Data controller

InsurProtect, SRL. with registered office at Avenue Herrmann Debroux 40-42, 1160 Brussels, registered with the Crossroads Bank for Enterprises under number 0756.804.490 (hereinafter referred to as "InsurProtect").

Data Protection Officer
InsurProtect's Data Protection Officer can be contacted at the following addresses:

by post:
InsurProtect
Avenue Herrmann Debroux 40
421160 Brussels

by e-mail:
contact@insurprotect.be

Purposes of processing and recipients of data

Personal data, communicated by the data subject himself or herself or legitimately received by InsurProtect from the employer of the data subject or from third parties, may be processed by InsurProtect for the following purposes:

- The management of the file of persons:

◻︎ This concerns processing carried out in order to establish and maintain databases - in particular identification data - relating to all natural or legal persons who are in a relationship with InsurProtect.

◻︎ These processing operations are necessary for the execution of the insurance contract as well as a legal obligation.

-The management of the insurance contract:

◻︎ These are the processing operations carried out with a view to accepting or refusing - whether or not by automated means - the risks prior to the conclusion of the insurance contract or in the event of subsequent amendments to it; to drawing up, updating and terminating the insurance contract and to managing claims.

◻︎ These processing operations are necessary for the execution of the insurance contract as well as legal obligation.

- Customer service:

◻︎ These are processing operations carried out in the context of digital services provided to customers as a complement to the insurance contract (e.g. the development of a digital customer area).

◻︎ These processing operations are necessary for the execution of the insurance contract and/or these complementary digital services.

-The management of the relationship between InsurProtect and the insurer

◻︎ These are processing operations carried out as part of the collaboration between InsurProtect and the insurer.

◻︎ These processing operations are necessary for the legitimate interests of InsurProtect consisting in the execution of the agreements between InsurProtect and the insurer.

- The detection, prevention and fight against fraud:

◻︎ These are processing operations carried out with a view to detecting, preventing and combating - whether or not in an automated manner - insurance fraud.

-The fight against money laundering and the financing of terrorism

◻︎ These are processing operations carried out with a view to preventing, detecting and combating - whether or not by automated means - money laundering and the financing of terrorism.

◻︎ These processing operations are necessary for the performance of a legal obligation to which InsurProtect is subject.

Insofar as the communication of personal data is necessary to enable the purposes listed above to be fulfilled, personal data may be communicated to insurance companies and/or persons in contact with them (lawyers, experts, medical advisors, reinsurers, co-insurers, insurance intermediaries, service providers, representatives, underwriting monitoring office, claims settlement offices, Datassur).This data may also be communicated to the supervisory authorities, the competent public services and any other public or private body with which InsurProtect may be required to exchange personal data in accordance with the applicable legislation.

Processing of data for direct marketing purposes

Personal data, communicated by the data subject him/herself or legitimately received by InsurProtect from insurance companies, companies in relation with them or third parties, may be processed by InsurProtect for direct marketing purposes (commercial actions, personalised advertisements, profiling, data matching, notoriety, ...), with a view to improving its knowledge of its customers and prospects, to inform them about its activities, products and services, and to send them commercial offers.These personal data may also be communicated to companies in relation with InsurProtect for their own direct marketing purposes or for the purposes of joint direct marketing operations, with a view to improving the knowledge of joint customers and prospects, to inform the latter about their respective activities, products and services, and to send them commercial offers.In order to offer the most appropriate services in relation to direct marketing, this personal data may be communicated to companies and/or persons acting as subcontractors or service providers for the benefit of InsurProtect. Such processing is necessary for the legitimate interests of InsurProtect consisting in the development of its economic activity. Where appropriate, such processing may be based on the consent of the data subject.

Transfer of data outside the European Union

Companies and/or persons connected with InsurProtect to whom personal data is communicated may be located both within and outside the European Union. In the event of transfers of personal data to third parties outside the European Union, InsurProtect complies with the legal and regulatory provisions in force with regard to such transfers. It ensures, in particular, an adequate level of protection for personal data thus transferred on the basis of alternative mechanisms put in place by the European Commission, such as standard contractual clauses.

Retention of data
InsurProtect retains the personal data collected in relation to the insurance contract for the entire duration of the contractual relationship or the management of the claims file, with updates whenever circumstances so require, extended by the legal retention period or the limitation period so as to be able to deal with any claims or appeals that may be lodged after the end of the contractual relationship or after the closure of the claims file.InsurProtect shall keep personal data relating to offers that have been refused or to which InsurProtect has not responded for up to five years after the offer or refusal to conclude has been issued.

Necessity of providing personal data

The personal data relating to the data subject that InsurProtect requests to be provided are necessary for the conclusion and performance of the insurance contract. Failure to provide such data may make it impossible to conclude or properly execute the insurance contract.

Confidentiality

InsurProtect has taken all necessary measures to preserve the confidentiality of the personal data and to guard against unauthorised access, misuse, alteration or deletion of such data. To this end, InsurProtect follows security and service continuity standards and regularly assesses the security level of its processes, systems and applications as well as those of its partners.

The rights of the data subject

The data subject has the right:

◻︎ to obtain from InsurProtect confirmation as to whether or not personal data relating to him or her are being processed and, where they are, to access such data
◻︎ to have his or her personal data corrected and, where appropriate, to have their personal data supplemented if they are inaccurate or incomplete
◻︎ to have their personal data erased in certain circumstances
to have the processing of their personal data restricted in certain circumstances
◻︎ to object to the processing of their personal data for direct marketing purposes, including profiling carried out for direct marketing purposes
◻︎ not to be subject to a decision based exclusively on automated processing, including profiling, producing legal effects concerning her or significantly affecting her
◻︎ however, if such automated processing is necessary for the conclusion or performance of a contract, she has the right to obtain human intervention by InsurProtect, to express her point of view and to contest InsurProtect's decision
◻︎ to receive her personal data that she has provided to InsurProtect
◻︎ to withdraw her consent at any time, without prejudice to the processing carried out in a lawful manner prior to the withdrawal of that consent, where the processing of her personal data is based on her consent.