Personal data and cookies
As the data controller, AXA France applies the following principles:
- We will use your data solely for explicit, legitimate and pre-determined purposes in connection with our various businesses (such as insurance, banking and assistance);
- We will only collect data that is useful to us;
- We will not retain your data longer than the period needed for the transactions for which it was collected (e.g. assistance), or the period specified by CNIL standards and authorizations (compliance package for the insurance sector) or by law (such as legal time limits);
- We will communicate your data only to the authorized intermediaries, AXA Group companies, partners, reinsurers, service providers and professional organizations who need it in the scope of our business;
- We will inform you in a clear and transparent manner, for example when handling a request for a quote or a policy, of the purpose for using your data, whether your responses on forms are optional or required, and of your rights with respect to data protection;
- We will provide you with updated information about the processing of your data by updating the AXA France website (www.axa.fr/donnees-personnelles.html).
- Consult AXA France’s commitments regarding personal data: find out more
Use of your data
Your data will be used solely for the following purposes:
- to enter into, manage (including sales) and perform your insurance contracts, pursuant to the NS16 and NS56 standards enacted by CNIL, which may include using your social security number and accessing the French National Natural Persons Identification Registry (RNIPP) under the conditions and for the situations listed in CNIL authorization AU31,
- o fight money laundering and terrorism financing by implementing contract monitoring that could lead to a suspicious transaction report or an asset freeze, pursuant to the French Monetary and Financial Code and CNIL authorization AU003,
- to fight insurance fraud in accordance with CNIL authorization AU39, which could lead to registration on a list of persons representing a fraud risk,
- to collect data related to offenses, criminal convictions and security measures, whether at the time an insurance policy is purchased, while it is in force, or as part of a litigation, under the conditions provided for by CNIL authorization AU32,
- to analyze all or part of the data concerning you that has been collected by the AXA Group and potentially compared with that of selected partners, to improve our products (research and development), assess or predict your situation (conversion probability scores) and personalize your customer experience (targeted offers and advertising).
AXA France is legally obligated to verify that your data is accurate, complete and updated as necessary. We might contact you to verify the data, or we may need to complete information in your file (for example, by recording your email address if you write to us by email.)
When you purchase a policy, the answers to some questions are required. False statements or omissions could result in the cancellation of the policy purchased (article L.113-8 of the French Insurance Code) or the reduction of claims paid (article L.113-9 of the French Insurance Code).
We undertake to protect the security of your data by implementing enhanced data protection, using physical and logical security methods consistent with best practices and applicable standards.
Binding Corporate Rules (BCR)
We are the first insurance company to have Binding Corporate Rules approved by 16 European personal data protection authorities, including CNIL. These rules guarantee a minimum level of intangible protection of your data by the various AXA Group companies around the world.
The BCR are currently being deployed. You can view them by clicking on this link.
Control of data transfers
The AXA Group is present in more than 50 countries and has implemented a specific policy and governance framework for the international protection of personal data.
It covers the strict control of the transfer of your data, in particular when performed outside the European Union and the EU’s protective legislation, like systematically requiring the necessary authorizations from personal data protection authorities, such as CNIL, in advance.
AXA France currently makes data transfers outside the European Union to the following:
- an AXA France subsidiary and a service provider in Morocco, for the purposes of managing insurance policies and telemarketing,
- an AXA Group company located in Mauritius, for managing legal protection guarantees and for a telemarketing service,
- an AXA Group company located in India, for certain accounting processing for insurance transactions,
- a company located in Vietnam, for certain IT maintenance transactions,
- a service provider located in Mauritius, for managing collective retirement contracts.
This list will be updated when there are changes.
Rights to access, rectification, erasure, restriction, portability, objection, and to decide what happens to your data after you pass away
You have rights that allow you to:
- access your data,
- request rectification if there is an error,
- request erasure,
- request that processing be restricted,
- request portability,
- object to processing,
- provide instructions for what happens to your data after you pass away.
To better understand your rights, go to CNIL’s website (www.cnil.fr/fr/comprendre-vos-droits).
You can exercise your rights by filling out this form, sending an email to email@example.com, or sending a letter by postal mail to AXA France, Service Information Clients, 313 Terrasses de l’Arche, 92727 Nanterre cedex.
Don’t forget to include an identification document with your request (copy of your French National Identity Card or your passport).
If you do not wish to receive any direct marketing calls, you can register for free on the BLOCTEL opt-out list.
For more information, go to www.bloctel.gouv.fr