Privacy Policy (EN)

Effective Date: August 1st, 2024

At Indeez, the protection of your personal data is a priority. 

When you use the “indeez.eu” website and its subdomains (the “Site“) and/or the Indeez application (the “Application“), we may collect personal data about you. 

The purpose of this policy is to inform you about how we process this data in compliance with Regulation (EU) 2016/679 of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR“).

Who is the data controller?

The data controller is Indeez, a simplified joint-stock company registered with the Registre du Commerce et des Sociétés of Paris under number 888 048 659 and headquartered at 19 rue du Rocher, 75008 Paris, France (“We” or “Us”).

What data do We collect?

Personal data is information that directly or indirectly identifies an individual. 

We collect different types of data in the following categories:

• Identification data (first names, last names, email and postal address, phone number, date and place of birth);
• Data on your professional life (employer, client, job title or profession, CV, identification number);
• Data on the management of your insurance contracts (type of insurance contract, identification number, claim file number, outstanding claims, etc.);
• Information about your family situation and family life (for example: marital status, matrimonial regime, number and age of children, household composition, etc.);
• Connection data (for example: IP address, logs);
• Location data;
• Data on your claims (date and time of the incident, address where the incident occurred, type of incident, event details, witnesses, claims history, etc.);
• Data necessary for risk assessment (specific to each insurance contract offered for subscription on the Site and Application);
• Browsing data (pages viewed, browser used, location, language settings, operating system, user ID, advertising identifier);
• Data on your use of our services (history of insurance contracts and/or deals & discounts, preferences and interests);
• Economic and financial data (for example: bank details, products and services owned and used, fund transfers, assets, declared investor profile, credit history, payment incidents);
• Economic, financial and tax information (for example: tax identification number, tax status, country of residence, salary and other income, amount of assets);
• Transactional data (data on transactions, including transfers, with data related to beneficiaries such as their full names, addresses and contact details, categorization data for expenses and income);
• Data on your credit cards.

While using the Site and the Application, We may also collect data on your health or any criminal convictions when necessary for your use of our services (especially in the context of reporting a claim). This type of data is only collected with your explicit consent via the available checkbox. You can withdraw your consent at any time by contacting Us using the contact details provided in the “Contact point for personal data requests” section.

Mandatory data is indicated when you provide Us with your data. They are marked with an asterisk and are necessary to provide you with our services.

How did We obtain your data?

We obtained your data:

• Either because you provided it directly to Us, or your company provided it to Us in order to offer you our services,
• Or indirectly, through prospecting tools (Apollo, Surfe).

On what legal basis, for what purposes, and for how long do We retain your personal data?

Purposes	Legal Basis	Data retention periods
Providing our services available on our Site and Application via your account	Execution of pre-contractual measures taken at your request and/or execution of the contract you or your company has entered into with Us	When you create an account: your data is stored for the duration of your account.  In case of inactivity for 5 years, your personal data will be deleted.  In addition, your data may be stored for evidentiary purposes for a period of 5 years starting from the end of the contractual relationship.
Conclusion, management, and execution of the insurance contract (management of contracts, execution of contractual obligations, complaints management)	Execution of the contract you or your company has entered into	Personal data is stored for the entire duration of the contractual relationship. In addition, your data is stored for 5 years starting from the end of the insurance contract. Invoices and electronic contracts with a value exceeding 120€ (along with evidence of the electronic contract signature) are kept for 10 years. Data related to your credit card is stored by our payment service provider until the termination of the insurance contract you subscribed to.  Data related to the visual cryptogram or CVV2 on your credit card is not stored.
Carrying out operations related to the management of our customers concerning contracts, invoices, and monitoring of the contractual relationship with our customers	Execution of the contract you or your company has entered into with Us	Personal data is stored for the entire duration of the contractual relationship. In addition, your data (excluding your bank details) is stored for a period of 5 years starting from the end of the contractual relationship. Data related to your credit card is stored by our payment service provider or the payment service provider of our partner (deals & discounts provider) until receipt of the goods plus your withdrawal period or until the provision of the service plus your withdrawal period. Data related to the visual cryptogram or CVV2 on your credit card is not stored. Data related to your credit cards may be kept for evidentiary purposes in the event of potential transaction disputes, in intermediate archives for a period of 13 months following the debit date. This period can be extended to 15 months to take into account the possibility of using payment cards with deferred debit.
Complying with applicable legal obligations related to our activity, including banking and financial services regulations (for example, fight against money laundering and terrorist financing, fight against tax fraud, fight against corruption, etc).	Compliance with our legal and regulatory obligations	For invoices: invoices are archived for a period of 10 years. Data related to your transactions (excluding bank details) is stored for 5 years.  Data related to the fight against money laundering and terrorist financing is stored for 5 years starting from the operation that led to the verification.
Fighting fraud (including taking into account international economic and financial sanctions)	Our legitimate interest in preventing and addressing fraud if necessary	Assessment of the relevance of the alert: data is stored for a maximum of 6 months from the issuance of the alert, the time for Us to qualify the alert. We promptly delete alerts deemed irrelevant. Storage of alerts qualified as relevant: if the alert is relevant, data is stored for 5 years from the closure of the fraud case.
Assessing insurance risks to determine pricing and check their insurability	Execution of pre-contractual measures taken at your request and/or execution of contract you or your company has subscribed to	Data is stored for 3 years starting from your last contact with Us or for the entire duration of the contractual relationship.
Studying the specific needs of each potential insured to offer tailored contracts in compliance with the insurance broker’s obligation to advise	Execution of pre-contractual measures taken at your request and/or execution of the contract you or your company has subscribed to	Data is stored for 3 years starting from your last contact with Us or for the entire duration of the contractual relationship.
Managing complaints and disputes	Our legitimate interest in defending our rights in court	Data is stored for 5 years after the end of the contractual relationship. For claims related to bodily injury: 10 years from the consolidation of the injury. For health-related data: data is promptly deleted after the consent is withdrawn (this may affect your right to compensation).
Improving our services	Our legitimate interest in improving our services	Personal data collected through cookies aimed at enhancing user experience is stored for 6 months.
Create a file of customers and prospects	Our legitimate interest in developing and promoting our business	For customers: data is kept for the entire duration of the contractual relationship. For prospects: data is kept for a period of 3 years starting from your last contact with Us, for prospecting purposes.
Sending newsletters, solicitations and promotional messages	Our legitimate interest in building customer loyalty and informing our clients of our latest news. For our professional prospects and in the context of promoting products and services related to their professional activity: our legitimate interest in informing our prospects of our latest news. For our consumer prospects or for our professional prospects in the context of promoting products and services not related to their professional activity: your consent.	Data is kept for 3 years from your last contact with Us or until your consent is withdrawn.
Responding to your information requests	Our legitimate interest in responding to your requests	Data is kept for the time necessary to process your request for information and is deleted once the request has been processed.
Processing your applications	Execution of pre-contractual measures	Data is kept for the duration of the processing of your application.  In the event of a negative outcome to your application, your data may be kept for 3 months after the end of the recruitment process in order to be able to provide you with explanations regarding the reasons for rejecting your application.
Creating a CV database	Our legitimate interest in establishing a database of candidates to contact	Your data is kept for 2 years from your last contact with Us.
Compiling statistics on the audience of the Site and Application	Our legitimate interest in analyzing our customer base and improving our services	Data is kept for 6 months.
Managing requests to exercise rights	Our legitimate interest in responding to your requests and keeping track of them	If We ask you for a proof of identity: We keep it only for the time necessary for identity verification. Once the verification is done, the proof is deleted.  If you exercise your right to object to receiving marketing communications: We keep this information for 3 years.

Who are the recipients of your data?

The following recipients will have access to your personal data:

• Our company’s personnel;
• Our subcontractors: hosting providers, developers, back office providers, deals & discounts providers, payment service providers, prospect data collection tool and newsletter delivery providers;
• Our partners (insurers, claims handlers, etc.);
• If necessary: public and private organizations, exclusively to fulfill our legal obligations.

Is your data likely to be transferred outside of the European Union?

Your data is stored and retained throughout the processing period on hosting infrastructures provided by Amazon Web Services, located within the European Union. 

Regarding the tools We use (see section 5 on recipients referring to our subcontractors), your data might be subject to transfers outside of the European Union. 

These transfers are secured using the following methods:

• Either the data is transferred to a country that has received an adequacy decision from the European Commission, in accordance with Article 45 of the GDPR. In this case, the country ensures a level of protection considered adequate and sufficient according to the GDPR provisions.
• Or the data is transferred to a country where the level of data protection has not been recognized as adequate under the GDPR. In this situation, these transfers are based on appropriate safeguards as indicated in Article 46 of the GDPR. These safeguards are tailored to each provider and may include, among other things, the implementation of standard contractual clauses approved by the European Commission, the application of binding corporate rules, or an approved certification mechanism.
• Or the data is transferred based on one of the appropriate safeguards described in Chapter V of the GDPR.

What are your rights regarding your data?

You have the following rights concerning your personal data:

• Right to information: this is precisely the reason why we have drafted this policy. This right is provided by Articles 13 and 14 of the GDPR.

• Right of access: you have the right to access all your personal data at any time, according to Article 15 of the GDPR.

• Right to rectification: you have the right to rectify your inaccurate, incomplete or outdated personal data at any time, in accordance with Article 16 of the GDPR.

• Right to restriction of processing: you have the right to obtain the restriction of the processing of your personal data in certain cases defined in Article 18 of the GDPR.

• Right to erasure: you have the right to request that your personal data be erased and to prohibit any future collection for the reasons stated in Article 17 of the GDPR.

• Right to lodge a complaint with a competent supervisory authority (for example, the CNIL in France and the ICO in the United Kingdom), if you consider that the processing of your personal data constitutes a violation of applicable laws (Article 77 of the GDPR).

• Right to define guidelines on the retention, erasure and communication of your personal data after your death, in accordance with Article 40-1 of the French Data Protection Act (if you reside in France).

• Right to withdraw your consent at any time: for purposes based on consent, Article 7 of the GDPR states that you can withdraw your consent at any time. This withdrawal will not affect the legality of the processing carried out before the withdrawal. This may result in our inability to continue managing your claim or complaint.

• Right to data portability: under certain conditions specified in Article 20 of the GDPR, you have the right to receive the personal data you have provided to Us in a machine-readable standard format and to demand their transfer to the recipient of your choice.

• Right to object: according to Article 21 of the GDPR, you have the right to object to the processing of your personal data. Please note that We may continue processing your data despite this objection, for legitimate reasons or for the defense of our rights in court.

You can exercise these rights by writing to Us at the contact details provided below. We may ask you in the process to provide additional information or documents to justify your identity.

What cookies do We use?

To learn more about the cookies We use, We invite you to consult our Cookie Policy available on our Site and Application.

Contact point for personal data requests

Contact Email: dpo@indeez.eu

Contact Address (France): Indeez SAS, 19 rue du Rocher, 75008 Paris, France

Contact Address (UK): Indeez SAS, Aldgate Tower, 2 Leman Street, London E1 8FA, United Kingdom

Modifications

We reserve the right to modify this policy at any time, especially to comply with any regulatory, legal, editorial or technical developments. These modifications will apply from the effective date of the modified version. Therefore, We encourage you to regularly check the latest version of this policy. However, We will inform you of any significant changes to this privacy policy.