GREENVAL DATA PROTECTION NOTICE | Greenval-insurance

Greenval Insurance DAC ("Greenval") and the BNP Paribas Group, of which Greenval is a part, attach great importance to the protection of your personal data. The BNP Paribas Group has therefore adopted common principles in this regard for the entire Group.

ARE YOU SUBJECT TO THIS NOTICE?

This Privacy Policy Notice informs you in detail about the protection of your personal data by Greenval ("we"). This Privacy Policy Notice applies to you if you are:

one of our customers or in a contractual relationship with us;
a member of customer family. Indeed, our customers may occasionally share with us information about their family when it is necessary to provide them with a product or service or to get to know them better;
a person interested in our products or services when you provide us with your personal data (in an agency, on our websites and applications, during events or sponsorship operations) so that we can contact you.
an employee of our corporate customers.

As a data controller, we are responsible for the collection and processing of your personal data in the course of our business. The purpose of this Privacy Policy Notice is to explain to you what personal data we use about you, as an individual customer, representative of our corporate customers or as an applicant under our insurance policies, why we use and share this data, how long we keep it for and how you can exercise your rights.

Other information may be transmitted, if necessary, if you request a particular product or service, for example in the data protection clause of your insurance contract.

WHAT PERSONAL DATA DO WE USE ABOUT YOU?

We collect and use your personal data to the extent necessary in the course of our business to provide high-quality, personalized insurance products and services.

We may collect various types of personal data about you, including:

identification information (e.g. name, identity card, passport, driver's license, nationality, place and date of birth, gender, photo, IP address);
contact information (e.g. postal and email address, telephone number);
family situation (e.g. marital status, number of children);
tax status (e.g. tax ID, tax status);
professional information (e.g. employment, name of employer, place of work);
banking, financial and transactional data (e.g. credit card number, bank account details, payment data);
data relating to the insurance contract (e.g. customer identification number, contract number, payment methods, term, amounts and discounts);
data relating to the risk assessment (e.g. use of an insured vehicle for personal use, location of storage of the vehicle);
data relating to claims (e.g. claims history including compensation paid and expert reports, information on victims);
data about you, as well as your habits and preferences and the use of the insured vehicle:

data relating to your use of the insured vehicle (e.g. number of kilometres driven);
data from your interactions with us: our subsidiaries (contact reports), websites, social media pages, meetings, calls, online discussions, interviews, telephone conversations, correspondence, requests for information or documents; and

video surveillance data (including closed-circuit cameras) and geolocation data (e.g. to identify the locations of providers for you or to enable the provision of specific services).
Data necessary to combat insurance fraud, money laundering and terrorist financing, and any other data we are required to collect by law.

We may collect biometric data (e.g. fingerprints, voiceprints or facial images that can be used for identification and security purposes), which constitute a special category of data (so-called "sensitive" data) that allows us to obtain a higher level of protection, subject to your explicit prior consent and in accordance with applicable rules.

The data we use about you may be provided directly by you or obtained from the following sources in order to verify or develop our databases:

publications/databases made available by official authorities (e.g. the Official Journal);
our corporate customers and/or their subsidiaries and affiliates (e.g. your employer) or contractors;
third parties such as fraud prevention agencies or data vendors in compliance with data protection legislation;
websites/social media pagfescontaining information posted by you (e.g. your own website or social media); and
databases made available to the public by third parties.

SPECIAL CASES OF COLLECTION OF PERSONAL DATA, INCLUDING INDIRECT COLLECTION

As mentioned above, in certain circumstances, we may collect and use the personal data of individuals with whom we have, may have, or had a direct relationship, such as potential customers.

For certain reasons, we may also collect information about you although you do not have a direct relationship with us.

This is the case, for example, when your employer provides us with information about you or when your contact details are provided by one of our customers if you are, for example:

Family members;
Legal representatives (by virtue of a power of attorney);
Beneficiaries of an insurance policy;
Ultimate beneficial owners;
Debtors of customers (e.g. in the event of bankruptcy);
Shareholders of a company;
Representatives of a legal entity (which can be a customer or a supplier);
Staff members of a service provider and business partners.

WHY AND ON WHAT BASIS DO WE USE YOUR PERSONAL DATA?

1. To comply with our legal and regulatory obligations

In this section we explain why we process your personal data and the legal basis for doing so. The purpose of this section is to explain why we process your personal data and what legal basis we rely on to justify it.

We use your personal data to comply with various legal and regulatory obligations, including:

the prevention of money laundering and terrorist financing;
the prevention of insurance fraud;
compliance with sanctions and embargo legislation;
the fight against tax fraud and the fulfilment of tax audit and reporting obligations;
compliance with banking and financial regulations under which we:
- - implement security measures to prevent abuse and fraud;
  - detect transactions that differ from normal patterns; and
  - monitor and report any risks we may incur.
respond to an official request from a duly authorised public or judicial authority of the European Union (e.g. to identify the driver and communicate the data to the competent public authorities).

1. To perform a contract or take steps at your request prior to entering into a contract with you

We use your personal data in order to enter into and perform our contracts, including to:

define your insurance risk profile and the corresponding premiums;
determine whether and under what conditions we can offer you a product or service;
provide you with information regarding our insurance products and services;
manage claims (from the first loss report to settlement);
manage the resolution of disputes, and assist you and respond to your requests and claims (including claims);
allow you to easily access certain services directly on your Smartphone through our mobile applications; and
billing and collection.

1. To serve our legitimate interests

We use your personal data in order to deploy and develop our products and services, to manage the contractual relationship with our corporate customers of which you are an employee, to improve our risk management and to defend our legal rights, including in order to:

obtain proof of transactions;
prevent fraud;
deploy prevention campaigns, e.g. by creating traffic or road alerts;
respond to official requests from public authorities in third countries (located outside the EEA);
managing IT systems, including infrastructure management (e.g. exchange platforms), and ensuring business continuity and IT security;
establish individual statistical models, based on transaction analysis, e.g. to define your driver profile and/or insurance risk score;
to establish aggregated statistics, tests and models, for research and development, in order to improve risk management throughout the BNP Paribas Group or to improve existing products and services or to create new ones;
train our staff by recording phone calls to our call centers;
personalise the offer we offer you and the offer of other BNP Paribas Group entities:
- - improving the quality of our insurance products and services; and
  - by promoting products or services that match your situation and profile.

These offers can be offered to you thanks to:

- - - Segmenting our prospects and customers;
    - analysis of your habits and preferences in the various channels (visits to our representatives, emails or messages, visits to our website, etc.); and
    - Combining data from your insurance products and services that you have already subscribed to or for which you have received an estimate, with other data we hold about you.

Applicable only to employees of our corporate clients:

determine whether and under what conditions we can offer a product or service;
provide information about our products and services;
manage the resolution of disputes, and provide assistance and respond to requests and complaints (including claims);
provide a digital platform that allows you to (i) easily access certain services directly on your Smartphones and (ii) use a group of ride-sharing vehicles in order to increase vehicle utilization; and
billing and collection.

In all cases, your data may be aggregated in the form of anonymised statistics that may be offered to professional clients and entities of the BNP Paribas Group to enable them to develop their activities.

1. To respect your choice, we may ask for your consent for a particular processing purpose

In some cases, we may need to ask for your consent to process your data, for example:

Unless we rely on other legal grounds, where the above purposes give rise to automated decision-making that produces legal effects or significantly affects you. In this case, we will separately inform you of the underlying reason, as well as the extent and expected consequences of this processing; and/or

If we need to carry out further processing for purposes other than those set out above in this section 3, we will notify you and, where appropriate, ask for your consent.

WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

In order to accomplish the above purposes, we disclose your personal data only to the following persons:

Our staff responsible for managing your insurance products and services;
Co-insureds, reinsured, motor insurance bureaus and guarantee funds;
Parties interested in the insurance contract such as:
- the policyholders, signatories and insured parties and their representatives;
- the assignees of the contract or the beneficiaries of the subrogation;
- those responsible for incidents, victims, their representatives and witnesses.
BNP Paribas Group entities (e.g. you can take advantage of our group's full range of products and services);
Vendors who provide services on our behalf;
Independent agents, intermediaries or brokers;
Banking and commercial partners;
Financial or judicial authorities, public agencies or bodies, upon request and to the extent permitted by law; and
Certain regulated professionals such as healthcare professionals, lawyers or auditors.

TRANSFERS OF PERSONAL DATA OUTSIDE THE EEA

In case of international transfers from the European Economic Area (EEA), if the European Commission has recognised a non-EEA country as a country providing an adequate level of data protection, your personal data may be transferred on this basis. In this case, no specific formalities are necessary.

For transfers to non-EEA countries whose level of protection has not been recognised by the European Commission, we will rely on a derogation applicable to the particular case (e.g. if the transfer is necessary for the performance of your contract with us, such as in the case of international payment) or we will implement one of the following safeguards to ensure the protection of your personal data:

Standard contractual clauses approved by the European Commission; or
Binding corporate rules, if applicable (for intra-group transfers).

To obtain a copy of these clauses or rules or to find out where to consult them, you may send a written request as set forth in Section 9.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We will retain your personal data for as long as necessary to comply with applicable laws and regulations or for any other period determined by our operational requirements, such as proper bookkeeping, effective customer relationship management, processing claims (until they are settled) and responding to legal actions or requests from the regulatory authority. For clarity, the retention period is the duration of your (company's) insurance contract or the length of time required to settle any claims, plus the period of time until legal claims under the contract are time-barred, unless derogating legal or regulatory provisions require a longer or shorter retention period. With regard to potential customers, personal data is retained for as long as they express an interest in our services and products; Once they tell us that they are no longer interested, we will do everything possible to delete their personal data within a reasonable period of time and no later than 12 months after their message in this regard. Cookies and other login and tracking data stored on their device are kept for a period of 13 months from the date they are collected.

WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?

In accordance with the applicable regulations, you have the following rights:

Right of access: you can obtain information regarding the processing of your personal data and a copy of this personal data.
Right to rectification: if you believe that your personal data is inaccurate or incomplete, you can request that this personal data be amended accordingly.
Right to erasure: You may request the deletion of your personal data, to the extent permitted by law.
Right to restriction of processing: You can request the restriction of the processing of your personal data.
Right to object: you may object to the processing of your personal data, for reasons relating to your particular situation. You have the absolute right to object to the processing of your personal data for commercial prospecting purposes, which includes profiling related to such prospecting.
Right to withdraw your consent: If you have given your consent for the processing of your personal data, you have the right to withdraw your consent at any time.
Right to data portability: In cases applicable by law, you have the right to obtain the return of the personal data you have provided to us or, in cases where technology permits, to transfer it to a third party.

If you wish to exercise the above rights, please send a letter to the following address: "Attn: Our Data Protection Officer", Greenval Insurance DAC, 2nd Floor, The Anchorage, 17 – 19 Sir John Rogerson’s Quay, Dublin 2, Ireland (D02 DT18) , or send an email to privacy@greenval-insurance.ie. Please attach a scanned copy of your ID card for identification purposes.

In accordance with the applicable regulations, in addition to your above-mentioned rights, you may also lodge a complaint with the competent supervisory authority.

HOW CAN YOU STAY INFORMED ABOUT CHANGES TO THIS PRIVACY POLICY?

In a world of constantly evolving technologies, we may need to update this Privacy Statement regularly.

We will inform you of any material changes to this Privacy Statement and invite you to review the latest version of it, which is available online at: www.greenval-insurance.com

HOW TO CONTACT US?

If you have any questions about our use of your personal data in accordance with this Data Protection Statement, please send a letter or email to Greenval Insurance DAC, 2nd Floor, The Anchorage, 17 – 19 Sir John Rogerson’s Quay, Dublin 2, Ireland (D02 DT18), email privacy@greenval-insurance.ie