INSURED GDPR CHARTER
Last updated: November 2020
The purpose of this Charter is to inform you of the procedures for collection, processing and use of your personal data (hereinafter “Data”) and of the rights available to you in the context of the fulfilment of your insurance contract.
This Charter is accessible to everyone on Henner’s websites, in your Member Account or in your Insured Guide, and our contractual forms and documents contain a reference to it.
We may modify this Charter at any time in accordance with changes in the legislation or regulations or in the event of modification of the methods of collection, processing and use of your Data.
We advise you to check regularly whether any amendments have been made.
You can identify the date on which the Henner Group made the last changes by referring to the date indicated at the top of this document.
1 What entities process your Data?
In the course of the fulfilment of your insurance contract, the Data collected are processed jointly by:
- Henner, a Simplified Joint Stock Company (Société par Actions Simplifiée, SAS) registered in the Nanterre Trade Register under number 323 377 739 whose head office is located at 14 Boulevard du Général Leclerc, 92200 Neuilly-sur-Seine (hereinafter “Henner”).
- The Insurer whose name and contact details are indicated in your insurance contract
However, certain processing operations, as indicated in Article 3 below, are carried out specifically and autonomously by Henner.
Under the joint responsibility agreement between Henner and the Insurer, Henner has been designated as the contact point for Insured.
2 How do we collect your Data?
Your Data are collected either directly by Henner or indirectly by a third party.
Your data may indeed be sent to us, depending on your type of insurance contract, by your employer, your broker or the Insurer, by the basic or supplementary social security organisations or the professional organisations contributing to the management of the insurance contracts, or by the qualified administrative authorities.
In addition, your Data may also be collected indirectly in the course of navigation in your Member Account (e.g. cookies)
The categories of Data concerned are:
- Data relating to identification;
- Data relating to the Insured’s family situation, economic and financial situation and assets, personal life and life habits;
- Data relating to the Insured’s professional life;
- Data relating to the management of the contract;
- Data relating to health;
- Data relating to follow-up of the commercial relationship;
- Data relating to risk determination and assessment and to management of claims and benefits;
- The Insured’s social security number;
- Connection and tracking data;
- Data relating to fraud prevention;
Henner informs you when it is mandatory to provide an item of information (particularly due to a legal, regulatory or contractual obligation or simply in order to be able to handle your request or reply to you). If you do not provide such mandatory information, Henner may be unable to deal with your request or to conclude, manage or implement your insurance contract. The fields of a form which are not indicated as being mandatory are left to your discretion. It is up to you to choose to fill them in or not.
3 Why do we process your Data?
Your data are processed for the following purposes and legal reasons:
3.1 Data processed jointly with the Insurer:
|Conclusion, implementation and management of an insurance contract||– Study of the specific needs of each possible prospect/Insured in order to propose appropriate contracts
– Examination, acceptance and monitoring of the risk
– Fulfilment of contractual guarantees
– Management of contracts
– Commercial management of Insured
– Management of claims and disputes
– Legal appeals
– Production of statistics and actuarial studies
– Advertising and customer loyalty operations
|– Necessary for the fulfilment of a contract to which the Insured is a party or for the implementation of pre-contractual measures
– Legitimate interests
– Legal and regulatory obligations
|Prevention of insurance fraud||– Analysis and detection of acts presenting an anomaly or an inconsistency or which have been reported for possible fraud;
– Management of alerts in the event of an anomaly, inconsistency or reporting;
– Sending of information concerning suspicions of fraud to the recipients concerned by the processing of the data:
– Constitution of a list of persons identified as perpetrators of acts which may constitute fraud;
– Management of amicable, litigation and disciplinary procedures
|– Legal and regulatory obligations
– Henner’s legitimate interest in being able to guard against fraud.
|Prevention of money laundering and financing of terrorism||– Meeting of obligations of vigilance with regard to customers in accordance with the risk-based approach;
– Search for persons needing to be subject to additional vigilance measures as politically exposed persons (PEP) as defined by Article R561-18 of the Monetary and Financial Code and for persons liable to be subject to reinforced monitoring measures;
– Triggering of alerts and reporting of suspicions;
– Placing of certain accounts, contracts or customers under surveillance based on the risk classification produced by the financial organisation, or on operations deemed to be complex, of an unusually high amount or not appearing to have any economic justification or legitimate purpose, or on the reporting of a suspicion which has not led to the closing of the account;
– Application of asset freezing measures for purposes of prevention of the financing of terrorism and financial sanctions
|– Legal and regulatory obligations|
|Processing of health data||Health data are liable to be processed when they are necessary for the conclusion, management or fulfilment of insurance contracts. Such information is processed with respect for medical confidentiality.||– Legal obligation for social protection
– Where necessary, consent of the Insured
|Management of requests to exercise rights||Management of requests to exercise rights||Legal and regulatory obligations|
3.2 Data processed specifically by Henner
|Processing||Purposes (objectives pursued)||Legal reasons|
|Improvement of quality of services and of relationships with Insured||– Monitoring and recording of telephone conversations for purposes of training, evaluation or improvement of the quality of our services
– Conducting of satisfaction surveys
– Statistical and commercial studies
|Necessary for the fulfilment of a contract to which the Insured is a party or for the implementation of precontractual measures|
|Commercial management||– Management of prospects
– Advertising and customer loyalty operations
– Profiling operations: you are also informed that, in the course of the conclusion and fulfilment of your contract, Henner combines and analyses all or some of your data to evaluate your situation or to predict it (appetite scores) and to offer you optional coverage on an individual basis.
|– Henner’s legitimate interest in prospecting its customers to propose similar offers and services to them
– Consent in other cases
|Conclusion of an insurance contract (Brokering activity)||– Study of the specific needs of each possible prospect/Insured in order to propose appropriate contracts (duty to advise)||– Necessary for the implementation of pre-contractual measures
– Legal and regulatory obligations
|Management of websites and applications (Member Account)||– Technical administration of websites and applications
– Management of access, security, maintainability and upgrades of websites and applications
– cookie management
|– Henner’s legitimate interest in checking the availability and correct functioning of its websites and applications|
4 Who can access your Data?
Your Data are mainly intended for Henner’s duly authorised personnel: personnel responsible for commercial relations and contract management, fraud prevention or prevention of money laundering and financing of terrorism, auditing and monitoring or any other service linked to the fulfilment of your contract, within the limit of their powers.
These data may also be passed on to the following categories of recipients:
- Outside bodies responsible for the fulfilment of the contracts and the management of the coverage: insurers, reinsurers, healthcare providers, funeral directors, partners, intermediaries, brokers, etc.;
- Any person who is a party to or concerned by the contract (assignees, beneficiaries, subscribers, etc.);
- Henner’s subcontractors/suppliers for any operation linked to Henner’s activity for the purposes specified in Article 3 hereof and solely within the limit necessary for the performance of the tasks which are entrusted to them;
- Bodies liable to intervene in the insurance activity, such as public bodies, inspectors, investigators, experts, auditors, court officers, public officers and public bodies authorised to receive them, arbitrators, mediators or supervisory authorities, or professional organisations, in their capacity as persons or entities benefiting from a right of communication.
These possible transfers of Data with these recipients are formalised, if necessary, within the framework of a contract between the parties concerned.
5 Where are your Data hosted?
Henner undertakes to take all appropriate technical and organisational measures to ensure the security, availability, integrity, authenticity and confidentiality of your Data and the resilience of its information systems.
Henner favours the hosting and processing of your Data en France within the European Union (EU).
However, your Data may be transferred to countries outside the EU for the purposes specified above, particularly to entities of the Henner Group* or to third parties as specified in Article 4 above. In this case, to guarantee an appropriate level of protection of your Data, transfers of these data are regulated by Standard Contractual Clauses of the European Commission or by any other legal instrument, thus guaranteeing as a high a level of protection as in France.
*Current list of entities of the Henner Group outside the EU: Tunisia, Switzerland, Malaysia, Hong Kong, Kenya, Ivory Coast, Singapore, Canada and USA
6 How long do we store your Data?
Your data are stored for the periods necessary for the implementation of your insurance contract and for the fulfilment of the aims listed above, plus the legal prescription periods in force in this area.
7 What are your rights and how can you exercise them?
In accordance with the applicable Data Protection Regulations and under the conditions stipulated by these Regulations, you benefit from the following rights:
- A right of access to obtain the information relating to the processing of your Data and communication of a copy of these data;
- A right of correction to ask to correct your Data when they are inaccurate or incomplete;
- A right of deletion of your Data to ask to delete your Data if you meet the conditions stipulated by the regulations;
- A right to withdraw your consent at any time when this consent has been obtained;
- A right of opposition enabling you to oppose any processing of your personal data at any time, for reasons related to your particular situation, except when Henner demonstrates that there are legitimate and compelling reasons for the processing which take precedence over your interests, rights and liberties or the processing remains necessary for the establishment, exercising or defence of legal rights,
- A right of portability of the data which you have communicated to us, data necessary for the contract or when your consent was required;
- A right to the limitation of your personal data to storage alone, if you meet the conditions stipulated by the regulations;
- A right to define guidelines on what is to be done with your Data after your death.
In the event of non-payment of your contributions, the reminder, formal demand and termination procedure is automated.
As this processing leads to an automated individual decision, you have, in accordance with the applicable Data Protection Regulations, the following rights:
- The right to request the intervention of a duly qualified member of Henner’s personnel in order to verify the Processing in question and check that the decision taken is in line with your situation;
- The right to contest the decision taken automatically by Henner’s systems by sending your request to the usual address of your management unit (MU) or to Henner’s Complaints department at the following address: email@example.com
You may exercise your rights simply upon request, proving your identity by any means and specifying the purpose of your request, at the following email address: firstname.lastname@example.org or at the postal address: Henner, Data Protection Officer, Comformité/Relation Assureurs, 14 Boulevard du Général Leclerc 92200 Neuilly-sur-Seine
You may also correct your Data directly in your Member Account.
Lastly, in the event of continuing disagreement concerning your data, you have the option of registering a complaint with the CNIL:
either directly on the CNIL website: www.cnil.fr
or by writing to the following address: 3 Place Fontenoy – TSA 80715 – 75334 Paris Cedex 07