guidelines on how to receive, register and process requests related to personal data. It also specifies procedures for handling data security breaches, in accordance with the provisions of the General Data Protection Regulation (GDPR).
The principles cover both individual customers and those related to corporate agreements. No inclusions have been indicated, which means that these principles apply to all processes related to the processing of personal data. No exclusions have been indicated, which means that these principles apply to all processes related to the processing of personal data.
The document has been developed in accordance with the GDPR and national data protection regulations. Its purpose is to ensure a high level of information security, privacy protection and compliance with legal regulations in order to minimize the risk of breaches.
PZU Group has implemented the „Information Security and Cybersecurity Policy” to regulate data protection and IT system security within the organization. The document defines rules for managing risks related to cyberattacks, protecting telecommunications infrastructure and ensuring the security of processed personal data.
The policy covers all entities of the PZU Group (excluding Alior Bank and Bank Pekao) and their IT systems.
The document was developed to protect the interests of customers, employees and business partners. Policy implementation aimed to ensure a high level of security, reduce the risk of data leaks and counteract threats related to cyberattacks.
Cooperation in the area of security with Alior Bank and Bank Pekao is regulated by annexes to the agreements on cooperation and exchange of information
The document defines clear rules for receiving, registering, analyzing and resolving customer complaints. The document specifies reporting processes and corrective actions in case of identified irregularities in customer service. The objective of the policy is to ensure an effective mechanism for customers to assert their rights and to increase organizational transparency.
The document was introduced to enhance the transparency of the complaint handling process and monitor trends in customer complaints. Regular analysis of reported issues allows for eliminating recurring irregularities and implementing preventive measures to improve service quality.
Customers can submit complaints via website, email, call center and PZU branches. Additionally, monthly complaint reports are sent to business units and executive management that allows for ongoing analysis and decision-making regarding potential customer service process improvements.
The policy applies to all PZU SA and PZU Życie customers, enabling them to submit complaints regarding any aspect of the organization’s operations. No exemptions were specified, meaning all complaints are analyzed and handled in accordance with established procedures.
Summary of PZU Group policies for consumers and end-users
The actions undertaken by PZU Group entities focus on adhering to the highest ethical standards, protecting customer and employee rights and ensuring compliance with national and international regulations. Each implemented policy and procedure has been designed to optimize internal processes and eliminate potential risks, ensuring high service quality and operational security. Through consistent application of adopted principles, PZU Group aims to strengthen its position as a leader in the insurance sector while also safeguarding the interests of its customers, employees and business partners. In the area of retail banking, most processes are regulated by policies adopted by banks, such as the Personal Data Retention Policy at Bank Pekao, the AntiUnfair Sales Policy and the Principles of Responsible Marketing at Alior Bank.
Beyond the implemented policies, PZU Group operates in compliance with international and national requirements and guidelines. PZU Group conducts its insurance product activities in accordance with legal regulations and supervisory requirements, including, in particular, compliance with the provisions of the Act of December 15, 2017, on Insurance Distribution, as amended, which transposed into Polish law Directive (EU) 2016/97 of the European Parliament and of the Council of January 20, 2016, on insurance distribution (IDD Directive), as well as Delegated Regulation (EU) 2017/2358 of the European Commission supplementing the IDD Directive with regard to product oversight and governance requirements for insurance undertakings and insurance distributors.
Additionally, PZU applies supervisory authority requirements, particularly KNF (Polish Financial Supervision Authority) Recommendations regarding product management systems.
All PZU Group insurance entities (within the scope of their operations) fully comply with applicable standards, including:
- Commission Delegated Regulation (EU) 2017/1469 of August 11, 2017, establishing a standardized format for the presentation of a document containing information on insurance products (for property products and other casualty insurance products), commonly referred to as the Insurance Product Information Document (IPID)
- Commission Delegated Regulation (EU) 2017/653 of March 8, 2017, establishing regulatory technical standards concerning the presentation, content, review and modification of documents containing key information and the conditions for fulfilling the requirement to provide such documents. Accordingly, all products for which this is mandated by the regulation, primarily investment-linked insurance products, must be accompanied by the Key Information Document (KID).
As a result, clients receive – in a transparent and concise form – information that is important to them, enabling them to both understand and compare the products offered on the market. Documents are provided during the sales process and can also be found on the product websites of PZU Group entities.
ESG-related issues in product development process
In its business operations PZU Group adheres to OECD Guidelines for Multinational Enterprises, UN Guiding Principles on Business and Human Rights and International Bill of Human Rights.
To enhance responsible business practices and consumer trust, PZU Group ensures compliance with UN and OECD Guidelines through monitoring and incident reporting mechanisms (e.g., customer complaints, Customer Ombudsman, Health Ombudsman), regular internal and external audits verifying policy compliance with international guidelines and human rights standards, employee training on UN and OECD guidelines, ethical principles and corporate responsibility.
Due to adherence to these standards, in 2024, no violations of these regulatory and ethical requirements were recorded in any PZU Group company.