Privacy policy

INTRODUCTION

of the rights of data subjects for all data managed by GEREP. The reference texts for this policy are the RGPD (General Regulation for Data Protection) and the so-called "Loi Informatique et Libertés". The concepts used in this policy are defined in the RGPD, in particular the concepts of processing, personal data or personal data, data subjects and data controller.
GEREP strives to protect the confidentiality of personal data that the company processes in connection with the services it provides to its customers.

1. KEY DATA PROTECTION TERMS

RGPD is the EU General Data Protection Regulation and implementing acts in force in the corresponding EU Member State where Gerep is established. The Data Controller is an entity that collects and stores personal data. It decides what personal data it collects about you and how this personal data is used. Any player in the insurance market, when using your personal data for the purposes set out in the paragraph "How we use and disclose your data", may be a Data Controller.
Personal data refers to all data from which you can be identified and which relates to you. This may include data relating to any claims you may have made.
The processing of personal data includes the collection, use, storage, disclosure or deletion of your personal data.

2. IDENTITY OF THE DATA CONTROLLER AND CONTACT DETAILS

GEREP, 4 rue de Vienne 75008 PARIS is the data controller for the personal data we receive in the course of providing our services.

3. PERSONAL INFORMATION THAT MAY BE PROCESSED

We collect and process the following personal data:

Individual information: name, address (and proof of address), other contact details (e.g. e-mail and telephone numbers), gender, marital status, family information, date and place of birth, employer, job title and work experience, relationship to insured, beneficiary or claimant.
Identification information: identification numbers issued by government agencies or institutions (e.g., depending on the country you are in, social security or national insurance number, passport number, identity card number, tax identification number, driver's license number).
Financial information: payment card number, bank account number and account information, income information and other financial information.
Insured risk: information relevant to the insured risk.
Special categories of personal data: The following data are considered to fall into a special category of personal data: medical data current or past physical or mental medical conditions, state of health, information on injuries or disabilities, medical procedures performed, relevant personal habits (e.g. smoking or alcohol consumption), information on medical prescriptions, medical history;
Policy information: information on the quotes individuals receive and the policies they obtain.
Previous claims: information on previous claims, which may include special categories of personal data (as defined above).
Current claims? information on current claims, which may include special Categories of Personal Data (as defined above).
Marketing data: whether or not the individual has consented to receive advertising from us and from third parties.

The processing of particular categories of data is prohibited, except in cases where:

The data subject has given his/her express consent to the processing of the particular categories of data in question, and such consent is considered valid under the laws and regulations in force; or
processing is necessary for the purposes of complying with the specific rights and obligations of the controller or the data subject in the field of employment law, social security and social protection, insofar as it is authorised by applicable legislation providing adequate safeguards; or
The processing of special categories of data is necessary for the purposes of preventive medicine or occupational medicine, the assessment of a worker's capacity to work, medical diagnosis, health or social care or the management of health care or social protection systems and services on the basis of the Union, the law of a Member State or by virtue of a contract concluded with a health professional and subject to the conditions and guarantees if such data is processed: By a health professional subject to an obligation of professional secrecy, or by another person also subject to an obligation of secrecy; or
The processing is necessary for reasons of public interest in the fields of public health in accordance with Union law or the law of a Member State which provides for appropriate and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy;
Processing is necessary for archival purposes in the public interest, for scientific or historical research purposes or for statistical purposes, in accordance with European Regulations, on the basis of Union law or the law of a Member State, which must be proportionate to the objective pursued, respect the essence of the right to data protection and provide for appropriate and specific measures to safeguard the fundamental rights and interests of the data subject;

4. SOURCES OF PERSONAL DATA

We collect personal data from various sources, including (depending on the country you are in) :

You and your family members, online, by telephone or by written correspondence;
Your employer(s) ;
In the case of a claim, a third party, including the claimant, defendant, witnesses, experts (including medical experts), adjusters, attorneys and claims handlers ;
Other players in the insurance market, such as insurers, reinsurers and other intermediaries ;
Any anti-fraud and other third-party databases, including penalty lists;
Government agencies and tax authorities;
Claim forms.

5. HOW WE USE AND DISCLOSE YOUR DATA - RELEVANCE OF DATA

Your data is collected and processed fairly and lawfully. This policy is part of this transparent approach. Your personal data must be adequate, relevant and not excessive in relation to the purposes for which it is collected. The collection and processing of your personal data is necessary for the management and execution of the contract by GEREP. Personal data is collected for specific purposes (purposes), which are made known to the persons concerned. Such data may not be used subsequently in a manner incompatible with these purposes. Data is collected fairly; it is not collected without the knowledge of the individuals concerned. These "legal grounds" are included in the General Data Protection Regulation (GDPR) and allow companies to process personal data only when the processing is authorized by the specific "legal grounds" described in the regulation. Please note that in addition to the disclosures listed in the table below, we may disclose personal data, in compliance with the purposes specified in this policy, to service providers, who perform services on our behalf. GEREP also requires that all service providers provide appropriate safeguards to ensure the security and confidentiality of personal data.

6. HEALTH DATA PROCESSING

GEREP may be required, in strict compliance with the purpose of its activities, to process data concerning your health and, a fortiori, to process your medical data. In this respect, in addition to complying with the principles set out above, GEREP pays particular attention to the manner in which data is collected and to the implementation of enhanced security measures. Your medical data is covered by medical secrecy. It is intended solely for our Medical Department and for any person under the responsibility of the Chief Medical Officer.

7. CONSENT

The processing of data concerning the policyholder's health, which is sensitive data within the meaning of the "Loi Informatique et Libertés" and the RGPD, is subject to the policyholder's prior written consent. In practice, the conclusion of the insurance contract constitutes collection of consent for the processing of health data for contract management purposes. For any other service requiring the processing of such data, specific consent is obtained. To facilitate the communication of marketing information, we require your consent. You, as well as anyone other than yourself, may withdraw your consent to the processing of personal data at any time. However, this may prevent us from continuing to offer our services.

8. DATA RETENTION PERIOD

GEREP undertakes to keep the data collected in a form that enables you to be identified for no longer than is necessary for the purposes for which the data is collected and processed. As part of the management of the supplementary health benefits plan and associated services, the data mentioned above in the present privacy policy is kept for 10 years after the end of membership, in accordance with the duration required for the performance of the contract. The retention periods must also comply with the limitation periods set out in the French Mutual Insurance Code (Code de la Mutualité), the French Insurance Code (Code des Assurances) and articles 2219 et seq. of the French Civil Code (Code Civil). As part of the management of the website (consultation of statements, declarations of change of situation, the data mentioned above in the present confidentiality policy) are kept for 2 years.

9. SAFETY MEASURES

We aim always to store your personal data in the safest and most secure manner, and only for as long as is necessary for the purposes for which it is to be processed. To this end, we take appropriate physical, technical and organizational measures to prevent as far as possible any alteration or loss of your data, or any unauthorized access to it. These security measures will vary according to the sensitivity, format, location, quantity, distribution and storage of the personal data. They include measures to protect personal data against unauthorized access. Where appropriate, security measures include encryption of communications via SSL, firewalls, employee training, access controls, segregation of duties and similar security protocols. We restrict access to personal data to staff and third parties who require access to such information, for legitimate, relevant and professional purposes.

10. LIMITATION OF DATA COLLECTION AND STORAGE

Our retention periods for personal data are based on business needs and legal requirements. We retain personal data for as long as necessary for the purposes of the processing for which the information was collected and for any other permitted and related purposes, or as required by law. For example, we may retain certain transaction information and related correspondence until the time limit for claims arising from the transaction has expired or to comply with regulatory requirements regarding the retention of such data. When personal data is no longer required, we either irreversibly anonymize the data (and may continue to retain and use anonymized information), or securely destroy the data.

11. CROSS-BORDER TRANSMISSION OF PERSONAL INFORMATION

We do not transfer personal data to countries outside the European Economic Area (EEA). You can request further information on the specific protection measures applied to the export of your personal data by contacting the Data Protection Officer at the address below.

12. ACCURACY, LIABILITY, OPENNESS AND YOUR RIGHTS

We strive to keep personal data accurate, complete and up-to-date. Please contact our DPO (Data Protection Officer) at dpo@gerep.fr or by mail at the following address: GEREP - Délégué à la Protection des Données - 4 Rue de VIENNE - 75008 PARIS, to update your information. Questions about our privacy practices should first be directed to our Data Protection Officer. Under certain conditions, you have the right to ask us to :

Provide further details on how we use and process your personal data;
Provide a copy of the personal data we hold about you;
Update any inaccuracies in the personal data we hold;
Delete personal data for which we no longer have a legal basis justifying their processing;
Withdraw consent, when processing is based on consent ;
Object to any processing of personal data that we justify on the legal grounds of "legitimate interests", unless our reasons for undertaking such processing outweigh any harm to your privacy rights; and restrict how we process personal data while we are considering your request.

These rights may be subject to certain exceptions to protect the public interest (e.g. prevention or detection of criminal activity) and our interests. We will respond to most requests within 30 days. If we are unable to respond to a request or complaint, please contact: CNIL - 3, place de FONTENOY - TSA 80715 - 75334 PARIS CEDEX 07.

13. QUESTIONS, REQUESTS OR COMPLAINTS

To submit questions or requests regarding this Privacy Policy or our privacy practices, please write to our DPO (Data Protection Officer) at the following address dpo@gerep.frby using the form below or by post to the following address: GEREP - Délégué à la Protection des Données - 4 Rue de VIENNE - 75008 PARIS.

14. CHANGES TO THIS PRIVACY POLICY

This privacy policy is subject to change at any time. It was last modified on [24 .05.18]. If we make changes to this Privacy Policy, we will update the date on which it was last modified. Any changes we make to this Privacy Policy are effective immediately. Our privacy policy can be downloaded at this link.

Conformément au règlement Européen RGPD, je demande *
- Select All
- La consultation de mes données personnelles
- La rectification de mes données personnelles
- La non utilisation de mes données personnelles
- La suppression et la non utilisation de toutes données personnelles me concernant dans votre système d'information via ce formulaire
Je communique mon nom, prénom et adresse mail pour que vous les retrouviez ou supprimiez de votre système d'information
Civilité*
Nom*
Prénom*
E-mail*
Nous avons besoin de votre adresse email pour suivre nos échanges!
Message complémentaire
CAPTCHA
Name
This field is for validation purposes and should be left unchanged.