privacy policy

Effective Date: May 25, 2018

1. Introduction

We take the confidentiality of your personal data very seriously and will only use this data in accordance with the General Data Protection Regulation (GDPR) 2018.

By using our website or requesting insurance services from us, you consent to our collection and use of your personal information as described below, in accordance with this Privacy Policy. Any changes to this Privacy Policy will be posted here so that you are always aware of the collection and use of your personal information.

This Privacy Policy informs you how CORPORATE SPECIAL RISKS (CSR), as data controller, collects, uses, shares and stores the personal data you provide and informs you of your choices regarding the use, access and correction of your personal data. CSR is committed to ensuring that all personal data it receives is protected and processed in accordance with applicable data protection laws.

In this document, references to "we", "us" or "our" refer to CSR.

2. Who are we?

CORPORATE SPECIAL RISKS (CSR) was created on 22 March 2013. Its main place of business is located at 25 rue Lavoisier, 75008 Paris.

3. What personal information do we process about you and how do we obtain it?

The personal information we hold is limited to your name, mailing addresses, e-mail addresses, telephone numbers, employer name, position title and country of residence.

We will also record past communication data with you and your communication preferences.

We only collect and have access to data that you voluntarily provide to us by email or other direct contact with you. Data provided about you through an insurance broker or a third party will be considered to have been provided by you in good faith.

The personal information may be provided by you in the form of a website contact form, an email from you or your insurance broker, a written request form or other form of written correspondence or verbal communication initiated by you or your broker.

We will not sell or rent this data to anyone.

We do not use cookies on our website.

4. Why do we collect your personal data and the lawful basis for their processing?

Business Communications

We will contact you with business communications. The lawful basis for such communications and the execution of a contract or pre-contractual measures.

Claims management

We may process your personal data for claims management purposes. The lawful basis for this processing are the execution of a contract and legitimate interest.

Regulatory information

CSR may from time to time provide you with information regarding regulatory obligations. The lawful basis for this process lies in the legal obligation to which CSR is subject.

Event management

Your personal data may be processed to support the communication and management of events organised by CSR. The lawful basis that allows us to process your data is legitimate interest.

Marketing

From time to time, we will provide you with information about the products and services provided by CSR. The lawful basis that allows us to process your data is legitimate interest.

Do not send

We will maintain an up-to-date list of individuals who have unsubscribed from our mailings. The lawful basis is legal obligation.

Automatic decision making

We do not use any technology that seeks to make automatic decisions about your insurance risk: we have a team of trained underwriters, claims managers and accounting assistants who manage your account with us on a case-by-case basis.

5. With whom do we share your data?

Your data will only be shared with, and only when needed:

-      Sanctions monitoring databases

-       Third-Party Administrator (external companies that manage claims)

-       External IT Service Providers

-       External accounting firms

-       Our legal counsels

-       External event organizers who co-organize or sponsor events

-       Risk carriers

-       Reinsurers

-       Public authorities (tax authorities, supervisory authorities, courts)

6. How long do we keep your data?

We will retain your personal data as long as reasonably necessary to fulfill the relevant purposes set out in this Privacy Notice. The retention period will be determined primarily by legal and regulatory obligations and/or the duration of our business relationship with you, your employer or another associated party. We maintain and regularly update our data retention policy with a detailed retention schedule. We will securely delete or erase your personal information if there is no valid business reason to keep your data. In exceptional circumstances, we may retain your personal information for longer periods if we reasonably believe there is a possibility of litigation, in the event of complaints or if there is another valid business reason why the data will be needed in the future.

7. International transfers

From time to time, we may need to share your personal information with our risk carriers and their reinsurers who may be based outside the European Union. We may also make other disclosures of your personal information abroad, for example if we receive a legal or regulatory request from a foreign supervisory or law enforcement authority.

We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests:

- We will only transfer your personal information to countries that are recognized as providing an adequate level of legal protection or where we can be assured that other provisions are in place to protect your privacy rights.

- Any inquiries we receive from supervisory or law enforcement authorities will be carefully reviewed before personal information is disclosed.

8.   Your rights

You have certain rights as an individual that you can exercise in connection with the information we hold about you. If you request to exercise any of your rights, we reserve the right to ask you for a proof of your identity. We endeavour to acknowledge receipt of your request as soon as possible and will address your query within one month from your request.

You have the following rights:

The right of access

You are entitled to confirmation whether we are processing your data, a copy of your data and information about the purposes of the processing, to whom we disclose it, whether we transfer it abroad and how we protect it, for how long we keep it, what your rights are, where we have obtained your data and how you can file a complaint.

The right of rectification

If you believe that the personal information we hold about you is inaccurate or incomplete, you may request that it be corrected.

The right to erasure

If you withdraw your consent, terminate your contractual relationship with us or if you believe the personal data is no longer necessary for the purposes for which it was collected, you may request your data to be deleted. However, this will need to be weighed against other factors, for example there may be certain regulatory obligations that prevent us from complying with your request.

The right to restriction of processing

You may ask us to restrict (i.e. keep but not use) your personal data, but only where:

-       its accuracy is contested, to allow us to verify its accuracy; or

-       the processing is unlawful, but you do not want it deleted; or

-       it is no longer necessary for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or

-       you have exercised your right to object and the verification of overriding grounds is pending.

We may only continue to use your personal data following a request for restriction with your consent or to establish, exercise or defend legal claims or to protect the rights of another natural or legal person.

The right to data portability

If we have collected your personal data under a contract or with your consent and the data is processed by automated means, you may request us to transfer your personal data to another controller of your choice.

Right of opposition

You have the right to object at any time to the processing of your personal data. In this case, we will no longer process your personal data, unless we have compelling legitimate reasons that outweigh your interest to object.

9. Contact details for data protection requests

If you have any data protection questions that you feel we will be able to answer, please do not hesitate to contact us:

CORPORATE SPECIAL RISKS

25 rue Lavoisier

75008 Paris

Courriel : admin@special-risks.fr

10. Complaints

If you are not satisfied with our response or believe that we are not processing your personal data in accordance with legal requirements, you may file a complaint with the competent Data Protection Authority. Our Lead Authority within the European Union is the French Commission Nationale de l'Informatique et des Libertés - CNIL (https://www.cnil.fr).