CNP Assurances is committed to protecting your personal data and this area contains useful information on this point. Here you will find details of:
- The European Data Protection Regulation (GDPR): download the PDF file;
- The definition of personal data;
- The reasons why we may collect your personal data;
- The recipients, including potential recipients, of your personal data;
- The data retention periods for your personal data;
- The security of your data;
- Your rights in relation to your personal data;
- The procedures for exercising these rights.
Additional information may be provided to you when you subscribe to an insurance product or service and, for job applicants, when you apply to join our company.
What is personal data?
Personal data is any information relating to an identified natural person or one who can be identified, directly or indirectly, in particular by an identification number or by one or more pieces of information specific to him or her.
In terms of insurance, the identification of a person by his or her full name, date of birth and the use of related information, such as the insurance contract number, asset information, profession and his/her health data, is personal data. Such information concerns each insured person as well as his/her family (e.g., for a health policy) or third parties (e.g., designated beneficiaries with no family ties to the insured).
What data do we collect and process?
We only collect and use personal information that is necessary, adequate, and relevant to our business. Unless we are required by law, we never process personal data relating to your racial or ethnic origins, religious beliefs, philosophical beliefs or trade union membership, genetic data, or data relating to your sexual life or sexual orientation.
To offer you custom, suitably adapted products, to manage your contract and to meet our legal and regulatory obligations, we may collect different categories of personal data from you, as well as when you apply for employment with our company.
In particular, this personal data may be of the following kind:
- Identification and contact information (surname, first name, place and date of birth, identity card number, passport number, gender, age, and signature);
- Contact details (postal and e-mail address, telephone number);
- Identification and authentication data, in particular when using online services (technical logs, computer traces, data concerning security and use of the device, IP address);
- Tax status (tax number, country of residence);
- Family status (marital status, matrimonial regime, number of children);
- Information relating to employment (level of education, job title, name of employer, remuneration);
- Banking information, (bank details);
- Data relating to your assets and your profession or socio-professional category (to determine your investor profile for the financial products of life insurance policies or to meet our customer knowledge obligations regarding the fight against fraud and money laundering);
- Data related to the use of the insurance policies taken out (premium, redemption, benefits);
- Data relating to interactions with our advisers (appointment reports), via our websites, our apps, and emails.
We may also collect specific data referred to as "sensitive data", e.g., such as health data, in the context of company insurance policies or those for civil servants, and subject to obtaining your specific and explicit consent, for the conclusion and implementation of certain borrower insurance, accident insurance, and funeral insurance policies.
The data we use may be collected directly from you or obtained from third parties for the purpose of verifying or improving our databases, including:
- Personal data from databases made accessible by the official authorities (the Official Journal for example);
- Public bodies and authorities responsible for ensuring compliance with regulations;
- Websites containing information made public.
In certain circumstances, we may collect and use personal data about persons with whom we were or may be connected, such as:
- Non-clients (e.g., prospective customers);
- When your employer takes out a group policy intended to insure company staff and sends your contact details as well as those of your family (spouse, children);
- The beneficiary(ies) of the life insurance policy you have taken out;
- The legal representative(s), corporate officer(s) and authorised person(s) of a legal entity taking out a group insurance policy;
- The beneficial owners;
- CNP Assurances’ shareholders;
- The representative(s) of a service provider or supplier, healthcare professionals, care networks;
- Staff members of our service providers and business partners;
- Third parties, e.g., data from the Trade and Company Register;
- Representatives, natural persons, of our insurance intermediary partners;
- Companies providing marketing lists in compliance with regulations;
- As part of your application for employment with our company.
Why does CNP Assurances collect and process your personal data?
Your personal data is used only for explicit, legitimate and specified purposes with respect to the insurance or service operation concerning you, or for examining your application for employment with our company.
Your personal data is collected and processed in order to:
- Meet the requirements of our pre-contractual, contractual, and commercial relationship (examining the insurance application, management and implementation of the policy) and to provide, at your request, information about insurance policies and services; and to process your application for employment with our company;
- Obtain your consent, e.g., if a borrower's insurance policy is taken out;
- Fulfil our legal and regulatory obligations, in particular concerning the fight against money laundering and the financing of terrorism (by checking, among other things, the identity of policyholders, the insured persons and beneficiaries, politically exposed persons, representatives of legal entities, and beneficial owners); the fight against insurance fraud which may lead to registration on a list of persons presenting a risk of fraud; the payment of taxes and levies on insurance policies;
- To exercise our legitimate interests, e.g., to offer you similar products, to personalise our commercial offerings according to your needs, to improve the quality of our insurance products by offering you products corresponding to your profile (segmentation of prospects and customers); to learn about your habits with the different communication channels (e-mails, visits to our website); to optimize our risk management; to defend our interests in legal proceedings; for information technology management purposes (e.g., shared platforms) and business continuity purposes, including IT security; to produce anonymous statistical models, for research and development; or for the transmission of your data to a CNP Assurances Group company for administrative purposes.
Detailed information on the processing of your personal data and its purpose is systematically provided to you when your data is collected. Throughout the lifetime of your policy, this information will be reiterated as necessary.
Who are the recipients of your personal data?
The recipients of your personal data may be, within the strict context of the purposes of its processing, the duly authorised personnel of CNP Assurances and/or the CNP Assurances Group, particularly for reporting purposes, its partners, proxies, subcontractors, service providers, reinsurers, and, where applicable, the social security bodies of the persons involved, the insurance intermediaries and the persons concerned by the policy.
How long do we store your personal data?
We store your personal data only for the end purposes for which it was collected and in compliance with the statutory limitation periods and the various obligations imposed by the regulations.
Your personal data is stored for different periods, depending on your case:
- You are a prospective customer or your insurance proposal has not been accepted, or you stop the subscription process: your data may be retained for up to three years from the date of collection or our last contact with you, and for five years for health data in order to deal with a challenge to a rejected insurance claim;
- You have a policy: your data is stored according to the rules laid down by the various regulations and most often for ten years from the end of your policy or the provision of the policy’s benefits. In the specific case of life insurance, your data may be stored for up to thirty years in order to facilitate the search for beneficiaries;
- To exercise your rights relating to the protection of personal data, mentioned below, and when an identity document is requested, it is retained for three years;
- For your application for employment with our company, your personal data is kept for a period not exceeding two years from our last contact with you.
At the end of the data retention period, your personal data is destroyed or rendered anonymous using a process that prevents further re-identification.
How is your personal data protected?
We ensure the security of your personal data by implementing enhanced data protection through the use of physical and software-based security resources, in accordance with best practices and the standards imposed on us.
For the hosting and processing of your data, we favour resources located in France and in the European Economic Area (EEA). CNP Assurances only allows data transfers from its entities between EEA countries. Waivers may be granted after a duly documented risk analysis to authorise transfers outside the EEA to recipients with personal data protection guarantees recognised to be equivalent to those of CNP Assurances (e.g. the implementation of standard contractual clauses approved by the European Commission).
What rights do you have concerning your personal data?
In accordance with the applicable regulations, you have the following rights:
- Right of access: you can obtain information about your personal data, the purposes of its processing and its recipients, and a copy of your data.
- Right to rectification: you may have your personal data corrected when it is inaccurate or incomplete.
- Right to erasure or "right to be forgotten": under certain conditions, you may obtain the erasure of your personal data, particularly when it is no longer required for processing or no longer meets legal requirements or when you withdraw your consent to processing.
- Right to object: under certain conditions, you may object at any time to the processing of your personal data, and in particular to its use for direct marketing purposes.
- Right to restrict processing: under certain regulatory conditions, you may be able to restrict the processing of your personal data. For example, if your data is inaccurate, you may request that its processing be restricted until it is corrected.
- Right to data portability: You may request that your personal data be supplied in a format that is easily reusable, and forward it to a third party.
How to exercise your rights concerning your personal data?
If you wish to exercise your rights, you can contact the Data Protection Officer by post (CNP Assurances - Data Protection Officer, 4 Place Raoul Dautry, 75716 Paris Cedex 15) or by email (firstname.lastname@example.org). You can also do so directly via our online form on our website cnp.fr.
To exercise your rights, we invite you to provide proof of your identity. If reasonable doubts remain as to its accuracy, additional necessary information will be requested, for example, a photocopy of an identity document.
You also have the right to lodge a complaint with the Commission Nationale Informatique et Libertés (French data protection authority) at the following address: Commission Nationale Informatique et Libertés, 3 place de Fontenoy 75007 Paris, https://www.cnil.fr/fr/vous-souhaitez-contacter-la-cnil, 01 53 73 22 22.
Last updated on: 8 June 2020