OUR COMMITMENT TO YOUR DATA PRIVACY


By entrusting us with your personal data, we are building a relationship of trust together because we want to prove ourselves worthy.


Your personal data is therefore our top priority.

The Henner Group strives to protect your personal data and we have committed to ensuring the best level of security and privacy, in compliance with French and European regulation (Regulation (EU) 2016/679 and law n°78-17 voted on 6 Jan 1978 and subsequently amended several times).


Our personal data processing policy is based on the following six principles:


  • Lawfulness of processing: personal data collection and processing are legitimate and based on a legal basis identified in accordance with the objective (or purpose) and the context in which it is processed.
  • Purpose of processing: we do not use your personal data for any other purpose. We collect your personal data strictly for the defined purposes.
  • Period for keeping personal data: we establish a limited period for keeping your personal data, in accordance with the purposes and lawfulness of processing.
  • Security and privacy: The Henner Group strives to protect and secure your personal data. We take whatever measures needed to ensure a level of security appropriate to the risk between the controller and the processor. In assessing the appropriate level of security, we take into account the risks of each type of processing (sensitive data, purpose of processing).
  • Transparency: When we collect your personal data,we will tell you how we intend to use it and if we need to share it with other parties.
  • Right of access: You shall have the right to obtain from us the confirmation of your personal data. You can request the erasure, portability, restriction of processing or to object to this processing.

You can find our obligations and your rights in the General Terms and Conditions of Use on our website and in our mobile applications, as well as in the Privacy policy.

These documents explain how we collect, use and store your personal data.

. . .

PRIVACY POLICY


Last update: October - 2018


The purpose of this Henner Group Privacy Policy is to inform you of the terms and conditions governing the collection, processing and use of your personal data, and the rights you have in connection with the use of the websites and online platforms, the subscription and the servicing of insurance policies designed, distributed and/or managed by Henner.


Henner reserves the right to modify this Privacy Policy at any time, due to changes to its websites and online platforms, configuration changes, changes within the Henner Group, or regulatory changes, or for any other legitimate reason. The Henner Group will inform you of the update to its Privacy Policy. However, you are recommended to check regularly for any amendments. You can establish the date on which Henner made the latest changes by referring to the “Last Update” stated above.


1- DEFINITIONS


For the purposes of this Privacy Policy, the following terms - whether capitalized or not - will have the following meanings:


Insured Party : the physical person to whom the coverages of an insurance policy apply (whether or not the said person is the subscriber), the said policy being designed, distributed and/or managed by Henner.


Data or Personal Data : means any information relating to a Concerned Person.


Concerned Person : refers to an identified or identifiable physical person; is deemed to be an "identifiable physical person", i.e. a physical person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that physical person.


Personalized Space : means a space on a Site accessible to Insured Parties under the conditions provided for in the General Terms and Conditions of Use of the Site, and by means of a user name and a password.


Controller : means the physical person or legal entity, the public authority, the service or whatever other body that, alone or jointly with others, determines the purposes and means of the processing of Personal Data.


Site : refers to the Henner Group's websites, mobile applications and online platforms, including public spaces accessible to all Users, and Personalized Spaces through which Henner provides Insured Parties with services under the terms of insurance policies designed, managed and/or distributed by Henner. The Sites, including the Personalized Spaces, are subject to the General Terms and Conditions of Use (CGU), which this Privacy Policy supplements.


Processing or Process : means any operation or set of operations performed using processes that may or may not be automated, applied to personal data or sets of personal data, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, or disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


User : means any physical person who accesses a Site, even without logging in and having access to a Personalized Space.


2- PERSONAL DATA PROTECTION


2.1 Identity and Contact Details of the Controller


Personal Data is collected and processed by:


Henner SAS, a simplified joint stock company registered in France in the Trade and Companies’ Register of Nanterre under the number 323 377 739, and having its registered offices at 14 Boulevard du Général Leclerc, 92200 Neuilly-sur-Seine.


2.2 Contact Details of the Henner Group DPO


The Henner Group has appointed a Data Protection Officer who can be contacted at:


HENNER

Data Protection Officer

Risk Management

14 Boulevard du Général Leclerc

92200 Neuilly sur seine


Email : dpo@henner.com


2.3 Collection Methods


Your Data is collected directly by Henner when you enter your Data in the contact forms, questionnaires and other means provided to you as part of use of the Site's services (recruitment, free callback request, estimate request, Personalized Space, etc.), or as part of a membership or subscription form to one of our services and/or products.


Your Data may also be collected indirectly during your browsing on the Site (for example, via cookies), or by other companies in the Henner Group, or may be transferred by insurers, client companies or our partner brokers within the scope of the fulfillment of insurance policies, and for the purposes of using the services of Personalized Spaces, or by recruitment firms as part of a recruitment procedure.


Within the scope of collection, the following Data is processed:

  • Identity data (last name, first name, address, telephone number, email address, date of birth, country of origin, NIR, RNIPP, etc.);
  • Data pertaining to family, economic, heritage or financial situation, personal life and living conditions, having a connection with the commercial relationship (civil status, marital status, information on spouse and children, etc.);
  • Data pertaining to professional and non-professional life, having a connection with the commercial relationship (occupation and professional field, information on the employer, website, name of the previous insurer and the previous insurance policy, information on movable assets such as vehicles or objects, type of policy desired, country of expatriation/secondment, affiliation to a health insurance fund, welfare plan, desires/preferences concerning an insurance policy, etc.);
  • Health data (information about hospitalizations, about needs for optical appliances, dental care, and about planned treatments, etc.);
  • Data for tracking the commercial relation (data pertaining to the organization and the handling of competitions or draws, and whatever promotional operation, loyalty actions, prospection, studies, surveys, product tests, data about a person's contributions, comments, explanations about how the User came to know about Henner, reasons for a contact request, etc.);
  • Location and connection data;
  • Data pertaining to the selection of people (career path, job offer sought, etc.);
  • Data pertaining to the determination and assessment of risk and the management of claims and benefits;
  • Where appropriate, Data pertaining to offenses, criminal convictions and precautionary measures concerning the Insured Party, concerned parties or parties to a policy.

2.4 Purposes and Legal Basis of Data Processing


Your Personal Data is processed by Henner for the following legal purposes and on the following legal bases:


Purpose (objective sought)

Legal bases (basis or reason for the Processing)

Management of access, security, maintainability, evolutions and audiences of sites and platforms accessible online (Google Analytics)

- Henner's legitimate interest in ensuring the availability and proper functioning of its Sites, as well as the promotion of its businesses through its Sites.

Recruitment Management

- Henner's legitimate interest in recruiting people for the purposes of its business.

The conclusion, management (including commercial) and fulfillment of Insured Parties’ insurance policies, in accordance with the simplified standards NS 16 and NS 56 of the CNIL (including fulfillment of policies [technical operations], fulfillment of legal provisions, etc.), processing of the social security number and access to the RNIPP under the conditions and for the cases listed by the CNIL's single authorization (AU31), elaboration of statistics and pecuniary studies, exercising Insured Parties’ rights, complaints management, litigation tracking, etc.

- Fulfillment of the insurance policy concluded for the Insured Party’s benefit.

Commercial prospection in accordance with the CNIL’s NS 56 standard (including commercial prospecting and loyalty actions, development of sales statistics, contact requests, information or estimate requests, rights management or management of Users’ and Insured Parties’ opinions about products, services or content, etc.)

- User Consent (by principle)

- Henner's legitimate interest in prospecting its own Insured Parties by email to offer similar or complementary products and services, and to respond to contact requests.

Insurance fraud prevention, in accordance with the CNIL decision concerning a single authorization (AU39), including the following purposes:

- analysis and detection of actions demonstrating an anomaly or an inconsistency, or having been the subject of a report that may reveal a fraud;

- Management of alerts in case of anomalies, inconsistencies or reports;

- Compilation of lists of people duly identified as perpetrators of acts that may constitute fraud;

- Management of procedures.

- Legal and regulatory obligations

- Henner's legitimate interest in being able to protect itself against fraud.

Prevention of money laundering and terrorist financing, in accordance with the CNIL's Single Authorization (AU003), which includes the following purposes:

- The implementation of customer due diligence obligations, in accordance with the risk approach;

- Searching for persons to be subject to additional due-diligence measures as politically-exposed persons (PEPs) within the meaning of Article R561-18 of French monetary and financial legislation [Code monétaire et financier], and persons who may be subject to heightened due-diligence measures;

- The triggering alerts and suspicious statements;

- The surveillance of certain accounts, policies or customers, on the basis of the risk classification established by the financial institution, or transactions considered to be complex, to be of an unusually high amount or that do not appear to have any economic justification or lawful object, or a declaration of suspicion not having resulted in the closing of the account;

- The application of asset-freezing measures in the prevention of financing of terrorism and financial sanctions.

- Legal and regulatory obligations

The processing of Data pertaining to offenses, convictions or precautionary measures, in accordance with the CNIL Single Authorization (AU32):

- provided for by legal, regulatory and government provisions, whether at the time of subscription to the policy, or during its fulfillment and,

- falling within the scope of litigation pertaining to Henner's business.

- Legal and regulatory obligations

- Henner's legitimate interest, with regard to its business, in ensuring the recognition, exercising or defense of its rights or your rights in law.


2.5 Mandatory/Optional Nature of the Collection


Henner informs you when the provision of an information item is mandatory (including when due to a legal, regulatory or contractual obligation, or simply in order to process your request or respond to you). If you do not provide this so-called “mandatory” information, Henner may be unable to respond to the request or form in question.


Fields on a form that are not specified as mandatory are left to your discretion. It is up to you to choose to whether to fill them in or not.


2.6 Data Recipients/Data Transfer


Your Data is primarily intended for Henner, but may also be transferred, for the purposes of management and fulfillment of your insurance policies, to Henner's insurance and reinsurance partners, to Henner's healthcare networks, and to Henner Group companies.


Some companies in the Henner Group may be located in third-party countries* outside the European Economic Area. In this case, to guarantee an adequate level of protection of your Personal Data, the transfers are supervised within the Henner Group by internal rules (Binding Corporate Rules, or BCRs) validated by the CNIL in compliance with the applicable Data Protection Regulations.


*list at the present time: Tunisia, Switzerland, Malaysia, Hong Kong, Kenya, Ivory Coast, Singapore, United Arab Emirates, Canada and USA


As part of the Processing, Henner may also transfer your Data to service providers, agents and suppliers to complete internal operations of the Site, or for any operation related to Henner's business, for the purposes specified in Article 2.4 herein, and only to the extent necessary for the accomplishment of the tasks entrusted to them. These service providers, agents and suppliers are required to maintain the confidentiality and security of your Data, and to implement the appropriate measures.


Henner may also transfer your Data if such disclosure is required by law, a regulatory provision or a court order, or if such disclosure is reasonably necessary to comply with court proceedings, and respond to any complaints or protect the security of your Data or your or Henner's rights.


2.7 Data Stored Period


Depending on the purpose of the Processing, your Data is stored for the periods of time stated below:


Purpose

Data Concerned

Duration

Management of access, security, maintainability, evolutions and audiences of sites and platforms accessible online

User name, including IP address, browser, load time, date of visit, pages visited, etc.

- 1 year for Sites/5 weeks for Personalized Spaces

Recruitment Management

Data collected as part of the recruitment process

- 2 years after last contact

Conclusion, management and fulfillment of insurance policies

Data disclosed when subscribing to the policy, and during its fulfillment

- for the period of time necessary for the fulfillment of the contract.

- archiving for probative purposes, for a period of time specified by the applicable legal provisions.

Insured Parties’ bank account details [RIB]

- for the period of time necessary for the fulfillment of the contract.

Payment card data

- 15 months for probative purposes, in the event of a disputing of the transaction.

NIR and RNIPP data available through Agira

- Duration of the policy

- archiving for probative purposes, in accordance with the applicable legal provisions

Commercial management

Data collected within the scope of commercial relations with Henner

- 3 years as from the end of the business relationship, if you have subscribed to an insurance policy with Henner;

- 3 years as from its collection, or from last contact at your initiative, in the absence of any policy subscription.

Management of the exercising of rights

Data pertaining to the identity of the person making the request

- 1 year as from gathering

Processing of data pertaining to offenses, convictions or precautionary measures, within the scope of subscription to policies and dispute management

Data pertaining to offenses, criminal convictions or precautionary measures

- duration of contractual relations;

- archiving in accordance with the time periods specified by the provisions of Articles L.114-1 and following of French insurance legislation [Code des Assurances], Article L.932-13 of French social security law [Code de la Sécurité Sociale] and the provisions of French civil law [Code Civil] pertaining to prescription periods

Prevention of insurance fraud

Alert data

- 6 months as from the issuing of alerts

Relevant alert data

- 5 years as from the closure of the fraud case file

Data in the context of judicial proceedings initiated following an alert

- until the end of the legal proceedings;

- archiving for the applicable prescription period

Data reported in the suspected fraudsters list

- 5 years as from the date of registration in this list

Prevention of money laundering and terrorist financing

Data and documents pertaining to the identity of the usual or occasional Insured Parties and, where appropriate, effective beneficiaries

- 5 years as from the closure of the account, or from termination of the relationship

Data and documents pertaining to transactions performed by them or not performed pursuant to asset-freezing measures or financial sanctions, and documents recording the details of transactions covered by Article L 561-10-2 of French monetary and financial legislation [Code monétaire et financier]

- 5 years as from their implementation

Cookies

(see 3. Cookies and other means of tracking)

The saving of cookies on your device.

- 13 months as from saving


2.8 Your Rights as Concerned Person


In accordance with the applicable Data Protection Regulations and under the terms of these Regulations herein, you have the following rights:


Rights

Cases in which these rights apply

Conditions

Right of access

- applies to all Processing ;

- with the exception of Processing pertaining to the prevention of money laundering and the financing of terrorism, in compliance with Article L 561-45 of French monetary and financial legislation [Code monétaire et financier], for which the right of access is exercised with the CNIL via an indirect right of access procedure (except for the case of processing used to identify persons subject to an asset freeze measure or a financial sanction)

By proving your identity and stating the subject of your request to the addresses below

Right to rectification

- in case of inaccurate, outdated or incomplete Data

Depending on the case:

- By proving your identity and stating the subject of your request to the addresses below;

- Or, where applicable, by logging into your account and visiting your personalized Space to correct or complete the inaccurate Data

Right to erasure

In the following cases:

- Data is no longer necessary for the purpose for which it was collected;

- In application of your right of withdrawal of consent;

- In application of the right to object , as provided below;

- The Data Processing is illegal;

- Data must be erased to comply with a legal obligation

Depending on the case:

- By proving your identity and stating the subject of your request to the addresses below;

- Or, where applicable, by logging into your account and visiting your personalized Space to erase the Data

Right of withdrawal of consent

At any time, when the Processing is based on consent from the Concerned Person

By proving your identity and stating the subject of your request to the addresses below

Right to object

Unconditional and at any time for Processing pertaining to commercial prospection, including profiling for such purposes

Depending on the case:

- By clicking on an unsubscribe link in the prospection email concerned;

- Or by proving your identity and stating the subject of your request to the addresses below

Excluding cases of commercial prospecting, when the Processing is based on legitimate interest, and provided that Henner is not able to demonstrate legitimate and compelling reasons;

- by email or postal mail to the addresses below:

o stating your request;

o stating the reasons for your opposition request, in respect of your particular situation;

o proving your identity;

Right to data portability

When the Processing is:

- based on:

o consent;

o fulfillment of the policy.

- performed using automated methods.

By proving your identity and stating the subject of your request to the addresses below

Right to restriction of processing

In the following cases:

- you dispute the accuracy of the data;

- the Processing is illegal and you want to limit it;

- Henner no longer needs the Data for the purposes;

- You opposed the Processing but Henner checks to see whether there are not legitimate and compelling reasons for proceeding with this Processing

- by email or postal mail to the addresses below:

o stating your request;

o stating the reasons for your limitation request;

o proving your identity;

Right to specify guidelines concerning the fate of one's Data after one's death

To all Data Processing (except those for which legal provisions preclude such guidelines)

By proving your identity and stating the subject of your request to the addresses below

Contact information for the exercising of rights

dpo@henner.com or

Henner, Data Protection Officer, 14 Boulevard du General Leclerc, Risk Management, 92200 Neuilly sur Seine


You also have the possibility of filing a complaint with the CNIL:


  • directly online
  • by postal mail: 3 Place Fontenoy, TSA 80715, 75334 Paris Cedex 7.

2.9 Automated Decision-Taking


In the event of non-payment of the Insured Party's premiums, the follow-up, notice and delisting procedure is automated.


Since this processing gives rise to an automated individual decision, you have the following rights under the terms of the applicable Data Protection Regulations:


  • The right to request the involvement of a person to verify the Processing in question and ensure the compliance of the decision applied to your situation;
  • - The right to challenge a decision taken automatically by Henner's systems, by sending your request to your usual contact at your management unit (MU) or the Henner Complaints Department, at the following address: service.qualite@henner.fr

2.10 Data Security and Privacy


Within the scope of its business, and in compliance with the applicable Data Protection Regulations, Henner undertakes to take all appropriate technical and organizational measures to ensure the security, availability, integrity, authenticity and confidentiality of your Personal Data and the resilience of its information systems.


In the event of any suspicion of risk, loss of your login credentials, or any other event that may entail risks to the Sites and Personal Data, please contact Henner without delay and, if the case concerns a loss or disclosure of your login credentials for your account and Personalized Space, we recommend that you immediately request a new password in your Personalized Area, in the "Change Password" tab.


3- COOKIES AND OTHER MEANS OF TRACKING


The Site may automatically collect information by means of cookies or means of tracking saved on your device during your consultation of the Site.


3.1 What is a “Cookie”?


Cookies (or means of tracking) are small text files that can be saved on your device through its browser (computer, tablet, smartphone, etc.) during your time visiting the Site, and that fulfill various functions, notably including allowing the party that places the cookie to identify your device.


Subject to obtaining your consent when required by the applicable Data Protection Regulations, the Site uses cookies and means of tracking to improve the use and functionality of the Site, and to better understand how you use the tools and services offered on it. The use of cookies and means of tracking allows you to save time during your visit, and establishes your movements on the Site with greater precision.


3.2 What Cookies are Used on the Site, and How Can You Manage These Cookies?


Henner informs you that the following cookies may be deposited and used, subject to your settings/acceptance:


  • Technical cookies: these cookies are essential for navigation on the Site, and enable its various functionalities to be used;
  • “Analytical” Cookies: These cookies make it possible to know how the Site is used, and to establish its performances and improve its operation. Such is the case of audience measurement cookies, but only using your session data (date, time, IP address, transmission protocol, and page viewed). This information is not cross-checked with other Processing Operations such as customer or Insured Party files;
  • Persistent cookies for distribution of sessions over the various Henner servers.
  • Targeting and advertising cookies: These cookies allow you to adapt advertising content and other content according to your interests established on other websites.

Below is the list of cookies used on the Site, with their purpose and how to disable them.


With the exception of so-called “technical” cookies, which you cannot disable, these cookies can be disabled at any time, either individually or in completely.


You can also configure your Web browser. You can opt out of the depositing and saving of cookies or disable them at any time, following a process that depends on your particular Web browser. Browsers’ default settings are usually to accept cookies. You can change this setting by changing your browser settings. Your browser can also be configured to notify you of cookies that are saved via your browser, and prompt you to accept or reject them. You can accept or refuse cookies on a case-by-case basis, depending on the site, or refuse them systematically and permanently. To manage cookies to fit your preferences as closely as possible, please configure your browser taking account of the purpose of cookies, as explained above.


The method of configuration of each browser is different. How to change your cookie settings will be explained in your browser's help menu. You can disable cookies by following the instructions below:


FOR MICROSOFT Internet Explorer http://windows.microsoft.com/fr-fr/windows7/block-enable-or-allow-cookies


Select the “Tools” menu “then “Internet Options”

  1. Click on the “Confidentiality” tab.
  2. Select the desired level using the cursor.

FOR Mozilla FIREFOX https://support.mozilla.org/fr/kb/activer-desactiver-cookies


  1. Cliquez sur le bouton de menu « Outils » et sélectionnez « Options » ;
  2. Sélectionnez le panneau « Vie privée » ;
    1. Select the “Tools” menu then “Options”.
    2. Click on the “Privacy” icon.
    3. Locate the “Tracking” menu and select the appropriate options.

FOR Safari https://support.apple.com/fr-fr/HT1677


  1. In iOS8, Click on Settings > Safari > Block cookies
  2. Select one of the options proposed (Always authorize, Only authorize online personalized spaces visited, Only authorize online personalized spaces currently open, Always block).

In iOS 7 or an earlier version, there is the following choice of options: Never, Third parties and advertisers, or Always


FOR Google Chrome https://support.google.com/chrome/answer/95647?hl=fr


  1. Click on the Chrome menu in the browser’s toolbar.
  2. Select “Parameters”.
  3. Click on “Display advanced parameters”.
  4. In the “Confidentiality” section, click on the “Content parameter” button
  5. In the “Cookies” section, several Cookie-related parameters can be altered.

FOR OPERA http://help.opera.com/Windows/10.20/fr/cookies.html


  1. Select the “File ” menu > “Preferences”
  2. Privacy »

3.3 What Happens When Cookies Are Rejected?


We remind you that your settings may affect your access to our content and services that require the use of cookies. For example, if you choose to disable certain cookies (feature cookies, for instance), parts of our Site or certain features of it may no longer be available, for which Henner cannot accept liability.


3.4 How Long Are Cookies Stored On Your Device?


In compliance with CNIL recommendations, cookies are stored for a maximum period of 13 months.


3.5 Third-Party Cookies


Use of the Site may lead to the placement of certain cookies issued by third parties (communication agencies, audience measurement firm, social networks, Youtube, etc.) that are not issued and controlled by Henner. The placement and use of cookies by third parties are subject to their cookie policies. However, you can disable such cookies via the cookie management module.