Privacy policy
(Update 15/11/2022)
INTRODUCTION
Purpose of this Privacy Policy
CGPA EUROPE S.A., whose registered office is located at 41 Boulevard Royal, 2449 Luxembourg, LUXEMBOURG (hereinafter, “CGPA EUROPE”), is responsible for the content of this policy which aims to inform you about the way in which CGPA EUROPE uses and protects the personal data that you provide to us (hereinafter, the “Privacy Policy”). This new policy takes into account the General Data Protection Regulation (hereinafter, the “GDPR Regulation”) which entered into force on 25 May 2018.
By providing your personal data to CGPA EUROPE, you consent to it being used as described below. When providing CGPA EUROPE with personal data belonging to third parties, you are confirming that you have obtained their prior consent.
In the context of the direct or indirect collection and processing of your information, CGPA EUROPE acts as the data controller of your personal data.
Definition of personal data
The term “personal data” is taken to mean any information that can identify you directly or indirectly, in particular by including reference to an identifier. Personal data comprises information such as:
- your identification details,
- your professional and family status,
- your economic and financial information,
- your banking details,
- any data generated when browsing our website.
WHEN AND HOW DOES CGPA EUROPE COLLECT YOUR PERSONAL DATA?
As part of its insurance and human resources management activities, CGPA EUROPE collects your personal data via documents issued at various stages throughout the contractual or commercial relationship, in particular:
- as part of the steps involved in taking out an insurance policy;
- by reporting your claim directly to your CGPA EUROPE representative or indirectly to its partners (agents, brokers) or subcontractors (claims management partners, experts, etc.);
- when you register for an event organised by the CGPA Group;
- when you apply for a job within CGPA EUROPE;
- if you contact CGPA EUROPE to make a claim or request;
- when you register for training or information sessions on good professional practices organised by the CGPA Group;
- when browsing our website;
- if applicable, when you have an online client interface.
WHAT IS THE SOURCE OF THE PERSONAL DATA PROCESSED BY CGPA EUROPE?
CGPA EUROPE collects data directly from you but also indirectly, via the persons associated with the contract (the intermediary of the insurance contract or his/her legal representative) and/or the persons involved in the contract (experts, third party claimants, claims managers, etc.).
CGPA also employs Google Analytics, which is a service that analyses browsing data provided by Google Inc. in order to gain better insights into how users use their site.
To find out more about cookies, consult the Cookie Usage Policy.
WHAT DATA IS COLLECTED BY CGPA EUROPE?
The categories of personal data that CGPA EUROPE collects are:
- identification data and professional contact details of policyholders and insured parties;
- the identification data of policyholder beneficiaries who are legal entities;
- data relating to our exchanges and interactions, i.e., information that CGPA EUROPE exchanges during correspondence such as, for example, e-mails, letters sent by post or transcripts of our telephone conversations;
- where applicable, data relating to claims such as the nature of the claim and its circumstances, a description of the claim, expert reports and investigations including information relating to offences, reports, benefit amounts, etc.
- Sensitive data may be processed in the context of determining benefits, subject to your consent. This may include data relating to criminal convictions or offences, or health-related data.
FOR WHAT PURPOSES DOES CGPA EUROPE COLLECT YOUR DATA?
Personal data is collected for specific purposes (objectives), which are communicated to the individuals concerned. This data may not be used subsequently in any manner that is incompatible with these objectives. Data is collected fairly, and no data is collected without the knowledge of the persons concerned.
- The conclusion and management of the insurance contract and the analysis of the related risks
The collection of personal data is mandatory in order to meet our legal and regulatory obligations and for the purpose of entering into, managing and fulfilling the guarantees of your contract.
- Implementation of guarantees
The implementation of the guarantees provided for in the contract may require CGPA EUROPE to process personal data. The information collected and/or received by CGPA EUROPE is exclusively intended for the individuals in charge of managing claims and their processing is mandatory in order to implement the guarantees of your contract (except for legal protection).
- Administrative management of policyholders/insured parties
As part of the ongoing management of client relations, we may ask you to update this information (if necessary). It is mandatory to keep your data up-to-date so that CGPA EUROPE is able to meet its obligations regarding client knowledge when registering and/or updating client data.
- Responding to your contact requests
When you fill in the contact form on the CGPA EUROPE website, CGPA EUROPE, in its capacity as data controller, shall only collect the personal data that is needed to respond to your request and shall only use the data for this purpose.
- Anti-money laundering and financing of terrorism
CGPA Europe collects the personal data that is necessary to meet its legal and regulatory obligations, in particular with regard to the fight against money laundering and financing of terrorism.
- Human resources management
As part of its human resources management, CGPA collects the personal data that is necessary for the management of recruitment cycles, the identification of employees, their administrative management and workload organisation.
ON WHAT LEGAL GROUNDS DOES CGPA EUROPE PROCESS YOUR DATA?
The processing of personal data is carried out by CGPA EUROPE in accordance with the provisions under Article 6 of the GDPR Regulation, as specified below:
| Purpose of processing | Basis/justification for processing |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
HOW LONG WILL YOUR DATA BE STORED?
Personal data is kept for a limited period of time, which does not exceed the time required for the purposes of collection. The exact length of storage is determined on the basis of the purpose of processing, the individuals concerned by the data collection and in accordance with our legal, regulatory or professionally recognised obligations to which we are bound. These do not exceed what is strictly necessary for the data to be processed properly.
TO WHOM DOES CGPA EUROPE DISCLOSE YOUR DATA?
CGPA EUROPE undertakes to share your personal data only with third parties that are essential for processing and never to market your data.
CGPA EUROPE may also call upon the services of selected service providers. These third parties are contractually obliged not to communicate or access the personal data entrusted to them in relation to the services provided.
These service providers are:
- IT service providers who host and manage information systems (servers), backups, network provision and maintenance, backup servers, etc;
- providers of integrated service platforms (mass mailings, etc.);
- service providers for digitisation, archiving etc…
The following may have access to your personal data:
- the persons responsible for providing services as part of their respective responsibilities;
- insurers, brokers and other commercial partners, management delegates;
- service providers, experts, lawyers, mediators, arbitrators, etc;
- subcontractors;
- individuals with concerned with the contract (liable party, victim(s), third party(ies) concerned with the execution of the contract);
- authorised third parties (courts, supervisory authorities, supervisory departments (accountants, auditors, internal checks)).
Your data is processed and stored within the European Union. However, in very rare cases, in particular for the management of a claim, it may be transferred outside this territory. Should this happen, you will be specifically informed at the time of collection and we will put in place measures to ensure that European legislation is respected in order to provide you with greater security.
CONFIDENTIALITY AND DATA SECURITY
CGPA EUROPE is committed to ensuring the security of your data by implementing enhanced data protection through the use of physical and logical security measures, including:
– confidentiality commitments signed by our employees;
– an IT and information systems security policy through our IT suppliers;
– physical and organisational protection measures aimed at limiting the risks of inappropriate access to this personal data.
WHAT ARE YOUR RIGHTS?
Under the conditions provided for by the applicable data protection regulations, you have:
- a right to access the data collected by CGPA EUROPE
- a right to rectify your personal data
This means that you can ask for your personal data to be corrected if it appears to be inaccurate or out of date. You can also ask for information to be added to your personal data if it appears to be incomplete;
- the right to object to processing
This means that you may object to certain types of processing, except where such processing is carried out in order to fulfil a legal or regulatory obligation on the part of CGPA EUROPE;
- a right to erase or delete personal data
However, there may be legitimate reasons for CGPA EUROPE to retain your personal data, in particular when the processing is necessary in order to comply with a legal obligation to which we are subject or in the establishment, exercise or defence of legal claims;
- data portability rights
This means that you can request the transfer of the personal data you have provided to a third party;
- a right to limit the processing of your data
This means that your personal data may only be processed with your consent or for the establishment, exercise or defence of legal claims, with the exception of storage;
- the right to establish guidelines for post-mortem treatment
This means that you are free to issue instructions on the retention, deletion and disclosure of your personal data after your death. These instructions may be general or specific. General instructions are registered with a trusted third party. Specific instructions are registered with the data controller;
- the right to withdraw your consent
This means that you can withdraw your consent to the processing of your personal data at any time.
You may exercise these rights at any time by using the contact details below and adding the link to the page allowing users to exercise their rights.
You may also submit a complaint to the National Commission for Data Protection (CNPD): (https://cnpd.public.lu/fr/particuliers/faire-valoir/formulaire-plainte.html ).
CONTACT
You can contact CGPA EUROPE at any time:
– by using the contact form found on our website (https://www.cgpa-europe.com/contact/).
– by sending an email to the Data Protection Officer of the CGPA Group: [email protected].
This policy, which is freely accessible on CGPA EUROPE’s website, is updated regularly to take stock of legislative and regulatory developments, and any changes in CGPA EUROPE’s organisation or in the range of products and services provided.
