LEELOO ensures respect for personal data processed in accordance with the French Data Protection Act of January 6, 1978 in its current version and the General Data Protection Regulation (EU) of April 27, 2016 (hereinafter "GDPR" ), governing the collection, processing and storage of personal data.
In application of these provisions, LEELOO has implemented a procedure designed to guarantee the security of the data collected and the rights of the persons whose data is processed.
Purpose of data collection :
The personal data collected by LEELOO is intended for :
- To take out an insurance policy,
- To monitor and manage the insurance policy,
- To manage any claims,
- To enable use of the LEELOO website,
- To comply with LEELOO's legal obligations in terms of the fight against money laundering and the financing of terrorism, the freezing of assets, the fight against fraud and all other legal obligations incumbent on insurance distributors,
- Produce internal statistics and studies,
- Study specific customer/insured needs,
- Manage appeals, claims management and litigation,
- Implement research and development initiatives,
- Carry out satisfaction surveys,
- Manage invoicing, follow-up on unpaid invoices and litigation,
- Prevent and combat computer fraud.
The information collected is reserved for the Company's use and may only be communicated to LEELOO's insurers, agents or subcontractors, as well as to LEELOO's service providers, experts, lawyers and medical advisors, where applicable.
Certain data may be communicated to any judicial and administrative authorities and to any authorized third parties (courts, supervisory authorities, auditing departments, auditors, internal auditors) who so request, as well as to technical or service providers, in particular the company in charge of hosting the site, it being understood that the third-party service provider has no right to use the data supplied for purposes other than the mission for which the data is entrusted to it and/or for the sole purpose of performing the service.
Data collected :
The term "personal data" refers to information that makes it possible to identify a person directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more elements specific to your physical identity, ...
In the context of its activity, LEELOO is most often the data controller.
The controller is: "the natural or legal person, public authority, department or other body which, alone or jointly with others, determines the purposes and means of the processing operation (...)".
The personal data that may be collected by LEELOO is as follows:
- Contact information such as surname, first name, title, e-mail address, postal address, telephone numbers;
- Practical contact methods, e-mail, post, newsletter subscription;
- Any other relevant data such as your professional activity, preferred contact language, geographical location etc...
Additional information may be collected:
- When subscribing to a contract, creating an account on the website, or to access any other offer or service.
- Identifier and password used;
Information relating to means of payment (in particular bank card number, IBAN/SWIFT/BIC number);
For the duration of the commercial relationship
- Information relating to insurance policies taken out, service orders and, where applicable, invoicing and payment;
- Complaints to the dedicated service.
In connection with the conclusion, management and performance of insurance and/or reinsurance contracts
- Data relating to the identification of persons who are parties to, interested in or involved in the contract (marital status, contact details, nationality, etc.);
- Data relating to family, economic, property and financial situation (income, assets, etc.); - Data relating to professional situation (profession, socio-professional category, employer, etc.); - Data required for risk assessment.);
- Data relating to professional status (profession, socio-professional category, employer, etc.);
- Data required to assess the risk; data relating to the conclusion, application and management of the contract (means of payment, direct debit authorization, bank details, etc.); - Data relating to the insurance contract (civil status, contact details, nationality, etc.); - Data relating to the family, economic, property and financial situation (income, assets, etc.).);
- Data relating to the determination or evaluation of losses and benefits (details of claims, data relating to victims, etc.);
- Data relating to personal life, lifestyle habits and the use of goods in connection with the risks insured or the services offered;
- Connection and traceability data (cookies, connections to the customer area, etc.); - Sensitive data relating to the protection of personal data.);
- Sensitive data required for contractual performance, pre-contractual measures or compliance with legal, regulatory or administrative provisions (health reimbursement data, description of physical injuries, production of medical certificates, medical questionnaires....).
Collection of Sensitive Data :
Only sensitive data strictly necessary to provide the services offered by LEELOO is collected.
This mainly involves medical data, for the management of cancellation claims or the underwriting of certain contracts, and banking data, in order to meet contractual requirements or deliver the expected service.
If such data is communicated on behalf of a third party, it is the responsibility of the party communicating the data to ensure that the data subject has given his or her consent.
The rights of individuals whose data is collected :
Each LEELOO customer/prospect remains in control of his or her data.
It is processed transparently, confidentially and securely, in order to guarantee the rights of individuals. To this end, LEELOO undertakes to respect a certain number of measures designed to guarantee the effectiveness of these rights:
The individual's consent
The data collected by LEELOO is subject to the express consent of the person concerned. This means that data must be freely communicated via the subscription interface or on paper, so that the customer's consent can be materialized, and the customer remains free to answer any questions asked. However, if the customer does not wish to provide the information requested, the contractual relationship may not be completed, or a claim may not be settled.
Customers must be of legal age. Otherwise, customers declare that they have received prior consent from their parents or legal representatives for the collection and use of their personal data.
Relevance of the data collected
Only data strictly necessary for the performance of the service for which LEELOO is solicited will be requested from customers.
The data collected is therefore strictly limited to the purpose of the processing carried out.
The processing of personal data collected by LEELOO is justified by:
- The performance of pre-contractual or contractual measures to which the customer, insured or beneficiary is a party, or the employer on behalf of its employees;
- Compliance with legal or fiscal obligations;
- The consent of the person concerned;
- LEELOO's legitimate interests, subject to respect for the rights of the persons concerned.
Right to data portability
LEELOO offers its customers the possibility of accessing their personal data in a readable format, as well as the possibility of transferring this data to another data controller.
Right to object
Everyone has the right to object, on legitimate grounds, to the processing of their data. They may refuse to communicate their personal data or exercise their right to object. However, if the customer/prospect does not wish to provide the information requested, LEELOO may be unable to respond to the request.
Right of access and verification
Any LEELOO customer may:
- Access all information concerning him or her,
- Find out the origin of the information concerning him or her,
- Access the information on which the file manager has based a decision concerning him or her,
- Obtain a copy (a fee not exceeding the cost of reproduction may be requested),
- Demand that his or her data be rectified, completed, updated or deleted, as appropriate.
These rights are guaranteed by LEELOO.
Failing this, the right of access must be exercised: in writing by registered post with acknowledgement of receipt, accompanied by a copy of an identity document to : PHENOMEN, 141 avenue de Wagram 75017 PARIS or by sending an e-mail to the following address: contact@getleeloo.io.
LEELOO undertakes to respond within a maximum of 1 month from the date of receipt of the request. If the request is incomplete (e.g. lack of identity document), the file manager is entitled to ask for additional information: the deadline is then suspended and will run again once this information has been provided.
LEELOO nevertheless reserves the right to:
- Refuse a request for access; this refusal will be justified and may, if necessary, be contested;
- Refuse to respond to requests that are manifestly abusive, particularly in terms of their number, repetitive or systematic nature.
Requests for the deletion of personal data may only be implemented in compliance with the obligations imposed on LEELOO by applicable legislation, particularly in terms of document retention or archiving, and in compliance with the professional obligations incumbent on insurance distributors. Finally, LEELOO customers may lodge a complaint with the supervisory authorities, in particular the CNIL (https://www.cnil.fr/fr/plaintes).
All requests for access, rectification or opposition must be sent in writing, with the applicant's contact details and a copy of an identity document, to : PHENOMEN, 141 avenue de Wagram 75017 PARIS
Right to restrict processing
Any person whose data is collected by LEELOO may request that its processing be restricted if:
- the data is found to be inaccurate;
- the processing is unlawful;
- the data is no longer necessary for the purposes of the processing concerned but is necessary for the establishment, exercise or defence of legal claims by LEELOO;
- the legitimate interest invoked for the purposes of data collection is contested, the processing may be restricted for the time necessary to verify the validity of the reason for processing.
Right to data portability :
LEELOO offers its customers the possibility of accessing their personal data in a readable format, as well as the possibility of transferring this data to another data controller.
Right to object :
Everyone has the right to object, on legitimate grounds, to the processing of their data.
They may refuse to communicate their personal data or exercise their right to object.
However, if the customer/prospect does not wish to communicate the information requested, LEELOO may be unable to respond to their request.
Transfer of data outside the European Union :
LEELOO may transfer personal data to countries, whether or not they are members of the European Economic Area, whose legislation on the protection of personal data differs from that of the European Union.
In this case, LEELOO uses various legal mechanisms to ensure that its data protection regime complies with legal requirements:
- The implementation of standard contractual clauses approved by the European Commission, which guarantee that personal data is processed with a level of protection equivalent to that of the European Economic Area;
- The use of Privacy Shield-certified service providers, or recipients who have adopted a precise and demanding contractual framework, in line with the models adopted by the European Commission, as well as appropriate security measures, ensuring the protection of personal data transferred.
- Transfers of personal data that are strictly necessary are carried out under conditions and guarantees that ensure the confidentiality and security of such data.
- Data transfers outside the European Economic Area are mainly to the United Kingdom and Switzerland.
Requests for further information on access to data by recipients outside the EEA should be addressed to : PHENOMEN, 141 avenue de Wagram 75017 PARIS
Data storage :
The data collected is hosted by a subcontractor who has all the necessary accreditations and is committed to respecting the protection of personal data.
Data retention :
LEELOO undertakes to keep data for as long as is necessary to achieve the purposes for which it is processed, and then for the retention periods required by law.
In the absence of a contract, data is kept for a maximum period of three years from the date of collection (preparation of a quotation, request for information, etc.).
LEELOO has adopted the appropriate organizational and security measures to guarantee the destruction or archiving of data.
Data security :
To guarantee optimum respect for the right to privacy and respect for personal data, LEELOO makes every effort, taking all appropriate measures, to ensure the security and confidentiality of the personal data collected, with a view to protecting it against loss, accidental destruction, alteration and unauthorized access. In this respect, LEELOO takes all necessary precautions, in view of the nature of the data and the risks presented by the processing, to preserve the security of the data and, in particular, to prevent it from being distorted, damaged or accessed by unauthorized third parties (physical protection of premises, authentication procedures with personal and secure access via confidential identifiers and passwords, logging of connections, encryption of certain data, etc.).
However, LEELOO cannot control all the risks of intrusion by hackers or inherent in the operation and use of the Internet, for which LEELOO cannot be held responsible.
Updating of the Personal Data Processing Policy :
Are you ready?
Secure your
event or media budgetin 5 minutes.
Leeloo helps companies secure the projects that drive their development, enhance their know-how and unite their teams. Come and join us!