Personal data

This personal data protection policy aims to inform you about how your personal information is collected and processed by the different entitites belonging to Societe Generale Assurances, respectively data controllers and based in France (Sogecap, Antarius, Sogessur, Oradéa Vie and Moonshot Insurance).

In order to maintain your trust, the security and protection of your personal data are a priority. In this perspective, Societe Generale Assurances complies with all applicable European and French regulations relating to the protection of personal data, in particular the General Data Protection Regulation (GDPR).

DATA PROTECTION OFFICIER (DPO)

Societe Generale Assurances has appointed a Data Protection Officer who can be reached at the following coordinates: dpo.assurances@socgen.com or Société Générale Assurances / Sogécap / Sogessur / Antarius / Oradéa Vie / Moonshot Insurance - Délégué à la Protection des données - Tour D2 - 17 Bis Place des Reflets - 92919 PARIS LA DEFENSE CEDEX.

A personal data is information that allow to identify a natural person directly or indirectly.

  1. During the contractual relationship between you and us

During our relationship, we collect several types of information about you. Depending on your contract, some data in this list may not be collected.

The categories of data that could potentially be processed by your insurer are:

Data relating to the contributions of persons filing opinions on products, services or content

Data on the lifestyle and uses of goods in relation to the risks insured or the services offered

Recreation, sports activities, hunting, boating…

Data required for professional vehicle/personal insurance contracts, primary and secondary residence, presence of pets, etc.

Sensitive data (Art 9 GDPR) (Art 10 GDPR)

Health data needed to compensate for loss or damage: diagnosis and medical reports, prescription information and medical history, etc.

Religious preferences necessary to carry out the procedures you request following your death in connection with a funeral contract,

Data related to civil or criminal convictions necessary to assess the risk insured under your car insurance contract.

Data considered as sensitive under the transposition of the GDPR into French law Registration Number in the INSEE (NIR), also called "social security number", in accordance with Decree No. 2019-341 of 19 April 2019

Anti-fraud data

Location and connection data, data from web pages open to the public, data collected for the administrative management of staff only in the context of individual and ad hoc requests following the detection of fraud, data relating to anomalies, inconsistencies and reports that may reveal fraud, data relating to investigations, the investigation of the fraud file and the evaluation of the fraud scope, the identification data of persons involved in the detection and management of fraud.

Based on this data, we are required to generate other data, such as:

  • The identification numbers internal to our Group such as customer numbers, contracts, claims,

  • Scores,

  • Bonus/Malus,

  • Segmentations

The categories of data described above may relate to the subscriber, the insured persons, the beneficiaries of the contracts and, where appropriate, their successors and representatives and persons interested in the contract, such as the victims and their agents, witnesses and third parties interested in the performance of the contract.

  1. As part of business

The following data are likely to be processed in the context of commercial approaches.

  • Natural personal identification data,

  • Data relating to the monitoring of the commercial relationship,

  • Data on family, economic, wealth and financial situation,

  • Lifestyle data related to the business relationship,

  • The data of the digital journey,

  • Data relating to the selection of persons to carry out actions of customer loyalty, prospection, survey, test, services and promotions,

  • Data relating to the organisation and processing of competition games, lotteries and any promotional operations,

  • Data relating to the contributions of persons filing opinions on products, services or content.

Personal data are obtained mainly from:

  • you :

    • when filling in claim, offer and claim forms, and other forms,

    • during telephone calls, e-mails, interviews and other communications with your insurer,

  • our distributors and other insurance intermediaries, in particular SOCIETE GENERALE,

  • witnesses and other third parties, such as, in particular, service providers, insurance investigators, health professionals,

  • your employer for the subscription and management of collective supplementary insurance contracts (provident, health and group retirement),

  • through the software applications that we make available to you and cookies and other tracers that we will notify you of the collection of if applicable.

We process your personal data for different purposes. They are described below according to the legal basis that allows us to use them.

The legal basis for the following processing is the performance of the contract:

The award, management and execution of insurance contracts, including:

  • Your identification, identification of insured and beneficiaries, client management,

  • Your health data to be able to manage supplementary health, provident or supplementary retirement contracts.

  • Studying your specific needs to propose suitable contracts,

  • Risk review, acceptance, control, pricing and monitoring,

  • The execution of any operation necessary for the performance of guarantees and the management of contracts and any claims,

  • The management of unpaid debts and their recovery,

  • Management of remedies, disputes,

  • Claims management,

  • Performing actuarial and statistical studies,

  • The fight against internal and external insurance fraud, which may lead to inclusion on a list of persons entailing a risk of fraud,

  • Telephone recording necessary for the performance of the contract

To meet the legal, regulatory and administrative obligations, we use your data to:

  • Customer identification and knowledge when required,

  • The fight against money laundering and terrorist financing,

  • The application of national or international sanctions measures, in particular the freezing of assets,

  • Mandatory reporting to public authorities/administrations,

  • The response to the requests of certain authorities, administrations and courts, particularly in the case of judicial requisitions or requests for disclosure,

  • Detection and identification of contracts in default,

  • Compliance with our accounting and tax obligations,

  • The management of requests related to the exercise of the rights indicated in paragraph 7 "WHAT ARE YOUR RIGHTS?".

For our legitimate interest, we may process your data in the context of:

Management and improvement of our business relationship which includes:

  • Conducting satisfaction surveys to gather your opinion and better understand your needs, expectations or the reasons for your dissatisfaction;

  • Evaluation and training of employees through telephone tapping or recording

  • The analysis of the opinions you publish on our products or services,

  • The opportunity to participate in tests on new products or services,

  • The grouping of your identification data, contact data, data relating to your family situation as well as the list of insurance contracts held within our Group. This allows us to guarantee the accuracy and consistency of your data and to facilitate its updating or to contact you if a modification of this data seems to us to modify one of the risks insured. , for example, if you change your address or change your family situation.

Implementation of prevention measures or advice:

These actions aim to prevent and reduce the number and severity of claims: for example, you can receive advice to avoid the risks of burglary or road accidents, weather alerts in case of dangerous weather phenomena so that you take the necessary measures to protect yourself and your property.

Marketing and commercial prospecting operations, statistical studies and reporting:

  • The implementation of customer loyalty actions or competition games,

  • Development of studies and trade statistics

  • The proposal of commercial offers of companies of Société Générale Assurances, for products and services of insurance damage, life and provident similar or complementary to those subscribed, customized according to your needs.

This customization considers your profile in particular the number of contracts held, the frequency and amount of payments made, their nature (provident, life, damage, health, retirement), the composition of your household, the number and nature of any claims and the age of our relationship.

Securing our information system:

We may process your personal data to improve security, avoid or treat any malfunction, security issue or other potentially prohibited activities related to our information system and applications.

  • Intra-group client management, in particular: the grouping of contracts and parts for the same client within the insurance group,

  • Updating customer information.

We collect your consent when:

  • The circumstances of a claim lead us to collect data related to your health or when you have to complete a health questionnaire,

  • We offer you an insurance contract or a service using geolocation data,

  • We would like to send you communications related to commercial prospecting,

  • We acquire, assign, rent or exchange data relating to the identification of our prospects.

Our website www.assurances.societegenerale.com uses cookies and tracers, some of which require your consent. You can access our cookie charter via the following link: www.assurances.societegenerale.com/fr/particulier/footer/cookies/

Depending on the purpose of the processing, your personal data are intended, within the framework of their usual missions and within the limits of their attributions :

  • To our departments in charge of customer/prospect sales management, contracting, management and execution,

  • To our management delegates, insurance intermediaries, partners, agents, subcontractors, service providers, co-controllers,

  • To Data controllers  who are responsible for managing the Data controllers’ insurance contracts under a partnership agreement, including as part of a care network.

They are sent to your broker to improve his knowledge of his clients and thus meet his advisory obligations.

They may also be forwarded, where appropriate :

  • to the insurance institutions of the persons involved or offering supplementary services, co-insurers, reinsurers, professional bodies and guarantee funds,

  • to all persons involved in the contract, such as lawyers, experts, law clerks and departmental officers, curators, tutors, investigators, health professionals, medical consultants and authorized personnel,

  • to social organizations when they intervene in the settlement of claims and benefits for where the data controllers offer additional guarantees to those of the social security schemes,

  • to organizations and associations practising prevention, social action or the management of health and social achievements,

  • to the departments responsible for monitoring.

As persons interested in the contract, information about you may also be transmitted :

  • To all persons interested in the contract (subscribers, insured persons, members and beneficiaries of the contract), and their successors and representatives,

  • To the beneficiaries of an assignment or subrogation of rights relating to the contract,

  • If applicable to those responsible, victims or their successors and their agents, witnesses and third parties interested in the performance of the contract,

  • As persons benefiting from a right of communication, data may be transmitted: to all persons authorised under authorised third parties in particular the courts concerned, arbitrators, mediators, ministries concerned, supervisory and supervisory authorities and any public bodies authorised to receive them,

  • Audit departments such as statutory auditors, auditors and internal audit departments.

  • To the usual managers in charge of the exploitation of the files within the AGIRA and the controllers, as part of the consultation of the RNIPP for the purpose of researching the insured and beneficiaries of deceased life insurance contracts.

The health data that we may need to process are intended to:

  • To our Medical Officer, to his medical department working within a confidential room,

  • To internal or external persons specifically authorised, in particular our subcontractors, delegates or medical experts and, where applicable, our reinsurers,

  • In the context of the execution of contracts, this information may also be used in the fight against fraud by authorised persons.

In the event of termination of the contract, your identity as well as that of any drivers named in the contract, the contract reference, the vehicle information, the characteristics of the claims as well as the reason for termination will be communicated to a professional central file managed by the Association for the Management of Information on the Automobile Risk (Association pour la Gestion des Informations sur le Risque Automobile) : A.G.I.R.A., 1, rue Jules Lefebvre – 75431 Paris Cedex 09. Nous consultons ce fichier lors de toute opération de souscription.

Maintaining your trust is our daily priority. Data may be transferred to countries outside the European Economic Area.

Due to its international dimension and within the framework of its activities, Société Générale Assurances may communicate your data, to the extent necessary for the execution of the tasks entrusted to it, to the legal persons of Société Générale Assurances as well as to its partners and sub-contractors, inside or outside the European Economic Area. These transfers of data made necessary take place under conditions and under guarantees that ensure the protection and security of your personal data.

Under no circumstances is your personal data sold to third parties.

Maintaining your trust is our daily priority. Data may be transferred to countries outside the European Economic Area.

In these cases, the transfers of your data benefit:

  • A precise and demanding framework (standard contractual clauses available at eur-lex.europa.eu/eli/dec_impl/2021/914/oj. We guarantee that each transfer of your data to a third State is ensured by a level of protection equivalent to the law of the European Union. This protection will be provided using standard contractual clauses but also by additional technical and organisational measures if these prove necessary.

  • An adequacy decision.

  • Binding Corporate Rules

Your personal data will be kept for a variable period depending on the purpose of the processing, the services or contracts contracted and the applicable legal obligations, to allow us to establish proof of a right or a contract, particularly in the case of appeals and disputes.

In order to ensure the proper reception and orientation of your request, your data entered in the forms accessible on our website are kept for 30 days from their collection by our service provider.

Unless specified in your special conditions or your application/membership form, your personal data are kept for the duration of the commercial or contractual relationship and until the expiry of the statutory limitation periods as mentioned in particular the insurance code, the civil code, the commercial code, the Consumer Code and the General Tax Code.

You will find below the details of the retention periods of your personal data according to the different purposes

In the absence of an insurance contract:

  • Prospecting management: Data relating to a non-client prospect are kept for 3 years from their collection by the controller or the last contact from the prospect.

  • Quotation/contracts without effect: As part of the fulfilment of pre-contractual obligations, contracts without effect and quotations are kept for a maximum period of 5 years, from the cancellation of the contract or the creation of the quotation.

  • Health data: This data is kept for a maximum period of 5 years from its collection or the last contact with the prospect.

When an insurance contract is concluded :

In general, when a contract is concluded, your personal data are kept for the duration of the contractual relationship to which a limitation period is added. A limitation period is a period of time during which you, as the beneficiary, can claim a right or take legal action.

  1.   Retention Periods for Insurance Companies

  • Any accounting document justifying a payment is kept for a maximum period of 10 years

  • Documents on which the tax authorities' rights of communication, investigation and control may be exercised are kept for a maximum of 6 years (in some cases 10 years) from the date of the last transaction mentioned on the books or records or from the date on which the documents or exhibits were drawn up.

  • The documents and information relating to the customer and the transactions made by them in the context of the fight against money laundering and terrorist financing, a maximum of 5 years shall be retained from the closing of their accounts or from the termination of the relationship or from the execution of transactions

  • Contracts concluded electronically are retained for 10 years from their conclusion.

2.      Retention periods for insurance contracts

Contract Management:

In the context of the search for beneficiaries, data relating to provident, savings and retirement contracts are kept for the period during which the beneficiary’s action is prescribed, that is, 30 years from the death of the insured person.

TYPOLOGY OF CONTRACTS

Public liability coverage:

In case of material loss

10 years from its closure

Public liability coverage:

In case of personal injury

50 years from its closure

Public liability coverage:

In the event of no claim for contracts based on "claims"

12 years from termination of contract (10 years according to the limitation linked to accounting commitments + 2 years prescription of the Insurance Code for the insured against his insurer)

Public liability coverage:

In the event of no claim for contracts based on “harmful facts”

22 years from the termination of the contract (20 years according to the prescription provided by the Civil Code for the action of the victim against the person responsible + 2 years prescription of the Insurance Code for the insured against his insurer)

Damage coverage (excluding special cases)

10 years from the closure of the claim or termination of the contract

Life Insurance – (in case of survival)

10 years from total redemption or termination of the contract

Life Insurance – (in case of death)

30 years from death

Borrower Insurance

10 years from the end of contractual obligations

Additional insurance – Provident

10 years after payment of the benefit or termination of the contract

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Fight against insurance :

The data is deleted within 6 months if the fraud alert is not qualified as relevant. 
In the event of a relevant alert, the data is kept for 5 years from the closure of the fraud file or the date of entry in the file of persons at risk of fraud.  

Customer relationship:

The data relating to the commercial prospection, the proposal of commercial offers adapted to your situation and your profile, and/or that we advise you are kept 3 years, after our last contact with you.

Data relating to the conduct of satisfaction surveys are kept for 2 years from the date of the survey.

If you want to exercise your rights on personal data, please find below the right request forms. Please complete and return to us the corresponding form(s) to:

  • dpo.assurances@socgen.com

  •  SOCIETE GENERALE ASSURANCES / SOGECAP / SOGESSUR / ANTARIUS / ORADEA VIE / MOONSHOT INSURANCE - Délégué à la Protection des données - Tour D2 - 17 Bis Place des Reflets - 92919 PARIS LA DEFENSE CEDEX.

Please clearly indicate the elements allowing us to identify you (number and name of your contract, customer number, claim number or any identity document) so that your request can be processed efficiently.

You have these following rights:

 

Contenu du droit

Mise en œuvre du droit

Right of access

Exercise form

Ability to ask if we have data about you and obtain a copy

Some access requests are only made through the CNIL, in particular for processing carried out in the context of the fight against money laundering and terrorist financing. Futhermore, the right of access request may be refused if it is unfounded or excessive

Right to rectification

If you want to modify your personal data, please contact:

- For SOGECAP, ANTARIUS or ORADEA VIE : Service Relations Clients to the 0 969 362 362 ou 42 boulevard Alexandre Martin 45 057 Orléans Cedex 1

- For SOGESSUR : Service Relations Clients- TSA 91102 - 92894 Nanterre Cedex 9

-For MOONSHOT INSURANCE : Service Relations Clients, Tour D2 - 17 bis place des Reflets 92919 Paris La Défense Cedex

Possibility to request rectification of inaccurate, outdated or incomplete information concerning you in so far as this rectification is relevant to the purpose of the processing in question.

 

Right to erasure

Exercise form

Possibility to request, in some cases, the deletion of your data.

This right to erasure applies only: if the processing of such data is no longer necessary in view of the purposes of the processing / if you have withdrawn your consent / if there is a compelling legitimate reason / if the data is being treated unlawfully / if there is a legal obligation or regulatory.

Right to limitation of the processing of personal data

You have the right to request, in certain cases, the suspension of processing of one or more of your data. This right may accompany the exercise of a right application.

This right may accompany a request for erasure, rectification or opposition. Certain data subject to a limitation may still be processed in special cases (agreement on your part, exercise or defense of right in court, etc.)

Right to Portability

Exercise form

You can have your personal data processed by our organization for your personal use or to transfer it to another organization.

The data concerned are those that you have provided to us as part of the performance of the contract or with your consent and that have been automatically processed.

Withdrawal of consent

You may withdraw your consent at any time in specific cases. Such withdrawal may, however, make it impossible for Société Générale Assurances to supply or perform the product or service requested or subscribed for.

This withdrawal is possible when you have consented to the processing of the personal data you have provided to us and it constitutes the only legal basis for the processing

Right to object

Exercise form

This right allows you to object to processing when it is based on the legal basis of the legitimate interest. You can invoke it for reasons related to your particular situation.

The specific situation of your situation will have to be clearly argued.

If this specific situation is justified, we will no longer be able to process your personal data except in the case of legitimate and compelling reasons, exercise or defense of legal rights.

As regards the exercise of the right to object to telephone recordings, the form is not necessary as you can exercise your right to object at the beginning of the telephone conversation.

The right not to be subject to automated profiling or individual decision-making

Submit a complaint to the DPO mail posted or by sending it to the following address :

Société Générale Assurances, Sogécap / Sogessur / Antarius / Oradéa Vie / Mooshot Insurance / Délégué à la Protection des données - Tour D2 - 17 Bis Place des Reflets - 92919 Paris La Défense Cedex. 

You may be subject to a fully automated decision if:

- we have obtained your consent, which you can withdraw at any time,

- the decision is necessary for the conclusion or execution of a contract,

- the decision is governed by specific legal provisions.

Possibility of requesting the intervention of a counsellor to examine, re-examine your situation, challenge this decision or obtain an explanation of the decision that was taken.

You can object to automated decision-making and profiling only if the processing of your data is based on the performance of a public interest mission or if the processing is based on our legitimate interest.

 

Define guidelines for the processing of your data after your death

You can set guidelines for the retention, erasure and disclosure of your data

 

Lodge a complaint with the CNIL

You also have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07

 

You also have the right to oppose/withdraw consent to the commercial prospecting:

 

Contenu du droit

Mise en œuvre du droit

Right to object to commercial prospection by electronic means (SMS, Mails, etc.)

Exercise form

If you are not a customer, your consent is required prior to any commercial prospecting action by electronic means : you can withdraw your consent at any time without having to justify your request.

If you are a customer and unless you object, Société Générale Assurances may contact you electronically in order to offer you products or services similar to those you have subscribed to.

If you withdraw your consent or exercise your right to object, you will no longer be able to be solicited electronically by Société Générale Assurances.

Société Générale Assurances, as part of its activities, does not carry out commercial prospecting.

As a customer, if you do not wish to receive promotion of similar products  or services, we invite you to oppose them by means of the right of opposition form.

Right to object to commercial prospecting by telephone

Exercise form

You can object without having to justify your request, that your data is used or transmitted to third parties for commercial prospecting purposes by telephone calls

To oppose telephone solicitation, you can also register on the opposition list as described on the site https://www.bloctel.gouv.fr/

or by mail to the following address: Worldline - Service Bloctel
CS 61311 - 41013 Blois Cedex

You will no longer be solicited by telephone by Société Générale Assurances or one of its partners except in case of pre-existing contractual relations and proposal of a complementary product or service