PERSONAL DATA PROTECTION POLICY
1. Content of the Policy
This Policy sets out the principles and guidelines for the protection of personal data, in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 known as the "GDPR"). Its purpose is to inform you of the methods of collection, processing and use of personal data, as well as the rights you have over them in the context of the use of the websites and extranets online platform, and of the subscription and management of the insurance contracts designed, distributed and/or managed by Sophiassur.
2. person in charge of the processing
The person in charge of processing is the company: SOPHIASSUR
154 boulevard Haussmann - 75008 PARIS - Tel. 01 56 88 89 90 - Fax 01 42 56 04 44
Insurance and reinsurance brokerage company - APE 6622Z
SAS with a capital of 333 000 € - N° SIRET : 499 004 018 000 36 - N°ORIAS : 07 027 521 - www.orias.fr
Represented by Mr. Gaëtan LE CORNEC, in his capacity as Chairman
SOPHIASSUR has appointed a Data Protection Officer (DPO): Mr. Michel JALAN
154 boulevard Haussmann - 75008 PARIS – dpo@sophiassur.com
3. Data collected and purpose of processing
a) For the purpose of preparing insurance proposals Your data collected via the application form and any additional documents required depending on the type of contract, are recorded and analyzed in order to be able to send you an insurance proposal that is best suited to your requests and needs as part of the "risk assessment" which includes the examination and evaluation of the characteristics of the risk to determine in particular its frequency, its average cost, the cost of the maximum possible claim, in order to establish a rate and to verify the insurability of the risk. If you fail to provide the information requested, you are informed that the insurer may not be able to correctly assess the risk to be covered and to propose an appropriate rate, which could lead the insurer to refuse to accept the insurance contract.
b) For the purpose of concluding insurance contracts Once the risk has been accepted, your data will be used to issue all contractual documents and for accounting purposes, in particular for the collection of premiums.
c) For the purposes of managing and executing the contracts taken out This covers all administrative and technical operations carried out in order to update your account and respond to your requests, regardless of the medium of the request (telephone, e-mail, mail).
d) For the purpose of managing and processing claims
e) For the purpose of fighting fraud
f) For the purposes of compliance with the LCB-FT regulations relating to the Fight against Money Laundering and the Financing of Terrorism
g) For the purpose of complying with any legal or administrative regulation, whether of France or of another country, which may apply to SOPHIASSUR
h) For the purpose of conducting statistical and actuarial studies
The personal data collected depends on the nature of the contract subscribed to but can be grouped into the following categories :
- Identification data of the subscriber (and of the payer if different) and the beneficiary(ies): identity, contact details, nationality as well as associated supporting documents (copy of identity card, bank details, ...);
- Identification data relating to any third parties involved in the contracts (lawyers, experts, etc.);
- Data related to the family, economic, patrimonial, fiscal and financial situation of the subscriber and the beneficiaries;
- Data relating to the professional situation of the subscriber and the beneficiaries;
- Data necessary for the application of the contract, in particular data relating to the methods and means of payment or relating to transactions, unpaid debts, recovery, direct debit authorization, the amount of premiums, the references of the contributor, co-insurers and reinsurers, the duration, the guarantees, the exclusions;
- Data necessary for the management of claims
- Data relating to the lifestyle and hobbies of policyholders;
- Data relating to the health of policyholders.
h) For recruitment purposes
4. TRANSMISSION AND ACCESS TO YOUR DATA
In the course of our various activities, your data may be made available to the following categories of persons :
- Personnel responsible for the conclusion, management and execution of contracts;
- The medical advisors and the personnel authorized to access health data;
- Management delegates, insurance intermediaries, partners;
- Providers and subcontractors;
- If applicable, co-insurers and reinsurers;
- Persons involved in the contract (lawyers, experts, court and ministerial officers, curators, guardians, investigators...).
We inform you that your data may, if necessary, be processed internationally and in particular with our partners via our international network.
5. Retention of personal data
We will retain your personal data for as long as necessary in accordance with the applicable legal and regulatory provisions. If you wish to have more information about our archiving policy, you can send us a written request to :
Sophiassur - 154 boulevard Haussmann - 75008 PARIS.
6. Your various rights
In accordance with the applicable regulations, you have various rights, namely :
- Right of access: you can obtain information concerning the processing of your personal data as well as a copy of these data;
- Right of rectification: if you believe that your personal data are inaccurate or incomplete, you may demand that they be amended accordingly;
- Right to erasure: you can demand the erasure of your personal data, to the extent permitted by law;
- Right to limitation of processing: you can request the limitation of the processing of your personal data;
- Right to object: you may object to the processing of your personal data on grounds relating to your particular situation. You have the absolute right to object to the processing of your personal data for direct marketing purposes, including profiling related to direct marketing;
- Right to withdraw your consent: if you have given your consent to the processing of your personal data (this right only applies to processing based on the legal basis of consent), you have the right to withdraw that consent at any time;
- Right to the portability of your data: where this right is applicable, you have the right to have the personal data you have provided to us returned to you or, where technically possible, transferred to a third party.
If you wish to exercise the rights listed above, you may send a written request to Sophiassur - 154 boulevard Haussmann - 75008 PARIS. All requests must be sent with proof of your identity (copy of identity card).
In accordance with the applicable regulations, in addition to your rights mentioned above, you are also entitled to lodge a complaint with the CNIL : https://www.cnil.fr.
7. Security of processing
Sophiassur is committed to guaranteeing the security of the processing of personal data in order to avoid any violation of the same. A breach of personal data within the meaning of the RGPD is a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed.
To this end, Sophiassur takes appropriate technical and organizational measures to guarantee a level of security adapted to the risks presented by the processing implemented.
In this context, Sophiassur undertakes to ensure the security, availability, integrity, authenticity and confidentiality of personal data. Sophiassur guarantees in particular that its employees and those of its data importers are subject to a strict obligation of confidentiality.
Despite all the care taken, Sophiassur cannot guarantee the absolute security of the protection implemented due to the evolution of intrusion techniques and the unavoidable risks that may arise during the transmission of personal data.
Sophiassur has defined and implemented an intrusion detection system and an incident management procedure.
8. Evolution and modifications
The present Policy may change at any time, with immediate effect.
In order to keep you informed, we indicate the date of its last update.
This Policy was last updated on 04/05/2021