Privacy information | Foyer Assurances
Privacy is a core concern of Foyer Group. We undertake to protect and process your personal data in strict compliance with regulations and with complete transparency.
This privacy statement will give you confidence when you visit our website www.foyer.lu and use the services offered there.
Whose personal data is processed?
The personal data of the following can be processed by Foyer Group ( Foyer Assurances SA, Foyer Vie SA, Raiffeisen Vie SA, Foyer Santé SA, Foyer Arag SA, Foyer International SA ):
- All individual customers,
- All other people involved in processing linked to a transaction as representatives, partners, suppliers, administrators, employees, legal representatives or any other guarantor or contact person.
This statement does not concern legal entities.
What data is covered by this statement?
All information directly or indirectly relating to an identified or identifiable person.
This particularly concerns in the context of your relations with Foyer Group:
- Identification data, surname, first name, home address, email address, telephone number, etc.
- Data necessary for the standard conclusion of insurance policies taken out: value of your real estate, salary, etc.
- Data concerning personal characteristics such as age, sex, lifestyle, consumption, leisure.
- Financial data
- Location data (GPS, route) in connection with specific insurance policies
- Driving data as part of the calculation of a score to be applied to an insurance premium for a specific product
In accordance with the regulations, we do not collect data relating to the specific category set out in article 9 of Regulation EU 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data except in connection with the exceptions set out under point 2.a to obtain the person’s consent, the exception set out under point 2.b relating to the processing of data in relation to the contractual execution in respect of social protection and point 2.g relating to the pursuit of a public interest. Unless there is a legal basis or legal exceptions, these data include the health data for the precontractual and contractual purposes of the data controllers as well as for compensation for personal injury claims by the data controllers in the pursuit of a public interest.
Why do we need to process your personal data?
We undertake only to process the data required for the intended purposes of the process (minimisation and proportionality of the data).
More generally, we will use your personal data:
- In connection with the pre-contractual steps taken by Foyer Group
- In the context of contractual performance, the management of insurance contracts and claims
- In the framework of our compliance with the legal and regulatory provisions to which we are bound and subject
- In connection with data processing for which we have obtained your explicit consent
- In connection with data processing linked to the preservation of legitimate interests such as the prevention of and fight against fraud
- Our customer service management
- The management of the commercial relationship
- The management of disputes and debt collection
- Claims management
- The management of the commercial prospect based:
- , on the legitimate interests of the data controllers informing you of similar or complementary products or services to the set of needs for which a commercial relationship exists,
- additionally, on your consent to receive customised offers and information and/or to be informed about innovations, tax benefits and news relating to insurance; you may withdraw consent to direct marketing at any time in accordance with the procedures set out under point 9 relating to exercising your rights.
Sharing personal data with Foyer agencies
FOYER shares personal data with its network of agencies and subcontractors in compliance with the provisions of professional secrecy pursuant to article 300 of the Law of 7 December 2015 on the insurance sector and obligations relating to the sub-contracting of personal data processing set out in article 28 of the GDPR.
Passing data to third parties
The Group may pass your personal data onto its service providers, suppliers and brokers when managing insurance policies.
In its capacity as insurer, in certain circumstances, the Group may provide certain personal data to other insurers, reinsurers, insurance or reinsurance brokers and other intermediaries and agents, lawyers, experts/technical advisors, repairer , medical consultants, auditors, IT service providers, business partners, government and mediation authorities located in the Grand Duchy of Luxembourg or abroad.
Your data may be passed on to public or regulatory authorities or courts.
Your personal data may be stored on cloud servers managed by a third-party hosts in relation to certain products, in accordance with the stipulations contained in the general or specific terms and conditions of the products concerned. You are informed of this transfer when you take out this product, for which you have accepted the terms and conditions.
The Group will not pass on your data for any commercial purposes without your prior consent.
The Group may transfer your personal data outside the European Union, provided it ensures, before the transfer, that the entities outside the European Union offer an adequate level of protection, in accordance with European legislation.
The Group may also be required to transfer your personal data to third parties if the Group considers that such a transfer is necessary for technical reasons (for example, for hosting services by a third party or the execution of a contract) or to protect its legal interests.
The Group may communicate your personal data if required to do so by law or if the Group considers in good faith that such disclosure is reasonably necessary in order to comply with a legal procedure (for example, a mandate, a subpoena or any other legal decision) or to protect the rights, assets or personal safety of the Group, our customers or the public.
Foyer Group implements all appropriate technical and organisational measures to ensure a level of security suited to the risk posed by the processing concerned.
Foyer Group companies keep your personal data
- For as long as needed for the purpose for which the data was collected or for which it was used for additional processing
- As long as required to comply with applicable legal obligations
- As long as required to comply with legal prescription periods.
Right of access, deletion, correction, objection, limitation and portability
As a data subject,
You have the right to access your data as well as information about the purpose of the processing for which your data is collected, the categories of data concerned, the recipients of your data and their retention period.
You have the right to correct, delete or block your personal data if it is incorrect, incomplete or processed for purposes not provided for by the pre-contractual, contractual or legal measures or those granted by you.
- You have the right to object, except for legitimate and compelling reasons.
- You have the right to limit or restrict the processing of your personal data under the conditions provided by the regulations.
- You have the right to the portability of your personal data,that is to say the provision of personal ata about you stored in a structured format (as of 25 May 2018 under the terms and conditions defined).
You have the option to withdraw your consent at any time by modifying your personal preferences in your account or completing our form available on our site.
You have the right to access, change, correct, delete, limit as well as obtain and reuse your personal data and to oppose the processing of your personal data within the legal limits.
To exercise your rights,
- you can complete the form available on our website attached to a copy of your identity card by email to the following address firstname.lastname@example.org
- alternatively, send us a complaint by post to the Customer Service or directly to the Data Protection Office, Foyer Group, 12 rue Léon Laval, L-3372 Leudelange. Postal address: L-2986 Luxembourg.
In order to correctly identify your complaint and to be able to respond to it as accurately as possible, please send us your complete, dated and signed application accompanied by a copy of your identity card. You can lodge a complaint with the supervisory authority: The National Data Protection Authority (CNPD) 15, Boulevard du Jazz, L-4370 Belvaux.