PRIVACY POLICY

Our commitments 

Group entities are committed to complying with current regulations on the protection of personal data. They guarantee that the use of such data complies with legal and regulatory requirements, and respects the rights of the persons concerned. 

The brand’s entities have appointed a Data Protection Delegate, formerly known as Correspondant Informatique et Libertés (CIL) since 2012, to ensure compliance with requirements and coordinate the actions of the various entities in terms of data protection. 

Trained and certified specifically in data protection and the application of the General Data Protection Regulation (EU) 2016/679 of 27/04/2016, known as the “RGPD”, the Data Protection Officer is declared to the European supervisory authorities, for whom he is the main contact. 

All Group Entities, whatever their roles and responsibilities in processing (Data Controller or Subcontractor), undertake to collect (directly or indirectly) and process personal data lawfully, on the legal basis provided by the regulations: 

  • For precise purposes (explicit, legitimate and specific purposes) made known to the persons concerned, 
  • In a fair and transparent manner; no data is collected without the knowledge of the persons concerned, 
  • Strictly limited to what is necessary for the purpose of collection (minimization), 
  • By implementing technical and physical means to guarantee data confidentiality and security, 
  • By keeping data only for as long as is necessary to achieve the purposes for which it was collected and processed. However, these periods may be extended in order to comply with legal obligations and applicable limitation periods, depending on the type of processing. 

Group entities ensure that data is processed with the utmost security and confidentiality. 

Right from the design stage, they deploy all human, material, logical and physical resources to ensure a high level of security. These measures are adapted according to the sensitivity of the data processed and the level of risk presented by the processing or its implementation. 

Group entities undertake never to market the personal data processed, whatever the context or purpose of the processing. 

Use of personal data 

Data is kept for as long as is necessary to achieve the purposes for which it was collected and processed. However, these periods may be extended in order to comply with legal obligations and applicable time limits, depending on the type of processing. 

Data is processed mainly for the purposes listed below: 

  • Delegation of the management of insurance activities 
  • Health services 
  • Digital trust services 
  • Digital finance services 

Control of data transfers 

Group entities only transfer personal data to duly authorized recipients, in compliance with current regulations. They contractually require all subcontractors to offer the same level of security and regulatory compliance. 

If personal data is transferred outside the European Union, Group entities undertake to do so in accordance with current regulations, and within the framework of standard contractual clauses approved by the European Commission to guarantee data protection.

Individual rights 

In accordance with Act no. 78-17 of January 6, 1978, as amended, on Data Processing, Data Files and Individual Liberties, as amended, and the General Data Protection Regulation (EU) 2016/679, of April 27, 2016, the “GDPR”, persons affected by the processing of personal data may exercise their rights (right of access, rectification, modification, deletion or portability of personal data) at any time, by providing proof of their identity. They may also, for legitimate reasons, object in whole or in part to any processing of their data, or withdraw consent previously given.

Requests to exercise these rights should be addressed to our Data Protection Officer by e-mail at dpo@be-ys.com. 

These requests are received by the Data Protection Officer himself in order to guarantee the confidentiality of the exchanges. The processing processes are therefore initiated and managed by the Data Protection Officer in order to respect the legal deadlines for responding to requests to exercise rights.

If the exchanges have not been satisfactory with the Group Entities, the person concerned has the possibility of submitting a complaint to the Commission Nationale de l’Informatique et des Libertés (CNIL), the supervisory authority responsible for compliance with the obligations regarding personal data in France, or with any other supervisory authority of another EU member country.

This personal data protection policy may be modified and updated at any time.

Ce site web utilise des cookies pour vous garantir la meilleure expérience possible sur notre site web.