Protection of personal data

• ​​​When you visit our website or use our applications
  SOGELIFE collects cookies (small files stored on your computer), which are used in particular to record your visits and to obtain website audience statistics, particularly relating to the pages visited.
  For more information, please see our Cookies Policy by clicking here.

• During our contractual relationship
  During our contractual relationship, SOGELIFE collects several categories of personal data about you. In particular, this includes data relating to:
  - your identification: surname(s), first name(s), date, place and country of birth, nationality, language, and where applicable, a copy of the identity card or other official identification document,
  - your contact details: telephone number, email address, permanent residence address, correspondence address,
  - the policies you have taken out, their management and execution,
  - your claim management,
  - your economic, asset and financial situation: bank details (IBAN/BIC), movable and real estate assets (breakdown and origin), breakdown of income, origin of funds,
  - your professional situation: professional status, field of activity, profession, name of employer,
  - your family situation,
  - your tax situation: country of tax residence, FATCA/CRS declaration, tax identification number (TIN),
  - your products held at SOGELIFE: products held and used, client identification number, insured party, policy, claim file, duration, amounts, data relating to means of payment or transactions such as the transaction number, the details of the transaction relating to the product taken out,
  - our exchanges and communications with you: paper or electronic mail, choice of language of communication,
  - the fight against fraud: location and connection data, data from web pages open to the public, inconsistency and reports that may reveal fraud, data relating to investigations, examination of the case and assessment of the scope of the fraud, identification data of persons involved in the detection and management of fraud.
  
  Based on this data, we generate others, including internal ID numbers, scores and segmentations.
  
  Certain categories of data described above may relate to the purposes for which they are used for policyholders, insured parties, policy beneficiaries, and, where applicable, their successors and representatives.

Your personal data is obtained mainly from:

• you:
  - when you fill in them on application or offer forms, etc.
  - during telephone calls, emails, interviews and other communications, etc.

• our distributors and other insurance intermediaries,

• the policyholder of the policy,

• our service providers and subcontractors,

• the software applications that we make available to you and the cookies and other tracers that we notify you of when they are collected.

SOGELIFE processes your personal data in order to achieve the various purposes described below, depending on the legal basis that allows us to use them.

• For the performance and management of your policy or pre-contractual measures taken at your request, we use your data to:
  - identify you, the insured parties and the beneficiaries,
  - study your specific needs in order to offer you appropriate policies,
  - carry out any operation necessary in the policy subscription process (review, acceptance, pricing, risk monitoring),
  - execute and manage policies, including claims management and payment of benefits,
  - carry out actuarial studies,
  - respond to your requests and assist you with your procedures.

• To meet the legal and regulatory obligations to which SOGELIFE is subject, we use your data to:
  - combat money laundering and the financing of terrorism,
  - apply national or international sanctions, including the freezing of assets and embargoes,
  - submit mandatory declarations to the competent authorities and public administrations,
  - respond to requests from competent authorities, administrations and courts,
  - search for beneficiaries to help deal with unclaimed insurance policies,
  - comply with our accounting and tax obligations,
  - assess the appropriateness of the products marketed by SOGELIFE and their suitability for each client's profile, in accordance with the European Insurance Distribution Directive (IDD),
  - combat corruption,
  - comply with our obligations related to corporate social responsibility (CSR),
  - manage requests related to the exercise of GDPR rights.

• For our legitimate interest, we may process your data in connection with:
  - the fight against fraud,
  - the management of appeals, claims and disputes,
  - the management of the security of our IT system and our websites in order to ensure business continuity,
  - the management and improvement of the commercial relationship (through opinion and satisfaction surveys in particular),
  - statistical studies.

The personal data collected are not used for commercial prospecting purposes and are not sold to third parties.

SOGELIFE is bound by professional secrecy and may only share your personal data under strict conditions or with your consent.  

Subject to the terms and conditions set out in Article 300 of the law of 7 December 2015 on the insurance sector concerning professional secrecy with regard to insurance, and depending on the purpose of the processing, your personal data may be communicated, within the framework of their usual duties and within the limits of their duties to our partners, agents, service providers and subcontractors, your bank, particularly in the event of transfers of funds in relation to a surrender or when your policy is pledged to your bank as a credit guarantee, other entities of the Societe Generale Group (for example, for consolidated risk management, particularly in relation to combating money laundering and terrorist financing), as well as your broker or contributor who acted as an intermediary when you took out your policy with SOGELIFE, in order to improve knowledge of its clients and meet its advisory obligations.

They may also be passed on, if necessary, to our reinsurers as well as to any person involved in the policy, such as experts, court assistants and ministerial officers, curators and guardians, as well as to certain regulated professionals such as lawyers, notaries or auditors.

Your personal data may also be passed on, if necessary, to persons concerned by the policy (subscriber, insured party, member and beneficiary of the policy) and their successors and representatives, to persons authorised as Authorised Third Parties, in particular the courts, arbitrators, mediators, ministries concerned, supervisory and control authorities and any public bodies authorised to receive them, as well as to control departments such as auditors and departments responsible for internal control.

Specific case of data transfers to data aggregation service providers: 
Some brokers or providers now use data aggregation service providers (hereinafter “aggregators”) to centralise data relating to a client's various contracts and ask SOGELIFE to transfer your data directly to these service providers. Please find below an up-to-date table of the aggregators used by the brokers distributing our contracts:

These aggregators act in the name and on behalf of brokers who use their services, not for SOGELIFE. Please contact your broker to find out if they use one of these aggregators. 
 

Societe Generale, to which SOGELIFE belongs, is an international group. As such, certain data may be transferred to Group entities, service providers located outside the European Economic Area.

In these cases, transfers of your data are subject to a precise and demanding framework, ensuring an adequate level of protection:

• Standard contractual clauses, accessible here.

We guarantee that every transfer of your data to a third country is governed by a level of protection equivalent to European Union law. This protection will be put in place through the use of standard contractual clauses but also by additional technical and organisational measures should these prove necessary,

• An adequacy decision from the European Commission,

• Binding Corporate Rules.

Your personal data are stored only for the time necessary to achieve the purpose for which we process these data and to comply with our legal and regulatory obligations.

Please find below the details of the retention periods of your personal data according to the different purposes for which they were collected:

SOGELIFE protects your personal data by implementing all the technical and organisational measures necessary to guarantee their confidentiality, integrity and availability, in order to protect them against accidental or unlawful destruction, loss, alteration or unauthorised disclosure.

The necessary transfers of personal data shall take place under conditions and under guarantees aimed at ensuring the confidentiality and security of such data.

You have the following rights:

• Right of access: you have the right to obtain confirmation that personal data concerning you are or are not being processed and, where they are, you have access to such personal data. You have the right to obtain a copy of the personal data processed;

• Right to rectification: you have the right to have inaccurate personal data about you rectified. Given the processing purposes, you have the right to have incomplete personal data completed, including by providing a supplementary declaration;

• Right to erasure: you have the right to have your personal data erased, under the conditions laid down by the regulations;

• Right to limit processing: you have the right to limit the use of your personal data, under the conditions laid down by the regulations;

• Right to object: you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating thereto based on legitimate interests, including profiling.

• When your personal data are processed for canvassing purposes, you have the right to object at any time to the processing of personal data about you for such purposes. In this case, your personal data will no longer be processed for these purposes;

• Right to data portability: you have the right to receive the personal data about you that you have provided to us, in a structured, commonly used and machine-readable format, and have the right to pass this data onto another controller without our interference, where:
  - processing is based on consent or on a contract, and
  - processing is carried out using automated processes;

• Right to withdraw your consent at any time: this withdrawal does not compromise the lawfulness of the processing based on the consent provided prior to this withdrawal;

• Right to lodge a complaint with the National Commission for Data Protection - CNPD (Commission Nationale pour la Protection des Données, 15 Boulevard du Jazz, L-4370 Belvaux - https://cnpd.public.lu).

Your rights may be exercised by providing proof of your identity:

By post to SOGELIFE, Data Protection Officer, 11 Avenue Emile Reuter, L-2420 Luxembourg, or
by electronic means by sending your signed request to lu.sogelife-dpo@socgen.com.

In order to enable us to process your request efficiently, please clearly state the right you wish to exercise, as well as the details that will enable us to identify you with certainty (your policy number, client number, claim number), or provide us with a copy of your valid identity document.