GREENVAL DATA PROTECTION NOTICE
GREENVAL DATA PROTECTION NOTICE - CHOOSE YOUR LANGUAGE
The company's data protection notice can be found in the links below. Choose your language.
GREENVAL DATA PROTECTION NOTICE
GREENVAL DATA PROTECTION NOTICE
The protection of your personal data is important to Greenval Insurance DAC (“Greenval”) and BNP Paribas Group, to which Greenval belongs. BNP Paribas Group has adopted common principles in that respect for the entire group.
This Data Protection Notice provides you with detailed information relating to the protection of your personal data by Greenval (“we”).
We are responsible, as a controller, for the collection and processing of your personal data in relation to our activities. The purpose of this Data Protection Notice is to let you know which personal data we use about you, as individual client or our corporate clients’ representative or as a claimant under our insurance policies, the reasons why we use and share such data, how long we keep it and how you can exercise your rights.
Further information may be provided where necessary when you apply for a specific product or service, e.g. in the data protection clause of your insurance contract.
1. WHICH PERSONAL DATA DO WE USE ABOUT YOU?
We collect and use your personal data to the extent necessary in the framework of our activities and to achieve a high standard of personalised insurance products and services.
We may collect various types of personal data about you, including:
· identification information (e.g. name, ID card, passport, driving licence, nationality, place and date of birth, gender, photograph, IP address);
· contact information (e.g. postal address and e-mail address, phone number);
· family situation (e.g. marital status, number of children);
· tax status (e.g. tax ID, tax status);
· employment information (e.g. employment, employer’s name, location);
· banking, financial and transactional data (e.g. credit card number, bank account details, payment data);
· data relating to the insurance contract (e.g. client identification number, contract number, methods of payment, duration, amounts and discounts);
· data relating to risk assessment (e.g. use of insured vehicle for personal use, location of vehicle storage);
· data relating to insurance claims (e.g. insurance claim history including paid indemnities and expert reports, information about victims);
· data relating to you, your habits and preferences and use of the insured vehicle:
o data which relate to your use of the insured vehicle (e.g. number of kilometres travelled);
o data from your interactions with us: our branches (contact reports), our internet websites, our apps, our social media pages, meeting, call, chat, email, interview, phone conversation, correspondence, requests for information or documents; and
· video surveillance (including CCTV) and geolocation data (e.g. to identify locations of suppliers for you or enabling the provision of specific services).
· Data necessary for fighting insurance fraud, money laundering and terrorist financing and any other data that we are obliged to collect by law.
We may collect biometric data (e.g. fingerprint, voice pattern or face pattern which can be used for identification and security purposes), which is a special category of data (so-called sensitive data) granted a higher level of protection subject to your explicit prior consent and in compliance with applicable rules.
The data we use about you may either be directly provided by you or be obtained from the following sources in order to verify or enrich our databases:
· publications/databases made available by official authorities (e.g. the official journal);
· our corporate clients and/or their branches and affiliates (e.g. your employer) or service providers;
· third parties such as fraud prevention agencies or data brokers in conformity with the data protection legislation;
· websites/social media pages containing information made public by you (e.g. your own website or social media); and
· databases made publicly available by third parties.
2. SPECIFIC CASES OF PERSONAL DATA COLLECTION, INCLUDING INDIRECT COLLECTION
As mentioned above, in certain circumstances, we may collect and use personal data of individuals with whom we have, could have, or used to have a direct relationship such as prospects.
For some reasons, we may also collect information about you whereas you do not have a direct relationship with us.
This may happen for instance when your employer provides us with information about you or your contact details are provided by one of our clients if you are, for example :
· Family members;
· Legal representatives (power of attorney);
· Beneficiaries of insurance policy
· Ultimate beneficial owners;
· Clients‘ debtors (e.g. in case of bankruptcy);
· Company shareholders;
· Representatives of a legal entity (which may be a client or a vendor);
· Staff of service provider and commercial partners.
3. WHY AND ON WHICH BASIS DO WE USE YOUR PERSONAL DATA?
a. To comply with our legal and regulatory obligations
We use your personal data to comply with various legal and regulatory obligations, including:
· prevention of money-laundering and financing of terrorism;
· prevention of insurance fraud;
· compliance with legislation relating to sanctions and embargoes;
· fight against tax fraud and fulfilment of tax control and notification obligations;
· banking and financial regulations in compliance with which we:
· set up security measures in order to prevent abuse and fraud;
· detect transactions which deviate from the normal patterns; and
· monitor and report risks that we could incur;
· reply to an official request from a duly authorised public or judicial authority in the EU (e.g. to identify the driver and communicate the data to the relevant public authorities).
b. To perform a contract or to take steps at your request before entering into a contract with you
We use your personal data to enter into and perform our contracts, including to:
· define your insurance risk profile and corresponding premiums;
· evaluate if we can offer you a product or service and under which conditions;
· provide you with information regarding our insurance product and services;
· manage insurance claims (from first notice of loss through to settlement);
· manage the resolution of disputes and assist you and answer your requests and complaints (including insurance claims);
· allow you to access easily some services directly on your smartphone with our mobile applications; and
· handle billing, invoicing and recovery.
c. To fulfil our legitimate interest
We use your personal data in order to deploy and develop our products or services, to manage the contractual relationship with our corporate clients of whom you are an employee, to improve our risk management and to defend our legal rights, including:
· proof of transactions;
· fraud prevention;
· rolling out of prevention campaigns, e.g. creating alerts in connection with traffic or road hazards;
· response to official requests from public authorities of third countries (located outside EEA);
· IT management, including infrastructure management (e.g. shared platforms) & business continuity and IT security;
· establishing individual statistical models, based on the analysis of transactions, for instance in order to help define your driver profile, and/or insurance risk score;
· establishing aggregated statistics, tests and models, for research and development, in order to improve the risk management at BNP Paribas group level or in order to improve existing products and services or create new ones;
· training of our personnel by recording phone calls to our call centres;
· personalising our offering to you and that of other BNP Paribas entities through:
· improving the quality of our insurance products and services
· advertising products or services that match with your situation and profile.
This can be achieved by :
segmenting our prospects and clients;
analysing your habits and preferences in the various channels (visits to our representatives, emails or messages, visits to our website, etc.);
matching the data from your insurance products and services that you have already subscribed for or for which you received a quote with other data we hold about you.
Applicable to our corporate clients’ employees only:
· evaluate if we can offer a product or service and under which conditions;
· provide information regarding our products and services;
· manage the resolution of disputes, assist and answer requests and complaints (including insurance claims);
· deliver a digital platform that allow you (i) to access easily some services directly on their smartphones and (ii) to use a pool of vehicles for car sharing in order to increase the vehicle utilisation rate;
· handle billing, invoicing and recovery.
In all circumstances, your data may be aggregated into anonymised statistics that may be offered to professional clients and BNP Paribas Group entities to assist them in developing their business.
d. To respect your choice if we requested your consent for a specific processing
In some cases, we must require your consent to process your data, for example:
Unless we can rely on other legal grounds, where the above purposes lead to automated decision-making, which produces legal effects or which significantly affects you. At that point, we will inform you separately about the logic involved, as well as the significance and the envisaged consequences of such processing;
· if we need to carry out further processing for purposes other than those above in this section 3, we will inform you and, where necessary, obtain your consent.
4. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
In order to fulfill the aforementioned purposes, we only disclose your personal data to:
· Our staff in charge of managing your insurance products and services;
· Co-insurers, re-insurers, motor insurance bureaux and guarantee funds;
· Interested parties to the insurance contract such as:
o contract holders, subscribers and insured parties as well as their representatives;
o contract assignees or beneficiaries of subrogation;
o persons responsible for incidents, victims, their representatives and witnesses.
· BNP Paribas Group entities (e.g. you can benefit from our full range of group products and services);
· Service providers which perform services on our behalf;
· Independent agents, intermediaries or brokers;
· Banking and commercial partners;
· Financial or judicial authorities, state agencies or public bodies, upon request and to the extent permitted by law;
· Certain regulated professionals such as healthcare professionals, lawyers or auditors.
5. TRANSFERS OF PERSONAL DATA OUTSIDE THE EEA
In case of international transfers originating from the European Economic Area (EEA), where the European Commission has recognised a non-EEA country as providing an adequate level of data protection, your personal data will be transferred on this basis. In this situation, no specific formality is needed.
For transfers to non-EEA countries whose level of protection has not been recognised by the European Commission, we will either rely on a derogation applicable to the specific situation (e.g. if the transfer is necessary to perform our contract with you such as when making an international payment) or implement one of the following safeguards to ensure the protection of your personal data:
· Standard contractual clauses approved by the European Commission; or
· Binding corporate rules, where applicable (for intra-group transfers).
To obtain a copy of these safeguards or details on where they are available, you can send a written request as set out in section 9.
6. HOW LONG DO WE KEEP YOUR PERSONAL DATA FOR?
We will retain your personal data for the longer of the period required in order to comply with applicable laws and regulations or another period with regard to our operational requirements, such as proper account maintenance, facilitating client relationship management, handling insurance claims (through to their settlement) and responding to legal claims or regulatory requests. For further clarity, the retention period is the longer of the term of your (or your company’s) insurance contract or the time required to settled any insurance claims, plus the period of time until the legal claims under that contract become time-barred, unless overriding legal or regulatory provisions require a longer or shorter retention period. For prospects, personal data is kept for as long as you express an interest in our services and products; when this ceases to be the case, we will endeavour to remove your personal data within a reasonable time and at the latest within 12 months thereafter. Cookies and other connection and tracking data stored on your device are kept for a period of 13 months from their collection date.
7. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
In accordance with applicable regulations, you have the following rights:
To access: you can obtain information relating to the processing of your personal data, and a copy of such personal data.
To rectify: where you consider that your personal data are inaccurate or incomplete, you can require that such personal data be modified accordingly.
To erase: you can require the deletion of your personal data, to the extent permitted by law.
To restrict: you can request the restriction of the processing of your personal data.
To object: you can object to the processing of your personal data, on grounds relating to your particular situation. You have the absolute right to object to the processing of your personal data for direct marketing purposes, which includes profiling related to such direct marketing.
To withdraw your consent: where you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time.
To data portability: where legally applicable, you have the right to have the personal data you have provided to us be returned to you or, where technically feasible, transferred to a third party.
If you wish to exercise the rights listed above, please send a letter to the following address: “To the attention of our Data Protection Officer”, Greenval Insurance DAC, Trinity Point, 10-11 Leinster Street South, Dublin 2, Ireland or send an e-mail to firstname.lastname@example.org. Please include a scan/copy of your identity card for identification purpose.
In accordance with applicable regulation, in addition to your rights above, you are also entitled to lodge a complaint with the competent supervisory authority
8. HOW CAN YOU KEEP UP WITH CHANGES TO THIS DATA PROTECTION NOTICE?
In a world of constant technological changes, we may need to regularly update this Data Protection Notice.
We will notify you of any substantive changes to this Data Protection Notice and will invite you to review the latest version thereof available online at:www.greenval-insurance.com
9. HOW TO CONTACT US?
If you have any questions relating to our use of your personal data under this Data Protection Notice, please send a letter or e-mail to the following address: Greenval Insurance DAC, Trinity Point, 10-11 Leinster Street South, Dublin 2, Ireland or email@example.com. Alternatively, if you wish to contact our Data Protection Officer, please email your query to firstname.lastname@example.org.