1. Who does this Privacy Statement apply to?
Insurance Europe (“We”) is the European (re)insurance federation. Insurance Europe is based in Brussels and represents 35 member bodies that are national insurance associations representing the (re)insurance companies.
We act as a data controller for all personal data processed by Insurance Europe. We process any personal data as safely and reasonably as possible and in strict compliance with the applicable data protection legislation, including the General Data Protection Regulation 2016/679 of 27 April 2016 (‘GDPR’).
This Privacy Statement covers:
Separate privacy statements apply to Insurance Europe staff members, job applicants and Insurance Europe member associations, their member companies as well as members of the Reinsurance Advisory Board (RAB).
2. What is covered by this Privacy Statement?
This Privacy Statement tells you what personal data we process, why and how we process your personal data when we perform our business activities, when you participate in Insurance Europe events or when you use our websites (“the Sites”) and any of the services we offer through the Sites, to whom we give that information, what your rights are and who to contact for more information or queries.
When we refer to “the Sites”, we mean the web pages containing the domain name ‘insuranceeurope.eu’ and including all its subsites (https://www.insuranceeurope.eu).
The Sites may link to other websites provided by members, members’ members or third parties. Whilst we try to link only to websites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices of other websites.
When linking to any such websites, we strongly recommend that you read the Privacy Statements on those websites before disclosing any personal information.
3. Personal data we collect
The main personal data that we generally collect and hold in our database includes:
4. How we obtain your personal data?
We may obtain your personal data:
5. Why we process your personal data?
We will use your personal data only for the purposes for which we collected it or for reasons compatible with the original purpose. If we intend to use your personal data for reasons that are not related to the original purpose, we will contact you and notify you of the legal basis that allows us to do so.
6. The legal grounds for processing your personal data
We process your personal data for the purposes mentioned in the previous section relying upon the following legal bases:
Insurance Europe is registered on the EU transparency registry and its mission is expressly included therein. This includes, for instance, supporting our business activities, supplier management, or responding to your queries, organising our events in the best possible way and promoting our future public relations activities.
We also rely on our legitimate interest to process your personal data when you buy products or services via our Sites (such as our annual publication on indirect taxation) in order to process your order and send you future update emails on paid services or products.
When you use our Sites, your IP address is processed based on our legitimate interest to ensure the functionality and security of the Sites.
In this respect, we will always determine case by case whether our interests are not overridden by your interests, fundamental rights and freedoms.
7. Your rights
You have several rights concerning the personal data we hold about you. You have the right to:
You can also click on the unsubscribe link included in relevant mailings, including direct marketing emails, to stop receiving such communication.
To exercise any of your rights, you can send us a request, indicating the right you wish to exercise by e-mailing us at [email protected]. You may also use these contact details if you wish to make a complaint to us relating to your privacy.
If you are unhappy with the way we have handled your personal data or any privacy query or request that you have raised with us, you have a right to complain to the Data Protection Authority (“DPA”) in your jurisdiction.
8. Recipients of your personal data
All Insurance Europe staff members who are responsible for our internal and external communications and the organisation of events, will have access to your personal data on a “need-to-know” basis for the purposes described above.
We may disclose your personal data to our members, our members’ members, representatives appointed by our members, members of the Reinsurance Advisory Board (RAB), third parties that provide services to us that reasonably require access to personal data relating to you for one or more of the purposes outlined in the “Why we process your data” section above. The following external parties may, for instance, be involved:
If you are a participant in one of our events, we may disclose your personal data (eg your name and the company or entity you work for) to all attendees of this event, in the form of a participants list. We may also share additional personal data (eg job title and email address) with our sponsors if you provide us with your consent to do so.
If our federation enters into a joint venture with or is sold to or merged with another entity, your information may be disclosed to our new partners or owners.
To achieve the objective of our processing as described above, we may transfer your personal data outside the European Economic Area (EEA). We transfer your personal data only to third parties outside the EEA when that country provides an adequate level of protection according to an adequacy decision issued by the European Commission or when the third party has agreed to provide appropriate safeguards that ensure your personal data is protected (within the limits permitted by the GDPR, eg by means of Standard Contractual Clauses). You can ask for more information and/or obtain a copy of those safeguards by sending us an e-mail ([email protected]).
When an event you are subscribed to is organised outside the EEA, it may be necessary that a company located in a third country outside the EEA, requires access to your personal data to process and/or store these personal data (eg travel agency, hotel) where necessary for the performance of a contract with you or to take precontractual measures to execute your subscription to our event in the best possible way (article 49(b) or (c) GDPR).
We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Statement.
We reserve the right to disclose your personal data as required by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on us.
9. For website visitors: cookies
You can refuse the installation of cookies on your device. The ability to enable, disable and/or delete cookies can be completed in your browser. You can delete all cookies that are already on your device and you can set most browsers to prevent them from being placed. The settings are usually in the “options” or “preferences” menu of your browser. To understand them, the “Help” option in your internet browser or the following links may be helpful:
You can find more information about cookies at: www.allaboutcookies.org. Please note that turning off functional cookies might restrict your use of our website(s).
The Sites use the following types of cookies:
- Functional cookies
A session cookie is used each time you visit our Sites to give you a session ID. They link your actions on our Sites and each one will only last for a browser session, at the end of which it will expire. After your visit to our Sites all session cookies are deleted.
A persistent cookie allows the preferences or actions of the user across a site (or across different websites) to be remembered. It has a longer life than a session cookie and lasts for a period of time that varies from cookie to cookie. This type of cookie will not be deleted when you close your browser window and will be stored on your computer or mobile device. It will be activated every time you visit the website that created it.
A first-party cookie is a cookie set by us or any of our processors.
A third-party persistent cookie is set by our service provider, CloudFlare, to identify trusted web traffic. It does not correspond to any user ID in the web application, nor does the cookie store any personally identifiable information. For more information, please see: https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-CloudFlare-cfduid-cookie-do-
- Analytic cookies
These cookies are used to gather statistics about your visit to the Sites to improve their performance and design (“web audience measuring”). They are first-party cookies, which means that we have complete control over the information collected through them. This data is anonymised, so we cannot identify you by processing it.
These cookies collect information about the number of times that you visit the Sites, how long a visit takes, etc.
The analytical cookie we use is Google Analytics, which expires after two years and allows us to gather statistics about the web pages visited.
10. Security of your personal data
We employ strict technical and organisational (security) measures to protect your personal data from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage both online and offline.
These measures include:
Although we use appropriate security measures once we have received your personal data, the transmission of data - especially over the internet (including by e-mail) - is never completely secure. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to us or by us.
We limit access to your personal data to those who we believe reasonably need to access that information to carry out their tasks.
11. Data retention
We will retain your personal data for as long as:
For website visitors: the IP that we collect when you visit our Sites is retained for one year.
For more information about the expiry dates of the cookies used on the Sites, please consult the cookie section.
12. Automated decision-making
Automated decisions are defined as decisions about individuals that are based solely on the automated processing of personal data and that produce legal effects that significantly affect the individuals involved.
As a rule, your personal data will not be used for automated decision-making. We do not base any decisions about you solely on automated processing of your personal data.
13. How to contact us?
We hope that this Privacy Statement helps you understand, and feel more confident about the way we process your data. If you have any further queries about this Privacy Statement, please contact us:
14. Changes to this Privacy Statement