Privacy Policy for the protection of your personal data

This Privacy Policy describes how AXA Assistance France (hereinafter referred to as “AXA Partners” or “We”) treats the personal data of policyholders, service users and their beneficiaries, of any individual or legal entity entering into a commercial or non-commercial relationship with us (hereinafter referred to as “You”).

1. Who are we? Who is the data controller?

AXA Assistance France, public limited company whose registered office is located at 8-10 rue Paul Vaillant Couturier, 92240 Malakoff, France, registered with the Nanterre Trade and Companies Register under number 311 338 339 (hereinafter “AXA Partners”).

AXA Partners is part of the AXA Group. Our website is https://www.axapartners.fr/

AXA Partners offers automobile, travel, health and home assistance services, as well as a Medical Teleconsultation service.

AXA Partners has developed the Internet site est http://www.truck-assistance-international.axa , which offers an assistance and breakdown service for road transport professionals, both in France and abroad.

We act as a Data Controller, in accordance with the definition given in the General Data Protection Regulation of April 27, 2016. As such, we are responsible for any use of your personal data that we may make of it or that may be made on our behalf.

2. Is the provision of your personal data compulsory?

The information We request from You is necessary for the provision of the expected service. If You do not provide it, We will not be able to offer You the services provided for in Your insurance or assistance contract.

3. What information is collected, for what purpose and on what legal basis?

 As Data Controller, we undertake to comply with the following principles:

•         Only data that is relevant and useful to the provision of our services is collected,

•         Your data will only be used for explicit, legitimate and specific purposes related to our business.

•         Your data will not be kept longer than is necessary for the provision of our services, or than is provided for by CNIL recommendations (guidelines, practice sheets, etc.) or by law (such as legal requirements).

Your data is used for the following purposes:

Purpose 1: The conclusion, management (including commercial) and execution of your insurance/assistance contracts or any other contract,

PROCESSED DATA

Identification data, data relating to the management of the contract, data required for risk assessment, data relating to the determination or evaluation of losses and benefits, geolocation data relating to persons or property in connection with the risks insured or the services offered,

LEGAL BASIS: depending on processing:

Contract performance

Legitimate interest

Legal and regulatory obligations

--------------------------------------------------------------------------------------------------------------

Processing: Performance of contract guarantees

Legal basis: Contract performance

Retention period: except in specific cases, for the duration of the claim or assistance file management, then 11 years from the closure of the assistance file if the services have given rise to an invoice, 5 years from the closure of the file if no invoice has been issued.

--------------------------------------------------------------------------------------------------------------

Processing: Litigation management

Legal basis: Contract performance

Retention period: duration of the procedure, then 11 years from the end of the procedure and the expiry of ordinary and extraordinary remedies.

--------------------------------------------------------------------------------------------------------------

 Processing: Claims management

Legal basis: Contract performance

Retention period: duration of claim, then 10 years from end of contract, closure of claim or closure of last claim if any (whichever is longer).

--------------------------------------------------------------------------------------------------------------

Processing: Administrative management of the contract

Legal basis: Contract performance

Retention period: Duration of the contractual relationship then 10 years from the end of the contract if by electronic means

------------------------------------------------------------------------------------------------------------

Processing: Preparation of statistics and actuarial studies

Legal basis: Necessary for the purposes of the legitimate interests pursued by AXA Partners in the preparation of statistics and actuarial studies.

Retention period: 10 years from the end of the statistics or actuarial studies.

--------------------------------------------------------------------------------------------------------------

Processing : Fight against fraud

Legal basis: Necessary for the purposes of the legitimate interests pursued by AXA Partners

Retention period: Data is kept :

- 6 months from the issue of alerts to qualify them

- Alerts that have not been qualified at the end of the 6-month period are anonymized.

- In the event of a relevant alert, data is kept for a maximum of 5 years from the closure of the fraud file.

- When legal proceedings are initiated, the data is kept until the end of the legal proceedings. They are then archived in accordance with the applicable statute of limitations.

- For persons registered on a list of suspected fraudsters, data concerning them is anonymized after a period of 5 years from the date of registration on the list.

--------------------------------------------------------------------------------------------------------------

Treatment :  Improving service quality

Legal basis: Necessary for the purposes of the legitimate interests pursued by AXA Partners

Retention period: 5 years from completion of survey

--------------------------------------------------------------------------------------------------------------

Processing: Recording of telephone conversations for training purposes and to improve service quality.

Legal basis: Necessary for the purposes of the legitimate interests pursued by AXA Partners.

Retention period: 6 months from date of recording.

--------------------------------------------------------------------------------------------------------------

Processing: Fight against money laundering and terrorist financing, compliance with international economic and financial sanctions...

Legal basis: Legal and regulatory obligations

Retention period: 5 years from termination of relationship or from completion of operations

--------------------------------------------------------------------------------------------------------------

Processing: Contact request via www.truck-assistance-international.axa.fr

Legal basis:

Legitimate interest for contact requests from business partners, service providers and journalists

Pre-contractual measures for contact requests from candidates

Retention period: one year from receipt of request or for the entire calendar year during which you sent your request.

In certain cases, we may need to keep your Data for a longer period (for example, to build up a database of journalists or suppliers). In this case, we will inform you of this retention and you have the right to object.

--------------------------------------------------------------------------------------------------------------

Purpose 2: Commercial prospecting

Legal basis: When commercial prospecting is carried out for a professional: AXA Partners' legitimate interest

Management of opt-out lists: Legal obligation

Retention period:

3 years from the last contact of the persons with AXA Partners for a prospect

3 years from the end of the commercial relationship for a client

or until you request to no longer receive commercial prospecting before one of these 2 dates

3 years from the exercise of the objection 

--------------------------------------------------------------------------------------------------------------

Processing: management of requests to exercise rights

Legal basis: legal obligation

Retention period: 5 years from the closure of the file

If You provide Us with the contact details of other persons (for example, those whom You have designated as beneficiaries of Your policy or contract, passengers in Your vehicle when travelling, ...), please ensure that these persons have given their consent to the processing of their data and are informed that We will use them for the proper performance of the insurance or assistance policy and/or the provision of the relevant services. For further information, please direct them to this Personal Data Protection Policy (hereinafter the “Policy”).

Some of your Personal Data is communicated to us by our partners who have collected it when you took out your contract. They provide it to us so that we can check your eligibility for our services.

This information may include but is not limited to:

•       Name (of policyholder and any other beneficiaries of the policy) ;

•       Address and contact details;

•       Level of cover and information relating to the insurance or assistance contract or any other contract;

No automated decision-making is carried out for the processing operations described in this Policy

We may communicate Your Personal Data, for the purposes listed above, to AXA Partners' internal departments concerned by the request, Service Providers, intermediaries, partners, other AXA Group companies and subcontractors.

Specific recipients for certain processing operations:

For fraud :

- customer relations personnel and contract and claims managers; other entities within the same group; authorized personnel in charge of anti-fraud, anti-money laundering and internal control, inspectors, investigators, experts and auditors; authorized personnel from general management, the legal department or the litigation department for managing litigation; authorized personnel from subcontractors.

- Social security bodies; professional bodies;

- Auxiliaries to the law and ministerial officers; judicial authorities, mediators, arbitrators seized of a dispute;

- Third-party organizations authorized by law to obtain communication of personal data relating to pre-litigation, litigation or convictions; victims of fraud or their representatives.

Apart from the recipients listed above, and subject to being compelled to do so by a judicial authority or by law, or to protect our rights and interests, We undertake not to communicate, share, make available or sell Your personal data to third parties without Your express consent. 

The data collected may be communicated to other AXA Group companies, in particular for use in commercial prospecting.

If you do not wish your data to be passed on to AXA Group companies for use in commercial prospecting, you may object by writing to : AXA Partners 8/10 rue Paul Vaillant Couturier - 92240 MALAKOFF or by e-mail: dpo.axapartnersfrance@axa-assistance.com.

If you do not wish to be the subject of commercial prospecting by telephone, you can register free of charge on the BLOCTEL telephone prospecting opposition list.

For further information, visit www.bloctel.gouv.fr

4. Is your Data transmitted outside the European Union? 

 As a general rule, we only transfer your Personal Data within the European Union or to countries outside the European Union that guarantee a sufficient and adequate level of protection (i.e. that your Personal Data benefit from the same level of protection as within the European Union). 

In the event that your Personal Data is sent outside the European Union or to a country that is not considered adequate, the Data Controller provides guarantees to ensure the security and confidentiality of your Personal Data and supervises these transfers:

i.  By signing, with the data recipient, the Standard Contractual Clauses adopted by the European Commission. You can obtain a copy of the signed Standard Contractual Clauses by sending your request to the following address: dpo.axapartnersfrance@axa-assistance.com. ou AXA ASSISTANCE France Délégué à la Protection des Données 8/10, rue Paul Vaillant Couturier 92240 Malakoff, France

ii. Or, where your Personal Data is transferred to other local AXA entities, by the Binding Corporate Rules adopted by AXA (available via the following link - “Learn More” section: (https://www.axa.com/fr/a-propos-d-axa/nos-engagements).

AXA is the first insurance group to have internal company rules approved by 16 European personal data protection authorities, including the CNIL. These rules guarantee an intangible, minimum level of protection for your data by the various AXA Group companies worldwide. The BCR are a contractual tool for the protection of personal data and define the minimum measures for the protection of personal data (customer, employee and other stakeholder data) obtained in the course of its activities when such data is transferred within multinational companies. AXA Partners adheres to the BCR. Further information on the Binding Corporate Rules (BCR) is available here : AXA's internal business rules  

5.How do we protect your personal data?

We are committed to ensuring the security of Your data by implementing physical and logical security measures.

We regularly review the technical and organizational security measures we have implemented in our information and communication systems to prevent the loss, misuse or unauthorized alteration of your data

6. What are your rights concerning your personal data?

In accordance with applicable data protection regulations, You have the right to:

•         Access to Your Personal Data: You have the right to request access to the Personal Data that We process concerning You, and to obtain a copy of this Data;

•         To rectify Your Personal Data: You have the right to ask Us to rectify or complete the Personal Data that We process concerning You that are inaccurate, incomplete or not up to date;

•         You have the right to ask Us to limit the processing of your Personal Data. This means that We may simply keep your Personal Data, but may no longer process or use it in any other way in the following cases: 

o Your Data is inaccurate and needs to be corrected, 

o You prefer to restrict processing rather than delete Data that has been unlawfully processed, 

o The Data is no longer necessary for the purposes of the processing carried out by Us, but is necessary for the establishment, exercise or defense of legal claims,

o You have previously objected to the processing of Data concerning You, if this right applies to You,

  • To request the deletion of your Personal Data: You have the right to ask Us to delete your Personal Data, unless there is a legal obligation to do so or we have a legitimate interest in keeping it;

•    Oppose the processing of your Personal Data: You have the right to prevent Us from processing Your Personal Data,

•    To decide what happens to your Personal Data after your death: You have the right to give Us instructions concerning the use to be made of Your Personal Data after your death.

Please note that there are certain restrictions and exceptions applicable to the exercise of your rights, depending on the circumstances.

Please refer to the contact details mentioned in section 8. below, in order to exercise or obtain more information about exercising your rights (mentioning the subject of your request).

For further information, please consult the CNIL website (https://www.cnil.fr/en).

7. Data Protection Officer (« DPD » ou « DPO ») How can you contact him with any questions or exercise your rights?

We have appointed a Data Protection Officer (“DPO”) to oversee AXA Partners' use of your personal data.

If you have any questions, complaints or comments about this Policy, or if you wish to exercise your rights, please send your request to dpo.axapartnersfrance@axa-assistance.com

AXA Partners may ask you for additional information to confirm your identity and/or to help AXA Partners find the data you are looking for.

8.  How do I lodge a complaint with a supervisory authority?

You have the right to inform a competent supervisory authority, and in particular the CNIL (https://www.cnil.fr/en), of any concerns regarding the way in which your personal data is processed.

Updates to the policy for the protection of your personal data

We may update this Privacy Policy from time to time in response to legal, technical or business changes. When We update Our Privacy Policy, We will take appropriate steps to notify You, in accordance with the significance of the changes We are making. We will obtain Your consent to any material changes to the policy for the protection of Your Personal Data if this is required by applicable data protection laws.

You can see when this privacy policy was last updated by checking the ‘last updated’ date displayed below.

It was last updated on 25 September 2024.