OUR COMMITMENT TO YOUR DATA PRIVACY
By entrusting us with your personal data, we are building a relationship of trust together because we want to prove ourselves worthy.
Your personal data is therefore our top priority.
The Henner Group strives to protect your personal data and we have committed to ensuring the best level of security and privacy, in compliance with French and European regulation (Regulation (EU) 2016/679 and law n°78-17 voted on 6 Jan 1978 and subsequently amended several times).
Our personal data processing policy is based on the following six principles:
- Lawfulness of processing: personal data collection and processing are legitimate and based on a legal basis identified in accordance with the objective (or purpose) and the context in which it is processed.
- Purpose of processing: we do not use your personal data for any other purpose. We collect your personal data strictly for the defined purposes.
- Period for keeping personal data: we establish a limited period for keeping your personal data, in accordance with the purposes and lawfulness of processing.
- Security and privacy: The Henner Group strives to protect and secure your personal data. We take whatever measures needed to ensure a level of security appropriate to the risk between the controller and the processor. In assessing the appropriate level of security, we take into account the risks of each type of processing (sensitive data, purpose of processing).
- Transparency: When we collect your personal data,we will tell you how we intend to use it and if we need to share it with other parties.
- Right of access: You shall have the right to obtain from us the confirmation of your personal data. You can request the erasure, portability, restriction of processing or to object to this processing.
These documents explain how we collect, use and store your personal data.
Last update: [ ] 2018
Insured Party: the physical person to whom the coverages of an insurance policy apply (whether or not the said person is the subscriber), the said policy being designed, distributed and/or managed by Henner.
Data or Personal Data: means any information relating to a Concerned Person.
Concerned Person: refers to an identified or identifiable physical person; is deemed to be an “identifiable physical person”, i.e. a physical person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that physical person.
Personalized Space: means a space on a Site accessible to Insured Parties under the conditions provided for in the General Terms and Conditions of Use of the Site, and by means of a user name and a password.
Controller: means the physical person or legal entity, the public authority, the service or whatever other body that, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
Processing or Process: means any operation or set of operations performed using processes that may or may not be automated, applied to personal data or sets of personal data, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, or disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
User: means any physical person who accesses a Site, even without logging in and having access to a Personalized Space.
2. PERSONAL DATA PROTECTION
2.1 Identity and Contact Details of the Controller
Personal Data is collected and processed by:
Henner SAS, a simplified joint stock company registered in France in the Trade and Companies’ Register of Nanterre under the number 323 377 739, and having its registered offices at 14 Boulevard du Général Leclerc, 92200 Neuilly-sur-Seine.
2.2 Contact Details of the Henner Group DPO
The Henner Group has appointed a Data Protection Officer who can be contacted at:
Data Protection Officer
14 Boulevard du Général Leclerc
92200 Neuilly sur Seine
2.3 Collection Methods
Your Data is collected directly by Henner when you enter your Data in the contact forms, questionnaires and other means provided to you as part of use of the Site’s services (recruitment, free callback request, estimate request, Personalized Space, etc.), or as part of a membership or subscription form to one of our services and/or products.
Your Data may also be collected indirectly during your browsing on the Site (for example, via cookies), or by other companies in the Henner Group, or may be transferred by insurers, client companies or our partner brokers within the scope of the fulfillment of insurance policies, and for the purposes of using the services of Personalized Spaces, or by recruitment firms as part of a recruitment procedure.
Within the scope of collection, the following Data is processed:
- Identity data (last name, first name, address, telephone number, email address, date of birth, country of origin, NIR, RNIPP, etc.);
- Data pertaining to family, economic, heritage or financial situation, personal life and living conditions, having a connection with the commercial relationship (civil status, marital status, information on spouse and children, etc.);
- Data pertaining to professional and non-professional life, having a connection with the commercial relationship (occupation and professional field, information on the employer, website, name of the previous insurer and the previous insurance policy, information on movable assets such as vehicles or objects, type of policy desired, country of expatriation/secondment, affiliation to a health insurance fund, welfare plan, desires/preferences concerning an insurance policy, etc.);
- Health data (information about hospitalizations, about needs for optical appliances, dental care, and about planned treatments, etc.);
- Data for tracking the commercial relation (data pertaining to the organization and the handling of competitions or draws, and whatever promotional operation, loyalty actions, prospection, studies, surveys, product tests, data about a person’s contributions, comments, explanations about how the User came to know about Henner, reasons for a contact request, etc.);
- Location and connection data;
- Data pertaining to the selection of people (career path, job offer sought, etc.);
- Data pertaining to the determination and assessment of risk and the management of claims and benefits;
- Where appropriate, Data pertaining to offenses, criminal convictions and precautionary measures concerning the Insured Party, concerned parties or parties to a policy.
2.4 Purposes and Legal Basis of Data Processing
Your Personal Data is processed by Henner for the following legal purposes and on the following legal bases:
|Purpose (objective sought)||Legal bases (basis or reason for the Processing)|
|Management of access, security, maintainability, evolutions and audiences of sites and platforms accessible online (Google Analytics)||Henner’s legitimate interest in ensuring the availability and proper functioning of its Sites, as well as the promotion of its businesses through its Sites|
|Recruitment Management||Henner’s legitimate interest in recruiting people for the purposes of its business.|
|The conclusion, management (including commercial) and fulfillment of Insured Parties’ insurance policies, in accordance with the simplified standards NS 16 and NS 56 of the CNIL (including fulfillment of policies [technical operations], fulfillment of legal provisions, etc.), processing of the social security number and access to the RNIPP under the conditions and for the cases listed by the CNIL’s single authorization (AU31), elaboration of statistics and pecuniary studies, exercising Insured Parties’ rights, complaints management, litigation tracking, etc.||Fulfillment of the insurance policy concluded for the Insured Party’s benefit.|
|Commercial prospection in accordance with the CNIL’s NS 56 standard (including commercial prospecting and loyalty actions, development of sales statistics, contact requests, information or estimate requests, rights management or management of Users’ and Insured Parties’ opinions about products, services or content, etc.)||– User Consent (by principle)
– Henner’s legitimate interest in prospecting its own Insured Parties by email to offer similar or complementary products and services, and to respond to contact requests.
|Insurance fraud prevention, in accordance with the CNIL decision concerning a single authorization (AU39), including the following purposes:– analysis and detection of actions demonstrating an anomaly or an inconsistency, or having been the subject of a report that may reveal a fraud;
– Management of alerts in case of anomalies, inconsistencies or reports;
– Compilation of lists of people duly identified as perpetrators of acts that may constitute fraud;
– Management of procedures.
|– Legal and regulatory obligations
– Henner’s legitimate interest in being able to protect itself against fraud.
|Prevention of money laundering and terrorist financing, in accordance with the CNIL’s Single Authorization (AU003), which includes the following purposes:– The implementation of customer due diligence obligations, in accordance with the risk approach;
– Searching for persons to be subject to additional due-diligence measures as politically-exposed persons (PEPs) within the meaning of Article R561-18 of French monetary and financial legislation [Code monétaire et financier], and persons who may be subject to heightened due-diligence measures;
– The triggering alerts and suspicious statements;
– The surveillance of certain accounts, policies or customers, on the basis of the risk classification established by the financial institution, or transactions considered to be complex, to be of an unusually high amount or that do not appear to have any economic justification or lawful object, or a declaration of suspicion not having resulted in the closing of the account;
– The application of asset-freezing measures in the prevention of financing of terrorism and financial sanctions.
|Legal and regulatory obligations|
|The processing of Data pertaining to offenses, convictions or precautionary measures, in accordance with the CNIL Single Authorization (AU32):– provided for by legal, regulatory and government provisions, whether at the time of subscription to the policy, or during its fulfillment and,
– falling within the scope of litigation pertaining to Henner’s business.
|– Legal and regulatory obligations
– Henner’s legitimate interest, with regard to its business, in ensuring the recognition, exercising or defense of its rights or your rights in law.
2.5 Mandatory/Optional Nature of the Collection
Henner informs you when the provision of an information item is mandatory (including when due to a legal, regulatory or contractual obligation, or simply in order to process your request or respond to you). If you do not provide this so-called “mandatory” information, Henner may be unable to respond to the request or form in question.
Fields on a form that are not specified as mandatory are left to your discretion. It is up to you to choose to whether to fill them in or not.
2.6 Data Recipients/Data Transfer
Your Data is primarily intended for Henner, but may also be transferred, for the purposes of management and fulfillment of your insurance policies, to Henner’s insurance and reinsurance partners, to Henner’s healthcare networks, and to Henner Group companies.
Some companies in the Henner Group may be located in third-party countries* outside the European Economic Area. In this case, to guarantee an adequate level of protection of your Personal Data, the transfers are supervised within the Henner Group by internal rules (Binding Corporate Rules, or BCRs) validated by the CNIL in compliance with the applicable Data Protection Regulations.
*list at the present time: Tunisia, Switzerland, Malaysia, Hong Kong, Kenya, Ivory Coast, Singapore, United Arab Emirates, Canada and USA
As part of the Processing, Henner may also transfer your Data to service providers, agents and suppliers to complete internal operations of the Site, or for any operation related to Henner’s business, for the purposes specified in Article 2.4 herein, and only to the extent necessary for the accomplishment of the tasks entrusted to them. These service providers, agents and suppliers are required to maintain the confidentiality and security of your Data, and to implement the appropriate measures.
Henner may also transfer your Data if such disclosure is required by law, a regulatory provision or a court order, or if such disclosure is reasonably necessary to comply with court proceedings, and respond to any complaints or protect the security of your Data or your or Henner’s rights.
2.7 Data Stored Period
Depending on the purpose of the Processing, your Data is stored for the periods of time stated below:
|Management of access, security, maintainability, evolutions and audiences of sites and platforms accessible online||User name, including IP address, browser, load time, date of visit, pages visited, etc.||– 1 year for Sites/5 weeks for Personalized Spaces|
|Recruitment Management||Data collected as part of the recruitment process||– 2 years after last contact|
|Conclusion, management and fulfillment of insurance policies||Data disclosed when subscribing to the policy, and during its fulfillment||– for the period of time necessary for the fulfillment of the contract.
– archiving for probative purposes, for a period of time specified by the applicable legal provisions.
|Insured Parties’ bank account details [RIB]||– for the period of time necessary for the fulfillment of the contract.|
|Payment card data||– 15 months for probative purposes, in the event of a disputing of the transaction.|
|NIR and RNIPP data available through Agira||– Duration of the policy
– archiving for probative purposes, in accordance with the applicable legal provisions
|Commercial management||Data collected within the scope of commercial relations with Henner||– 3 years as from the end of the business relationship, if you have subscribed to an insurance policy with Henner;
– 3 years as from its collection, or from last contact at your initiative, in the absence of any policy subscription.
|Management of the exercising of rights||Data pertaining to the identity of the person making the request||– 1 year as from gathering|
|Processing of data pertaining to offenses, convictions or precautionary measures, within the scope of subscription to policies and dispute management||Data pertaining to offenses, criminal convictions or precautionary measures||– duration of contractual relations;
– archiving in accordance with the time periods specified by the provisions of Articles L.114-1 and following of French insurance legislation [Code des Assurances], Article L.932-13 of French social security law [Code de la Sécurité Sociale] and the provisions of French civil law [Code Civil] pertaining to prescription periods
|Prevention of insurance fraud||Alert data||– 6 months as from the issuing of alerts|
|Relevant alert data||– 5 years as from the closure of the fraud case file|
|Data in the context of judicial proceedings initiated following an alert||– until the end of the legal proceedings;
– archiving for the applicable prescription period
|Data reported in the suspected fraudsters list||– 5 years as from the date of registration in this list|
|Prevention of money laundering and terrorist financing||Data and documents pertaining to the identity of the usual or occasional Insured Parties and, where appropriate, effective beneficiaries||– 5 years as from the closure of the account, or from termination of the relationship|
|Data and documents pertaining to transactions performed by them or not performed pursuant to asset-freezing measures or financial sanctions, and documents recording the details of transactions covered by Article L 561-10-2 of French monetary and financial legislation [Code monétaire et financier]||– 5 years as from their implementation|
(see 3. Cookies and other means of tracking)
|The saving of cookies on your device.||– 13 months as from saving|
2.8 Your Rights as Concerned Person
In accordance with the applicable Data Protection Regulations and under the terms of these Regulations herein, you have the following rights:
|Rights||Cases in which these rights apply||Conditions|
|Right of access||– applies to all Processing ;– with the exception of Processing pertaining to the prevention of money laundering and the financing of terrorism, in compliance with Article L 561-45 of French monetary and financial legislation [Code monétaire et financier], for which the right of access is exercised with the CNIL via an indirect right of access procedure (except for the case of processing used to identify persons subject to an asset freeze measure or a financial sanction)||By proving your identity and stating the subject of your request to the addresses below|
|Right to rectification||– in case of inaccurate, outdated or incomplete Data||Depending on the case:– By proving your identity and stating the subject of your request to the addresses below;
– Or, where applicable, by logging into your account and visiting your personalized Space to correct or complete the inaccurate Data
|Right to erasure||In the following cases:– Data is no longer necessary for the purpose for which it was collected;
– In application of your right of withdrawal of consent;
– In application of the right to object , as provided below;
– The Data Processing is illegal;
– Data must be erased to comply with a legal obligation
|Depending on the case:– By proving your identity and stating the subject of your request to the addresses below;
– Or, where applicable, by logging into your account and visiting your personalized Space to erase the Data
|Right of withdrawal of consent||At any time, when the Processing is based on consent from the Concerned Person||By proving your identity and stating the subject of your request to the addresses below|
|Right to object||Unconditional and at any time for Processing pertaining to commercial prospection, including profiling for such purposes||Depending on the case:– By clicking on an unsubscribe link in the prospection email concerned;
– Or by proving your identity and stating the subject of your request to the addresses below
|Right to object||Excluding cases of commercial prospecting, when the Processing is based on legitimate interest, and provided that Henner is not able to demonstrate legitimate and compelling reasons;||– by email or postal mail to the addresses below:o stating your request;
o stating the reasons for your opposition request, in respect of your particular situation;
o proving your identity;
|Right to data portability||When the Processing is:– based on:
o fulfillment of the policy.
– performed using automated methods.
|By proving your identity and stating the subject of your request to the addresses below|
|Right to restriction of processing||In the following cases:– you dispute the accuracy of the data;
– the Processing is illegal and you want to limit it;
– Henner no longer needs the Data for the purposes;
– You opposed the Processing but Henner checks to see whether there are not legitimate and compelling reasons for proceeding with this Processing
|– by email or postal mail to the addresses below:o stating your request;
o stating the reasons for your limitation request;
o proving your identity;
|Right to specify guidelines concerning the fate of one’s Data after one’s death||To all Data Processing (except those for which legal provisions preclude such guidelines)||By proving your identity and stating the subject of your request to the addresses below|
|Contact information for the exercising of firstname.lastname@example.org or Henner, Data Protection Officer, Risk Mangement, 14 Boulevard du General Leclerc, 92200 Neuilly sur Seine|
You also have the possibility of filing a complaint with the CNIL:
- directly online;
- by postal mail: 3 Place Fontenoy, TSA 80715, 75334 Paris Cedex 7.
2.9 Automated Decision-Taking
In the event of non-payment of the Insured Party’s premiums, the follow-up, notice and delisting procedure is automated.
Since this processing gives rise to an automated individual decision, you have the following rights under the terms of the applicable Data Protection Regulations:
- The right to request the involvement of a person to verify the Processing in question and ensure the compliance of the decision applied to your situation;
- The right to challenge a decision taken automatically by Henner’s systems, by sending your request to your usual contact at your management unit (MU) or the Henner Complaints Department, at the following address: email@example.com
2.10 Data Security and Privacy
Within the scope of its business, and in compliance with the applicable Data Protection Regulations, Henner undertakes to take all appropriate technical and organizational measures to ensure the security, availability, integrity, authenticity and confidentiality of your Personal Data and the resilience of its information systems.
In the event of any suspicion of risk, loss of your login credentials, or any other event that may entail risks to the Sites and Personal Data, please contact Henner without delay and, if the case concerns a loss or disclosure of your login credentials for your account and Personalized Space, we recommend that you immediately request a new password in your Personalized Area, in the “Change Password” tab.
3. COOKIES AND OTHER MEANS OF TRACKING
The Site may automatically collect information by means of cookies or means of tracking saved on your device during your consultation of the Site.
3.1 What is a “Cookie”?
Cookies (or means of tracking) are small text files that can be saved on your device through its browser (computer, tablet, smartphone, etc.) during your time visiting the Site, and that fulfill various functions, notably including allowing the party that places the cookie to identify your device.
3.2 What Cookies are Used on the Site, and How Can You Manage These Cookies?
Henner informs you that the following cookies may be deposited and used, subject to your settings/acceptance:
- Technical cookies: these cookies are essential for navigation on the Site, and enable its various functionalities to be used;
- “Analytical” Cookies: These cookies make it possible to know how the Site is used, and to establish its performances and improve its operation. Such is the case of audience measurement cookies, but only using your session data (date, time, IP address, transmission protocol, and page viewed). This information is not cross-checked with other Processing Operations such as customer or Insured Party files;
- Persistent cookies for distribution of sessions over the various Henner servers.
- Targeting and advertising cookies: These cookies allow you to adapt advertising content and other content according to your interests established on other websites.
Below is the list of cookies used on the Site, with their purpose and how to disable them.
With the exception of so-called “technical” cookies, which you cannot disable, these cookies can be disabled at any time, either individually or in completely.
Name of the cookie used
Link to disable this cookie
|Google Analytics||These cookies make it possible to know how the Site is used, and to establish its performances and improve its operation. Such is the case of audience measurement cookies, but only using your session data (date, time, IP address, transmission protocol, and page viewed). This information is not cross-checked with other Processing Operations such as customer or Insured Party files||https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=en|
|Google advertising cookie||Google advertising cookie used for tracking users and targeting ads||https://adssettings.google.com/anonymous?hl=fr&sig=ACi0TCgxuVG-G5HOMBtgqQ1Ze_C7PDVmT39Jzt7ZLxldrbnW3kFtXuMyK4syL_exkqpFWfOOspX8Tnx-m63djjMeePZ2rZV-F_EfVjOrEDWitoy80zpuh1I|
The method of configuration of each browser is different. How to change your cookie settings will be explained in your browser’s help menu. You can disable cookies by following the instructions below:
FOR Mozilla FIREFOX https://support.mozilla.org/fr/kb/activer-desactiver-cookies
- Select the “Tools” menu then “Options”.
- Click on the “Privacy” icon.
- Locate the “Tracking” menu and select the appropriate options.
FOR MICROSOFT Internet Explorer http://windows.microsoft.com/fr-fr/windows7/block-enable-or-allow-cookies
Select the “Tools” menu “then “Internet Options”
- Click on the “Confidentiality” tab.
- Select the desired level using the cursor.
FOR Google Chrome https://support.google.com/chrome/answer/95647?hl=fr
- Click on the Chrome menu in the browser’s toolbar.
- Select “Parameters”.
- Click on “Display advanced parameters”.
- In the “Confidentiality” section, click on the “Content parameter” button.
- In the “Cookies” section, several Cookie-related parameters can be altered.
FOR Safari https://support.apple.com/fr-fr/HT1677
- In iOS8, Click on Settings > Safari > Block cookies
- Select one of the options proposed (Always authorize, Only authorize online personalized spaces visited, Only authorize online personalized spaces currently open, Always block).
In iOS 7 or an earlier version, there is the following choice of options: Never, Third parties and advertisers, or Always.
- Select the “File ” menu > “Preferences”
3.3 What Happens When Cookies Are Rejected?
3.4 How Long Are Cookies Stored On Your Device?
In compliance with CNIL recommendations, cookies are stored for a maximum period of 13 months.
3.5 Third-Party Cookies