Personal data

This personal data protection policy is addressed to you as a user of the website http://www.assurances.societegenerale.com/ and aims to inform you about how your personal information is collected and processed by insurance companies belonging to Societe Generale Assurances based in France (Sogecap, Antarius, Sogessur, Oradéa Vie and Moonshot Insurance). In order to maintain your trust, the security and protection of your personal data is a priority. In this perspective, Societe Generale Assurances complies with all applicable European and French regulations relating to the protection of personal data, in particular the General Data Protection Regulation (GDPR). Societe Generale Assurances has appointed a Data Protection Officer who can be reached at the following coordinates: dpo.assurances@socgen.com

Société Générale Assurances

Délégué à la Protection des données Tour D2 17 Bis Place des Reflets 92919 PARIS LA DEFENSE CEDEX

Personal data is information that directly or indirectly identifies a natural person.

1. During the contractual relationship between you and us

During our relationship, we collect several types of information about you. Depending on your contract, some data in this list may not be collected.

The categories of data that could potentially be processed by your insurer are:

• Data relating to the contributions of persons filing opinions on products, services or content
• Data on the lifestyle and uses of goods in relation to the risks insured or the services offered:
  • Recreation, sports activities, hunting, boating...
  • Data required for professional vehicle/personal insurance contracts, primary and secondary residence, presence of pets, etc.
• Sensitive data (Art 9 GDPR) (Art 10 GDPR)
  • Recreation, sports activities, hunting, boating...
  • Data required for professional vehicle/personal insurance contracts, primary and secondary residence, presence of pets, etc.
• Anti-fraud data
  • Recreation, sports activities, hunting, boating...
  • Data required for professional vehicle/personal insurance contracts, primary and secondary residence, presence of pets, etc.

Based on this data, we are required to generate other data, such as:

• The identification numbers internal to our Group such as customer numbers, contracts, claims,
• Scores,
• Bonus/Malus,
• Segmentations

The categories of data described above may relate to the subscriber, the insured persons, the beneficiaries of the contracts and, where appropriate, their successors and representatives and persons interested in the contract, such as the victims and their agents, witnesses and third parties interested in the performance of the contract.

2. As part of business

The following data are likely to be processed in the context of commercial approaches.

• Natural personal identification data,
• Data relating to the monitoring of the commercial relationship,
• Data on family, economic, wealth and financial situation,
• Lifestyle data related to the business relationship,
• The data of the digital journey,
• Data relating to the selection of persons to carry out actions of customer loyalty, prospection, survey, test, services and promotions,
• Data relating to the organisation and processing of competition games, lotteries and any promotional operations,
• Data relating to the contributions of persons filing opinions on products, services or content.

Personal data are obtained mainly from:

• You:
  • when filling in claim, offer and claim forms, and other forms,
  • during telephone calls, e-mails, interviews and other communications with your insurer,
• our distributors and other insurance intermediaries, in particular SOCIETE GENERALE,
• witnesses and other third parties, such as, in particular, service providers, insurance investigators, health professionals,
• your employer for the subscription and management of collective supplementary insurance contracts (provident, health and group retirement),

We process your personal data for different purposes. They are described below according to the legal basis that allows us to use them.

The legal basis for the following processing is the performance of the contract:

The award, management and execution of insurance contracts, including:

• Your identification, identification of insured and beneficiaries, client management,
• Your health data to be able to manage supplementary health, provident or supplementary retirement contracts.
• Studying your specific needs to propose suitable contracts,
• Risk review, acceptance, control, pricing and monitoring,
• The execution of any operation necessary for the performance of guarantees and the management of contracts and any claims,
• The management of unpaid debts and their recovery,
• Management of remedies, disputes,
• Claims management,
• Performing actuarial and statistical studies,
• The fight against fraud,
• Telephone recording required for contract performance

To meet the legal, regulatory and administrative obligations, we use your data to:

• Customer identification and knowledge when required,
• The fight against money laundering and terrorist financing,
• The application of national or international sanctions measures, in particular the freezing of assets,
• Mandatory reporting to public authorities/administrations,
• The response to the requests of certain authorities, administrations and courts, particularly in the case of judicial requisitions or requests for disclosure,
• Detection and identification of contracts in default,

For our legitimate interest, we may process your data in the context of:

Management and improvement of our business relationship which includes:

• Conducting satisfaction surveys to gather your opinion and better understand your needs, expectations or the reasons for your dissatisfaction;
• Evaluation and training of employees through telephone tapping or recording
• The analysis of the opinions you publish on our products or services,
• The opportunity to participate in tests on new products or services,
• The grouping of your identification data, contact data, data relating to your family situation as well as the list of insurance contracts held within our Group. This allows us to guarantee the accuracy and consistency of your data and to facilitate its updating or to contact you if a modification of this data seems to us to modify one of the risks insured. , for example, if you change your address or change your family situation.

Implementation of prevention measures or advice:

These actions aim to prevent and reduce the number and severity of claims: for example, you can receive advice to avoid the risks of burglary or road accidents, weather alerts in case of dangerous weather phenomena so that you take the necessary measures to protect yourself and your property.

Marketing and commercial prospecting operations, statistical studies and reporting:

• The implementation of customer loyalty actions or competition games,
• Development of studies and trade statistics
• The proposal of commercial offers of companies of Société Générale Assurances, for products and services of insurance damage, life and provident similar or complementary to those subscribed, customized according to your needs.

This customization considers your profile in particular the number of contracts held, the frequency and amount of payments made, their nature (provident, life, damage, health, retirement), the composition of your household, the number and nature of any claims and the age of our relationship.

Securing our information system:

We may process your personal data to improve security, avoid or treat any malfunction, security issue or other potentially prohibited activities related to our information system and applications.

• Intra-group client management, in particular: the grouping of contracts and parts for the same client within the insurance group,
• Updating customer information.

We collect your consent when:

• The circumstances of a claim lead us to collect data related to your health or when you have to complete a health questionnaire,
• We offer you an insurance contract or a service using geolocation data,
• We would like to send you communications related to commercial prospecting,
• We acquire, assign, rent or exchange data relating to the identification of our prospects.

Our website www.moonshot-insurance.com uses cookies and tracers that are purely functional or intended to facilitate navigation on the site, which do not require your consent. You can access our cookie charter via the following link: www.moonshot-insurance.com/cookies

Depending on the purpose of the processing, your personal data are intended, within the framework of their usual missions and within the limits of their attributions:

• To our departments in charge of customer/prospect sales management, contracting, management and execution,
• To our management delegates, insurance intermediaries, partners, agents, subcontractors, service providers, co-controllers,
• To Data controllers who are responsible for managing the Data controllers’ insurance contracts under a partnership agreement, including as part of a care network.

They are sent to your broker to improve his knowledge of his clients and thus meet his advisory obligations.

They may also be forwarded, where appropriate :

• to the insurance institutions of the persons involved or offering supplementary services, co-insurers, reinsurers, professional bodies and guarantee funds,
• to all persons involved in the contract, such as lawyers, experts, law clerks and departmental officers, curators, tutors, investigators, health professionals, medical consultants and authorized personnel,
• to social organizations when they intervene in the settlement of claims and benefitsor where the data controllers offer additional guarantees to those of the social security schemes,
• to organizations and associations practising prevention, social action or the management of health and social achievements,
• to the departments responsible for monitoring.

As persons interested in the contract, information about you may also be transmitted :

• To all persons interested in the contract (subscribers, insured persons, members and beneficiaries of the contract), and their successors and representatives,
• To the beneficiaries of an assignment or subrogation of rights relating to the contract,
• If applicable to those responsible, victims or their successors and their agents, witnesses and third parties interested in the performance of the contract,
• As persons benefiting from a right of communication, data may be transmitted: to all persons authorised under authorised third parties in particular the courts concerned, arbitrators, mediators, ministries concerned, supervisory and supervisory authorities and any public bodies authorised to receive them,
• Audit departments such as statutory auditors, auditors and internal audit departments.
• To the usual managers in charge of the exploitation of the files within the AGIRA and the controllers, as part of the consultation of the RNIPP for the purpose of researching the insured and beneficiaries of deceased life insurance contracts.

The health data that we may need to process are intended to:

• To our Medical Officer, to his medical department working within a confidential room,
• To internal or external persons specifically authorised, in particular our subcontractors, delegates or medical experts and, where applicable, our reinsurers,

Maintaining your trust is our daily priority. Data may be transferred to countries outside the European Economic Area. Due to its international dimension and within the framework of its activities, Société Générale Assurances may communicate your data, to the extent necessary for the execution of the tasks entrusted to it, to the legal persons of Société Générale Assurances as well as to its partners and sub-contractors, inside or outside the European Economic Area. These transfers of data made necessary take place under conditions and under guarantees that ensure the protection and security of your personal data. Under no circumstances is your personal data sold to third parties.

In these cases, the transfers of your data benefit:

• A precise and demanding framework (standard contractual clauses available at eur-lex.europa.eu/eli/dec_impl/2021/914/oj. We guarantee that each transfer of your data to a third State is ensured by a level of protection equivalent to the law of the European Union. This protection will be provided using standard contractual clauses but also by additional technical and organisational measures if these prove necessary.
• An adequacy decision.
• Binding Corporate Rules

Your personal data will be kept for a variable period depending on the purpose of the processing, the services or contracts contracted and the applicable legal obligations, to allow us to establish proof of a right or a contract, particularly in the case of appeals and disputes. Unless specified in your special conditions or your application/membership form, your personal data are kept for the duration of the commercial or contractual relationship and until the expiry of the statutory limitation periods as mentioned in particular the insurance code, the civil code, the commercial code, the Consumer Code and the General Tax Code. You will find below the details of the retention periods of your personal data according to the different purposes:

In the absence of an insurance contract:

• Prospecting management: Data relating to a non-client prospect are kept for 3 years from their collection by the controller or the last contact from the prospect.
• Quotation/contracts without effect: As part of the fulfilment of pre-contractual obligations, contracts without effect and quotations are kept for a maximum period of 5 years, from the cancellation of the contract or the creation of the quotation.
• Health data: This data is kept for a maximum period of 5 years from its collection or the last contact with the prospect.

When an insurance contract is concluded:

In general, when a contract is concluded, your personal data are kept for the duration of the contractual relationship to which a limitation period is added. A limitation period is a period of time during which you, as the beneficiary, can claim a right or take legal action.

1. Retention Periods for Insurance Companies

• Any accounting document justifying a payment is kept for a maximum period of 10 years
• Documents on which the tax authorities' rights of communication, investigation and control may be exercised are kept for a maximum of 6 years (in some cases 10 years) from the date of the last transaction mentioned on the books or records or from the date on which the documents or exhibits were drawn up.
• The documents and information relating to the customer and the transactions made by them in the context of the fight against money laundering and terrorist financing, a maximum of 5 years shall be retained from the closing of their accounts or from the termination of the relationship or from the execution of transactions
• Contracts concluded electronically are retained for 10 years from their conclusion.

2. Retention periods for insurance contracts

• Contract Management:
  • Public liability coverage: • In case of material loss : 10 years from its closure • In case of personal injury : 50 years from its closure • In the event of no claim for contracts based on "claims": 12 years from termination of contract (10 years according to the limitation linked to accounting commitments + 2 years prescription of the Insurance Code for the insured against his insurer) • In the event of no claim for contracts based on “harmful facts” : 22 years from the termination of the contract (20 years according to the prescription provided by the Civil Code for the action of the victim against the person responsible + 2 years prescription of the Insurance Code for the insured against his insurer)
  • Damage coverage (excluding special cases) 10 years from the closure of the claim or termination of the contract
  • Life Insurance – (in case of survival) 30 years from total redemption or termination of the contract
  • Life Insurance – (in case of death) 30 years from death
  • Borrower Insurance 10 years from the end of contractual obligations
  • Additional insurance – Provident 10 years after payment of the benefit or termination of the contract
• Fight against insurance:
  • The data is deleted within 6 months if the fraud alert is not qualified as relevant. In the event of a relevant alert, the data is kept for 5 years from the closure of the fraud file or the date of entry in the file of persons at risk of fraud.
• Customer relationship:
  • The data relating to the commercial prospection, the proposal of commercial offers adapted to your situation and your profile, and/or that we advise you are kept 3 years, after our last contact with you. Data relating to the conduct of satisfaction surveys are kept for 2 years from the date of the survey.

If you want to exercise your rights on personal data, please find below the right request forms. Please complete and return to us the corresponding form(s) to:

• dpo.assurances@socgen.com
• SOCIETE GENERALE ASSURANCES / SOGECAP / SOGESSUR - Délégué à la Protection des données - Tour D2 - 17 Bis Place des Reflets - 92919 PARIS LA DEFENSE CEDEX.

Please clearly indicate the elements allowing us to identify you (number and name of your contract, customer number, claim number or any identity document) so that your request can be processed efficiently.

You have these following rights:

• Right of access
  • Ability to ask if we have data about you and obtain a copy

• Right to rectification
  • Possibility to request rectification of inaccurate, outdated or incomplete information concerning you in so far as this rectification is relevant to the purpose of the processing in question.
  • If you want to modify your personal data, please contact: For MOONSHOT INSURANCE : Service Relations Clients, Tour D2 - 17 bis place des Reflets 92919 Paris La Défense Cedex

• Right to erasure
  • You have the right to request, in certain cases, the suspension of processing of one or more of your data. This right may accompany the exercise of a right application.

This right may accompany a request for erasure, rectification or opposition. Certain data subject to a limitation may still be processed in special cases (agreement on your part, exercise or defense of right in court, etc.

• Right to Portability
  • You can have your personal data processed by our organization for your personal use or to transfer it to another organization.

The data concerned are those that you have provided to us as part of the performance of the contract or with your consent and that have been automatically processed.

• Withdrawal of consent
  • You may withdraw your consent at any time in specific cases. Such withdrawal may, however, make it impossible for Société Générale Assurances to supply or perform the product or service requested or subscribed for.

This withdrawal is possible when you have consented to the processing of the personal data you have provided to us and it constitutes the only legal basis for the processing

• Right to object
  • This right allows you to object to processing when it is based on the legal basis of the legitimate interest. You can invoke it for reasons related to your particular situation.

The specific situation of your situation will have to be clearly argued. If this specific situation is justified, we will no longer be able to process your personal data except in the case of legitimate and compelling reasons, exercise or defense of legal rights. As regards the exercise of the right to object to telephone recordings, the form is not necessary as you can exercise your right to object at the beginning of the telephone conversation.

• The right not to be subject to automated profiling or individual decision-making

You may be subject to a fully automated decision if:

• we have obtained your consent, which you can withdraw at any time,
• the decision is necessary for the conclusion or execution of a contract,
• the decision is governed by specific legal provisions.

Possibility of requesting the intervention of a counsellor to examine, re-examine your situation, challenge this decision or obtain an explanation of the decision that was taken.

• Define guidelines for the processing of your data after your death
  • You can set guidelines for the retention, erasure and disclosure of your data

• Lodge a complaint with the CNIL
  • You also have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL) 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07

You also have the right to oppose/withdraw consent to the commercial prospecting:

• Right to object to commercial prospection by electronic means (SMS, Mails, etc.)
  • If you are not a customer, your consent is required prior to any commercial prospecting action by electronic means : you can withdraw your consent at any time without having to justify your request.
  • If you are a customer and unless you object, Société Générale Assurances may contact you electronically in order to offer you products or services similar to those you have subscribed to.
  • If you withdraw your consent or exercise your right to object, you will no longer be able to be solicited electronically by Société Générale Assurances.

• Right to object to commercial prospecting by telephone
  • You can object without having to justify your request, that your data is used or transmitted to third parties for commercial prospecting purposes by telephone calls
  • To oppose telephone solicitation, you can also register on the opposition list as described on the site https://www.bloctel.gouv.fr/
  • or by mail to the following address: Worldline - Service Bloctel - CS 61311 - 41013 Blois Cedex