THE PROTECTION OF YOUR DATA – AT THE HEART OF OUR COMMITMENTS
When you entrust us with your Personal Data you are creating a trust-based relationship, and we will do all we can to live up to this trust.
For that reason, we are making the protection of your data our highest priority.
Thus we will do all we can to provide your data with the best possible protection, and we are committed to ensuring it benefits from the highest level of security and confidentiality, in compliance with the applicable French and European regulations (regulation 2016/679/UE and law n° 78-17 passed on 6th January 1978 and subsequently amended), referred to hereinafter as ‘ the applicable Regulations ’.
Within this context, the commitments contained in our policy with regard to the processing of Data have as their basis the following 6 basic principles :
- A sound legal basis : the collection and processing of your Data of a Personal Nature is legitimate and has a specified legal basis that corresponds to the objective (or purpose) and the context of the processing operation.
- Relevance of the data: we only use your data for the previously-defined purpose, and only collect the data that are strictly necessary for achieving this purpose.
- Retention period: we establish the period for which your data will be retained, taking account of the objectives of each processing operation and any relevant legal obligations.
- Security and confidentiality: we place great emphasis on keeping your data protected and secure. Thus we deploy all necessary measures in order to guarantee the confidentiality of these data, and to prevent any breach, loss or damage affecting them, or any disclosure of them to unauthorized parties. These measures are designed in the light of the risks inherent in each processing operation (sensitivity of data, objective of processing operation, etc.).
- Transparency: we operate with transparency, keeping you informed when collecting your Data of a Personal Nature of the way in which we are using them and then of any sharing of the data with third parties.
- Respecting your rights : we are careful to respect your rights, informing you of the purpose for which your data is being processed. You have the right to access, rectify and delete these data, or to object to their collection.
Set out in the General Terms and Conditions of Use for our websites and smartphone apps, in our confidentiality policy, and in our ‘Charte RGPD Assurés’ (RGPD insured parties’ charter), is a full statement of our commitments and your rights, and an explanation of the way in which we collect, use, if applicable share, and store your Data of a Personal Nature.
Last update: January 2021
Insured party: shall designate the individual receiving the cover from an insurance contract (whether or not this person is the policyholder) drawn up, distributed and / or managed by Henner.
Data or Personal Data: shall designate any information relating to an Interested Person.
Data subject : shall designate an identified or identifiable individual ; the term ‘identifiable individual’ shall denote an individual who can be directly or indirectly identified, notably through reference to an identifier, such as a name, an identification number, location data, a username, or one or more elements specific to his or her physical, physiological, genetic, psychological, economic, cultural or social identity.
Member Account: shall designate the area of a Site accessible to Insured parties or to Corporate / HR contacts under the conditions set out in the General Terms and Conditions for Use of the Site, by means of a user name and a password.
Data Controller: shall designate the individual or organization, public authority, department or any other body that, alone or in collaboration with others, determines the purposes of – and procedures for – the Processing of Personal Data.
Sites : shall designate the websites, smartphone apps and online platforms operated by Groupe Henner that contain public areas accessible to any User and Member Acconts through which Henner provides Insured parties or Corporate / HR contacts with services under the terms of the insurance contracts drawn up, managed and / or distributed by Henner. The Sites, including the Member Acconts, are governed by General Terms and Conditions of Use (GTCU), and in addition to them by this Confidentiality Policy.
Processing : shall designate any operation or set of operations that may or may not be carried out with the assistance of automated means and are applied to Data or sets of Data, such as collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, circulation or any other means of provision, alignment or combination, or locking, deletion or destruction.
User : shall designate any individual who accesses a Site without the need for identification and without access to a Member Account.
2. PERSONAL DATA PROTECTION
2.1 Which organization is processing your data?
Within the context of use of this Site, the Data are collected and processed by:
Henner, a ‘Société par Actions Simplifiée’ (simplified joint stock company), entered in the Nanterre ‘RCS’ (trade and companies register) under the reference number 323 377 739, with its registered office located at 14 boulevard du Général Leclerc 92200 Neuilly-sur-Seine.
2.2 How do we collect your data?
Your data are collected either directly by Henner when you input them on contact forms, questionnaires and other areas made available to you when you use the services provided on the Site (requests for free call-back, requests for quotations, Member Account, etc.), or indirectly by third parties (notably by third-party cookies’ editors) when you browse the Site.
Henner will inform you when the provision of an item of information is required (notably due to a statutory regulatory or contractual obligation or else simply so that your request can be processed or your inquiry dealt with). Should you fail to provide information marked as “mandatory”, Henner may be unable to deal with the request or inquiry or to process the form concerned.
Those parts of a form that are not marked as “mandatory” are to be dealt with as you see fit – you may opt to complete them or not.
The following categories of Data are liable to be processed within the context of use of the Site (excluding the Member Account for Insured parties) :
- Data regarding identity ;
- Data regarding the following up of business relations ;
- Data regarding location and connection ;
2.3 Why do we process your data?
Your data are processed by Henner for the purposes, and on the legal basis, set out below:
1) Within the context of use of this Site
|Processing||Purpose (objective to be attained)||Legal basis|
|Management of sites and smartphone apps||– Technical administration of sites and smartphone apps
– Management of access, of security, of maintainability, of changes to sites and applications
– Management of cookies
|– Legitimate interest of Henner to ensure the availability and satisfactory functioning of its Sites and smartphone apps.
– Consent for the use of certain cookies
|Commercial management||– Responding to contact requests, inquiries or requests for quotations, etc.
– Management of prospective clients
– Management of clients (notably HR contacts)
|– Legitimate interest of Henner to respond to contact requests, inquiries or requests for quotations|
|Management of requests to exercise rights||– Responding to applications to exercise rights
– Managing and following up on applications to exercise rights
|– Legal and regulatory obligations|
|– Responding to complaints
– Managing and following up on complaints
|– Legal and regulatory obligations|
2) Within the context of management of the insurance contract held by the Insured parties
You will find the full set of information concerning the terms and conditions for collection, processing and use of your Data within the context of your insurance contract (and notably within the context of use of your Member Account), and the rights you hold with regard to said Data, in the “RGPD Insured Parties’ Charter” accessible here.
2.4 Who can access your data?
Within the context of use of the Site, your data are principally intended for use by Henner, but they may also be supplied to third-party cookies’editors or to service providers acting for Henner to carry out internal operations on the Site, notably hosting, maintenance, managing access, or for any operation connected to the activities of Henner for the purposes set out in article 2.3 of this document, but only to the extent that this is required in order to carry out the operations with which they have been tasked. The subcontractors concerned are required to maintain the confidentiality and security of your Data and to deploy the appropriate measures in this connection.
2.5 Where are your data hosted?
Henner undertakes, within the context of its activities and in accordance with the applicable Regulations, to deploy all the appropriate technical and organizational measures to ensure the security, availability, integrity, authenticity and confidentiality of your data, as well as the resilience of its IT systems.
Henner shall favour the hosting and processing of your Data in France or within the European Union (EU).
If you think you may have lost your identifiers, or under any other circumstances that may give rise to risks for the Sites and your Data, we would invite you to contact Henner immediately, and if the incident involves the loss or disclosure of your identifiers enabling access to your Member Account, we would recommend that you immediately request a new password in your Member Account in the “changing your password” tab.
2.6 How long will we retain your your data?
Your Data will be retained for the period required for achievement of the purposes set out above, plus the applicable legal provision.
2.7 What are your Rights and how can you exercise them?
In accordance with the applicable Regulations and under the conditions stipulated by these Regulations, you have the following rights:
- Right of access: to obtain information regarding the processing of your Data, and a copy of said Data;
- Right to rectification: to have your data corrected if they are inaccurate or incomplete;
- Right of erasure: to have your data removed, provided you meet the conditions laid down by the applicable regulations;
- The right to withdraw your consent at any point after you have given it ;
- Right to object: to object at any point, for reasons arising from your particular circumstances, to any processing of your Data, unless Henner demonstrates that there are legitimate and compelling reasons for the processing that override your interests, rights and liberties, or that the processing operation(s) are required for the demonstration, exercise or defence of rights within the context of legal proceedings;
- Right to Data portability over the Data that we have received from you and that we require for the contract, or for which your consent was requested;
- Right of restriction of processing: to limit the usage of your Data to retention alone, provided you meet the conditions laid down by the regulations ;
- The right to specify guidelines concerning the fate of your Data after your death.
You may exercise these rights upon request, providing proof of your identity by any means and explaining the purpose of your request, via the following email address : firstname.lastname@example.org or postal address : Henner, Délégué à la protection des données, Conformité/Relation Assureurs, 14 Boulevard du Général Leclerc 92 200 Neuilly sur Seine
Finally, should a dispute regarding your data persist, you also have the right to lodge a complaint with the CNIL data protection authority :
- either directly via the CNIL website : cnil.fr
- or by post : 3 Place Fontenoy – TSA 80715 – 75334 Paris Cedex 07.
3. COOKIES AND OTHER TRACKING FILES
The Site may automatically collect information by means of cookies or tracking files received when you visit the Site.
For more information regarding the cookies that we use and the means by which you can deactivate them, please consult our policy on cookie management accessible here.