Assuralia takes great care to protect your personal data. With this in mind, Assuralia undertakes to give particular attention to protecting and processing them in a transparent manner and in strict compliance with the relevant legislation. The purpose of this "Privacy Notice" is to provide complete information on the subject by explaining, in particular, how Assuralia collects, uses and retains personal data. The European General Data Protection Regulation of 27 April 2016 (GDPR) applies as of 25 May 2018. This Privacy Notice is based on this regulation.

1. General points

1.1 Scope

This Privacy Notice mainly concerns the processing of personal data of employees working within Assuralia member companies, the people with whom Assuralia and its employees come into contact within the context of its services, missions and activities, people who have visited the websites www.assuralia.be and www.abcassurance.be or have expressed an interest in our services, as well as suppliers.

1.2 Definitions

PERSONAL DATA are any information about an identified or identifiable natural person. They include, for example, a person's name, a photo, a telephone number, an e-mail address, a vehicle registration plate, etc. PROCESSING of personal data covers, among other things, all aspects (automated and non-automated) related to the collection, recording, modification, consultation, retention, adaptation or alteration, retrieval, use, communication, erasure, destruction, etc. of personal data. Assuralia (Professional Union of Insurance Companies), with its registered office located at Square de Meeûs 29, 1000 Brussels, registered with the Crossroads Bank for Enterprises under no. 407.878.367, is the DATA CONTROLLER for the processing that it carries out on its own behalf.

1.3 Data processed

The data processed are personal data that enable you to be identified either directly (e.g. surname, first name), or indirectly (e.g. telephone number, registration plate of your vehicle). As part of its work, Assuralia is required to collect various personal data depending on the context, nature and purpose of the service or project concerned (see point 2). This may include, for example:

  • Identification data: surname, first name, address, etc.
  • Contact information: address, e-mail address, telephone number, etc.
  • Professional data: position held, title, etc.

2. Purposes for which the data are processed

Assuralia processes personal data for various purposes. Assuralia ensures that only the relevant data necessary to achieve each processing purpose are processed. By way of example, Assuralia processes personal data:

  • On grounds of legitimate interest, in order to be able to ensure optimal operation and service. In this case, Assuralia ensures that a proportionate balance is maintained between this legitimate interest and respect for privacy. For example:
    • Knowledge of members and contact persons, with a view to informing them of its activities and services;
    • Protecting its own interests and those of its members,
    • Protection of company property,
    • Monitoring the regularity of operations,
    • establishment, exercise, defence and preservation of the rights of Assuralia or of the persons it represents, for example in the event of disputes,
    • etc.
  • Because it has obtained your consent (e.g. cookies),
  • Within the context of the performance of a contract with Assuralia,
  • To comply with legal or administrative obligations to which it is subject, such as social security or tax obligations, legal claims, official publications (e.g. Belgian Official Gazette).

3. Nature of the personal data processed within Assuralia

Assuralia processes:

  • Contact details: e.g. surname, first name, title, native language, e-mail address, telephone number, job role, etc. For example:
    • If you are an insured party, policyholder and/or driver who comes within the scope of Assuralia's services, agreements and/or activities (e.g. RDR, Crashform, Database of certificates of decennial insurance coverage, Siabis, SIPASS – VERPAIS)
    • If you are an employee working within an Assuralia member company (or subsidiary of an Assuralia member company).
    • If you are a person with whom Assuralia and its employees come into contact in the context of its mission and activities (e.g. minister, member of a cabinet, employees of a public administration, professor, academic personnel, journalist, employee of a professional association, etc.).
    • If you subscribe to a newsletter or register for one of our events.
    • If you are employed by an organisation or a company that has a contractual relationship with Assuralia (supplier, subcontractor, etc.), we will use your data in the context of performing this contractual relationship.
    • When you visit our website, we can store certain information collected by cookies. For more information on this subject, please refer to our cookies statement (www.assuralia.be).
    • When applying for a job vacancy, an unsolicited application, an internship or a student job.
  • Information about your professional areas of interest: e.g. car insurance, health insurance, employment law, taxation, etc.
  • Information about your participation in Assuralia events.
  • Additional information about you obtained from public sources (e.g. websites, Belgian Official Gazette, etc.) for the purpose of improving, completing or keeping your personal data up-to-date.
  • Video surveillance images (within the Maison de l'Assurance scrl building).

4. Types of processing carried out

Assuralia carries out the following processing on a daily basis:

  • If you are an insured party, policyholder and/or driver who comes within the scope of Assuralia's services, agreements and/or activities: Your contact details and information relating to insurance cover (including claims) are processed as part of specific services such as:
    • RDR: direct settlement compensation fund, the purpose of which is to speed up payment of compensation for the victims of road accidents (material damage),
    • Crashform: a mobile app version of the European Accident Statement form,
    • Decennial liability (law of 1 July 2018): database of certificates of decennial insurance coverage for parties active in the construction sector,
    • Siabis: central database of vehicles with roadside assistance cover for use by the federal police coordination centres and the Walloon traffic control centre,
    • SIPASS - VERPAIS: management and exchange platform between insurance companies and police prosecutors for requests and information relating to the consultation of road-traffic-related criminal investigation files,
    • Agreements: arbitration role within application commissions regarding disputes between companies that have signed an Assuralia agreement.
  • If you are an employee working within an Assuralia member company (or a subsidiary of an Assuralia member company).
    Your contact details are processed because you are a contact person for Assuralia. Your data are processed within the context of your organisation or company's participation in Assuralia's work and the organisation of member services such as, for example, communication, sending invitations to meetings of commissions and working groups, etc.
    Your contact details are also used to inform you about Assuralia's activities, about topical economic, legal and general insurance subjects relevant to companies or events organised within the context of Assuralia's work.
  • If you are a person with whom Assuralia and its employees come into contact within the context of its mission and activities. Your contact details are processed within the context of Assuralia's mission to represent the interests of insurance companies.
  • If you subscribe to a newsletter or if you register for one of our events. Your contact details are processed in order to manage your registration within the context of the transmission of information (or documentation) and satisfaction surveys.
  • If you register for one of our events. Your contact details are processed:
    • For general customer management: including accounting, dispute management and legal proceedings, debt collection or transfer and, generally, protection of Assuralia's rights.
    • To provide each participant with a simplified list of participants with the participants' surnames, first names and organisation.
    • To inform you about other Assuralia activities or events, or political, economic and legal news relevant to companies.
  • If you are employed by an organisation or a company that has a contractual relationship with Assuralia. Your contact details are processed for:
    • Monitoring the service, order, etc. and for following up any comment or complaint in this context.
    • General customer and supplier management, including accounting treatment, dispute management and legal proceedings, debt collection or transfer and, generally, protection of Assuralia's rights.
  • If you visit our website.
    Your contact information is used to improve your browsing experience and to create anonymous statistics concerning the quality of the website.
  • In certain cases, Assuralia is legally obliged to process and/or share your personal data with competent authorities or official bodies.
  • Video surveillance: recorded images are used to ensure the security of the building, prevent theft and damage and, generally, to protect the integrity of facilities.

5. Transfer of data

In order to protect your data, the persons authorised to access such data are carefully determined in accordance with their responsibilities or activities within the Professional Union. Your contact information will never be transmitted to third parties without your consent. In certain cases, Assuralia may transfer your personal data to third parties, for example to competent authorities or bodies determined by law within the context of legal or regulatory obligations (e.g. publication in the annexes to the Belgian Official Gazette of the appointment of directors).

6. Data retention period

Assuralia only processes your personal data for as long as necessary to achieve the purposes for which they are processed. After this purpose has been achieved, these data are deleted. This means that the data processed are retained for the entire duration of the professional relationship, mission or mandate with Assuralia, extended by any other retention period that may be imposed by any applicable legislation or regulations.

7. Data protection

Access to your personal data is only granted to persons for whom such data are required for the performance of their responsibilities within the Professional Union. Any such persons are bound by an obligation of strict confidentiality and are required to comply with all the technical and organisational requirements provided to ensure data security. Assuralia has put in place technical measures to guarantee the security and integrity of its infrastructure (in the broadest sense) in order among other things to ensure the protection of your personal data.

8. Rights

You have the right to request information, by dated and signed letter, on the personal data that we retain about you. If you exercise this right, Assuralia will reply to you within a period of one month. This period may, where necessary, be extended by two months. Where necessary, Assuralia will inform you of any such extension and the reasons for it within a period of one month.

Each request must be accompanied by proof of your identity (copy of the front and back of your identity card).

8.1 Right of access

You have the right to obtain confirmation that your personal data are being processed and, where applicable, to access the said personal data as well as the following information:

  • The purposes for which we are processing the data,
  • The categories of data being processed,
  • The categories of recipients to which the data are communicated,
  • The retention period for such data,
  • Information regarding the rights that you can exercise (rectification, erasure, etc.) or the possibility of lodging a complaint with the Belgian Data Protection Authority.
  • The source of the data being processed.

8.2 Right to rectification

If you discover that, despite all our efforts, your data are inaccurate or incomplete, you can ask for them to be rectified, corrected or updated. The data will be altered only after all security measures have been taken: verification of your identity and the accuracy of the corrections requested.

8.3 Right to erasure

In certain specific cases, the legislation allows you to request the deletion of your personal data. This is particularly the case when:

  • Such data are no longer necessary for the purposes for which we collected them,
  • The processing of your data is based exclusively on your consent and you decide to withdraw such consent,
  • You have objected to the processing of your data and there are no legitimate grounds on our part that override yours,

    However, your right to be forgotten is not absolute. We may continue to retain your data when such retention is necessary, among other things for:

  • Compliance with a legal obligation,
  • The performance of our contractual obligations
  • The establishment, exercise or defence of legal rights.

8.4 Right to restriction of processing

In certain specific cases, you can request the restriction of processing of your personal data.

This is particularly the case when:

  • You contest the accuracy of any personal data, for a period enabling us to verify their accuracy, and,
  • Although your data are no longer necessary to achieve the purposes of the processing, you need such data to establish, exercise or defend your legal rights.

The restriction of processing will be terminated in the following circumstances:

  • You consent to the ending of such restriction,
  • The processing of your data is necessary for the establishment, exercise or defence of legal rights,
  • The processing is necessary to protect the rights of another natural or legal person,
  • The processing is necessary on the grounds of public interest.

8.5 Right to portability

Finally, in certain cases, you have the right to have the personal data that you have provided to us transmitted to you or transmitted directly by Assuralia to another data controller, provided that this is technically possible. This right is applicable when the processing is based on your consent or is carried out in the context of the performance of a contract that binds you and Assuralia.

9. Contact

You may exercise your rights by contacting us via the following methods:

Post

Assuralia
Request for personal information (confidential) Square de Meeûs 29
1000 Brussels

Email address privacy@assuralia.be

Assuralia will process requests within the deadlines provided for in the regulations. You will also find additional information on the website of the Belgian Data Protection Authority at https://www.dataprotectionauthority.be/ to which Authority you may, if required, also file a complaint.

10. Modification

Assuralia reserves the right to modify this Privacy Notice at any time, in accordance with the General Data Protection Regulation. Any modification of this Privacy Notice will be specifically notified via the website the websites www.assuralia.be and www.abcassurance.be, by means of a dedicated tab.