Verlingue appreciates the importance of ensuring that data remains confidential and makes strong commitments with regard to the protection of personal data.
Therefore, Verlingue has drafted this policy to explain how your personal data are used, along with the precautions taken to ensure they remain confidential.
Personal data refers to « any information relating to a natural person who can be directly or indirectly identified or identifiable, by referring to an identification number or to one or more elements that are specific to them ».Examples: a name, first name, phone number, location data, online identifier, photograph, IP address, voice recording, etc.
Any operation or set of operations involving personal data, irrespective of the process used, including collecting, recording, organizing, storing, adapting or modifying, extracting, consulting, using, communicating by transmission, disseminating or any other form of provision, matching or profiling, as well as blocking, erasure or destruction » represent processing of personal data ».
This policy applies to all processing of personal data, within the meaning of law No. 78-17 of 6 January 1978 as amended, entitled the data protection act and the General Data Protection Regulations of 27 April 2016 (hereafter referred to as the « GDPR »), carried out by Verlingue for their websites and extranets.
Identity of the data controller
Verlingue is responsible for processing the personal data collected and used (article 3 of the data protection act).Verlingue SAS
12 rue de Kerogan
CS 44012 – 29000 Quimper
RCS (FRENCH TRADE AND COMPANIES REGISTER) 440 315 943
N° Orias (French regulator for insurance brokers) No.: 07 000 840 – www.orias.fr
Within the control of the ACPR (Authority for Prudential Supervision and Resolution) 4 place de Budapest, CS 92459, 75436 Paris Cedex 09
What personal data are processed?
In particular, Verlingue processes the following personal data for their websites and extranets:
Account/profile creation: last name, first name, postal address, e-mail address and phone number.
Connection to the website: connection, browsing or location data (cookies, connection mode, Internet browser type and version, operating system used, URL address, etc.)
Contact form: last name, first name, e-mail address and phone number.
Insurance distribution: identification of people who are interested or involved in the contract (last name, first name, date of birth), social security number (NIR), postal address, e-mail address, phone number, license plate number of vehicles, bank and financial data, geolocation system, etc.
When certain information is required to access specific features of websites and extranets, Verlingue will indicate this requirement when the personal data are entered.
If you refuse to provide the required information, you may not have access to certain services, features or sections of websites and extranets.
Verlingue ensures that only personal data that are strictly necessary are collected for the purpose of the implemented processes (data minimization).
It should be noted that personal data are collected by Verlingue directly or indirectly at their initiative or, where appropriate, at the initiative of the people for whom Verlingue acts as a partner or subcontractor.
Legal basis and Purposes of the processes
The implemented processes satisfy explicit, legitimate and determined purposes.
In compliance with article 6 of the GDPR, the legal basis of the processes implemented by Verlingue are as follows:
– the person’s consent,
– legitimate interest,
– performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
Verlingue collects personal data to fulfil the following purposes:
– To contact us on line, in order to be contacted by one of our advisors,
– For administrative management requirements, to study specific requirements, for commercial prospecting needs, for consultancy purposes and to finalise, perform and manage insurance contracts. They may be used for statistical purposes and to combat fraud.
– To ensure that your claims are followed up and processed.
Some of the purposes listed above may require your consent. In this case, your consent will be collected when the personal data are collected.
When Verlingue intends to process the personal data for purposes other than those listed above, they undertake to inform the persons concerned and to obtain their prior consent if it is required in accordance with the GDPR on the or any other legislation governing personal data..
Recipients of personal data
The recipients of personal data are the relevant departments of Verlingue. If necessary, such data may be communicated to their delegators, subcontractors and partners within the limits of what is required to perform the tasks assigned to them.
When Verlingue uses a subcontractor to process personal data, they will ensure that said subcontractor provides sufficient guarantees and will formalize a written agreement to ensure the same level of confidentiality as if the personal data had been processed by Verlingue.
These personal data may be transferred outside the European Economic Area, in accordance with the applicable legal and regulatory provisions, including the GDPR and with appropriate safeguards.
Retention period – Data security
Verlingue keeps the personal data in a secure environment for the time required to fulfil the processing purpose.
At the end of this period, Verlingue may keep some personal data to:
– comply with a legal obligation to retain the data for a predetermined period,
– guarantee the applicable statutory prescription/limitation periods, particularly for insurance, commercial, civil and tax purposes,
– satisfy statistical purposes
The personal data will be intermediately archived in an environment with controlled access, anonymised, or purged under the conditions provided by Verlingue.
Verlingue will take all due diligence to ensure that the personal data remains confidential and secure, but will not be able to guarantee a total absence of flaws, in particular due to changes in intrusion techniques implemented by perpetrators.
Rights of persons
In accordance with the data protection act of 6 January 1978, as amended and the General Data Protection Regulations No. 2016/679 /EU of 27 April 2016, you have a right to access, rectify, delete, limit, and object to for legitimate reasons the processing of your personal data (see www.cnil.fr for more information on your rights).
To exercise these rights or for any questions on the processing of personal data, you can contact our data protection officer (DPO):
– Contact our DPO via e-mail: firstname.lastname@example.org
– Contact our DPO by post:
Le Délégué à la Protection des données
12 rue de Kerogan 29335 QUIMPER CEDEX
In compliance with regulations and to guarantee the confidentiality of personal data, you may be required to prove your identity by any means, including if necessary, by providing an identity document.
For any additional information or after contacting us, if you consider that your data processing rights are not observed, you can submit a complaint to the CNIL.
Changes to the data policy
This policy applies to all personal data processed by Verlingue for their websites and extranets, regardless of the processing method.
It may change in accordance with changes to national and/or European data protection regulations.