At Seyna, protecting your personal data is a priority.

In the course of our contractual relations and during your use of the seyna.eu website (the "Site"), we collect personal data about you.

The purpose of this policy is to inform you about how we process these data in compliance with Regulation (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter "GDPR").

‍

1. Who is the data controller?

"The data controller is Seyna, a public limited company registered with the RCS of Nanterre under number 843 974 635 and having its registered office at 20 bis rue Louis-Philippe, 92200 Neuilly-sur-Seine (hereinafter 'We').

In the context of our insurance activities, we act as a joint controller alongside the broker-managers.
For more information, please refer to Article 4 'Joint Responsibility'."

‍

2. What data do we collect?

A personal data is data that allows the direct identification of an individual or through cross-referencing with other data.

We collect data that falls into the following categories:

For prospects:
- Identification data: name and surname, email address, phone number
- Data related to your professional life: position, name of your company

For clients (broker-managers and distributors):
- Identification data: title, name or company name, first name, address (including head office, billing location), phone number, email address, accounting identification code, SIREN number
- Data related to your professional life: profession, sector of activity, excerpt from the commercial and companies register (KBIS)
- Economic and financial information: bank details, invoices, ORIAS certificate
- Connection data: connection logs, IP address

For the insured:
- Identification data: name, first name, date of birth, postal address, email address, place of birth
- Data related to the management of the insurance policy: policy identifier, subscription date, information on the guarantees subscribed, amounts related to the insurance policy, premium and taxes
- Data related to claims: Claim ID, claim dates, reasons for the claim, and any claim-related information provided by the insured
- Data related to insurance products (for example, for pet health insurance, information about the animals)

Mandatory data are indicated when you provide us with your data. They are marked with an asterisk and are necessary to provide you with our services.

‍

3. On what legal basis, for what purposes, and for how long do we retain your personal data?

Purposes: Identify and solicit potential prospects to sell Seyna's services to broker-managers.
Legal basis: Our legitimate interest in developing and promoting our business.
Retention period: Your data is kept for a period of 3 years from your last contact for prospecting purposes.

Purposes: Perform operations related to the management of our clients concerning policies, invoices, and monitoring of the contractual relationship (audits).
Legal basis: Performance of the policy that you or your company have subscribed to with us.
Retention period: Personal data is kept for the duration of the commercial relationship. Logs are kept for a maximum period of 1 year. In addition, your data is archived for evidence purposes for a period of 5 years.

Purposes: Conclude, manage, and execute insurance policies (policy management, execution of coverage, complaint processing, claims management) in collaboration with broker-managers.
Legal basis: The execution of the insurance contract that you have subscribed to with the broker-manager, who is the joint data controller with Seyna.
Retention period: Personal data is kept by Seyna for the duration of the insurance contract and will be archived for evidence purposes for an additional period of 5 years from the end of the contract, settlement of the claim, or resolution of a dispute.

Purposes: Invoice management
Legal basis: Performance of the policy that you or your company have subscribed to with us.
Retention period: Invoices are archived for a period of 10 years.

Purposes: Create a file of clients and potential clients
Legal basis: Our legitimate interest in developing and promoting our business.
Retention period: For clients: data is kept for the duration of the commercial relationship. For prospects: data is kept for a period of 3 years from your last contact for prospecting purposes.

Purposes: Prevention of money laundering and terrorism financing
Legal basis: Compliance with our legal and regulatory obligations.
Retention period: Data related to the prevention of money laundering and terrorism financing is kept for 5 years from the end of the insurance policy.

Purposes: Fight against fraud (including compliance with international trade and financial sanctions)
Legal basis: Our legitimate interest in preventing and dealing with fraud, if applicable.
Retention period: Determination of the appropriateness of a report: data is kept for a maximum period of 6 months from the marking of the report for the time necessary to qualify the report. We immediately delete alerts deemed inappropriate. If the alert is classified as relevant: data is kept for 5 years from the date of closure of the fraud case.

Purposes: Send newsletters, solicitations, and promotional messages
Legal basis: Our legitimate interest in maintaining and informing our clients and potential clients of our latest news.
Retention period: Data is kept for a period of 3 years from your last contact with us.

Purposes: Respond to your requests for information
Legal basis: Our legitimate interest in responding to your requests
Retention period: Data is kept for the time necessary to process your information request and is deleted when the information request has been processed.

Purposes: Develop statistics and actuarial studies
Legal basis: Our legitimate interest in establishing statistics and actuarial studies.
Retention period: Personal data is kept by Seyna for the duration of the insurance contract and will be archived for evidence purposes for an additional period of 5 years from the end of the contract, settlement of a claim, or resolution of a dispute.

Purposes: Assess insurance risks to determine pricing and verify insurability.
Legal basis: Our legitimate interest in evaluating insurance risks to determine pricing and verify insurability.
Retention period: Personal data is kept by Seyna for the duration of the insurance contract and will be archived for evidence purposes for an additional period of 5 years from the end of the contract, settlement of the claim, or resolution of a dispute.

Purposes: Processing requests to exercise rights
Legal basis: Our legitimate interest in responding to your requests and keeping a record.
Retention period: If we request proof of identity: we only keep it for the time necessary to verify your identity. Once the verification is complete, the proof is deleted. If you exercise your right to object to receiving marketing material: we will keep this information for 3 years. Information used to manage your requests to exercise your rights under the GDPR will be kept for 2 (two) years from the date of the request.

4. Joint Responsibility

In the course of our insurance business, we are required to process personal data of the insured jointly alongside broker-managers. This means that, together with the broker-managers, we have defined the purposes and means of the data processing carried out. In this regard, we and our broker-managers act as joint controllers within the meaning of the GDPR.

The broker-managers are responsible for the following processing: entering into a relationship, subscribing to the insurance contract, managing memberships, managing contracts and claims, managing level 1 complaints, combating fraud, and fighting against money laundering and terrorism financing.

We are responsible for the following processing: managing level 2 complaints, combating fraud, and fighting against money laundering and terrorism financing.

The broker-managers are your primary point of contact in case of exercising rights and are responsible for informing you about the data processing each performs. You should refer to their respective privacy policies if you wish to exercise your rights with them. In any case, you can write to us at dpo@seyna.eu.

‍

5. Who are the recipients of your data?

Access to your personal data will be granted to:

1. The staff of our company;
2. Our subcontractors: hosting provider, office tool, CRM tool, scraping tool, email address reconstruction tool, emailing tool, internal messaging tool, electronic signature tool, identification and authentication tool, business intelligence tool, LinkedIn profile search tool;
3. Our lead generation consultant firms;
4. Broker-managers for the execution of the insurance contract you have signed when you are an insured;
5. If applicable: public and private organizations, exclusively to fulfill our legal obligations (including TRACFIN, the General Directorate of the Treasury).

‍

6. Are your data likely to be transferred outside the European Union?

Your data is stored and preserved for the duration of the processing on the servers of Amazon Web Services (AWS), located in Ireland, within the European Union.

As part of the tools we use (see the section on recipients concerning our subcontractors), your data may be subject to transfers outside of the European Union. The transfer of your data in this context is secured using the following tools:
‍
- Either the data is transferred to a country that has been the subject of an adequacy decision by the European Commission, in accordance with Article 45 of the GDPR: in this case, this country provides a level of protection considered sufficient and adequate to the provisions of the GDPR;
‍
- Or the data is transferred to a country whose data protection level has not been recognized as adequate to the GDPR: in this case, these transfers are based on appropriate safeguards indicated in Article 46 of the GDPR, adapted to each service provider, including, but not limited to, the conclusion of standard contractual clauses approved by the European Commission, the application of binding corporate rules, or under an approved certification mechanism.

- Or the data is transferred based on one of the appropriate safeguards described in Chapter V of the GDPR.

‍

7. What are the rights you have over your data?

You have the following rights regarding your personal data:
‍
- Right to information: this is precisely why we have written this policy. This right is provided for in Articles 13 and 14 of the GDPR.
- Right of access: you have the right to access all your personal data at any time, in accordance with Article 15 of the GDPR.
- Right to rectification: you have the right to rectify any inaccurate, incomplete, or outdated personal data at any time, in accordance with Article 16 of the GDPR.
- Right to restrict processing: you have the right to obtain a restriction of the processing of your personal data in certain cases defined in Article 18 of the GDPR.
- Right to erasure: you have the right to request that your personal data be erased and to prohibit any future collection of your personal data, for the reasons stated in Article 17 of the GDPR.
- Right to lodge a complaint with a competent supervisory authority (in France, the CNIL) if you believe that the processing of your personal data infringes applicable laws (Article 77 of the GDPR).
- Right to give instructions regarding the storage, erasure, and communication of your personal data after your death.
- Right to withdraw your consent at any time: for purposes based on consent, Article 7 of the GDPR provides that you can withdraw your consent at any time. This withdrawal will not affect the lawfulness of any processing carried out before the withdrawal.
- Right to data portability: under certain conditions set out in Article 20 of the GDPR, you have the right to receive the personal data that you have provided to us in a standard machine-readable format and to request their transfer to the recipient of your choice.
- Right to object: in accordance with Article 21 of the GDPR, you have the right to object to the processing of your personal data. However, please note that we may continue to process your data despite this objection for legitimate reasons or to defend legal claims.

You can exercise these rights by writing to us at the address below. In this case, we may ask you to provide additional information or documents to prove your identity.

‍

8. What cookies do we use?

For more information on cookie management, please refer to our cookie policy.

‍

9. Data Protection Officer

Contact Email: dpo@seyna.eu - Contact Address: Seyna, 20 bis rue Louis-Philippe, 92200 Neuilly-sur-Seine

‍

10. Changes

We may amend this policy at any time, especially to comply with regulatory, jurisprudential, editorial, or technical developments. These changes will take effect on the date the modified version becomes effective. Therefore, we invite you to regularly review the latest version of this policy. However, we will keep you informed of any significant changes to this privacy policy.