Privacy Policy
At Seyna, the protection of your personal data is a priority.
During our contractual relationship and your use of the seyna.eu website (the “Site”), we may collect personal data about you.
The purpose of this policy is to inform you of the manner in which we process this data, in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”).
1. Who's the data controller?
The data controller is Seyna, a French société anonyme (public limited company), registered in the Nanterre Trade and Companies Register under number 843 974 635, whose registered office is located at 20 bis rue Louis-Philippe, 92200 Neuilly-sur-Seine (hereinafter “We/Us”).
In the context of our insurance business, we act as a joint data controller, together with the managing brokers. For more information, please see Clause 4 “Joint data controllers”.
2. What data do we collect?
Personal data is data that enables an individual to be identified directly or by cross-referencing it with other data.
We collect data within the following categories:
In the case of prospective clients:
- Identification data: first and last name, email address, telephone number
- Data about your business life: position, name of your company
In the case of prospective clients (managing brokers and distributors):
- Identification data: title, last name or company name, first name, address (including registered office, billing address), telephone number, email address, accounting identification code, registration (SIREN) number
- Data about your business life: profession, business sector, excerpt from the trade and companies register (KBIS)
- Economic and financial information: bank account details, invoices, ORIAS certificate
- Connection data: coonection logs, IP address
In the case of insureds:
- Identification data: first and last name, date of birth, postal address, email address, place of birth;
- Data relevant to the management of the insurance policy: policy identifier, date taken out, information about the cover taken out, amounts relating to the insurance policy, premium and taxes;
- Claims data: Claim identifier, dates of the claim, grounds for the claim and any claim-related information provided by the insured;
- Data about insurance products (e.g. for animal health insurance, information about animals).
Required data is indicated when you provide your data to us. Such data is marked with an asterisk and is necessary to provide you with our services.
3. On what legal grounds, for what purposes and for how long do we keep your personal data?
Purposes
Legal bases
Retention periods
Identifying and soliciting potential prospects to sell Seyna’s services to managing brokers
Our legitimate interest in developing and promoting our business
Your data is kept for a period of 3 years from your last contact for prospecting purposes.
Carrying out transactions relating to the management of our clients with respect to policies, invoices and oversight of the contractual relationship (audits)
Performance of the policy you or your company have taken out with Us
Personal data is kept for the duration of the business relationship. Logs are kept for a maximum of 1 year. In addition, your data is archived for evidentiary purposes for a period of 5 years.
Concluding, managing and performing insurance policies (policy management, performance of policy covers, handling complaints, claims management) in conjunction with managing brokers
Performance of the insurance policy you have taken out with the managing broker, who is the joint data controller with Seyna
Personal data is kept by Seyna for the entire term of the insurance policy and will be archived for evidentiary purposes for an additional period of 5 years from the end of the policy, the settlement of the claim or the resolution of a dispute.
Invoice management
Performance of the policy you or your company have taken out with Us
Invoices are archived for a period of 10 years.
Creating a file of clients and prospective clients
Our legitimate interest in developing and promoting our business
In the case of clients: data is kept for the entire duration of the business relationship. In the case of prospective clients: data is kept for a period of 3 years from your last contact for prospecting purposes.
Preventing money laundering and terrorist financing
Compliance with our statutory and regulatory obligations
Data relating to the prevention of money laundering and terrorist financing are kept for 5 years from the end of the insurance policy.
Combating fraud (including complying with international trade and financial sanctions)
Our legitimate interest in preventing and dealing with fraud, if applicable
Determining whether an alert is apposite: the data is kept for a maximum of 6 months from the time the alert is made during the time necessary for us to classify the alert. We immediately delete alerts that are deemed inapposite. If the alert is classified as apposite: the data is kept for 5 years from the date the fraud matter is closed.
Send newsletters, solicitations and promotional messages
Our legitimate interest in retaining and informing our clients and prospective clients of our latest news
The data is kept for a period of 3 years from your last contact with Us.
Responding to your requests for information
Our legitimate interest in responding to your requests
The data is kept for the time necessary to process your request for information and is deleted when the request for information has been processed.
Develop actuarial statistics and studies
Our legitimate interest in compiling actuarial statistics and studies
Personal data is kept by Seyna for the entire term of the insurance policy and will be archived for evidentiary purposes for an additional period of 5 years from the end of the policy, the settlement of a claim or the resolution of a dispute.
Assessing insurance risks to determine pricing and verify insurability
Our legitimate interest in assessing insurance risks to determine pricing and verify insurability
Personal data is kept by Seyna for the entire term of the insurance policy and will be archived for evidentiary purposes for an additional period of 5 years from the end of the policy, the settlement of the claim or the resolution of a dispute.
Handling requests to exercise rights
Our legitimate interest in responding to your requests and keeping a record thereof
If we ask you for proof of identity: we will only keep it for the time necessary to verify your identity. When the verification is complete, the proof is deleted. If you exercise your right to object to receiving marketing materials: we will keep this information for 3 years. The information used to manage your requests to exercise your rights under the GDPR will be kept for 2 (two) years from the date of the request.
4. Joint data controllers
In the context of our business as an insurer, We process the personal data of insureds jointly with the managing brokers. This means that together with the managing brokers we have defined the purposes for which the data is processed and the means used to carry out data processing operations. Therefore, We and our managing brokers act as joint data controllers within the meaning of GDPR.
The managing brokers are responsible for the following processing operations: onboarding, concluding insurance policies, managing enrolments, policy management and claims management, handling level 1 complaints, preventing fraud, money laundering and terrorist financing.
We are responsible for the following processing operations: handling level 2 complaints, preventing fraud, money laundering and terrorist financing.
The managing brokers are your main point of contact for exercising your rights and are responsible for informing you of the data processing that each of them carries out. You should refer to their respective privacy policies if you wish to exercise your rights vis-à-vis them. In all cases, you can write to us at dpo@seyna.eu
5. Who are the recipients of your data?
The following parties will have access to your personal data:
1. Our company’s staff;
2. Our subcontractors: hosting provider, office automation tool, CRM tool, scraping tool, email address reconstruction tool, emailing tool, internal messaging tool, electronic signature tool, identification and authentication tool, business intelligence tool, profile search tool on LinkedIn;
3. Our lead generation consulting firms;
The managing brokers for the purpose of performing the insurance policy you signed if you are an insured;
4. If applicable: public and private entities, exclusively to meet our legal obligations (in particular TRACFIN, the French Treasury).
6. Will your data be transferred outside the European Union?
For the duration of the processing operations, your data is kept and stored on the servers of Amazon Web Services (AWS), which are located in Ireland, in the European Union.
For the purposes of the tools we use (see clause on recipients concerning our subcontractors), your data may be transferred outside the European Union. The transfer of your data in such circumstances is secured by the following means:
- the data is transferred to a country for which the European Commission has issued an adequacy decision, in accordance with Article 45 of the GDPR: in such case, this country ensures a level of protection deemed sufficient and adequate under the provisions of the GDPR; or
- the data is transferred to a country whose level of data protection has not been recognised as adequate for the purposes of the GDPR: in such case, these transfers are based on appropriate safeguards, as provided in Article 46 of the GDPR, that are tailored to each provider, including, but not limited to, signing the standard contractual clauses approved by the European Commission, applying binding corporate rules or making the transfer under an approved certification mechanism; or
- the data is transferred on the basis of one of the appropriate safeguards described in Chapter V of the GDPR.
7. What rights do you have over your data?
You have the following rights with respect to your personal data:
- Right to information: that is precisely why we have drafted this policy. This right is provided for in Articles 13 and 14 of the GDPR.
- Right of access: you have the right to access all your personal data at any time, in accordance with Article 15 of the GDPR.
- Right to rectification: you have the right to rectify any inaccurate, incomplete or outdated personal data at any time, in accordance with Article 16 of the GDPR.
- Right to restrict processing: you have the right to obtain a restriction of the processing of your personal data in certain cases defined in Article 18 of the GDPR.
- Right to erasing: you have the right to request that your personal data be erased, and to prohibit any future collection of your personal data, on the grounds set out in Article 17 of the GDPR.
- Right to lodge a complaint with a competent supervisory authority (in France, the CNIL) if you consider that the processing of your personal data breaches applicable laws (Article 77 of the GDPR).
- Right to give instructions about the retention, erasure and disclosure of your personal data after your death.
- Right to withdraw your consent at any time: for purposes based on consent, Article 7 of the GDPR provides that you can withdraw your consent at any time. Such withdrawal will not affect the lawfulness of any processing carried out before the withdrawal.
- Right to data portability: under certain conditions set out in Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a standard machine-readable format and to request its transfer to the recipient of your choice.
- Right to object: pursuant to Article 21 of the GDPR, you have the right to object to the processing of your personal data. However, please note that we may continue to process your data despite this objection on legitimate grounds or to defend legal claims.
You can exercise these rights by writing to us at the address below. If you do so, we may ask you to provide additional information or documents to prove your identity.
8. What cookies do we use?
For more information on the management of cookies, please see our Cookie Policy.
9. Data Protection Officer
Contact email: dpo@seyna.eu - Contact address: Seyna, 20 bis rue Louis-Philippe, 92,200 Neuilly-sur-Seine
10. Amendments
We may amend this policy at any time, in particular to comply with any regulatory, case-law, editorial or technical developments. Such amendments will apply from the date the amended version takes effect. Therefore, you are invited to review the most recent version of this policy regularly. Nevertheless, we will inform you of any significant amendments to this privacy policy.
