We (the Descartes Underwriting Group entities referred to in the “About us” section below) respects your privacy and ensures that all Personal Data is treated in accordance with best privacy practices and applicable data privacy laws, including the General Data Protection Regulation No. 2016/679 (hereinafter “GDPR“).
In this context, “Personal Data” means any information relating to an identified or identifiable natural person (a “Data Subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Please take the time to read this Privacy Notice carefully as it explains how we collect, use and store your Personal Data, and the rights you have in relation to the protection of your Personal Data.
If, at any time, you have any concern about how your Personal Data is being processed by us, please let us know at firstname.lastname@example.org
The Descartes Underwriting entities that are the controllers responsible for processing your Personal Data are:
– Descartes Underwriting, a simplified joint stock company under French law (“société par actions simplifiée” ) registered in the Nanterre Trade and Companies Register under the number 843 359 357 (“société par actions simplifiée) and having its registered office at 5, avenue Pierre 1er de Serbie, 75116 Paris, France. European insurance intermediary and French financial investment advisor registered with the ORIAS (www.orias.fr) under number 18007315, under the supervision of the ACPR (Autorité de Contrôle Prudentiel et de Résolution – , 4 Place de Budapest, 75436 Paris Cedex 9 ) for its insurance intermediation operations and of the AMF (Autorité des marchés financiers – 17, place de la Bourse, 75082 Paris Cedex 2, France) for its investment advisory activities. (“Descartes Underwriting SAS”)
Descartes Underwriting SAS is the controller that is responsible for the website:https://www.descartesunderwriting.com/ .
We are responsible for ensuring compliance with data protection laws and we take your privacy and our obligations very seriously.
Information that we generally collect about you
We receive contact details and other information that you may be required to provide to us, or our clients.
Information that you provide to us, or that we collect from you, if you apply for a job vacancy listed on our website or make a speculative application to our HR team. To find out more about the Personal Data that we collect in in connection with job applications, please see “Information for Job Applicants” section below.
How we use your information
We use information about you:
– in order to deliver broking, consultancy, and claims handling services to our clients.
– in order to comply with our legal obligations and applicable regulatory requirements.
– to facilitate the effective management, development, or operation of the Descartes Group.
– in connection with negotiating, maintaining or renewing your insurance policies.
– to create anonymized industry or sector-wide statistics.
– to manage our ongoing business relationship and any claim made under the contract of insurance.
– to undertake statistical analysis, business reporting and marketing.
– to recover debts and prevent fraud; and
– to carry out credit scoring and in connection with other automated decision making systems, for example, to generate quotations for insurance cover.
Sharing your Personal Data
We may share your Personal Data in the following circumstances:
– to police and other law enforcement agencies, local and central authorities, Descartes’s regulators and other third parties where we are required to do so by law or a regulator or to comply with legal or regulatory requirements. This can be for a range of purposes such as preventing or detecting crime, fraud, apprehending or prosecuting offenders, assessing, or collecting tax, investigating complaints, or assessing how well a particular industry sector is working.
– to third parties and/or where permitted to do so in accordance with industry rules or where the information is publicly available.
– to resellers, distributors and agents to help us provide services to clients;
– to insurers, surveyors, loss adjustors, IT service providers, call centre providers and administrative support service providers, to the extent necessary to provide our services to you in a timely manner;
– to loss assessors, lawyers, and other like persons to the extent necessary to enable such third parties to provide information or services you have requested;
– to premium finance companies to the extent necessary to enable them to provide you with greater choice in making premium payments;
– to other companies in the Descartes Group to the extent necessary to facilitate the effective management, administration, or operation of those businesses; and
– to anyone to whom you authorize us to give such information to.
Insurance specific disclosures
– share information concerning your insurance arrangement with insurers where this is necessary to enable insurers to decide whether to participate in any arrangement made by Descartes whereby participating insurers agree to automatically insure (wholly or partly) a portfolio of risks by delegating their authority to bind individual risks within such portfolio to the lead insurer or Descartes;
– share information about your insurance placements, which may include client names, types of policy, premium and renewal dates, with insurers to enable them to provide and improve their services to you.
Categories of recipients of Your Personal Data
As part of Our processing activities, We communicate Your Personal Data to the following categories of recipients:
– other entities of the Descartes Underwriting group.
– Our suppliers, service providers, agents and contractors assisting Us in meeting the purposes identified herein (e.g. IT service providers hosting Your Personal Data on Our behalf, Our legal counsels, certification agents, data providers etc.); and
– competent courts, public authorities, government bodies and law enforcement forces (in particular, where We must respond to legal or regulatory requests).
– In any event, and disregarding the recipient at stake, We communicate Your Personal Data on a strict need-to-know basis and only to the extent necessary for meeting the processing purposes identified in this Policy.
Transferring your Personal Data overseas
Descartes Underwriting is based in France and keeps its main databases there. Sometimes Descartes Underwriting will need to send or allow access to Personal Data from elsewhere in the world. This might be the case, for example, when a processor or client of Descartes is based overseas or uses overseas data centers.
While countries in the European Economic Area all ensure a high standard of data protection law, some parts of the world may not provide the same level of legal protection when it comes to Personal Data. As a result, when Descartes does send Personal Data overseas it will make sure suitable safeguards are in place in accordance with European data protection requirements, to protect the data. For example, these safeguards might include:
– sending the data to a country that’s been approved by the European authorities as having a suitably high standard of data protection law.
– putting in place a contract with the recipient containing terms approved by the European authorities as providing a suitable level of protection.
– sending the data to an organization which is a member of a scheme that’s been approved by the European authorities as providing a suitable level of protection. One example is the Privacy Shield scheme agreed between the European and US authorities. Another example is Binding Corporate Rules.
If your data has been sent overseas like this, you can find out more about the safeguards used from Descartes by contacting us at email@example.com.
Protecting your Personal Data
To protect your Personal Data, we have implemented technical and organizational measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to your Personal Data.
We regularly review these measures to ensure that they remain adequate and appropriate to secure your Personal Data.
Changes to this Data Protection Notice
From time to time, we may make minor changes to this Privacy Notice notably in response to new legal, technical, or business developments. We will notify you of these changes by posting the revised Privacy Notice on our website. If we make significant changes, we will take additional steps to inform you of these.
What are our legal grounds for handling Personal Data?
Data protection law allows the use of Personal Data where necessary for legitimate purposes as long as this isn’t outweighed by the interests, fundamental rights or freedoms of Data Subjects.
The law calls this the Legitimate Interests condition for Personal Data processing.
The Legitimate Interests being pursued here are:
– promoting the responsible selection of relevant products;
– helping prevent and detect crime and fraud and anti-money laundering services and verify identity;
– supporting tracing and collections.
– supporting compliance with legal and regulatory requirements.
Where your consent is required, we will ask you for it at the relevant time.
You do not have to provide your consent, and you may withdraw it at any time. If you choose not to give your consent (or to withdraw it), this may prevent us from providing our services to you or progressing your application.
We are permitted to use Personal Data where processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract.
We are permitted to use Personal Data where necessary in order to comply with our legal or regulatory obligations in respect of insurance, data protection and other regulators which may, for example, include disclosure to insurers, auditors and the police.
Rights in respect of Personal Data
If, having given your consent to the use of your data, you subsequently change your mind, you can stop all, or particular uses of your data by sending an email to firstname.lastname@example.org.
Individuals have a right to:
- i) request Personal Data held about them is corrected, supplemented, blocked or deleted if the data is factually incorrect, incomplete or irrelevant for the purposes described in this Privacy Notice, or where it is being processed in a manner which in any way infringes applicable law;
- ii) request a copy of the Personal Data we hold about them. To obtain details of data held by us about you, please write to: Data Protection, Descartes Underwriting, 5, avenue Pierre 1er de Serbie, 75116 Paris, France.
Your request should make it clear what type of information you are seeking. No fee is payable for such a request. Upon receipt of your request, and where all of our requirements to process such a request have been met in full, we shall respond within one calendar month of receipt.
Data portability right
Data protection legislation also contains a right to data portability that may give consumers a right in some data processing contexts, to receive their Personal Data in a portable format when it is processed on certain grounds, such as consent.
If you think that any Personal Data Descartes holds about you is wrong or incomplete, you have the right to challenge it.
If the data does turn out to be wrong, Descartes will update its records accordingly.
If Descartes still believes the data is correct after completing their checks, we will continue to hold and keep it – although you can ask us to add a note to your file indicating that you disagree or providing an explanation of the circumstances.
Objecting to the use of Personal Data
You have the right to lodge an objection about the processing of your Personal Data to Descartes. If you want to do this, you should contact Descartes using the contact details set out above. Whilst you have complete freedom to contact Descartes with your objection at any time, you should know that under the General Data Protection Regulation, your right to object does not automatically lead to a requirement for processing to stop, or for Personal Data to be deleted, in all cases.
Right to restrict processing
In some circumstances, you can ask Descartes to restrict how they use your Personal Data.
Your rights are set out at Article 18 of the GDPR.
You can find our contact details above. This is not an absolute right, and your Personal Data may still be processed where certain grounds exist.
– with your consent;
– for the establishment, exercise, or defense of legal claims
– for the protection of the rights of another natural or legal person;
– for reasons of important public interest.
Only one of these grounds needs to be demonstrated to continue data processing.
Descartes will consider and respond to requests it receives, including assessing the applicability of these exemptions.
Right to Erasure
The right to erasure is also known as ‘the right to be forgotten’. Individuals can make a request for erasure verbally or in writing and we have one month to respond to such a request. The right is not absolute and only applies in certain circumstances.
Individuals have the right to have their Personal Data erased if:
– the Personal Data is no longer necessary for the purpose for which we originally collected or processed it for;
– we are relying on consent as the lawful basis for holding your data, and you wish to withdraw such consent;
– we are relying on legitimate interests as the basis for handling Personal Data, you object to the processing of your Personal Data, and there is no overriding legitimate interest to continue this processing;
– we are processing the Personal Data for direct marketing purposes and you object to that processing;
– we have processed the Personal Data unlawfully (i.e. in breach of the lawfulness requirement of the 1st principle);
– we are required to do so to comply with a legal obligation.
For how long is Personal Data retained?
We keep your Personal Data for a period not exceeding that which is necessary for the purpose of the processing at stake. This means that the data retention periods that We implement vary, depending on the purpose of the processing concerned, as follows:
Identification data like names and addresses are kept while there is a continuing need to keep it. This need will be assessed on a regular basis, and data that is no longer needed for any purpose will be disposed of.
Other third party supplied data such as politically exposed persons (PEPs) and sanctions data will be stored for a period determined by criteria such as the agreed contractual terms.
Descartes may hold data in an archived form for longer than the periods described above, for things like research and development, analytics and analysis, (including analysis such as loss forecasting), for audit purposes, and as appropriate for establishment, exercise or defense of legal claims. The criteria used to determine the storage period will include the legal limitation of liability period, agreed contractual provisions, applicable regulatory requirements, and industry standards.
|Purpose||Retention Period: |
|Responding to any request or question that You may submit, and, more generally, by managing the customer and prospect relations that You may need.||– If you are already a customer of ours, we keep your Personal Data for 5 years after the end of our contractual relationship with you. The same applies if you are acting on behalf of one of our customers (i.e., as an employee).|
– If You are a prospect, Your Personal Data will be kept for a maximum of 3 years after the last contact of Your initiative.
|Manage any potential or actual dispute with You or third parties.||Your Personal Data will be retained until the expiration of all relevant remedies.|
|Comply with all legal or regulatory obligations to which we are subject.|
|We retain your Personal Data for as long as we are subject to the legal or regulatory obligations involved.|
Where do I complain if I am not happy?
In the first instance, please contact Descartes email@example.com, which has an established complaint handling service.
You can also refer your concerns to the Commission nationale de l’informatique et des libertés (CNIL), the body that regulates the handling of Personal Data in France.
You can contact them by:
– phone on +33 01 53 73 22 22. ;
– writing to them at CNIL -3 Place de Fontenoy, 75007 Paris – France ;
– going to their website atwww.cnil.fr .
Special Privacy notice for job applicants
Information that we collect about you
When you apply for a job with us we collect:
– your contact details;
– information that you include on your C.V., and covering letter (if you provide one);
– information collected during interviews, assessments and/or tests that we may ask you to complete as part of the recruitment process; and
– information needed to complete pre-employment checks. You do not have to give us information that we ask for, but if you choose not to, we may not be able to process your application and/or take it to the next stage. How we use your information
– to decide if you are suitable for the role;
– to check if you have any unspent convictions;
– to collect references;
– to verify your identity and qualifications;
– to check your immigration status;
– to carry out equal opportunities monitoring;
– to inform you of future vacancies (if you agree to this); and
– to comply with applicable legal or regulatory requirements.
Sharing your Personal Data
We will share your Personal Data with other entities within the Descartes Group.
Please see the “How we use your information” section above for further details.
What are our legal grounds for handling Personal Data?
We handle the Personal Data of job applicants:
– on the basis that this is necessary to perform a contract or to take steps at your request, before entering a contract;
– to comply with our legal obligations; and
– for our legitimate interests in:
o processing and making decisions in relation to your application;
o communicating with you;
o ensure ongoing compliance with requirements in regulatory guidance
o detecting and prevent fraud and other criminal or infringing activity
o facilitating transfers of Personal Data intra-group for administrative/payroll purposes ; and
o record keeping.
You can object to processing on this basis at any time by contacting us at firstname.lastname@example.org .
For how long is Personal Data retained?
Should your application be unsuccessful (or successful but you choose not to accept the position), we will, where you have agreed to this, keep your Personal Data for up to one year after submission of your application so that we can consider you for future vacancies.
Cookies and Similar Technologies Policy
We may us cookies to analyze our traffic in order to optimize your experience, for the proper functioning of video content and to personalize content and ads.
You are informed that during your visits to our website or services, a cookie can be installed automatically on your software of navigation. Other similar technologies (pixels, web beacon, local storage, etc.) can be also used to gather information about how you use the site services and to provide you with suitable features.
Cookies are small files temporarily stored on the hard disk of your computer or device by your browser and are necessary for the use of the Service. Cookies do not contain personal information and cannot be used to identify anyone. A cookie contains a unique identifier, generated randomly and therefore anonymous. Some cookies expire at the end of the user’s visit, others remain.
By browsing the website and services, you accept them.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. You can also use the privacy mode from your browser to disable cookies. However, if you do not accept cookies, you may not be able to use some portions of our website and service.