Data Privacy

PRIVACY NOTICE

 

 

Date of the last update: 05/09/2019

 

AXA Group respects your privacy and ensures that all the personal data it handles is processed in accordance with the best confidentiality practices and the applicable laws on data privacy, and notably the European Union General Data Protection Regulation n°2016/679 (GDPR).

 

In this context, Personal Data means any information relating to an identified or identifiable natural person (a Data Subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

In the context of this notice, as a Data Subject, YOU will be hereinafter referred-to as ‘’YOU’’, “YOUR”.

 

AXA SA is a “société anonyme” with registered capital of: €5,553,059,073.54 (at February 20, 2019), registered in the Paris Trade and Companies Register under the number 572.093.920, will act as Data Controller of YOUR Personal Data (which means tha AXA SA will determine the purposes and means of the processing of Personal Data).

 

The Data Controller of YOUR Personal Data are hereinafter referred to as ‘’WE’’, “OUR”.

 

The compagny SERUM & CO, having its registered office at 60 RUE DE CAUMARTIN, 75009 PARIS France registered with the Registry of Commerce and Companies of Paris under number 420 236 879066 will act as Data Processor of YOUR personal data (which means that SERUM & CO will process YOUR Personal Data under specific and written instructions and on behalf of the Data Controller).

 

 

WHAT PERSONAL DATA DO WE COLLECT?
 

WE process the following Personal data about you:

  • Identification data: name, first name, country, personal e-mail address, photos;
  • Professional life data: company, professional e-mail address.

 

WE process the above categories of Personal Data for the following purposes:

  • Management of solidarity activities;
  • User account administration;
  • Meeting statistical needs to improve activity management;

 
 
HOW DO WE USE YOUR PERSONAL DATA?
 

Those personal data are collected and used for the afore-mentioned purposes on the basis of the following legal grounds:

  • The processing is based on the legitimate interests of GIE AXA to organize and develop solidarity activities;
  • The processing is based on YOUR consent to sign in to such solidarity activities.

 

 

WHEN DO WE SHARE YOUR PERSONAL DATA?
 

WE communicate YOUR Personal Data mentioned above only to identified and empowered recipients. The categories of YOUR Personal Data that we communicate are Identification data and Professional data.

 

Those recipients are generally located in the European Union (EU). Some of those recipients are located in countries outside the EU, which provide an adequate level of protection.

YOUR Personal Data can also be transferred to the countries, which do not provide an adequate level of protection. In this case, WE provide safeguards to ensure the security and the confidentiality of YOUR Personal Data, by framing its transfer when YOUR Personal Data is transferred to other entities of the AXA Group, with Binding Corporate Rules [DOWNLOAD FILE].

 

 

HOW DO WE KEEP YOUR PERSONAL DATA SECURE?
 

WE use appropriate technical and organizational measures designed to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing YOUR personal information in line with AXA standards.

 

 

FOR HOW LONG WILL YOUR PERSONAL DATA BE RETAINED?
 

The collected Data needed for the Processing will be retained according to the following informations:

 

Category of Personal Data & Retention period :

Identification data:
For users with an account: 11 months maximum after the last connection to the website

For users without an account (guests) who do not register for an event: 72 hours after sending the invitation

For users without an account (guests) participating in an event: 6 months maximum after the date of the event / solidarity activity

For users without an account (guests) who have registered for an event but in the event of event/activity cancellation, or in the event of him/her or the AXA employee inviting him/her unsubscribe from event/activity: immediate deletion of personal data

Professional life data:
For users with an account: 11 months maximum after the last connection to the website

For users without an account (guests) who do not register for an event: 72 hours after sending the invitation

For users without an account (guests) participating in an event: 6 months maximum after the date of the event / solidarity activity

For users without an account (guests) who have registered for an event but in the event of event/activity cancellation, or in the event of him/her or the AXA employee inviting him/her unsubscribe from event/activity: immediate deletion of personal data

Photos:
For all attendees to the solidarity activity for which prior consent has been provided (AXA collaborators and guests): removal from the website 10 years maximum after the date of the solidarity activity.
 

 

WHAT ARE YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA?

 

In accordance with  the GDPR, YOU have the right to:

  • access YOUR Personal Data and obtain a copy thereof;
  • rectify YOUR Personal Data;
  • request erasure of YOUR Personal Data, except if the processing is based upon the respect of a legal obligation of the data controller;
  • ask the restriction of processing of YOUR Personal Data in certain circumstances; and
  • the right to request YOUR Personal Data portability, where applicable.

 

You are also informed about the possibility to address any demand in relation with YOUR rights and Personal Data to the Data Protection Officer and decide about the whereabouts of YOUR Personal Data after YOUR death.

 

Please note that, to the extent part of our processing is based on YOUR consent, you can withdraw such consent at any time.

Should YOU decide to do so, YOU will not be able to access the services offered on the website

The opt-out does not undermine the legality of the prior processing done before said withdrawal.


You can exercise YOUR rights by contacting OUR Data Privacy Officer at privacy@axa.com.

 

You may be asked for information to confirm YOUR identity and/or to assist the Company to locate the data YOU are seeking as part of our response to YOUR request.

 

Finally, YOU have the right to raise any concerns about how YOUR personal data is being processed with a competent supervisory authority, in particular in the Member State of YOUR habitual residence, place of work or place where you think an alleged infringement to your rights occurred.

 

 

UPDATES TO THE PRIVACY NOTICE
 

WE may update this Privacy Policy from time to time in response to changing legal, technical or business developments. When we update our Privacy Policy, we will take appropriate measures to inform YOU, consistent with the significance of the changes WE make. WE will obtain YOUR consent to any material Privacy Policy changes if and where this is required by applicable data protection laws.

You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Privacy Policy.