Menu

Personal data

General personal data protection policy

This policy sets out the commitments made in the context of our day-to-day activities for a responsible use of personal data.

Respect for fundamental rights and freedoms, in particular for privacy and the protection of personal data, constitute particularly important values for companies in the Groupama group. These values shape our day-to-day activities, notably by the implementation of Personal Data Protection Policies for responsible use of data in accordance with the General Data Protection Regulation (GDPR).

 

Data Protection Officer (DPO)

Since 2007 the Groupama group has appointed a Data Protection Correspondent (CIL), in order to protect everyone’s privacy and personal data. The CIL is now known as the Data Protection Officer (DPO) and carries out his/her duties entirely independently for all of the French companies in the Group.

The DPO is a guarantee of trust. He/she is the specialised representative for the protection of personal data, responsible for ensuring that the data protection rules are properly applied, and is the preferred interlocutor of the French Data Protection Authority (CNIL) and of all data subjects whose personal data is collected and processed.

 

Principles applicable to the protection of personal data

The companies in the Groupama group process personal data in compliance with the laws and regulations in force and in particular with the General Data Protection Regulation (GDPR), the French Data Protection Act of 6 January 1978 as amended, and the guidelines issued by the CNIL.
Personal Data Governance Policies are implemented within the companies and compliance with their provisions is controlled.

  1. Determined, explicit and legitimate purpose of the processing:
    Personal data are collected for specific reasons (purposes), of which data subjects are informed. They may not be used subsequently in a manner incompatible with such purposes.
    They are collected fairly: no data are collected without the data subject’s knowledge and without them being informed. 2. Proportional and relevant nature of the data collected:
    The personal data collected are strictly necessary for the objective pursued by the collection. The companies in the Groupama group endeavour to minimise the data collected and to keep them accurate and up-to-date by facilitating data subjects’ rights.
  2. Limited retention period of personal data:
    Personal data are retained for a limited amount of time and only for as long as is necessary for the purposes of the collection.
    Data subjects are informed of the data storage periods, which may vary depending on the nature of the data, the purpose of the processing or legal or regulatory requirements.
  3. Confidentiality/data security:
    Information Systems Security Policies are implemented, adapted to the nature of the data processed and the company’s activities.
    Appropriate physical, software and organisational security measures are in place to guarantee the confidentiality of data and to avoid any unauthorised access.
    The companies in the Groupama group also require any processors to provide appropriate safeguards to ensure the security and confidentiality of the personal data.
    Personal data may be transferred to countries situated in the European Union or outside the European Union. In this case, data subjects are explicitly informed thereof and specific measures are taken to manage such transfers.
  4. Rights of data subjects:
    All measures necessary to guarantee the effective nature of data subjects’ rights regarding their personal data are implemented:
  • Clear and comprehensive information on the data processing implemented, easily accessible and comprehensible for all.
  • Easy access to the data: Each individual has rights regarding their personal data, which they may exercise at any time and free of charge.

Data subjects may therefore access all of their personal data and in certain cases have them rectified (inaccurate or incomplete data) or erased, or demand that use of their data be temporarily restricted. Data subjects also have the right to the portability of data that they have personally supplied and where such data have been supplied based on the data subject’s explicit consent or the performance of a policy.

These rights are facilitated online or may be exercised by any other means according to the procedures notified to the data subjects. Such requests may also be made to the DPO.

 

Monitoring of the Personal Data Protection Policy

This policy, accessible to all on the websites of Groupama group companies, is updated regularly to take into account changes in the laws and regulations, and any changes in the organisation of the Groupama group or in the offers, products and services proposed.

This General Personal Data Protection Policy is supplemented by:

  • Detailed information on the purposes of the data processing implemented, the recipients of the data, the retention periods, and the methods of exercising the rights of individuals; for further information see: https://www.mutuaide.fr/donnees-personnelles/
  • A Cookies Notice;
  • And if applicable, general recommendations on the security rules concerning users/customers, in particular concerning user names and passwords.

 

Personal Data Protection Policy validated on 23 March 2017 by the shared DPO (updated May 2018).

 

 

DPO France

To contact the DPO France: write to Groupama Assurances Mutuelles, Data Protection Officer, 8-10, rue d ‘Astorg, 75383 Paris, France, or by email at: contactdpo@groupama.com

To contact the Mutuaide DRPO, write to: Délégué Relais à la Protection des Données, MUTUAIDE ASSISTANCE, 126 rue de la Piazza, CS 20010, 93196 Noisy le Grand CEDEX, France, or by email at: drpo@mutuaide.fr

Data processing - privacy

Mutuaide entities constantly monitor compliance with the regulations governing the protection of personal data (hereinafter “personal data”) and place such compliance at the heart of their ethics.
The aim of this data protection policy is to provide you with detailed information on how your personal data are processed and the rights and options at your disposal to control your data and protect your privacy. It covers the processing related to the policies and services taken out, and management of the website and the customer area.

 

What types of data are collected and processed?

  • The following categories of personal data may be collected and processed:
  • Identity data and contact details (e.g. surname, first name, file number, etc.)
  • Working life (e.g. information on the company for group policies)
  • Personal life (e.g. information on your trip, type of subscription, etc.)
  • Data relating to your location (e.g. date and place of trips, journey times, etc.)
  • Economic and financial data (e.g. transactions, invoices, etc.)
  • Login data (e.g. login date etc.)
  • Health data in connection with the implementation of assistance cover or certain services (illness, allergy, diagnosis, disability, etc.). These data are processed in compliance with medical confidentiality rules and are solely intended for specifically authorised internal or external staff (in particular our medical experts).
  • Where appropriate, information relating to unlawful acts (e.g. insurance fraud, etc.)

 

Why do we process your personal data?

As data controller, Mutuaide processes your personal data (or those of persons party to or concerned by the policy) in compliance with the General Data Protection Regulation (GDPR), the French Data Protection Act of 6 January 1978 as amended and the standards issued by the CNIL, for the following reasons:

To conclude, manage and implement your insurance policies and the related services

  • To sign, manage and implement insurance and assistance contracts, on the legal basis of the performance of the policy.
  • To implement assistance (health, medical, motor) and insurance cover, on the legal basis of the performance of the policy and to protect the vital interests of the assisted persons.
  • To implement and monitor services to individuals, on the legal basis of the performance of the policy and of consent.
  • To devise and monitor online simulations, quotations and subscriptions. This site enables you to obtain simulations and quotations online, and securely take out an insurance policy online, on the legal basis of the performance of the policy.

To manage and monitor our commercial relationship

  • To manage and keep up to date the data of our customers and prospects, on the basis of the company’s legitimate interest, i.e. its commercial development.
  • To keep telephone records on the basis of the company’s legitimate interest, in order to ensure the proper performance of our services, improve the quality of service and retain information for the purposes of proof.
  • To measure satisfaction, responses to complaints and mediation, on the basis of the company’s legitimate interest in order to improve the quality of service.

For accounting, invoicing and reinvoicing, on the basis of the performance of the policy and the legal obligation.

  • To manage disputes, litigation and debt collection, on the basis of the company’s legitimate interest, i.e. to defend its rights.
  • To manage communications and marketing campaigns. These messages will only be sent to you if you have agreed to receive them.

To carry out inspections, audits and risk management

  • To combat insurance fraud, on the basis of the company’s legitimate interest. The insurer, which has an obligation to protect the mutual interests of the policyholders and avoid providing cover for unjustified claims, has a legitimate interest in combating fraud.
  • To combat money laundering and terrorist financing, and implement restrictive measures to freeze assets, on the basis of a legal obligation.
  • For inspections, audits and to carry out court orders, on the basis of the company’s legal obligation and legitimate interest, i.e. to comply with its internal commitments.

An in-depth assessment of your file is carried out for the purpose of combating insurance fraud, money laundering and terrorist financing. These operations may result in inclusion on a list of persons presenting a risk of fraud. Inclusion on this list lengthens the study of your file, or results in the reduction or refusal of a right, a service, a policy or services proposed by Mutuaide.

 

For the operation of the website and management of the customer area

  • For the functionality and security of the website, on the basis of the company’s legal obligation and legitimate interest, i.e. to present its activities on its website.
  • To manage the customer area and forms, manage your personal area, contact forms, requests for quotations, online subscriptions, subscription to the newsletter and messaging service, on the basis of performance of the policy and consent.
  • To manage requests for insurance certificates, on the basis of performance of the policy.
  • To manage trackers and cookies for the purpose of audience measurement, to enable it to personalise its content and advertisements and provide the functions relating to social networks. These trackers and cookies are only stored with your consent, except for the technical cookies necessary for the website to function properly.
  • Producing studies and statistics, in particular in order to upgrade our offers of products and services, personalise our relationships, better understand the market and competitors or innovations, on the basis of our legitimate interest, i.e. to adapt the company’s offers and services.
  • Regarding the use of mobile applications developed by Mutuaide, it is necessary to refer to the contractual documents or general terms of use of the applications for comprehensive information on the processing carried out, its purposes and how individuals can exercise their rights.

To manage the partner area

  • To receive and process requests to join Mutuaide’s network of professional partners on the basis of the performance of the policy and consent.
  • To provide a dedicated area enabling you to monitor all your missions and manage your activity within the Mutuaide partner network on the basis of performance of the policy.

 

Is the data collection mandatory?

Data identified by an asterisk (*) in the various forms accessible online are mandatory, in order to properly process your requests. Failing this, such requests may not be processed or their processing may be delayed.

The collection of certain data outside of this website is also necessary for the performance of your policy or to satisfy our legal obligations. If you do not wish to provide these data, we will be unable to conclude the policy, complete our sales or provide our services.

Where processing is based on your consent, you may withdraw your consent at any time.

 

Who are the recipients of the personal data?

Your personal data are only transmitted to the following recipients:

  • To the authorised internal teams and Groupama group entities involved in the management, conclusion and performance of your policies and the cover they provide;
  • To delegates, intermediaries, partners, agents and subcontractors in the context of their roles (e.g. brokers, healthcare professionals, medical transport companies, etc.);
  • To external service providers responsible for hosting the data and maintaining the software and information systems;
  • To the insurance companies of persons involved or insurance companies offering complementary services, as well as to co-insurers, reinsurers, professional bodies and guarantee funds;
  • The French anti-insurance fraud agency (ALFA) may receive data linked to the fight against fraud. In order to combat fraud, ALFA has implemented a system that pools data concerning motor insurance policies and insurance claims. Users can exercise their rights regarding such data at any time by contacting ALFA by post at 1, rue Jules Lefebvre, 75431 Paris Cedex 09, France.
  • To TRACFIN in connection with the fight against money laundering and terrorist financing.
  • To authorised third parties: courts, arbitrators, mediators, representatives of the law, ministerial officers, social bodies, supervisory authorities and all authorised public bodies with services involving audit engagements, such as auditors and statutory auditors.

 

Transfers of information outside the European Union:

Where possible, the data are processed within Member States of the European Union. Transfers outside the European Union may, however, take place in connection with the performance of your policy or to safeguard the vital interests of the data subject (provision of first aid). In effect, some of our service providers are located outside the European Union (commercial partners, medical transport companies, regulators, healthcare providers, etc.).

In this case, we pay particular attention to ensuring that this transfer takes place in compliance with the applicable regulations and put in place safeguards to ensure a level of protection of your privacy and fundamental rights equivalent to that offered by the European Union, in particular by the use of Standard Contractual Clauses issued by the European Commission.

 

For how long are your personal data stored?

In accordance with the regulations, we undertake to only retain your personal data for as long as is necessary to achieve the objective pursued, to meet your needs or to satisfy our legal obligations:

 

Regarding your policy, cover, associated services and our commercial relationship:

  • The data in the customer area are retained until the account is removed or closed, and is erased if the account is inactive for 2 years.
  • Your contractual documents and associated supporting documents are retained for the duration of your policy and the related legal requirements.
  • If you pay for your policy online, your bank card data will be retained for a maximum of 13 months after the debit date (15 months for deferred debit cards) for the purposes of proof.
  • Telephone records are retained for a maximum of 3 months.
  • Your login data (e.g. access to the customer area) are retained for between 6 and 12 months and trackers or cookies for a maximum of 13 months.
  • Regarding management of the quality of service, complaints and requests, your data are retained for up to 2 years.

    Regarding our legal and statutory obligations:

 

  • Your billing data are retained for a period of 10 years from the end of the current financial year.
  • The data processed to combat fraud are retained for a maximum of 5 years from the closure of the fraud file. In the event of legal proceedings, the data will be retained until the end of the proceedings, and expiry of the applicable limitation periods. Persons included on a list of alleged fraudsters will be removed after a period of 5 years from the date of inclusion on the list.
  • The data used for the purposes of combating money laundering and terrorist financing are retained for 5 years from the completion of the operations or the end of the business relationship with the insurer.
  • Data relating to possible court orders are deleted 6 years after receipt of the court order.

When we no longer need to use your personal data, they are deleted from our systems and records or anonymised so that they can no longer be used to identify you. We may, however, need to archive certain of your personal data for the limitation period provided for by the applicable legislation, in order to be able to respond to any legal action.

What rights do you have?

Subject to providing proof of your identity, you have the rights of access, rectification, erasure, restriction and, depending on the legal basis, the rights of objection and portability concerning your personal data.
You may exercise these rights or contact our Data Protection Officer:

By email: drpo@mutuaide.fr

or

By post: at the following address: Data Protection Officer, Mutuaide Assistance, 126 rue de la Piazza, CS 20010, 93196 Noisy le Grand Cedex, France.

Likewise, you may also request access to conversations recorded in connection with the provision of assistance services.

The right of access to data concerning processing carried out for the purpose of combating money laundering and terrorist financing is exercised directly by contacting the CNIL.

If the problem persists despite the intervention of the Data Protection Officer, you may lodge a complaint with the French Data Protection Authority (CNIL) on the website www.cnil.fr or by sending a letter to the following address: CNIL – 3 Place de Fontenoy, TSA 80715 – 75334 PARIS Cedex 07 – France.

In addition, we remind you that when you provide your telephone data, you can add your number to a list indicating that you do not wish to be contacted by telephone. For more information, see the website: www.bloctel.gouv.fr.

 

Website security

Mutuaide warns you against phishing linked to the use of email. This involves partly or entirely plagiarising a website (e.g. that of a bank or a well-known insurance company) and trying to obtain personal or confidential information. This request is often justified by security measures or database updates.

What you should do:
1. Do not reply to these emails.
2. Do not click on any links contained in these emails.
3. Report it to your messaging service and/or the platform www.signal-spam.fr
4. Delete these emails.

We also remind you that your access codes are strictly confidential. For prevention purposes, do not give these secret login codes to anyone.

Furthermore, please note that Mutuaide will never ask you for them by email, telephone or letter. If you receive a message asking you to do so, send it to us immediately.

Exchanges between your computer and the Customer area on the website are encrypted to prevent third parties from intercepting confidential data circulating on the Internet. Encryption is indicated by an address starting with “https” and a small closed padlock showing that you are on a secure page.

Privacy Policy regarding cookies

This enables you to find out more about the origin and use of the browsing data processed when you visit to www.mutuaide.fr as well as your rights. It may be updated at any time in the event of changes in the applicable regulations. Users are asked to consult the policy regularly.

What are cookies? What are trackers?

Cookies

Cookies are a type of tracker, i.e. a text file placed on your computer or mobile device when you visit a website or use an application. During its validity, it records certain information about your browsing and your online behaviour and makes it possible to recognise the computer or mobile device you use when you access our website.

Other trackers

Trackers placed and/or read, for example when you visit a website, read an email or install or use software or a mobile application. You are concerned regardless of the type of device used: computers, smartphones, digital tablets and game consoles connected to the Internet. For the sake of convenience, we use the term “cookie” to cover all such technologies.
There are other types of trackers. For example, web trackers, also known as transparent GIFs or action tags. This is a code snippet in the form of a tiny image on the web page. It makes it possible to recognise the date and time a page is visited, and to collect technical information such as the IP address or configuration of the machine.

Which companies send cookies or tracers?

You are informed that our partners and any other third parties may be required to place cookies on the website as controllers of any resulting data. These third-party companies are indicated in our consent management banner.

What type of cookies/trackers are used by our website?

Cookies essential for the proper functioning of the website (required)

We use technical cookies. Technical cookies are those that are strictly necessary for browsing our website and accessing our various services.

These cookies enable you to log in and enable the website to function correctly and securely. They make it possible to adapt the presentation of the website to the display preferences of your device (language used, display resolution, operation system used etc.) when you visit our website, depending on the hardware and viewing or reading software installed on your device.

These cookies cannot be disabled or configured. You can disable cookies in your browser. Remember that if you disable cookies that are strictly necessary for the website to function, this may have a negative impact on your user experience.

Functional cookies

These are cookies that make it possible to provide certain non-essential functions and that help to improve and personalise your experience of our website (e.g. proposal of a suitable tool, personalisation of part of the website).

They may be activated by our teams or by third parties whose services are used on the pages of our website.

If you do not accept these cookies, some or all of these services may not function correctly.

Audience measurement cookies

We use audience measurement cookies to measure our website’s traffic and audience. These cookies enable us to determine the number of visits and sources of traffic, in order to measure and improve the performance of our website. They also help us to identify the most/least visited pages and to assess how visitors navigate our website.

All the information collected by these cookies is aggregated and therefore anonymised.

If you do not accept this type of cookies, we will not be able to know when you made your visit to our website. .

The website uses the Google Analytics service. For this purpose, data may be transferred outside the European Union and some of your personal data may be transmitted to Google Analytics and used by its services. Google is registered in the Data Privacy Framework, a list of US companies with a sufficient level of security to collect and process the personal data of European citizens.

Advertising and behavioural retargeting cookies

These cookies enable us and our partners to show you advertisements or send you information suited to your interests on our website or while you are browsing the Internet.

They also enable us to track your navigation on other websites and establish a profile of your interests. Without your consent to these cookies, the advertising you are shown may be less relevant to you.

Behavioural retargeting cookies make it possible to track users’ browsing and identify, and in particular the products and services on which they want to retarget them (e.g. a product viewed or put in a shopping basket). If you refuse these cookies, you will not receive messages regarding a product or service viewed previously.

 

Third-party cookies to improve the interactive nature of the website

Our website uses certain services proposed by third-party websites that involve the installation of third-party cookies by these services. These are in particular the share buttons for Facebook, YouTube and LinkedIn, lists of tweets (Twitter) and videos present on our website.

Sharing on social networks

The pages of the website include buttons and modules from third-party social networks that enable you in particular to share content. When you visit a web page containing these buttons or modules, your browser may send information to the social network, which may then associate that page with your profile. Si you do not allow these cookies, you may not be able to use or see these content-sharing tools. You can consult the specific privacy policies of each of these social networks to learn about the possible use of browsing information that may be collected.

 

Watching and sharing YouTube videos

The site uses the third-party service YouTube for broadcasting videos. These services make it possible to enrich our website with video content and increase its visibility. If you do not accept these cookies, you will not be able to watch the videos present on the website.

Test to prove you are not a robot

Our website uses a system that distinguishes human actions from those of a machine (robot) to protect the entries on data collection forms and differentiate entries made by humans from automated malicious acts (e.g. spam). This makes it possible to protect data collection forms and ensure the reliability of the data.

 

How do you manage your cookie preferences?

When you visit our website, cookies are sent to your device.

You can find out the type of cookies sent, and accept or refuse them either for the entire website and all of the services, or service by service.

Trackers are only sent subject to the user’s consent, unless they are strictly necessary for the website to function and to supply our services.

To manage the cookies stored, there are therefore several different possibilities:

Accept or refuse unnecessary cookies

You can accept all cookies by clicking “Allow all”

You refuse to store cookies on your device by:

  • Clicking on the “Continue without accepting” button at the top on the right hand side in the banner.
  • By clicking on the “Refuse all’ button.
  • By setting your preferences in the cookie management banner displayed by clicking on the “Configure” button.

You can change your preferences by clicking on the “Manage cookies” link which is always displayed.

 

Manage Cookies

You can find out more from third-party companies by consulting their privacy policy via the link on this page. You will find the purposes of use, in particular the advertising purposes, and the browsing information they may collect thanks to the application buttons available on the website consulted, and you can therefore configure your user accounts to accept or refuse the trackers sent by these companies.

Control cookies using your browser settings. Most trackers can be disabled by configuring your browser to only accept trackers from the websites visited (refuse “third-party websites”, tick the box “Do not track” provided on most browsers) in your browser preferences. In “Private browsing” mode, the cookies will only be deleted when you close the windows of the website. You can disable or delete cookies depending on your browser:

It is also possible to use blockers of cookies and other trackers via extensions to your browser.

Retention period

In any case, the cookies stored on your device have a limited lifespan of a maximum of 6 months, possibly extended to a maximum of 13 months for certain cookies only. This period is not automatically extended when you visit the site again.

Your rights

In addition to your right to withdraw your consent at any time to a certain type of cookies being stored on your device, you have the right to access, rectify, erase, and to portability of your data, you can object to, or request the restriction of, processing of your data, and you can define the fate of your data after your death. These rights can be exercised by contacting drpo@mutuaide.fr