RGPD Charter

Last updated: November 2020

The purpose of this Charter is to inform you of the procedures for collection, processing and use of your personal data (hereinafter “Data”) and of the rights available to you in the context of the fulfilment of your insurance contract.

This Charter is accessible to everyone on Henner’s websites, in your Member Account or in your Insured Guide, and our contractual forms and documents contain a reference to it.

We may modify this Charter at any time in accordance with changes in the legislation or regulations or in the event of modification of the methods of collection, processing and use of your Data.

We advise you to check regularly whether any amendments have been made.

You can identify the date on which the Henner Group made the last changes by referring to the date indicated at the top of this document.


1/ What entities process your data?

In the course of the fulfilment of your insurance contract, the Data collected are processed jointly by:

However, certain processing operations, as indicated in Article 3 below, are carried out specifically and autonomously by Henner.

Under the joint responsibility agreement between Henner and the Insurer, Henner has been designated as the contact point for Insured.


2/ How do we collect your data?

Your Data are collected either directly by Henner or indirectly by a third party.

Your data may indeed be sent to us, depending on your type of insurance contract, by your employer, your broker or the Insurer, by the basic or supplementary social security organisations or the professional organisations contributing to the management of the insurance contracts, or by the qualified administrative authorities.

In addition, your Data may also be collected indirectly in the course of navigation in your Member Account (e.g. cookies)

The categories of Data concerned are:

Henner informs you when it is mandatory to provide an item of information (particularly due to a legal, regulatory or contractual obligation or simply in order to be able to handle your request or reply to you). If you do not provide such mandatory information, Henner may be unable to deal with your request or to conclude, manage or implement your insurance contract. The fields of a form which are not indicated as being mandatory are left to your discretion. It is up to you to choose to fill them in or not.


3/ Why do we process your data?

Your data are processed for the following purposes and legal reasons:

3.1 DATA PROCESSED JOINTLY WITH THE INSURER:

ProcessingPurposesLegal reasons
Conclusion, implementation and management of an insurance contract– Study of the specific needs of each possible prospect/Insured in order to propose appropriate contracts– Examination, acceptance and monitoring of the risk– Fulfilment of contractual guarantees– Management of contracts– Commercial management of Insured– Management of claims and disputes– Legal appeals– Production of statistics and actuarial studies– Advertising and customer loyalty operations– Necessary for the fulfilment of a contract to which the Insured is a party or for the implementation of pre-contractual measures– Legitimate interests– Legal and regulatory obligations 
Prevention of insurance fraud– Analysis and detection of acts presenting an anomaly or an inconsistency or which have been reported for possible fraud;– Management of alerts in the event of an anomaly, inconsistency or reporting;– Sending of information concerning suspicions of fraud to the recipients concerned by the processing of the data:– Constitution of a list of persons identified as perpetrators of acts which may constitute fraud;– Management of amicable, litigation and disciplinary procedures– Legal and regulatory obligations – Henner’s legitimate interest in being able to guard against fraud. 
Prevention of money laundering and financing of terrorism– Meeting of obligations of vigilance with regard to customers in accordance with the risk-based approach;– Search for persons needing to be subject to additional vigilance measures as politically exposed persons (PEP) as defined by Article R561-18 of the Monetary and Financial Code and for persons liable to be subject to reinforced monitoring measures;– Triggering of alerts and reporting of suspicions;– Placing of certain accounts, contracts or customers under surveillance based on the risk classification produced by the financial organisation, or on operations deemed to be complex, of an unusually high amount or not appearing to have any economic justification or legitimate purpose, or on the reporting of a suspicion which has not led to the closing of the account;– Application of asset freezing measures for purposes of prevention of the financing of terrorism and financial sanctions– Legal and regulatory obligations
Processing of health dataHealth data are liable to be processed when they are necessary for the conclusion, management or fulfilment of insurance contracts. Such information is processed with respect for medical confidentiality.– Legal obligation for social protection
– Where necessary, consent of the Insured
Management of requests to exercise rightsManagement of requests to exercise rightsLegal and regulatory obligations

3.2 DATA PROCESSED SPECIFICALLY BY HENNER

ProcessingPurposes (objectives pursued)Legal reasons
Improvement of quality of services and of relationships with Insured– Monitoring and recording of telephone conversations for purposes of training, evaluation or improvement of the quality of our services– Conducting of satisfaction surveys– Statistical and commercial studiesNecessary for the fulfilment of a contract to which the Insured is a party or for the implementation of precontractual measures
Commercial management– Management of prospects– Advertising and customer loyalty operations– Profiling operations: you are also informed that, in the course of the conclusion and fulfilment of your contract, Henner combines and analyses all or some of your data to evaluate your situation or to predict it (appetite scores) and to offer you optional coverage on an individual basis.– Henner’s legitimate interest in prospecting its customers to propose similar offers and services to them
– Consent in other cases
Conclusion of an insurance contract (Brokering activity)– Study of the specific needs of each possible prospect/Insured in order to propose appropriate contracts (duty to advise)– Necessary for the implementation of pre-contractual measures– Legal and regulatory obligations
Management of websites and applications (Member Account)– Technical administration of websites and applications– Management of access, security, maintainability and upgrades of websites and applications– cookie management– Henner’s legitimate interest in checking the availability and correct functioning of its websites and applications


4/ Who can access your data?

Your Data are mainly intended for Henner’s duly authorised personnel: personnel responsible for commercial relations and contract management, fraud prevention or prevention of money laundering and financing of terrorism, auditing and monitoring or any other service linked to the fulfilment of your contract, within the limit of their powers.

These data may also be passed on to the following categories of recipients:

These possible transfers of Data with these recipients are formalised, if necessary, within the framework of a contract between the parties concerned.


5/ Where are you data hosted?

Henner undertakes to take all appropriate technical and organisational measures to ensure the security, availability, integrity, authenticity and confidentiality of your Data and the resilience of its information systems.

Henner favours the hosting and processing of your Data en France within the European Union (EU).

However, your Data may be transferred to countries outside the EU for the purposes specified above, particularly to entities of the Henner Group* or to third parties as specified in Article 4 above. In this case, to guarantee an appropriate level of protection of your Data, transfers of these data are regulated by Standard Contractual Clauses of the European Commission or by any other legal instrument, thus guaranteeing as a high a level of protection as in France.

*Current list of entities of the Henner Group outside the EU: Tunisia, Switzerland, Malaysia, Hong Kong, Kenya, Ivory Coast, Singapore, Canada and USA.


6/ How long do we store your data?

Your data are stored for the periods necessary for the implementation of your insurance contract and for the fulfilment of the aims listed above, plus the legal prescription periods in force in this area.


7/ What are your rights and how can you exercise them?

In accordance with the applicable Data Protection Regulations and under the conditions stipulated by these Regulations, you benefit from the following rights:

In the event of non-payment of your contributions, the reminder, formal demand and termination procedure is automated.

As this processing leads to an automated individual decision, you have, in accordance with the applicable Data Protection Regulations, the following rights:

You may exercise your rights simply upon request, proving your identity by any means and specifying the purpose of your request, at the following email address: [email protected] or at the postal address: Henner, Data Protection Officer, Comformité/Relation Assureurs, 14 Boulevard du Général Leclerc 92200 Neuilly-sur-Seine

You may also correct your Data directly in your Member Account.

Lastly, in the event of continuing disagreement concerning your data, you have the option of registering a complaint with the CNIL:

either directly on the CNIL website: www.cnil.fr
or by writing to the following address: 3 Place Fontenoy – TSA 80715 – 75334 Paris Cedex 07