AWP HEALTH & LIFE SA, FRANCE
AWP Health & Life SA, France, a part of Allianz Group is a French authorised insurance company providing insurance products and services on a cross-border basis.
Protecting data and the privacy of those AWP Health & Life SA insures and contracts with is a top priority. This privacy notice explains how and what type of personal data will be collected, why it is collected and to whom it is shared or disclosed. Please read this notice carefully.
In the event, a contract of insurance entered into with the Insurer covers any Dependents of the category of employees to be covered and/or includes the declaration of beneficiaries in the event of death; this Data Privacy Notice must be equally communicated to such third parties.
Personal data concerning parties to contractual agreements, the category of employees to be covered, their Dependents and/or beneficiaries as applicable, and/or any identified or identifiable natural living person to whom personal data relates hereto, herein referred to as “Data Subject(s)”including the signatories to contractual agreements and the various schedules, exhibits, attachments and other documents referenced or incorporated therein and/or endorsements, amendments or addendums thereto, are used for the sole purpose of the management thereof, whether or not by automated means, such as collection, processing, recording, organization, purpose limitation and data minimization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transfer, dissemination or otherwise making available, alignment or combination, security, relating to the collection and processing of personal data, including but not limited to the privacy and security thereof, in accordance with the Amended French Data Protection Act no. 78-17 of 06.01.1978 on Information Technology, Data Files and Civil Liberties and all applicable laws and regulations relating to the protection and processing of Personal Data, including the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) of the European Parliament and of the Council of 27 April 2016, herein after referred to as the “Regulation”, sector-specific laws and applicable guidance and codes of practice issued by supervisory authorities.
The terms defined and used herein shall have the meaning given in the Regulation, as defined hereinafter, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and “Personal Data" shall be any personal and/or sensitive data in relation to the Data Subjects. Please see Definitions hereinafter.
Any and all necessary endorsements, as applicable, to existing contractual agreements, all relevant Data Protection Agreements with third-parties, and Data Transfer Agreements relating to the collection, processing, use, storage, and/or transfer of any personably identifiable data made available by the AWP Health & Life SA to third parties or collected by the third parties on behalf of the AWP Health & Life SA are concluded in application of all aspects of data protection and information security regulations.
AWP Health & Life SA assures Data Subjects that AWP Health & Life SA maintains and ensures any authorised third-parties contracted with AWP Health & Life SA maintain the appropriate security measure for the protection and use of personal data in application the Amended French Data Protection Act no. 78-17 of 06.01.1978 on Information Technology, Data Files and Civil Liberties and the laws and regulations relating to the protection and processing of Personal Data, and, in particular pertaining to Sensitive data, as applicable, the implementation of confidentiality relating to medical data processing in accordance with the Regulation, the French AERAS Agreement (Insurance and Loans with an Increased Health Risk), effective 2006, revised on 1 February 2011 and 2 February 2015 and the Code of Conduct appended to it as well as the French Code of Medical Ethics.
Data Controller
A data controller is natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing and who controls and is responsible to keep and use personal data in paper or electronic files. AWP Health & Life SA, the Insurer, is the Data Controller, as defined by relevant data protection laws and regulations, and determines the purposes and the means of the processing personal data in the performance and management of contractual agreements.
Data Processor
When applicable, the Data Processor is a third-party authorised by a separate Data Protection and Administrative Agreement, to collect, process and use any personably identifiable information made available by the Data Controller to the Data Processor or collected by the Data Processor on behalf of the Data Controller (Personal Data), in relation to all aspects of data protection and information security.
Categories of Personal Data
The various types of Personal Data that may be collected and processed in the performance and management of a contract agreement by any authorised third party Data Controller or Processor shall include but is not limited to the following information:
- Basic Personal Details: including Full Name, status title, address, phone number, email address, IP address via webpage without disabling cookies, age, date of Birth, gender, nationality, identification document and/or identification document number ( passport, identity card)..),signatures;
- Basic Employee HR Employment Details: including Personnel number, Job title/role, Job status full time – part time, Details /description of role, language, Health Insurance Details, Grade, Policyholder/Entity, Business Unit/Division, Office Location, Country of Origin and Country of Expatriation, Reporting Manager, Start Date, Hours of Work, Relocation dates and details, End date and reason for termination, Contract type- fixed term/temporary/permanent, Correspondence, Results of Criminal Checks relating to prevention of Fraud and/or Terrorist Activities;
- Financial Details: including bank account/credit card information, payment information, salary/wage, bonus payments; Pay Statements, Benefits and entitlements data, share schemes data, housing/relocation or other allowances, compensation data, third-party reductions;
- Health, Welfare and Absence Related Administrative Data: related to the Policyholder’s relationship with the Data Subject, such as an employee personnel file including performance related information, Record of absence/ leave, Reason for absence, details of physical and psychological health or medical condition, health and Safety related information and Reporting, Occupational health related information and reporting, Grievances and Complaints, harassment details, Disability, access, special requirements details, Ill health retirement pensions, retirement
- Education & Professional Experience & Affiliations Data: life data, which may include information related to education and training, qualification/certifications, languages, employment history, skills, awards or performance reviews or any other information relating to professional life;
- Family, Lifestyle and Social Circumstances: including Marital Status, Dependents/Spouse/partner/family details, Next of kind/emergency contact details, Ethnicity, Religion/Religious beliefs, Other diversity and equality information…and Data relating to personal life which may include information about likes and dislikes or other information related to personal life; and
- Sensitive Data: may include any data that may reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a Data Subject’s sex life or sexual orientation including Medical Questionnaires, Enrolment forms, consent forms, Declaration of Beneficiary forms, medical reports, medical assessments reports, or death certificates, requests for prior approvals, medical expenses invoices, claims history.
Categories of Data Subjects
The Personal Data processed by the Insurer and/or on behalf of the Insurer in order to perform its obligations under, or otherwise in connection with, a contractual agreement, depending on the services provided, the categories of Data Subjects may include but are not limited to the following:
- Current or former personnel including directors, officers, employees, relations of employees, providers of natural persons ( agents, intermediaries) agency workers, invitees, Insurers, subcontractors, representatives of business partners ( providers, clients, brokers, intermediaries), policyholders, contract holders, Insureds, beneficiaries, relatives and/or dependents of contract holders, insureds or beneficiaries where applicable;
- Contacts or other personnel of customers, prospects, vendors, affiliates, business partners or other related organizations.
Insofar as Personal data and/or other sensitive data are required for the underwriting, administration, and management of an insurance contract, Dependents of Insured persons and/or beneficiaries in the event of death shall be considered “Data Subjects” for purposes of the application of the Regulation.
Consent
The collection and use of the personal data provided to the Data Controller and any authorised third party where applicable may require the express consent of the Data Subject, unless otherwise provided by the applicable laws and regulations: