This general privacy notice (hereinafter, "the Privacy Notice") aims to inform you how we collect, use and store your personal data. The contractual terms applicable between us remain unchanged.
- 1. Identity and contact details of the controller
AlliA Insurance Brokers (hereinafter "AlliA Insurance Brokers", "we" or "us") attaches great importance to your privacy and considers it important that your personal data is always treated with due care and confidentiality.
AlliA Insurance Brokers comprises the following companies:
- AlliA Insurance Brokers NV headquartered in Kwadestraat 157 bus 51, 8800 Roeselare, Belgium and registered Crossroads Bank for Enterprises (VAT) nr. BE0508.449.056;
- AlliA Insurance Services NV headquartered in Kwadestraat 157 bus 58, 8800 Roeselare, Belgium and registered Crossroads Bank for Enterprises (VAT) nr. BE0654.949.245
- Brokers Star NV headquartered in Kwadestraat 157 bus 70, 8800 Roeselare, Belgium and registered Crossroads Bank for Enterprises (VAT) nr BE 0823.340.354
- AlliA Insurance Brokers Luxembourg SA headquartered in 1 Rue de la Poudrerie, 3364 Leudelange, Grand Duchy of Luxemburg and registered RCS nr. B41435 VAT nr. LU 174 11633
AlliA Insurance Brokers always acts as the data controller for the personal data that it processes itself or whose processing it outsources to third parties as client. Even in the context of any cooperation with other controllers, AlliA Insurance Brokers retains its qualification as a controller and does not act as its processor.
For further questions or comments regarding the way we handle your personal data, you can always contact us, either by e-mail to email@example.com for Belgium and firstname.lastname@example.org for the Grand Duchy of Luxembourg or by post to any of the aforementioned postal addresses.
- 2. What is the scope of this Privacy Statement?
A. What does 'processing of personal data' mean
Personal data is any information about an identified or identifiable natural person. It can be, for example, a person's name, a photograph, a phone number, a code, a password, a contract number, an e-mail address.
Involving personal data. Processing includes, inter alia, all aspects related to the collection, recording, organization, structuring, storage, updating or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction of that data.
B. For whom is the Privacy Statement intended?
Our Privacy Statement is intended for all natural persons, both policyholders (including prospective or prospective policyholders) and insured persons, beneficiaries or third parties (for example: aggrieved parties, witnesses, experts, insurance intermediaries, ...) as well as website visitors, contacts at business partners, prospective employees or any other persons with whom we come into contact. In contrast, this Privacy Statement is not intended for legal entities.
C. What data does this Privacy Statement cover?
Below we clarify what data we may process from you. Depending on the specific situation, your preferences and the way you contact us, we do not process all the data below about you.
Of all our contacts, we may process the data below:
- Electronic identification and usage data (eg. IP adres, browsertype, location information);
- Identification data (e.g. copy of your identity card in the context of a GDPR request);
- Contact details (e.g. name, first name, address, e-mail address, telephone, etc.);
- Contact history (e.g. e-mail messages, messages sent via web forms, etc.);
- Camera images (e.g. when you are filmed by our surveillance cameras in and around our buildings).
Within the scope of our main activity, we may additionally process the following data for the provision of our services and related advice. Depending on your capacity as policyholder, insured, beneficiary or third party as well as the specific insurance policy involved, we may process the following data about you.
- Identification data (e.g. national register number for the purpose of legally required identity verification when taking out insurance);
- Contact details and history;
- Contractual data (e.g. scheduled appointments, signed client sheet/agreement, etc.);
- Personal details (e.g. nationality, date of birth, gender, country of legal residence, etc.);
- Payment and billing details (e.g. bank, account number, payment card and transaction details, etc.);
- Account and usage data (especially for accessing our e-platform);
- All relevant data with a view to providing a proposal for the desired insurance and necessary to accurately determine the probability of the insured risk occurring and the premium as also further explained on the relevant customer information sheets, e.g. :
- Global financial overview (e.g. your properties, ...);
- Profession (e.g. position held, education,...);
- Living habits;
- Habits regarding the use of goods and services;
- Hobbies and interests;
- Family composition (e.g. marital status, number of children, etc.);
- Property features;
- Image and sound recordings.
- In certain cases, also relevant special and criminal personal data (see below).
From our (contact persons at) business partners, including members of our network, insurance companies we cooperate with and suppliers, we may additionally process the data below:
- Contact information and history;
- Contractual data (e.g. company name, address, VAT number, agreement, etc.);
- Payment and billing data (e.g. payment card details, invoices, etc.);
- Feedback, testimonials and promotional content such as photos and videos related to our collaboration.
In addition, we may process the following data on candidate employees. Of course, this will largely depend on what data you yourself wish to provide us with in relation to your application.
- Contact details and history;
- Personal details (e.g. age, gender, date of birth, etc.);
- Work-related data (e.g. CV, training courses, certificates, language skills, etc.);
- Personality data (e.g. cover letter, hobbies, social activities, etc.);
- Foto’s (bv. foto op CV).
Special categories of personal data
As part of our main activity, we may process special categories of personal data. In practice, we may need to process your health data for, for example: the correct management of insurance contracts relating to your health (life or hospitalisation insurance, Guaranteed Income, etc.), the management of your medical file and the management of a claim involving physical damage. You can count on us to treat this data with particular care. This data will only be processed with your prior express consent and for the purposes for which you will have given that consent. Furthermore, access to such data is limited to those persons who need it to perform their tasks for the purpose for which consent was given. Under no circumstances will we use your data from the special categories for prospecting purposes.
Data on criminal convictions and offences
We also treat this data with particular care. They are processed only insofar as a law providing appropriate safeguards allows us to do so. Under no circumstances do we use this data for prospecting purposes.
- 3. From whom and how do we obtain your personal data?
We have also obtained most of the data we process from you directly (e.g. when you visit our website or contact us, when we have contact with you as our service provider or business partner, when you use our services and products as a customer; when you fill in the forms and contracts we submit to you; when you declare a claim or request personal assistance; when you declare a hospitalization; etc.).
Within the scope of our services, we may also indirectly obtain data about you from external or public sources. For example, through employers who take out insurance policies for their employees or when your data is published or communicated by other authorized third parties (persons you have specially authorized, the Belgian Official Gazette, your insurer or professional data suppliers).
In cases where you yourself provide personal data that relates not only to yourself, but also to one or more of your relations (for example: your children, your partner, the beneficiary of a life insurance policy, your employees, etc.) or to a person involved in a claim (for example: a witness, the victim, etc.), you should inform them.
- 4. On what basis and for what purposes may your data be processed
We process your data for various purposes
We process your data for the purposes described below and do not collect and process more and no other types of data than those required for these purposes.
We process data for the optimisation of our website; statistical purposes and market research; to keep our services user-friendly; answering your contact query; considering your application.
our main activity (e.g. within the framework of contract performance or in order to take pre-contractual measures at your request, such as an analysis regarding the appropriateness of concluding an insurance contract and/or the conditions to be attached to the conclusion of an insurance contract; the conclusion, management and performance of insurance contracts, including customer relationship management and claims management); to communicate with you about our services or cooperation; to inform you about our policies, general terms and conditions of use; to develop and manage relationships with our potential and existing contacts and (business) partners.
We might process data for sending marketing communications by e-mail or post; for sending newsletters; or to record your registration to any of the events organized by us such as information sessions and for sending advertisements and promotions.
Legal or regulatory purposes
We process data for legal reasons and procedures; to comply with legislation and government orders (e.g. prevention of money laundering, application of MiFID legislation, combating tax fraud); or to comply with our internal and external audit requirements, information security or to protect or enforce our rights, privacy, security or property or those of other persons.
Images obtained from our surveillance cameras in and around our buildings are stored only for the purpose of ensuring the safety of goods and people and to prevent abuse, fraud and other breaches that our customers and ourselves might fall victim to.
B. We process your data lawfully
We only process your data to the extent based on one of the processing grounds listed in the GDPR, as shown below.
Certain data are processed by us to comply with legal or regulatory obligations incumbent on us. Such as in the context of our activities as an insurance broker authorized by the competent authorities, our tax and accounting obligations, or our data protection obligations.
Necessary for the formation/performance of a contract
Certain data are processed by us because it is necessary for entering into, performing or terminating a contract with you as a data subject. For contacting, scheduling, responding to a request or requesting information within the framework of entering into a contractual relationship, as well as the effective performance of the contractual assignment within the framework of our main activity, in order to provide you with our services (in particular guidance and mediation on taking out insurance; providing advice on insurance products; making our tools available) or receive them from you.
Certain data are processed by us based on our legitimate interests which in specific cases outweigh any possible prejudice to your rights. To promote our activities towards existing customers and in business contacts; to improve the quality of our services; to preserve and use evidence in the context of liability, proceedings or disputes and for archiving purposes; and to ensure security, both online on this website and in our premises.
Certain data is processed by us based on your consent. For promoting activities to potential new contacts where required; using certain analytical or marketing cookies; posting photos or other publications containing personal data on our website and social media channels. Data from job applicants after the recruitment process will only be retained subject to consent.
In cases where we need to process special and/or criminal personal data in order to provide our services, we will rely on your explicit consent for this when the law does not provide a specific basis for this. To this end, a clause expressly requesting your consent will be inserted in the contractual documents or standard forms such as the customer form. We may also process these data if the processing is necessary for the establishment, exercise or defense of a right in court.
- 5. How do we protect your data
Access to your personal data is allowed only to those persons who need it to perform their duties. They must observe strict confidentiality and comply with all technical and organizational rules for ensuring the confidentiality of personal data. We have provided technical resources and specialized teams dedicated primarily to the protection of your personal data. In this way, we aim to prevent unauthorized persons from accessing, processing, modifying or destroying data. Our Internet sites may sometimes contain links to third-party sites whose conditions of use fall neither within the scope of this Privacy Statement nor within our responsibility. We therefore recommend that you read their privacy statement carefully to find out how they protect your privacy.
- 6. Who has access to your data and to whom are they disclosed
To protect your privacy, the persons who will have access to your data will be carefully selected on the basis of their duties. Such data will, where appropriate, be able to be communicated to insurance companies, their representatives, their contact points abroad, the reinsurance companies involved, claims settlement offices, an expert, a lawyer, a technical adviser, another insurance intermediary or a processor. For example, we provide your insurer with data so that they can provide you with the insurance quote you have requested. We use external service providers, for example, to support our operational purposes such as managing our websites and IT systems (IT service providers), sending mail (postal companies, transport and delivery companies), receiving or executing payments (payment service providers).
We also communicate your data to other persons or bodies if we are contractually or legally obliged to do so, if a legitimate interest so warrants or if this is necessary to achieve the above-mentioned purposes. In this case, we ensure that:
- these persons have only the data which we are contractually or legally obliged to communicate or which is provided on the basis of a legitimate interest justifying the data transfer; and
- these persons have undertaken vis-à-vis us to process these data in a secure and confidential manner and to use them only for the purpose for which these data were provided to them.
B. No data transfer for commercial use
We do not share your data with third parties for commercial use.
C. Data transfers outside the European Economic Area (EEA)
We aim to process the data we process as much as possible within the European Economic Area (EEA). If, when using specific services or software tools, your data is processed outside the European Economic Area (EEA), it will only be processed in/to countries that the European Commission has confirmed as providing an adequate level of protection for your data, or measures will be taken to ensure the lawful processing of your data in these third countries.
- 7. What are your rights and how can you exercise them?
You have various rights in relation to the data we process about you, as listed below.
You may exercise your rights by contacting us using the contact details provided at the top of this Privacy Notice, subject to enclosing a copy of the front of your identity card or other document that identifies you. The copy will only be used to identify you in accordance with the GDPR.
- A. Right of inspection
You have the right to access your data and obtain a copy thereof. This right also includes the possibility of requesting further information on the processing of your data, including on the categories of data processed about you and for what purposes.
- B. Right of rectification
If you find that, despite all our efforts, your data is incorrect or incomplete, you can ask us to rectify it.
- C. Right to data erasure ('right to oblivion')
In well-defined cases, legislation gives you the option to have your personal data erased. However, we will not always be able to comply with such a request, including when we still need the data in function of an ongoing contract, or when keeping certain of your data for a certain period of time is required by law.
- D. Right to restriction of processing
You have the right to restrict the processing of your data. In this way, the processing is temporarily stopped until, for example, there is certainty about its accuracy.
- E. Right of transferability
You have the right to obtain in electronic form your data that you yourself have provided to us with your consent or in execution of a contract. That way, they can be easily transferred to another organization. You also have the right to request us to transfer your data directly to another organization, if this is technically possible.
- F. Right of objection
Where the processing of your personal data is based on a legitimate or public interest on our side, you have the right to object to it at any time for reasons relating to your particular situation. However, your request will not be taken into account if our legitimate interest outweighs yours or if the processing of your data remains necessary to establish, exercise or substantiate a legal claim.
In the context of prospecting
You can always object, free of charge, to the processing of your personal data for prospecting or marketing purposes. We provide you with offers and proposals because we think they are of real interest to you. However, if you wish that we no longer contact you in connection with information, advertising or proposals, products and services, and/or that we use your data for profiling in the context of prospecting, you can easily inform us of this.
- G. Right to withdraw your consent?
If the processing is based on your consent (see above), you have the right to withdraw this consent at any time free of charge by contacting us. If there is no other legal basis to process the personal data when your consent is withdrawn, we will delete this personal data. However, the withdrawal of your consent will not affect the lawfulness of the processing before its withdrawal.
- H. Right to complain to your supervisory authority
If you believe that the processing of your personal data violates privacy legislation, you also have the right to lodge a complaint with the competent supervisory authority, which has the following contact details:
+32 (0)2 274 48 00
+32 (0)2 274 48 35
15, Boulevard du Jazz L-4370 Belvaux
Grand-Duché de Luxembourg
(+352) 26 10 60 -1
11. How long do we keep your data?
We do not retain your data for longer than necessary for the purpose for which the data was collected or is processed. Since the period for which data can be kept depends on the purposes for which the data was collected, the storage period may vary in each situation. Sometimes specific legislation will require us to keep the data for a certain period of time. Our retention periods are always based on legal requirements and a balancing of your rights and expectations with what is useful and necessary to fulfil the purposes. At the end of the retention period, your data will be deleted or anonymized.
12. How do you stay informed of changes to this Privacy Statement?
We reserve the right to change this Privacy Statement. The most recent version will be available on our websites at all times. The date on which this Privacy Statement was last amended is always indicated. In case of a substantial change to the Privacy Statement, we will directly inform the data subjects on whom it may have an impact, if possible.