Insurance Europe

Insurance Europe (“We”) is the European (re)insurance federation. Insurance Europe is based in Brussels and represents 37 member bodies that are national insurance associations representing the (re)insurance companies.

We act as a data controller for all personal data processed by Insurance Europe. We process any personal data as safely and reasonably as possible and in strict compliance with the applicable data protection legislation, including the General Data Protection Regulation 2016/679 of 27 April 2016 (‘GDPR’).

This Privacy Statement covers:

• Third party contacts: members of the European Parliament (MEP), MEP assistants, European or national institutions, authorities or agencies officials or staff members, international entities officials, contacts from international, European or national federations, from a law firm or a consultancy, from a company that has a contractual relationship with Insurance Europe, suppliers, sponsors to Insurance Europe’s events, journalists, academics, researchers, or any other individuals who contacted or have been contacted by Insurance Europe in the context of its business activities, such as visitors to Insurance Europe’s premises, individuals who signed up for updates through Insurance Europe’s sign up page
• Insurance Europe’s events participants
• Insurance Europe’s websites visitors

Separate privacy statements apply to Insurance Europe staff members, job applicants and Insurance Europe member associations, their member companies as well as members of the Reinsurance Advisory Board (RAB).

This Privacy Statement tells you what personal data we process, why and how we process your personal data when we perform our business activities, when you participate in Insurance Europe events or when you use our websites (“the Sites”) and any of the services we offer through the Sites, to whom we give that information, what your rights are and who to contact for more information or queries.

When we refer to “the Sites”, we mean the web pages containing the domain name ‘insuranceeurope.eu’ and including all its subsites (https://www.insuranceeurope.eu).

The Sites may link to other websites provided by members, members’ members or third parties. Whilst we try to link only to websites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices of other websites.

When linking to any such websites, we strongly recommend that you read the Privacy Statements on those websites before disclosing any personal information.

The main personal data that we generally collect and hold in our database includes:

• identification data (eg name, company, address, e-mail address, phone number, job title, invoicing details, VAT number)
• data regarding the communication between us (eg e-mails sent, meetings)
• your picture if you we have published an article of yours in our Annual Report or if you are a speaker at one of our events and we have obtained your consent for this
• only for MEPs and members of national parliaments: the political party you are affiliated to, when this is manifestly made public by you
• when you use our Sites, the browser on your device automatically sends information to the server of our Sites/application which temporarily stores it in a log file. More specifically, your IP address is automatically recorded without your intervention and stored until it is automatically deleted.

The Sites also use cookies to gather statistics about the visits to the Sites and improve their performance and design. This data is anonymised, which means that we cannot identify you by processing it. For more information about the cookies we use and how you can control them, please consult the cookie section hereafter.

We may obtain your personal data:

• in the framework of the execution of our business activities that serves the mission of our federation, for instance:
  
  
• because you provided it to us (eg by providing us with your business cards, via an e-mail you sent to us, via a contract we have with you), or
• because someone else has provided it to us (eg a colleague of yours or another third-party service provider that we use in the framework of our business activities), or
• because your personal data is publicly available.
• when you complete the sign-up page on our Sites and buy our products or services via our Sites.
• when you register for an event we organise. We only process the data that you have provided to us yourself.

• For legitimate business purposes including:
  
  
• arranging and managing meetings
• responding to any form of communication with us
• public affairs and relations activities, including sending you:
  
  
• invitations to our networking events, such as conferences, seminars, meetings, receptions, cocktails or any other types of gatherings
• our press releases
• emails aiming to raise your awareness about insurance-related issues, such as links to a quiz or specific pages on our website
• our position papers, insight briefings, working papers, reports (eg our annual report) or any other type of publication in the context of our business activities
• taking all necessary actions with respect to the organisation of the events you are subscribed to, including:
  
  
• providing events information (such as confirmation emails, venues, participant lists, presentations, follow-up information and reports)
• preparing invoices (if relevant)
• printing badges, etc.
• Security and troubleshooting purposes for processing your IP address when you visit our Sites.
• For direct marketing purposes, such as:
  
  
• inviting you to attend our paid events, such as our annual international conference, if you are a previous attendee or if we have obtained your consent for this
• sending you update emails about our paid services or products (eg our annual publication on indirect taxation), if you are an existing customer or if we have obtained your consent for this

We will use your personal data only for the purposes for which we collected it or for reasons compatible with the original purpose. If we intend to use your personal data for reasons that are not related to the original purpose, we will contact you and notify you of the legal basis that allows us to do so.

We process your personal data for the purposes mentioned in the previous section relying upon the following legal bases:

• The legitimate interests of Insurance Europe, whose mission is:
  
  
• To draw attention to issues of strategic interest to all European (re)insurers in a sustainable manner
• To raise awareness of (re)insurers' roles in providing insurance protection and security to the community as well as in contributing to economic growth and development
• To promote – as the expert and representative voice of the insurance industry – a competitive and open market to the benefit of the European consumer as well as corporate clients

Insurance Europe is registered on the EU transparency registry and its mission is expressly included therein. This includes, for instance, supporting our business activities, supplier management, or responding to your queries, organising our events in the best possible way and promoting our future public relations activities.

We also rely on our legitimate interest to process your personal data when you buy products or services via our Sites (such as our annual publication on indirect taxation) in order to process your order and send you future update emails on paid services or products.

When you use our Sites, your IP address is processed based on our legitimate interest to ensure the functionality and security of the Sites.

In this respect, we will always determine case by case whether our interests are not overridden by your interests, fundamental rights and freedoms.

• For the fulfilment of our contractual obligations (in case we have a contract with you).
• Consent, where necessary

You have several rights concerning the personal data we hold about you. You have the right to:

• access your personal data, obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you
• ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete
• restrict our processing of your personal data where you believe that the data is not accurate or we may not have grounds for processing it
• ask that we delete the personal data that we hold about you, if you believe that there is no (longer a) lawful ground for us to process it
• withdraw your consent to our processing of your personal data (to the extent such processing is based on consent)
• ask to receive a copy of the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or a contract)
• object to our processing of your personal data for which we use legitimate interest as a legal basis, in which case we will cease the processing unless we have compelling legitimate grounds for the processing
• object at any time to the processing of your personal data for direct marketing purposes

You can also click on the unsubscribe link included in relevant mailings, including direct marketing emails, to stop receiving such communication.

To exercise any of your rights, you can send us a request, indicating the right you wish to exercise by e-mailing us at [email protected]. You may also use these contact details if you wish to make a complaint to us relating to your privacy.

If you are unhappy with the way we have handled your personal data or any privacy query or request that you have raised with us, you have a right to complain to the Data Protection Authority (“DPA”) in your jurisdiction.

All Insurance Europe staff members who are responsible for our internal and external communications and the organisation of events, will have access to your personal data on a “need-to-know” basis for the purposes described above.

We may disclose your personal data to our members, our members’ members, representatives appointed by our members, members of the Reinsurance Advisory Board (RAB), third parties that provide services to us that reasonably require access to personal data relating to you for one or more of the purposes outlined in the “Why we process your data” section above. The following external parties may, for instance, be involved:

• external service providers we rely on for various business services
• law enforcement authorities in accordance with the relevant legislation
• external professional advisors (eg law firms or consultancies)

If you are a participant in one of our events, we may disclose your personal data (eg your name and the company or entity you work for) to all attendees of this event, in the form of a participants list. We may also share additional personal data (eg job title and email address) with our sponsors if you provide us with your consent to do so.

If our federation enters into a joint venture with or is sold to or merged with another entity, your information may be disclosed to our new partners or owners.

International transfers
To achieve the objective of our processing as described above, we may transfer your personal data outside the European Economic Area (EEA). We transfer your personal data only to third parties outside the EEA when that country provides an adequate level of protection according to an adequacy decision issued by the European Commission or when the third party has agreed to provide appropriate safeguards that ensure your personal data is protected (within the limits permitted by the GDPR, eg by means of Standard Contractual Clauses). You can ask for more information and/or obtain a copy of those safeguards by sending us an e-mail ([email protected]).

When an event you are subscribed to is organised outside the EEA, it may be necessary that a company located in a third country outside the EEA, requires access to your personal data to process and/or store these personal data (eg travel agency, hotel) where necessary for the performance of a contract with you or to take precontractual measures to execute your subscription to our event in the best possible way (article 49(b) or (c) GDPR).

We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Statement.

We reserve the right to disclose your personal data as required by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on us.

The Sites use Cookies. Cookies are small text files that are stored by your browser onto your computer or mobile device when you visit these Sites. The Sites use cookies that enable us to ensure the proper functioning of the website (functional cookies), as well as analytic cookies that collect anonymous, aggregated usage data to improve the Sites (analytic cookies).

You can refuse the installation of cookies on your device. The ability to enable, disable and/or delete cookies can be completed in your browser. You can delete all cookies that are already on your device and you can set most browsers to prevent them from being placed. The settings are usually in the “options” or “preferences” menu of your browser. To understand them, the “Help” option in your internet browser or the following links may be helpful:

• Cookie settings in Internet Explorer
• Cookie settings in Firefox
• Cookie settings in Chrome
• Cookie settings in Safari

You can find more information about cookies at: www.allaboutcookies.org. Please note that turning off functional cookies might restrict your use of our website(s).

The Sites use the following types of cookies:

- Functional cookies

• Session cookies

A session cookie is used each time you visit our Sites to give you a session ID. They link your actions on our Sites and each one will only last for a browser session, at the end of which it will expire. After your visit to our Sites all session cookies are deleted.

• Persistent cookies

A persistent cookie allows the preferences or actions of the user across a site (or across different websites) to be remembered. It has a longer life than a session cookie and lasts for a period of time that varies from cookie to cookie. This type of cookie will not be deleted when you close your browser window and will be stored on your computer or mobile device. It will be activated every time you visit the website that created it.

• First-party cookies

A first-party cookie is a cookie set by us or any of our processors.

• Third-party cookies

A third-party persistent cookie is set by our service provider, CloudFlare, to identify trusted web traffic. It does not correspond to any user ID in the web application, nor does the cookie store any personally identifiable information. For more information, please see: https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-CloudFlare-cfduid-cookie-do-

- Analytic cookies

These cookies are used to gather statistics about your visit to the Sites to improve their performance and design (“web audience measuring”). They are first-party cookies, which means that we have complete control over the information collected through them. This data is anonymised, so we cannot identify you by processing it.

These cookies collect information about the number of times that you visit the Sites, how long a visit takes, etc.

The analytical cookie we use is Google Analytics, which expires after two years and allows us to gather statistics about the web pages visited.

We employ strict technical and organisational (security) measures to protect your personal data from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage both online and offline.

These measures include:

• training relevant staff to ensure they are aware of our privacy obligations when handling personal data
• administrative and technical controls to restrict access to personal data to Insurance Europe staff members
• technological security measures, including fire walls, encryption and anti-virus software;
• back-up systems
• login access blocks in case of loss or theft of devices
• physical security measures, such as staff security badges to access our premises

Although we use appropriate security measures once we have received your personal data, the transmission of data - especially over the internet (including by e-mail) - is never completely secure. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to us or by us.

We limit access to your personal data to those who we believe reasonably need to access that information to carry out their tasks.

We will retain your personal data for as long as:

• it is necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting, or reporting requirements
• you have a role or function that is relevant to Insurance Europe’s daily business activities and mission
• your relationship with Insurance Europe persists (eg if you are a contractual party)

For website visitors: the IP that we collect when you visit our Sites is retained for one year.

For more information about the expiry dates of the cookies used on the Sites, please consult the cookie section.

Automated decisions are defined as decisions about individuals that are based solely on the automated processing of personal data and that produce legal effects that significantly affect the individuals involved.

As a rule, your personal data will not be used for automated decision-making. We do not base any decisions about you solely on automated processing of your personal data.

We hope that this Privacy Statement helps you understand, and feel more confident about the way we process your data. If you have any further queries about this Privacy Statement, please contact us:

• by e-mailing us at [email protected]; or
• by calling us at +32 2 894 30 00.