Your personal data
To whom is your personal data transmitted?
Your personal data is processed by the data controller, Covéa Group. Covéa Group is represented by Covéa, a Société de Groupe d’Assurance Mutuelle (French mutual insurance group company - SGAM) governed by the French Insurance Code (Code des assurances), Paris Trade and Companies Register no. 450 527 916, whose registered office is at 86-90 rue Saint-Lazare, 75009 Paris. For information on the Covéa Group please visit https://www.covea.eu. Your personal data may be sent to the staff of the data controllers, to their contractually bound partners and subcontractors, to their reinsurers, to professional bodies, insurance companies or social welfare organisations, to representatives of the persons involved in a claim, to insurance intermediaries, to loss adjusters and to the persons concerned by the policy taken out. These persons may be located outside the European Union if it is decided that this is appropriate or in accordance with the negotiated contractual terms. These arrangements are available from the Data Protection Officer.
Why do we need to process your personal data?
Your personal data is processed by the Covéa Group, which is required to: • confirm, manage and realise the guarantees provided under your insurance policy; • carry out commercial prospecting operations; • enable recourse and claims handling; • conduct research and development; • carry out preventive measures; • compile statistics and actuarial studies; • prevent insurance fraud; • take steps to prevent money laundering and terrorist financing; • fulfil its current legal, regulatory and administrative obligations.
The legal bases for this processing are:
The legitimate interest of the data controllers in commercial prospecting, preventing insurance fraud, research and development and preventive measures. The legitimate interest of the data controllers consists of their commercial development, the development of new products and services and claims management; your policy, for the other purposes mentioned. In accordance with the legal basis of the policy, should you refuse to provide your data, the policy cannot be concluded or executed. As part of the fight against insurance fraud, if an anomaly, inconsistency or alert is detected, the data controllers may place you on a list of persons presenting a risk of fraud in order to control their costs and protect their solvency. You will be notified in advance if you are to be added to such a list.
How long is your data stored?
For commercial prospecting, your personal data is kept for three years from its collection or from the most recent correspondence to which no response has been received. The personal data processed in order to conclude and manage your policy is kept in accordance with the statutory limitation periods, set according to the type of policy. If a policy is not taken out, health data is kept for a maximum of five years. If you appear on a fraud prevention list, your personal data is kept for five years.
What are your rights?
- A right of access, which means you can obtain:
- Confirmation of whether your data is being processed or not;
- A copy of all the personal data held by the data controller. This right concerns all data that may or may not be processed by the data controllers.
- A right to request the portability of certain data:
- this means that you can retrieve your personal data in a structured, commonly used and machine-readable format. It applies solely to data that has been actively provided, e.g., by filling out a form, or that has been observed when you use a service or facility in connection with the conclusion or management of your policy.
- A right to object: this means you can refuse to receive commercial prospecting from us or our partners or, for reasons relating to your particular situation, can stop your data being processed for the purposes of research and development, combating fraud, and prevention.
- A right to rectify: this means you can have when obsolete or incorrect information about you corrected. It also means you can have incomplete information about you completed.
- A right of deletion: this means you can have your personal data deleted, subject to the statutory retention periods. It may in particular apply if your data is no longer required for processing.
- A right of limitation: This means that you can limit the processing of your data in the following cases:
- If your data is used unlawfully;
- If you consider that your data is inaccurate;
- If you need the data to assert, exercise or defend your rights. It will then no longer be actively processed and cannot be modified during the exercise of this right.
- A right to human intervention: the data controllers may use automated decision-making to grant or manage your policy. In this event, you can ask the Data Protection Officer what were the determining criteria on which the decision was based. You can set general guidelines with a trusted third party, or specific guidelines with the data controller regarding the retention, deletion and disclosure of your personal data after your death. These guidelines may be amended or revoked at any time. In the event of a disagreement regarding the collection or use of your personal data, you may refer the matter to the French Data Protection Authority (CNIL).
How can I contact the Data Protection Officer?
For further information please write to the Data Protection Officer at the address below:
- by email: firstname.lastname@example.org,
- by post: Covéa - Délégué à la Protection des Données – 86-90 rue Saint-Lazare, 75009 Paris.