AXA XL, together with other members of its group, including but not limited to those listed at https://axaxl.com/insurance/our-companies and https://axaxl.com/reinsurance/our-companies (AXA XL or we or us) are committed to compliance with data protection laws. This Privacy Notice describes how AXA XL collects, uses, shares and secures your personal information and non-personal confidential information when we provide our services as an insurance and reinsurance business. It also describes your choices regarding use, access and correction of your personal information. Personal information is information, or a combination of pieces of information that could reasonably allow you to be identified.
1. Personal information we use
As an insurance and reinsurance business, we need to obtain information about the individuals covered in an insurance policy, or individuals that are beneficiaries of, or have made claims under, an insurance policy, or individuals who are involved in an incident giving rise to an insurance claim. This is so that we can properly assess the risks associated with providing insurance or reinsuring a particular block of insurance policies and administer and manage our products and services. This privacy notice applies to any individual whose personal information we process in the course of providing the services (each a "data subject" or "you").
We may be required by law to collect certain personal information about you, or as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfilment of these obligations. We will inform you at the time your information is collected whether certain data is compulsory and the consequences of the failure to provide such data.
1.1 Information we collect about you
The type of information we may collect and process about you will depend upon the type of insurance we are offering or underwriting. It may include any of the below (where permitted by law):
From the information we collect about you, we may also derive or generate further information such as risk ratings. Some of this information is generated through profiling (see the section below on "Do we use personal information for profiling and automated decision making?").
1.2 Special categories of personal data
Some of the categories of information we collect are special categories of personal information (sometimes referred to as "sensitive personal information”). These include:
1.3 Sources of the information we collect
We collect personal information from you directly when you voluntarily provide it to us, for instance if you submit application forms to be considered for insurance products or contact us.
We also collect your personal information from a variety of sources:
Occasionally we may collect your personal information from a third party, in particular from authorised, regulatory, public sources such as government regulators, industry self-governing bodies and other publicly available records. This will be most common when we are complying with our legal obligations regarding money laundering and other financial crimes. If appropriate, in these circumstances we will either notify you of our sources or seek your consent to their use.
2.How we use your personal information and the basis on which we use it
We use your personal information to:
We must have a legal basis to process your personal information. In most cases the legal basis will be one of the following:
If it is necessary that we process your sensitive personal information for one of the purposes listed above, we will only do so where one of the following applies:
We may obtain your consent to collect and use certain types of personal information when we are required to do so by law (for example, in relation to our direct marketing activities, cookies and tracking technologies or when we process sensitive personal information). If we ask for your consent to process your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this Privacy Notice.
3. Your rights over your personal information
You have certain rights regarding your personal information, subject to local law. These include the following rights to:
If you would like to discuss or exercise such rights, please contact us at the details below.
We encourage you to contact us to update or correct your information if it changes or if the personal information we hold about you is inaccurate.
We will contact you if we need additional information from you in order to honor your requests.
4. Automated decisions about you
The way we analyze personal information for the purposes of e.g. risk assessment or fraud prevention may involve profiling, which means that we may process your personal information using software that is able to evaluate your personal aspects and predict risks or outcomes. We may also use profiling, or otherwise employ solely automated means, to make decisions about you that relate to the basis on which we provide insurance to you. This is known as "automated decision-making" and is only permitted when we have a legal basis for this type of decision-making.
We may make automated decisions about you:
Subject to local legal requirements and limitations, you can contact us to request further information about automated decision-making, object to our use of automated decision-making, or request an automated decision to be reviewed by a human being.
5. Information Sharing
We may share your personal information with third parties under the following circumstances:
Because we operate as part of a global business, the recipients referred to above may be located outside the jurisdiction in which you are located (or in which we provide the services). See the section on "International Data Transfer" below for more information.
6. Information Security and Storage
We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing.
We will keep your personal information for as long as we have a relationship with you, and for a period thereafter, in line with our Global Records Management Policy.
7. International Data Transfer
Your personal information may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for personal information under European Union law or by the European Commission. We have put in place appropriate safeguards (such as contractual commitments) in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details below.
Where we transfer personal data from EU countries to AXA companies and service providers outside the European Economic Area (EEA), We provide safeguards to ensure the security and the confidentiality of your personal data, by framing the transfer through either (i) the Standard Contractual Clauses adopted by the European Commission or (ii) through Binding Corporate Rules when your personal data is transferred to other entities of the AXA Group.
8. Non Personal Confidential Information
9. Contact us
For more specific information regarding processing activities undertaken using your personal data, please refer to the relevant Privacy Notice among the list accessible here.
If you have questions about your rights or concerns regarding the way in which your personal information has been used, please contact our local Data Protection Officer at the address communicated within the relevant Privacy Notice or the Chief Data Officer at firstname.lastname@example.org. If you would like to request access to, or us to take action on, your personal information, subject to local laws and regulations, you can submit a request here.
If you are based in the United States you may also call 800 242-5198.
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the data protection authority.
You may request a copy of this Privacy Notice from us using the contact details set out above. We may modify or update this Privacy Notice from time to time.
If we change this Privacy Notice, we will notify you of the changes. Where changes to this Privacy Notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will give you sufficient advance notice so that you have the opportunity to exercise your rights (e.g. to object to the processing).
Last status: August 2020