Trust is an essential part of our relationship, especially when you use our website.
This is why Axeria Prévoyance, a Malakoff Humanis Group company, places the utmost importance on respecting your privacy and protecting your personal data.
The purpose of this policy is to set out the rules in force with regard to data protection, in particular the French Data Protection Act No. 78-17 of January 6, 1978 as amended and the General Data Protection Regulation No. 2016-679 of April 27, 2016, and the enforcement of these rules by the data controllers designated below.
We are committed to maintaining the confidentiality of your personal information, which must be protected at all times. We make sure you are fully informed of how to consult, collect use and store this information, as well as all your rights in this area.
Definition of the scope
Personal data is any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a surname, forename, contract number, telephone number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data concerning health means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her past present or future health status. Medical data is part of personal health data.
Data protection stakeholders
The data controller
Within the framework of our activities of underwriting and managing (individual and/or group) insurance contracts, customer relations (including the presentation of services), social action and the management of services offered to customers and prospects, we are, alone or jointly with our management delegates, responsible for data processing.
The Data Protection Officer (DPO)
The Data Protection Officer or “DPO” is responsible for ensuring that Axeria Prévoyance complies with the regulations on the protection of personal data.
He/she implements the personal data protection policy and ensures, in particular, that processing operations for projects impacting the protection of such data are documented. He/she identifies the risks of non-compliance with the French Data Protection Act and the GDPR and recommends the appropriate measures to be implemented. He/she is responsible for raising awareness about personal data protection issues among stakeholders. As contact person for the CNIL regulatory authority, he/she is also the point of entry for any regulatory control on personal data.
The fundamental principles of the French Data Protection Act
The purposes of the processing
Your personal data is collected for specific and legitimate purposes, the objective of which is precisely identified in advance, with regard to the interests and/or activities of Axeria Prévoyance.
Your personal data will not be further processed in a way that is incompatible with the original purpose.
In practice, Axeria Prévoyance is required to process personal data for the following insurance and service purposes:
– underwriting, managing and performing the insurance contract;
– compiling statistics, including commercial statistics, actuarial studies or other research and development analyses;
– exercising remedies and managing claims and disputes;
– the fight against fraud, which may lead to persons being included in a list of persons presenting a risk of fraud; and the fight against money laundering and the financing of terrorism;
– the enforcement of legal, regulatory and administrative provisions in force.
Some of your personal data enables us to provide our insurance services and to improve the quality of these services.
The relevance of the data
Your data are collected and processed fairly and lawfully. This policy is part of this transparency approach.
They must be adequate, relevant and not excessive in relation to the purposes for which they are collected.
The collection and processing of your personal data is necessary to manage and perform the contract signed with Axeria Prévoyance.
Limited data storage
Personal data must not be kept longer than required for the purpose of the processing.
The storage periods for personal data processed for the purpose of managing insurance contracts and customer relations, vary according to the intended purposes and are set in accordance with the periods set down in the regulations
Axeria Prévoyance takes all necessary precautions in view of the state of the art and the purposes of the processing as well as the probability of each risk occurring, in order to preserve the security and confidentiality of the personal data you provide to it and in particular to prevent such data from being deformed, damaged or, unless you agree, communicated to third parties.
Consequently, Axeria Prévoyance implements all technical, logical, physical and organisational measures to guarantee a level of security appropriate to the risk and to prevent any loss, alteration, disclosure of data or access thereto by unauthorised third parties.
However, given the intrinsic characteristics of the Internet, the data transmitted across the website are subject to measures that cannot protect against all risks of misappropriation and/or piracy, for which Axeria Prévoyance cannot be held liable. In the event of a personal data breach and in accordance with the regulations, Axeria Prévoyance undertakes to notify the CNIL.
In the event that such a breach presents a high risk to the rights and freedoms of natural persons, we will inform them as soon as possible and in accordance with the conditions set out in the regulations on personal data protection.
The recipients of your data
The recipients are, within the limits of their respective attributions and depending on the purposes: the staff of Axeria Prévoyance, partners (management delegates, insurance intermediaries and reinsurers as well as professional organisations and guarantee funds).
Only duly authorised recipients may access the information required for their activities.
Without this list being exhaustive, we may also be required to communicate your data in certain specific cases to persons involved in the contract such as lawyers, experts, court officers and ministerial officers, curators, guardians, investigators and health professionals, consulting physicians and authorised personnel; where applicable, the courts concerned, arbitrators, mediators; the ministries concerned, guardianship and supervisory authorities and any public bodies authorised to receive these data.
Relationships with Axeria Prévoyance’s sub-contractors are contractually regulated in order to meet the requirements for the protection of personal data.
Informing data subjects
Prior to implementing processing, and at the latest when the data are collected, Axeria Prévoyance provides the following information to data subjects, either directly or through our agents:
• The identity and contact details of the data controller;
• the contact details of the DPO;
• the purpose of the processing operations carried out on their personal data and the appropriate legal basis depending on the purpose of the processing operations, namely consent, performance of the contract, compliance with legal obligations, safeguarding the vital interests of a natural person or the legitimate interests of the data controller;
• the recipients of the personal data;
• how long the information collected will be stored and what rights you have with regard to your data;
• if applicable, the fact that Axeria Prévoyance or a co-controller or sub-contractor intends to transfer personal data to a country outside the European Union and the legal guarantees implemented in connection with this transfer;
• the optional or mandatory nature of the data collected;
The rights of persons
In accordance with the provisions of EU Regulation no. 2016/679 of 27 April 2016 on data protection, you have the right of access, rectification and erasure (of inaccurate, incomplete, erroneous or out-of-date data or data the processing of which would be unlawful), the right to object, the right to restriction of processing (in the cases provided for by law) and the right of portability (in the cases provided for by law) of the data concerning you, as well as the right to define the instructions relating to the retention, erasure and communication of this data after your death.
You can exercise your rights by writing to the Axeria Prévoyance Data Protection Officer (Délégué à la protection des données) at the address: Axeria Prévoyance – DPO 90, Avenue Félix Faure – 69439 Lyon cedex 03 or by email at firstname.lastname@example.org and attaching proof of your identity. Users may submit a complaint online or by post to the French Data Protection Authority (Commission Nationale Informatique et Libertés) if they believe that their rights have not been respected after having contacted the Data Protection Officer.
Processing data concerning health
Axeria Prévoyance may, in strict compliance with the purpose of its activities, process data concerning your health and, more importantly, your medical data. On this point, in addition to complying with the principles set out above, Axeria Prévoyance pays particular attention to the methods of collection and implements more stringent security measures.
Explicit and specific consent is obtained to allow the processing of personal data concerning health.
Medical data are covered by medical secrecy provisions. They are only intended for use by departments authorised to process medical data at Axeria Prévoyance and our agents.
The data are processed on the territory of the European Union.
In the event of a transfer of personal data outside the European Union, the customer is provided with additional information on the country in which the recipient of the transferred data is located, the nature of the data transferred, the purpose of the transfer, the categories of recipients of the transferred data and the guarantees implemented to provide an adequate level of data protection.