Privacy Policy

This confidentiality, security and personal data protection policy consists of fourteen (14) sections :

Definitions

Who is the data controller ?

What personal data do we use ?

Why do we collect and use your personal data ?

Who processes your personal data ?

Who do we share your personal data with ?

What are our commitments to protect personal data ?

Where are your personal data processed ?

How long are your personal data kept?

What are your preferences when it comes to commercial prospecting ?

Treatment safety

What are your rights regarding your personal data ?

How to contact us to exercise your rights ?

Modification of the confidentiality, security and protection of personal data policy

To help you understand this document, here are, as a preliminary point, some clarifications relating to the terminology used in this policy.

1. Definitions

• What is personal data ?

Personal data is any information or data allowing directly or indirectly to identify a natural person :

• By reference to an identifier, such as a name, an identification number (example: claim number), an online identifier (example: email), a telephone number, a date of birth.
• By reference to one or more specific elements specific to its physical identity (example: handwriting).
• By cross-checking information such as date of birth, postal address.

Personal data will hereinafter be referred to as “personal data”.

• What is data processing ?

Data processing is any operation or set of operations carried out or not using automated processes relating to personal data, which includes in particular the collection, recording, organisation, conservation, adaptation, modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, reconciliation or interconnection, limitation, erasure or destruction.

• What is a data controller ?

A data controller is any natural or legal person who determines, alone or jointly, the purposes and means of processing.

2. Who is the data controller ?

• UK DATA PROTECTION ACT 2018

  By means of this Data Protection Notice we would like to provide you with information as to how and why we process your Personal Data as defined by the Data Protection Act 2018 and the General Data Protection Regulations (GDPR) (Regulation (EU) 2016/679).Please ensure that you and your customers carefully read our Terms & Conditions to establish whether the products are suitable for their needs and requirements. Our Opteven mechanical breakdown insurance warranty products and other policies are fully underwritten by Acasta European Insurance Company. Unless otherwise stated, our premiums exclude Insurance Premium Tax (I.P.T) or VAT at the applicable rate.

Depending on the nature of the relationship we have with you and/or the contracts you have entered into with OPTEVEN, the person responsible for processing your personal data may be one of the following entities or several of the following entities jointly :

• OPTEVEN Holdings UK Ltd, is a Company Registered in England & Wales. Company No. 07104868. Authorised and regulated by the Financial Conduct Authority reference number 311375 Registered office: Opteven Holdings UK Ltd, Suite 1, Oxford House, Oxford Road, Thame, Oxfordshire, OX9 2AH.

OPTEVEN has a Data Protection Officer (DPO) who can be reached at: Opteven Holdings UK Ltd., Oxford House, Oxford Road, Thame, Oxon, OX92 AH.

When OPTEVEN acts as a subcontractor, you can refer to the general or specific conditions of your contract which binds you to OPTEVEN for additional information.

3. What personal data do we use ?

As part of our activities, we collect and use your personal data in order to be able to offer you the insurance or service contract best suited to your needs.

Depending on the insurance or service contract concerned, we collect certain categories of personal data and in particular the following categories of personal data :

• Identification data (examples: surname, first name, date and place of birth, driving license).
• Personal contact details (examples: postal address, email address, landline and/or mobile telephone number).
• Data relating to your vehicle (examples: license plate, VIN (vehicle identification number) ).
• Data relating to your contract (examples: customer identification number, contract number, warranty number, claim number).
• Data relating to claims declarations (examples: history of claims declarations).
• Financial information (examples: bank account number, bank card details).
• Data necessary for the fight against fraud, in particular insurance, money laundering and the financing of terrorism.
• Connection and traceability data (examples: cookies, connection to our websites, connection to our mobile applications).
• Location data (GPS position of the mobile phone) as part of the use of mobile applications dedicated to assistance, published by OPTEVEN, in order to allow the beneficiary of the assistance contract to be geolocated for the needs of his support, and allow him to follow the arrival of the assistance provider responsible for his repair.
• Data relating to salary expectations and any data transmitted in the curriculum vitae as part of a speculative application or in response to a job offer within the Group.

This personal data may be collected directly by OPTEVEN because we are your direct contact in a contractual relationship or indirectly because you are, for example, the beneficiary of an insurance warranty taken out by one of our partners.

If you provide us with the contact details of other people (example: those designated as beneficiaries of your contract, users or passengers of your vehicle), you must first ensure that these people have given their consent for the processing of their data by OPTEVEN and the purposes for which we use such data.

For more information, you can redirect them to this Policy.

4. Why do we collect and use your personal data ?

Your personal data is processed by OPTEVEN :

• For the management of your contract and execution of the guarantees of your contract.

We use your personal data in order to be able to conclude and execute our warranty, insurance or service contracts, and in particular:

• Gather your needs to ensure the provision of consistent, consistently high quality customer advice.

We inform you that recordings of telephone conversations between you and OPTEVEN may be made, unless you object, for evidentiary purposes, or to improve the quality of its services or for training and evaluation purposes by its employees.

• For the management of complaints and disputes by our services.
• For compliance with the legal, regulatory and administrative obligations in force to which we are subject and in particular.
• The fight against fraud, particularly in insurance.
• The fight against money laundering and the financing of terrorism .
• The response to any official request from a duly authorised public authority (control authority) or judicial authority.
• Risk monitoring and management.
• For carrying out processing relating to the management of applications and hiring.
• For the pursuit of a legitimate interest.

We use your personal data to deploy and develop our contracts, improve risk management and enforce our rights, including:

• Proof of payment of the premium or contribution.
• Management of information systems as well as continuity of operations and IT security.
• Training and awareness of our staff by recording calls made or received by our call platforms.
• For carrying out studies or statistics.

We use and exploit your personal data for statistical purposes and actuarial studies in order to:

• Evaluate your needs and interests.
• Develop our product and service offerings.
• Improve our quality of service.
• Personalise our relationships.
• Reduce claims, in particular by implementing preventative actions.
• For carrying out operations relating to the commercial management of customers and marketing.

We use your personal data in the context of:

• Carrying out operations relating to customer management and their level of satisfaction.
• The implementation of operations relating to marketing such as loyalty, new customer prospecting and surveys.
• Managing people's opinions and consultations on products, services or content.
• The development of offers adapted to your needs or preferences in a timely and reliable manner (in particular an offer to renew your contract or supplement in terms of coverage).
• Commercial solicitation from you to establish a quote or receive documentation on our products, OPTEVEN may offer you services and/or insurance products in connection with your request; in order for you to benefit from other products and/or services, this information may also be transmitted to the entities of the OPTEVEN Group as defined in article 2 hereof, to their distributors and partners; With the exception of products for which you have requested us and in the absence of a contractual relationship, our commercial proposals sent electronically (email, SMS, MMS) are only sent to you by OPTEVEN if you have previously consented.

5. Who processes your personal data ?

Whatever their respective attributions, the various OPTEVEN services may be required to process your personal data for the needs of their activity and with a view to providing their service internally or for the benefit of customers. Each OPTEVEN employee required to process personal data is expressly authorised to do so by their superior or company management.

Our employees are made aware of the processing of personal data made available to them as part of their missions and are required to comply with the internal rules developed by OPTEVEN in accordance with applicable European and national regulations.

Our employees are also trained to limit processing to the needs and purposes set out in this policy.

6. Who do we share your personal data with ?

As part of our activities, we are required to communicate certain categories of your personal data, for the purposes listed above, to our subcontractors, our service providers duly authorised by OPTEVEN (tow trucks, debt management, marketing (online), IT service providers, printing, logistics, opinion surveys, market studies, etc.), our partners, our lawyers, our experts who need it as part of their activities.

Except in cases of co-responsibility for processing, these recipients act as subcontractors - defined as any company required to process personal data following the instructions and under the responsibility and control of OPTEVEN - for the processing of all or part of the data. personal to the extent necessary for the performance of their services.

These recipients are contractually required to respect the confidentiality and security of your personal data and to use them only for the exclusive purposes of the services we have entrusted to them.

In the event that personal data concerning you is transferred to subcontractors domiciled outside the European Union, if necessary, a personal data transfer contract is signed by the subcontractor in order to maintain an equivalent level of protection. of your personal data to that of OPTEVEN and to European legislation.

Apart from the recipients listed above and subject to being compelled to do so by a judicial authority or by law, or to protect our rights and interests, we undertake not to communicate, nor share, nor make available, nor sell your personal data to third parties without your express prior consent.

7. What are our commitments to protect your personal data ?

We are committed to ensuring the protection of your personal data from the design of our products, services, sites and applications.

We implement technical and organisational means adapted to the degree of sensitivity of your personal data.

• Principle of purpose

Personal data is processed by OPTEVEN for a specific, explicit and legitimate purpose for each of the processing operations concerned.

• Principle of permissibility

The processing of personal data also meets the principle of lawfulness.

Please note that the processing is only lawful if at least one of the following six conditions is met:

• The data subject has consented to the processing of his or her personal data for one or more specific purposes.
• The processing is necessary for the performance of a contract to which the data subject is party or for the execution of pre-contractual measures taken at the request of the data subject.
• The processing is necessary for compliance with a legal obligation to which OPTEVEN is subject.
• The processing is necessary to safeguard the vital interests of the data subject or of another natural person.
• The processing is necessary for the execution of a mission of public interest or relating to the exercise of public authority vested in OPTEVEN.
• Processing is necessary for the purposes of the legitimate interests pursued by OPTEVEN or by a third party, unless the interests or fundamental rights and freedoms of the data subject override.

Consequently, your consent is not systematically necessary.

• Principle of minimisation

Personal data must be adequate, relevant and limited to the elements necessary for the purposes of the processing carried out by OPTEVEN.

This is why OPTEVEN strives to limit as far as possible the nature and volume of the data collected with regard to the purposes of the processing, while also limiting the duration of the processing thus carried out.

We deal exclusively with third parties that respect privacy and limit their access to only the personal data necessary to carry out their missions. Information exchanges are carried out using secure protocols. In order to ensure a high level of security of your personal data, our subcontractors are subject to control and audit measures.

We protect the IT developments carried out on our tools by limiting transfers outside our infrastructures. Our information system is accessible only to authorised persons.

We do not communicate any personal data concerning you to commercial partners without having obtained your prior consent and having informed you of the possibility of exercising your right of opposition.

8. Where is your personal data processed?

We may transfer your personal data to service providers located outside the European Union to the extent that this is necessary to perform our services or to meet a legal obligation (e.g. tax declaration obligations).

In such a situation, the transfer of your personal data is limited to countries that have been recognised by the European Commission as having an adequate level of protection. For other countries, such a transfer can only take place if the recipient of the data provides sufficient guarantees so that the transfer is carried out in accordance with the requirements of the applicable regulations, and as such complies with either the standard contractual clauses of the Commission European, i.e. internal company rules with binding force.

9. How long do we keep your personal data ?

We undertake to keep your personal data in a secure environment, only for an adequate period necessary to achieve the purposes for which it was collected or for the minimum retention period provided for by applicable legislation, particularly in civil and commercial matters. This includes in particular the retention of certain personal data at the end of our contractual relationship, in order to comply with our legal obligations and in the context of legal proceedings in order to defend our rights in court.

As examples :

For purposes related to the existence of a contractual relationship with us, we keep your personal data for the entire duration of your contract then we archive it for the duration of the legal prescription for the purposes of proof for the observation, the exercise or defence of a legal right.

For billing purposes, we keep your personal data for a period of ten (10) years from the end of your contract, in accordance with legal obligations.

In the absence of conclusion of a contract, we delete your personal data two (2) years after last contact with you.

Cookies are retained for a period of thirteen (13) months from their collection.

Telephone recordings are kept for six (6) months.

10. What are your preferences when it comes to marketing ?

Where you have provided consent, we may share personal data that you have provided to us within the Opteven Holdings UK Ltd Companies and with other companies that we establish commercial links with. They and we may contact you (by mail, e-mail, telephone, text, or other agreed means), in order to tell you about products, services or offers that we believe will be of interest to you, or to provide you with commercial updates. If you do not wish us to continue marketing to you, please email ukmarketing@opteven.com

11. Security of requirements

• Security requirements at OPTEVEN

The security of personal data processing and more generally the security of the information system constitute a priority for OPTEVEN which implements an information systems security policy (PSSI) as well as it applies, internally, an IT charter.

• Principle of secure processing

OPTEVEN implements technical and organisational measures intended to guarantee a high level of security in the processing of personal data, the effectiveness, consistency and efficiency of which are taken into account by the PSSI.

• Privacy study impact

In the event that processing presents high risks for the rights and freedoms of the persons concerned, OPTEVEN would be required to carry out an impact analysis on privacy to verify the reality of the risks and limit them before implementation of the processing concerned.

• Data Breach Notification

A personal data breach is characterised by a malicious or accidental security breach resulting in the loss, alteration or unauthorised disclosure of data.

We protect them against any malicious intrusion, loss, alteration or disclosure to third parties or unauthorised persons. Transfers of your banking data are encrypted using the Secure Shell (SSH) protocol.

However, despite all our efforts to ensure the conservation of your personal data in a secure environment, we cannot completely protect ourselves from any risk of computer hacking or illegal disclosure of your data.

We take measures to limit intrusive actions and malicious acts. In the event of a violation of personal data concerning you, please contact The Data Protection Officer, Opteven Holdings Uk Ltd., Oxford House, Oxford Road, Thame, Oxon, OX9 2AH.

When such a violation is likely to result in a high risk to your rights and freedoms, we will inform you of the violation as soon as possible.

We are particularly vigilant about the protection of your banking data and secure exchanges during transactions and payment acts.

12. What are your rights regarding your personal data ?

You have the following rights over your personal data :

• Right of information : You can obtain from OPTEVEN confirmation of the processing of personal data concerning you relating to the purposes of the processing, the categories of data processed, the recipients of the data thus processed as well as the duration of retention of the data.
• Right of access : You can obtain a copy of all the personal data concerning you that we have and information on the processing that we carry out on this data.
• Right of rectification : You can request the updating of your personal data when you consider that they are no longer accurate or that they are incomplete.
• Right of erasure : You can request the deletion of all of your personal data within the limits of what the law allows.
• Right of limitation : You can request to stop for a limited period any processing other than data retention on some of your personal data, because you contest the accuracy of this data (time for us to carry out the necessary checks ), or you contest the lawfulness of the processing carried out on these data by OPTEVEN, or you wish to use these data for the establishment, exercise or defence of legal rights even though we were going to delete them.
• Right of opposition pour for legitimate reasons : You can object to the processing of your personal data to the extent that this is justified by reasons relating to your particular situation or in the event that this opposition concerns commercial prospecting, including profiling. In the latter case, you have a general right of opposition which we will implement without you having to justify a particular situation.
• Right to portability : You can obtain the recovery of the personal data we have in electronic format, for your personal use or that of another data controller, when these personal data meet the following cumulative conditions :
  • You have provided this data to OPTEVEN or it results from your use of our services.
  • The data collected was done so with your consent or as part of the contractual relationship between you and OPTEVEN.
• Right to withdraw your consent : When you have given your consent to the processing of your personal data, you can withdraw it at any time, without calling into question the operations carried out prior to this withdrawal.
• Right to define the fate of your post-mortem data : You can define directives relating to the fate of your personal data after your death (concerning their conservation, their erasure, and, where applicable, their communication).

13. How to contact us to exercise your rights

If you wish to exercise your rights indicated above or for any information on the protection of personal data, please contact: The Data Protection Officer, Opteven Holdings UK Ltd., Oxford House, Oxford Road, Thame, Oxon, OX9 2AH.

As part of the exercise of these rights, you may be asked for proof of identity, and if necessary, information useful for processing your request.

14. Modification of the confidentiality, security and protection of personal data policy

This confidentiality, security and protection of personal data policy may be revised depending on legislative and regulatory developments or a modification of the conditions of processing of personal data.

We invite you to consult it regularly in the “Confidentiality policy protection of personal data” section of the website www.opteven.com or any OPTEVEN Group website.