Data Protection Policy
Policy on the protection of personal data
As an insurance brokerage company, we have a primary interest in the protection of your personal data. We are committed to: protecting all personal information entrusted to us, and acting in accordance with the rights of natural or legal persons, as well as the General Data Protection Regulation (GDPR). In this data protection policy we explain how and when we collect data and detail how we use it. We will also detail the rights you have and how you can exercise them. Where the term “you”, “your” or “yours” is used in this document, it means you, any authorized person acting on your behalf or any beneficiary, and other individuals in your household or business. Where we use the term “we”, “us” or “our”, it means Ambrelia.
1. Who is the data controller?
The data controller is the legal entity responsible for controlling the collection and processing of personal data in electronic or paper form. Ambrelia is the data controller within the meaning of the applicable laws and regulations on the protection of personal data.
2. Collection and processing of your personal data
The personal data that Ambrelia collects will vary depending on how you use our services. The data we collect or hold about you will be provided to us directly by you, or will come from third parties or will be collected from the activitý on our websites and the use of our services. The collection and processing of personal data is carried out in accordance with the legislation on the protection of personal data and based either on the legislation applicable to insurance or on your explicit consent, unless the applicable laws and regulations exempt us from collecting it as explained below.
Thus, for insurance contracts that do not contain sensitive data or special categories of personal data, in accordance with art.6 (1) (b) of the General Data Protection Regulation (hereinafter GDPR), your explicit consent is not required.
For insurance contracts that contain sensitive data or special categories of personal data, explicit consent is required pursuant to Art. 9 (2) (a) GDPR.
a. What personal date are collected ?
In particular, we may collect and process the following personal data about you :
- Name and surname(s)
- Postal address
- Date of birth
- Identity documentś
- Telephone numbers
- E-mail address
- NIR (social security number)
- Photocopy of passport/ID card/driving license
- Annual salary
- Reference/identification number
We also may collect and/or process so-called sensitive data such as medical reports..
We collect your information for the following purposes:
- Management of insurance contracts (offer, quotation, subscription, management, etc.)
- Sending communications about insurance-related products and services for commercial prospecting purposes. These communications may be in the form of email(s) or telephone call(s). We will retain your data for marketing purposes for a maximum of 3 years from the last contact.
- Prevention and detection of fraud
- Compliance with legal obligations (anti-money laundering and combating the financing of terrorism)
- Our use of your information as described above is permitted under the applicable data protection regulations. In most cases, the processing of your personal data for marketing purposes is based on our legitimate interest, although it may, in certain situations (including where required by law), be based on your consent.
c. Data collection via the website
If you complete an online form on our site, we will retain your data for a maximum of 3 years.
We will only use your information to contact you and arrange a meeting with one of our staff members in order to draw up a personalised offer without obligation and to follow up on it after the contact has been made. We will do this by telephone or by e-mail.
Our use of your information as described above is permitted under the applicable data protection regulations. The processing of your personal data in this case is based on your consent. If you do not consent to the processing of your information or do not complete the requested fields, we will not be able to fulfil your request.
d. Who has access to your personal data ?
Ambrelia ensures that your personal data is processed in a manner appropriate to the purposes indicated above.
In this context and apart from the authorised personnel within AMBRELIA, your personal data may be shared, if necessary, with the following third parties in their capacitý of “data controllers” or “joint data controllers”:
- Public authorities,
- Mutual insurance companies,
- Provident institutions,
- Wholesale brokers,
- Insurance intermediaries/brokers,
- Management platforms,
- Fund managers,
- Consulting and management companies
The data collected may also be disclosed, if necessary, to third parties who operate as subcontractors on our instructions :
- Legal advisors and service companies (data hosting, IT, postal, document management).
- Advertisers and advertising networks for the transmission of our marketing communications in accordance with local legislation and your communication preferences. We do not share your personal data with third parties for their own commercial use. We do not sell your information to third parties.
These companies are committed to protecting your data to the same level as we do. Furthermore, we remain responsible to you for the use and securitý of your data.
Finally, we may share your personal data in the following cases:
- In the event of a reorganisation, merger, sale, joint venture, assignment or any other transaction that affects part or all of our business/activitý, assets or shares (including in the event of insolvency proceedings).
- To comply with our legal obligations, including to the relevant ombudsman or supervisory authority in the event of a complaint about any of our products or services.
e. Where are your personal data ?
Subject to applicable contractual and legal constraints relating to confidentialitý and securitý of data, your personal data may be processed within or outside the European Economic Area (EEA) by the recipients mentioned.
We hold your data in the EEA, in France.
If we share your information with companies outside the EEA or countries with an appropriate level of data protection, we require those companies to process your information under similar conditions to us. In such situations, we will ensure that the information transferred is protected. Upon request, we can provide you with further information about any transfer.
3. Your rights
You can exercise a number of rights with regard to the use of your data:
– The right to access your data and to know its origin, the purposes of collection and the purposes of processing as well as the contact details of the controller(s) and subcontractors, and of the parties to whom your data may be disclosed;
– The right to withdraw your consent at any time where the processing of your personal data is based on it;
– The right to object to the processing, in particular when your personal data is not useful or is no longer necessary for our contractual relationship
– The right to rectify or modify your data if it is inaccurate or incomplete
– The right to have your data erased in certain circumstances, for example, when the retention period for your personal data has expired or when it is no longer necessary for the purpose for which it was collected and processed
– The right to have the processing of personal data restricted in certain circumstances (e.g. the restriction of the processing of personal data whose accuracy is disputed, for a period of time that allows us to verify it)
– The right to portability of personal data, i.e. the right to receive your personal data in a structured, readable format or to have it transmitted directly to another controller
– The right to lodge a complaint with our services or with the relevant data protection authoritý.
You can exercise these rights by contacting us (see point 5) and providing us with your name, e-mail address, contract reference and the reason for your request.
How can you object to the processing of your personal data? Where permitted́ by applicable law or regulation, you have the right to object to the processing of your personal data. Once you have informed us of this request, we will cease processing your personal data unless permitted́ by applicable laws and regulations.
You can exercise this right in the same way as your other rights listed above.
4. How long we keep your personal data ?
We keep your data for the life of your contract. The majority of your data will be retained for the duration of the contract, with some data being retained for up to 10 years from the expiry or termination of the insurance contract or the end of the business relationship. This period may be extended if required by law. In addition, in the case of a canvassing relationship, the data retention period will be a maximum of 3 years if no contracts are concluded.
In any case, we will only keep your data for the purpose for which it waś collected and no longer than necessary.
5. How to contact us ?
To oppose the use of your data, to request their deletion, to ask a question about their processing or to make a complaint, you can contact us directly :
• By email : firstname.lastname@example.org
• By post to the following address:
1-7 Cours de Valmy – Paris la Défense
For all your applications, do not forget to enclose a proof of identity.
6. Update of this notice
This Information Notice was updated in April 2022. We reserve the right to amend it at any time in order to provide you with up-to-date information on how we collect and process your personal data.