Data Protection

CNP Assurances pays the greatest attention to the protection of your personal data and informs you of this in this space. Here you will find: :

Additional information may be provided to you when you purchase an insurance product or service and, for applicants, when you apply for a job with us.

What is a personal data?

Personal data is any information relating to an identified or identifiable physical person, directly or indirectly, in particular by means of an identification number or one or more elements that are specific to that person.

In the field of insurance, the identification of a person by his or her surname, first name, date of birth and the use of information associated with him or her, such as the insurance contract number, property data, profession and even more so his or her health data, are personal data. This information is that of each insured as well as that of his or her family (for example, for a health contract) or third parties (for example, designated beneficiaries who are not related to the insured).

What data do we collect and process?

We only collect and use personal data that is necessary, appropriate and relevant to our business. Unless required by law, we do not process personal data relating to your racial or ethnic origin, your religious or philosophical beliefs, your trade union membership, your genetic data, your sex life or sexual orientation.

In order to offer you adapted and personalized products, to manage your contract and to meet our legal and regulatory obligations, we may collect different categories of personal data from you, as well as when you apply for a job in our company.

Personal data may include the following:

  • Identification and contact information (last name, first name, place and date of birth, ID card number, passport number, gender, age or signature) ;
  • Contact information (postal and e-mail address, telephone number) ;
  • Identification and authentication data, especially when using online services (technical logs, computer traces, data on the security and use of the terminal, IP address) ;
  • Tax status (tax number, country of residence) ;
  • Family status (marital status, marital regime, number of children) ;
  • Employment information (level of education, job, name of employer, salary) ;
  • Banking information (bank details) ;
  • Data relating to your assets and your profession or socio-professional category (to determine your investor profile for the financial supports of the life insurance contracts or to satisfy our obligations of knowledge of the customer within the framework of the fight against fraud and money laundering) ;
  • Data related to the use of the insurance contracts taken out (premium, surrender, benefits) ;
  • Data relating to interactions with our advisors (meeting minutes), on our websites, our applications, emails.

We may also collect specific data, also known as "sensitive data", such as health data, for example, in the context of company or public employee provident contracts, and subject to having obtained your specific and explicit consent, for the conclusion and execution of certain loan insurance, accident insurance and funeral contracts.

The data we use may be collected directly from you or obtained from third parties in order to verify or enrich our databases, including: /p>

  • Personal data from databases made available by official authorities (e.g. Official Gazette);
  • Public bodies and authorities responsible for enforcing regulations ;
  • Websites containing publicly available information.

In certain circumstances, we may collect and use personal data about individuals with whom we have or may have a relationship, such as:

  • Non-customers (for example, prospects) ;
  • When your employer takes out a group policy to insure its employees and provides you and your family (spouse, children) with contact information ;
  • The beneficiary(ies) of the life insurance policy you have taken out ;
  • The legal representative(s), corporate officer(s) and authorized person(s) of a legal entity that has taken out a group insurance contract ;
  • Beneficial owners ;
  • CNP Assurances shareholders ;
  • The representative(s) of a service provider or supplier, healthcare professionals, healthcare networks ;
  • Staff members of our service providers and business partners ;
  • Third parties, for example, data from the Registre du Commerce et des Sociétés ;
  • Representatives, individuals, of our insurance intermediary partners ;
  • Companies providing marketing lists in accordance with the regulations ;
  • As part of your application for a job with our company.

Why does CNP Assurances collect and process your personal data?

Your personal data is used only for explicit, legitimate and specific purposes relating to the insurance or service operation concerning you or for the examination of your application for a job in our company. Your personal data is collected and processed to:

  • Fulfill the requirements of our pre-contractual, contractual and commercial relationship (examination of the insurance application, management and performance of the contract) and provide you with information on insurance contracts and services at your request; process your application for employment with our company.
  • To obtain your consent, for example, in the case of a mortgage insurance contract ;
  • To fulfill our legal and regulatory obligations, in particular, the fight against money laundering and against the financing of terrorism (by verifying the identity of subscribers, insureds and beneficiaries, politically exposed persons, representatives of legal entities and beneficial owners); the fight against insurance fraud which may lead to registration on a list of persons presenting a risk of fraud; the payment of taxes and levies on insurance contracts ;
  • For the exercise of our legitimate interest, for example, to offer you similar products, to personalize our commercial offers according to your needs, to improve the quality of our insurance products by offering you products corresponding to your profile (segmentation of prospects and customers); to find out about your habits on the various communication channels (e-mails, visits to our site); to optimize our risk management; to defend our legal interests; for information technology management (e.g. shared platforms) and business continuity, including IT security; to perform anonymized statistical models; for research and development; to transfer your data to a CNP Assurances Group company for administrative purposes.

Detailed information on the processing of your personal data and its purpose is systematically provided to you at the time your data is collected. During the life of your contract, this information is repeated as necessary.

Who are the recipients of your personal data?

The recipients of your personal data may be, within the strict framework of the purposes of their processing, the duly authorized personnel of CNP Assurances and/or the CNP Assurances Group, in particular for reporting purposes, its partners, delegates, subcontractors, service providers, reinsurers, and, where applicable, the social organizations of the persons involved, insurance intermediaries and the persons interested in the contract.

How long do we keep your personal data?

We only keep your personal data for the purposes for which they were collected and in compliance with the legal limitation periods and the various obligations imposed by the regulations.

Depending on your case, your personal data is kept for a different period:

  • You are a prospect or your insurance proposal has not been accepted or you stop the membership or subscription process: your data may be kept for up to three years from the date of collection or the last contact with you, and for five years for health data for the purpose of processing a challenge to the rejection of the insurance application ;
  • You have a contract: your data is kept according to the rules provided for by the various regulations and most often for ten years from the end of your contract or from the execution of the contract. In the specific case of life insurance and to facilitate the search for beneficiaries, your data may be kept for up to thirty years ;
  • For the exercise of your rights regarding the protection of personal data, mentioned below, and when an identity document is requested, it is kept for three years.
  • For your application for a job in our company, your personal data is kept for a maximum of two years from the last contact with you.

At the end of the storage period, your personal data is destroyed or rendered anonymous in a way that prevents re-identification.

How are your personal data protected?

We take care to ensure the security of your personal data by setting up a reinforced protection of the data by the use of physical and logistical means of security in conformity with the rules of the art and the standards which are imposed to us.

For the hosting and processing of your data, we prefer to use facilities located in France and in the European Economic Area (EEA). CNP Assurances only authorizes data transfers from its entities to countries within the EEA. Exceptions may be granted after a duly documented risk analysis to authorize transfers outside the EEA to recipients with recognized personal data protection guarantees equivalent to those of CNP Assurances (e.g. implementation of standard contractual clauses approved by the European Commission).

What rights do you have regarding your personal data?

In accordance with applicable regulations, you have the following rights:

  • Right of access : you can obtain information on your personal data, the purposes of their processing and their recipients as well as a copy of your data.
  • Right of rectification : you can have your personal data rectified if they are inaccurate or incomplete.
  • Right to erasure or "right to be forgotten" : under certain conditions, you can obtain the erasure of your personal data, in particular when they are no longer necessary for processing or when their retention no longer meets legal requirements or when you withdraw your consent to their processing.
  • Right to object : under certain conditions, you may object at any time to the processing of your personal data, in particular, to their being used for commercial prospecting purposes.
  • Right to limit the processing : under certain regulatory conditions, you may obtain a limitation of the processing of your personal data. For example, if your data is inaccurate, you may request that the processing of your data be limited until it is corrected.
  • Right to portability : you can request the transmission of your personal data, in an easily reusable format, to a third party.

How to exercise your rights regarding your personal data?

If you wish to exercise your rights, you can contact the Data Protection Officer by mail (CNP Assurances - Délégué à la Protection des Données, 4 Place Raoul Dautry, 75716 Paris Cedex 15) or by e-mail (dpo@cnp.fr). You can also do so directly via our online form on our website cnp.fr, under the heading Personal Data Protection or by clicking on the link : https://contact.cnp.fr/donnees-personnelles-rgpd/.

To exercise your rights, we invite you to prove your identity. If there are reasonable doubts as to its accuracy, you will be asked to provide additional and necessary information, such as a photocopy of an identity document.

You also have the right to file a complaint with the Commission Nationale Informatique et Libertés at the following address Commission Nationale Informatique et Libertés, 3 place de Fontenoy 75007 Paris, https://www.cnil.fr/fr/vous-souhaitez-contacter-la-cnil, 01 53 73 22 22.

If you wish to know more about cookies, you can consult our Politique Cookies.

Date of the last update: November 2021