Privacy policy AG

supporter de votre vie

This is a new version of our Privacy Policy. It is made up of three parts:

The changes made to the previous version (May 2018) are:

  • general updates to text, structure, layout and format;
  • additions, with the most significant ones as follows:
Relevant section Modification Potential impact on your privacy

Section

Who are we?

 Clarification that we are only a processor or act as a controller together with another controller in a limited number of cases

None in practice. Clarification:

  • If we are a processor, we act solely as instructed by the controller, but we will continue to protect your data in that capacity in the manner set out in the Privacy Policy.
  • If we act as a controller together with another controller, we will inform you in the privacy clause in your insurance contract or on the relevant form that another party will also process your data. Rest assured, we oblige the other party to handle your personal data with great care too.

Sections:

What personal data do we store  about you and why?

What are the specific  purposes and legal  basis for processing  your personal data in each case?

 

In a changing (digital) world,  we sometimes process your personal data for profiling purposes as described in section 3.2. above "

 

and

 

We do not automaticaly disclose your personal data  to third parties. What does that mean?"

Clarification:

  • Distinction made between basic personal data (or non-special categories of personal data) and the special categories of personal data.
  • We do not process special categories of personal data, except for health data and personal data relating to criminal convictions and offences.
  • We only process health data with your explicit consent or to establish, exercise or defend  a legal claim (except under an occupational accident policy in which case we only process health data to the extent necessary to assert specific employee rights under employment law and social security and social protection law).
  • We only process personal data relating to criminal convictions and offences provided that you have given explicit written permission or to manage disputes in which we are involved.
 None in practice (clarification only).

Sections

How do we collect your  personal data?

 

and

 

What  are the specific purposes for processing your personal data?
  • Clarification: Based on our legitimate interest, we may collect, store and process your data, as well as the presence and content of messages and metadata of any communications between you and us for the purposes of evidence, quality control and/or training/coaching of our collaborators, as well as, in certain cases, for use in the context of the automation of internal processes (e.g. development of a chatbot/virtual assistant).
  • Please note: We will only process your health data with your explicit consent or to establish, exercise or defend a legal claim (except under an occupational accident policy in which case we only process health data to the extent necessary to assert specific employee rights under employment law and social security and social protection law). We will only process your personal data relating to criminal convictions and offences provided that you have given explicit written permission or to manage disputes in which we are involved.
  • Addition: You can agree to record your voice and image when telephone/video conferences are recorded by turning on your microphone and camera.
 All communications between you and us (e.g. by email, post, online chat, text message and phone call) may be recorded, stored and used for the purposes described in the Privacy Policy. However, your privacy rights remain unaffected and you may still exercise your rights, including your right to object to the intended processing based on our legitimate interest and the right to revoke your consent at any time and free of charge.

Section

How do we collect your  personal data?
  • Extension to the examples of third parties that may share your data with us (e.g. government agencies, your employer, an investigating judge or a public prosecutor regarding (partial) access to a criminal file, other companies that are considering transferring (part of) their operations and we may be interested in acquiring, etc.)
  • Addition of the retention period for images we obtain from surveillance cameras in and around our premises

None in practice.

You may continue to exercise your privacy rights, which remain unaffected.

Section

You can have us rectify your data. What does this mean?

 Addition: If we have rectified personal data, we will notify any recipient of the data about the rectification, unless this proves impossible or requires a disproportionate effort. If you so request, we will provide you with information about these recipients. None in practice - clarification only.

Section

You can object  to the use of your data. What does this mean ?

 Addition: When we use your personal data on the basis of our legitimate interest, you may ask us to provide you with information about the fair balance that we strive for between your privacy and our legitimate interest.

None in practice

- clarification only to point out that you have this right

Section

What are the specific  purposes for processing your personal data?

A mentioning that your national registration number may be used to identify and authenticate you when you want to connect to one of our IT platforms, as required for the

performance of a contract between us or to take pre-contractual measures at your request.

The Act of 25 November 2018 allows us to process your national registration number without prior permission to

identify and authenticate you if you want to connect to one of our IT platforms. Your privacy rights remain unaffected.
  Clarification of the basis on which we use your personal data if we collect it through cookies or similar technologies on our websites and mobile applications.

None in practice

- clarification only. Your privacy rights with regard to personal data that we obtain through our websites and mobile applications remain unaffected.

Section

What are the specific purposes for processing your personal data? and We process your data for direct marketing purposes based on our legitimate interest  

Clarification that we may process your data for marketing purposes, even if we have no legitimate interest as a basis. In such case, we will only process your data for marketing after your prior consent, which we will ask you for on the relevant form (e.g. for marketing of products from

third parties). If we can use legitimate interest as a legal basis for direct marketing, this will only be direct marketing for our own products.

None in practice.

Your privacy rights with regard to marketing remain unaffected. This means you can still object to the use of your data for marketing at any time and without charge. And if we want to process your data for marketing based on your consent, we will not do so unless you wish to provide us with your data. In such case, you will not receive marketing from us based on your consent, but we may still contact you for marketing based on our legitimate interest, unless you object to it.

Section

How will AG contact you for  direct marketing purposes?

 Clarification that we will not use your phone number for direct marketing purposes if your phone number is listed on the Do Not Call list. None in practice - clarification only.

Section

In a changing (digital) world we sometimes process your personal data for  profiling purposes as described in section 3.2. above

Clarification of the context in which we can process your data for profiling, as well as the addition of a number of concrete examples, including using your data to develop models for automating our internal processes. We may do this to develop systems that we train ourselves and then act autonomously (e.g. a chatbot or virtual assistant).

None in practice.

We have sought to provide you with more information about the cases in which we may process your data for profiling. Your privacy rights remain unaffected. You still have the right to object against the use of your data as part of profiling for marketing purposes at any time and free of charge. In addition, you still have the right to object to profiling based on our legitimate interest. You also have the right not to be subject to certain decisions based solely on automated processing, including profiling.

Section

We do not automatically transfer your personal data to  third parties. What does this mean?
  • Clarification that, if and only if we have a legal basis to share your personal data with others, who:
    • act either as a processor or controller (either alone or in conjunction with AG);
    • and are either typical of the insurance sector or not specific to the insurance sector.
  • Clarification of the legal basis of a number of examples of basic personal data transfers.

None in practice.

Rest assured, we do not automatically share your data with other parties. We will only do so if there is a good

reason. Your privacy rights remain unaffected.

Section

 We will not store your data for any longer than is necessary
  • Clarification of the types of purposes for which we use and store personal data and that we will delete or anonymise your personal data, after fulfilling the designated purpose(s) and after the expiry of the applicable statute of limitations and of any retention period laid down by the applicable legislation or regulations.
  • Clarification of the applicable retention periods for camera images and recorded phone calls.

None in practice

- clarification only.

Section

We also treat personal data relating to criminal convictions and   offences with the greatest care 

 Clarification that we only process this kind of data if it is needed to manage disputes or if you have given us your express written consent.

None in practice.

Clarification: in the previous version of our Privacy Policy, we stated that we process data for managing disputes or if use is permitted under legislation that provides appropriate safeguards. The Framework Law

of 30 July 2018 has since permitted the processing of such data in order to manage disputes in which we are involved or with the data subject's express written consent.

Section

 

We also handle the data we receive online with care. What does this mean?

Clarification that this Privacy Policy also applies to your personal data that you provide to us through our websites or mobile applications (e.g. through cookies).

None in practice

- clarification only. Your privacy rights regarding personal data that you provide to us through our websites or mobile applications remain unaffected.

Section

 We bring to your attention the existence of terms and conditions, and privacy conditions of third parties

 Addition: if you wish to communicate with us via WhatsApp or Facebook Messenger for example, we also recommend that you read the privacy policy of those platforms carefully.

None in practice.

Please be aware that, in such case, WhatsApp/Facebook Messenger may process your personal data in accordance with its terms of use and privacy policy, which does not fall under our responsibility.

At AG, we believe your privacy is important. Incredibly important. As a supporter of your life, we care deeply about protecting it. We process your personal data lawfully and transparently. In this Privacy Policy, we explain why and how we do so, but we will also tell you what you can do to help us. Because your privacy is our shared responsibility.

  1. Why?? 

Because your privacy is about protecting you. Your name, photo, phone number, password, contract number and email address are details that identify you as a person. That is why we call this information 'personal data'.

  1. What? 

A lot. You can view and correct your data, and in certain cases you can have it erased. Sometimes you can also object to a certain use of your data, refuse to have it processed completely automatically or ask for your data to be transferred to you or to a third party. You can also reject marketing communications at any time.

  1. How? 

Easily. Just contact us by email or post. Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.. AG, Data Protection Officer, Emile Jacqmainlaan 53, 1000 Brussel, AG_DPO@aginsurance.be.

  1. Why? 

As a supporter of your life, it is normal for us to keep track of your details so we can reach you quickly and help you as best as we can with your insurance file. But we also process your personal data to provide you with commercial information about our products and services that interest you. Moreover, your data also serves to fulfil our legal obligations, prevent fraud and optimise our internal processes and services

  1. What? 

When we start working with your data, we are generally responsible for processing it. That means collecting it, recording it, organising it, structuring it, storing it, updating it or rectifying it, querying it, accessing it, using it, transferring it, distributing it or otherwise making it available, aligning it or combining it, protecting it, deleting it or destroying it, but only ever for purposes specified in the applicable privacy clause and clarified in this Privacy Policy.

  1. How? 

With the utmost care. Not everyone within AG has access to your data. Only people who handle your account may access and process your data. These people have a strict duty of confidentiality and are very aware of this. Furthermore, our specialist teams make it technically impossible for unauthorised persons to access your personal data. We do not automatically share your data with third parties. And we will not store your data for any longer than is necessary and required by law.

Contact

If you have questions for us about your privacy, please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO, that is our specialist in the matter, will get back to you within one month. 

 

AG Insurance, Data Protection Officer, Emile Jacqmainlaan 53, 1000 Brussel, AG_DPO@aginsurance.be


If you have any complaints about how we handle your privacy, please contact the Belgian data protection authority: Data protection authority, 35 rue de la Presse, 1000 Brussel, contact@apd-gba.be, +32 2 274 48 00

At AG, we believe your privacy is important. Incredibly important. As a supporter of your life, we care deeply about protecting it. We process your personal data lawfully and transparently. In this Privacy Policy, we explain why and how we do so, but we will also tell you what you can do to help us. Because your privacy is our shared responsibility.

As a loyal supporter of your life, it is our job to collect, store and use certain data about you in order to deliver our services to you. We always do so with the utmost care, in a completely transparent way and, of course, within the boundaries of the law. Because your privacy is our shared responsibility.

This Privacy Policy is intended for all natural persons who are policyholders (whether existing or prospective customers or policyholders) or insured persons, beneficiaries or third parties (injured parties, witnesses, experts, insurance brokers, prospective employees, website visitors, mobile app users, partners' employees of our partners, etc.), hereinafter 'you'. This Privacy Policy is not intended for legal entities.

  • Registered office at 53 boulevard Emile Jacqmain, 1000 Brussels
  • VAT BE 0404.494.849; RLE Brussels 
  • IBAN: BE13 2100 0007 6339; BIC: GEBABEBB
  • info@aginsurance.be
  • www.aginsurance.be; www.ag.be
  • Belgian insurance company licensed under code 0079, under the supervision of the National Bank of Belgium, 14 boulevard de Berlaimont, 1000 Brussels

  • By law, AG is generally the controller as far as your data is concerned.
  • We determine why (for what purposes) and how (by what essential means) we process your data.
  • We are the point of contact for you and the competent authorities for any queries regarding our use of your personal data

  • In a limited number of cases, we act solely on the instruction of another controller that is your first point of contact for all your privacy queries.
  • We recommend that you read the privacy policy of other relevant controllers carefully.
  • However, even in these limited cases, we will continue to take the measures needed to protect your personal data.

  • We will inform you if another party also acts as a controller in the privacy clause in your insurance contract or on the relevant (web)form.
  • We also require our partner to treat your personal data with great care. We will lay this down in a data processing agreement concluded with our partner.

Because your privacy is about protecting you.

Your name, photo, phone number, password, contract number and email address are details that identify you as a person. That is why we call this information 'personal data'.

Depending on the context in which we process your personal data (e.g. you are a policyholder, an affiliate, an applicant or a prospect), we store different types of data about you:

  • basic personal data and/or non-special categories of personal data, and/or
  • certain special categories of personal data, specifically health data and data relating to criminal convictions and offences.

Other types of special categories of personal data (i.e. data on race and ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data to uniquely identify a physical person and data on sexuality or sexual orientation) are not processed.

You will find a list below.

Data that identifies you so we can be sure you are who you say you are

  • Name, first name, date of birth, address, vehicle registration plate, etc.
  • Technical data such as information that identifies the devices you are using (e.g. IP address)

Data that helps us to operate as a company and serve you as best as we can

  • Your (use of) insurance products, family circumstances (marital status, children, etc.), living habits, preferences and interests (hobbies, etc.), global financial situation (salary, property, etc.), work (profession, education, etc.) features of your home, images and sound recordings, photos, etc.

Contact details so we can get in touch with you

  • Address, telephone number, email 

Health data so we can manage certain  insurance contracts and claims

  • Description of existing conditions in a medical questionnaire
  • Description of physical injury after loss
  • Your medical expenses, as indicated by you under your hospitalisation insurance
  • etc.

Personal data relating to criminal convictions and offences to manage certain claims

  • Criminal record (or part thereof) if we have the prior consent of the Public Prosecutor's Office or the investigating judge
  • etc.

Contact

Sometimes this is not just about your data, it is about the data of someone associated with you, such as your children, your partner, the beneficiary of your life insurance, your employees for whom you have taken out group insurance or even a person involved in a loss, such as a victim or a witness. If you provide data about these people to us, you must let them know.

Hebt u vragen voor ons over uw privacy?

If you have any questions for us about your privacy or want to know which categories of personal data we process about you, please get in touch by email or post. Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

 

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

We collect your data in various ways (only if we have a valid legal basis for this, see below), for example:

You share your data with us

  • When you become our customer with us
  • When you fill in the forms and contracts we provide you with
  • When you use our services and products
  • When you accept our invitations (to attend an in-person or online conference), take part in competitions, etc.
  • When you contact us (by phone, text message, instant message, email, letter, WhatsApp, etc.), in which case we may store and process your data as well as the message itself and the metadata (e.g. time sent), provided that we have a valid legal basis for this
  • When you visit or use one of our websites or one of our mobile apps using cookies and similar technologies (more information about cookies can be found in our Cookie Policy at www.ag.be by clicking Cookies at the bottom of the page)
  • When you share data (including files, images and/or audio/video content) while using our websites (including our social media pages) and our mobile applications, for example, when you:
    • share data with us when you subscribe to our newsletter
    • request an insurance quote online
    • fill in your details online to apply for a job with us
    • claim for a loss, enter medical expenses or request personal assistance via mobile apps (e.g. by means of "AG Expert", "Mobility Assist", "Pronto",  "MyAG Employee Benefits" or AG Health)
    • report a hospitalisation admission
    • take out a contract online (e.g. a Yongo or Vivay product)
    • fill in your details when logged into one of our websites, e.g. MyAG Employee Benefits, Car Repair, Yongo and Bonus Modulis
    • etc.

Your data is published or communicated by others

  • By persons that you have given special authority (e.g. the Belgian Official Journal, your insurance broker and partners with whom we work)
  • By entities that tackle fraud (e.g. Datassur), money laundering and terrorism
  • By government agencies (e.g. tax authorities)
  • By your employer (under your professional insurance or occupational accident insurance policy)
  • By professional data providers (e.g. Bisnode and World-check) to improve and enrich data (e.g. spelling errors in the address), for example to check about the composition of your family or whether they appear on embargo lists
  • By the Public Prosecutor's Office or the investigating judge who has granted us prior access to a (part of the) criminal record in the event of a claim
  • By other companies when they consider transferring some or all of their operations to AG (through restructuring, transferring shares or otherwise), but only if and to the extent that the data transfer is necessary for AG to consider, evaluate and conduct the acquisition
  • etc.

You are filmed by surveillance camera in and around our premises

  • These images are stored only to ensure the safety and security of goods and persons and to prevent and detect abuse, fraud and other offences that could harm our customers and ourselves.
  • The presence of surveillance cameras is indicated on signs with our contact details.

Contact

If we ask for your personal data, you have a right not to give it to us. However, this may make it impossible for us to achieve the specific purpose and/or to continue handling your file.

If you would like to know where the personal data that we process about you comes from, please get in touch by email or post.

Our ‘Data Protection Officer’ or  ‘DPO’, that is our specialist in the matter, will get back to you within one month.
AG, Data Protection Officer, 53 boulevard Emile Jacqmain,  1000 Brussel, AG_DPO@aginsurance.be

You can ask us:

  • whether we process your personal data or not;
  • why (for what purposes) we process your personal data;
  • which categories of personal data we process about you;
  • which categories of recipients we share your data with;
  • how long we store your data;
  • for more information about the rights you can exercise or about submitting a complaint to the data protection authority;
  • what the logic is that is underlying the automated use (including profiling) of certain of your personal data .

If you want to know what personal data we process about you please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

We do our utmost to keep the data we store about you as accurate and complete as possible. But if you still find that your data is incomplete or incorrect, you can ask for it to be rectified. We will happily comply, because a good supporter of your life works with the right data. If we have rectified personal data,

we will notify any recipient of the data about the rectification, unless this proves impossible or requires a disproportionate effort. If you so request, we will provide you with information about these recipients.

If you would like us to rectify your data, please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

You have a right to be forgotten. You can ask us to delete the personal data we store about you. We can do this if:

 

  • the data is no longer necessary for the purposes for which we have collected it; or
  • you had given us permission to process your data but you have decided to revoke it; or
  • you object to the use of your data and there is no reason to continue processing it;
  • you gave consent when you were a minor; and you now wish to revoke your consent, because you are now aware of the risks associated with using your data.

 

If you would like us to erase your personal data, please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

In some cases, we still need to store your details.

This is to comply with a legal obligation or for as long as we establish, exercise or defend a legal claim. Once we have deleted your data, we will notify any recipient of the data about the deletion, unless this proves impossible or requires a disproportionate effort. If you so request, we will provide you with information about these recipients.

You can ask us to intervene if you believe that:

  • your personal data is inaccurate and we are still investigating whether it is indeed inaccurate; or
  • we no longer require your personal data, but you do need the data to establish, exercise or defend a legal claim.

In some cases, we may still be permitted to process your data.

This applies if you tell us that you no longer need to restrict us from processing your data, or when we have to process your data in order to establish, exercise or defend a legal claim. It may also be necessary to use your data for the public interest or to protect the rights of a physical person or legal entity.

Once we have restricted processing of your data, we will notify any recipient of the data about the restricted processing, unless this proves impossible or requires a disproportionate effort. If you so request, we will provide you with information about these recipients.

If you would like us to restrict processing of your personal data, please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

In some cases, we may still be permitted to process your data.

This applies if you tell us that you no longer need to restrict us from processing your data, or when we have to process your data in order to establish, exercise or defend a legal claim. It may also be necessary to use your data for the public interest or to protect the rights of a physical person or legal entity.

Once we have restricted processing of your data, we will notify any recipient of the data about the restricted processing, unless this proves impossible or requires a disproportionate effort. If you so request, we will provide you with information about these recipients.

You have the right not to be subject to certain decisions based solely on automated processing, including profiling. What does this mean?

In some cases, a decision regarding your file cannot be based solely on the automated use of data (including profiling; see below) if it may produce legal effects concerning  you or similarly significantly affect you. The law provides for that, but we too believe very strongly in this right.

As a supporter of your life we believe that the best service can be provided by taking an individual approach to each case.

Specifically, in addition to fulfilling all other obligations to protect your privacy, we:

  • always have a human person involved in every case; or
  • ensure that our solely automated decisions do not produce any legal effects concerning you and do not similarly significantly affect you; or
  • guarantee that our solely automated decisions:
    • (i)    are necessary to enter into, or perform a contract between us and you;
    • (ii)  are based on your explicit consent (which we will ask for on the (web)form provided for this purpose); or
    • (iii) are permitted by law.
  • Important: point (ii) only applies in the case of health data or data relating to criminal convictions and offences. However, in all cases, we will let you know if we make decisions based solely on the automated use (including profiling) of your personal data, and if these produce legal effects for you or similarly significantly affect you. We will also tell you why we have made that decision and what the expected consequences are. If you have any questions about this or if you do not agree with an automated decision made, please speak to your contact at AG. If the automated decision is based on your explicit consent, you can also revoke your consent at any time free of charge.

Weigert u dat bepaalde beslissingen genomen worden die uitsluitend gebaseerd zijn op een geautomatiseerde verwerking of bent u niet akkoord met de beslissing?

If you wish not to be subject to a decision based solely on automated processing or if you do not agree with a decision made on that basis, please get in touch by email or post. Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

You may ask us to transfer the data that you have shared with us directly to you or another controller, provided that:

  1. this is technically possible; and
  2. you have given us consent to use your data or the use is necessary to perform an agreement; and
  3. the usage of your data is automated

If you would like us to transfer the data that you have shared with us to you or a third party, please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

If you gave us your consent to process your data, you can revoke it free of charge at any time.

Wenst u uw toestemming voor de verwerking van uw persoonsgegevens in te trekken?

If you wish to revoke your consent for us to process your personal data, please get in touch by email or post. Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

Revoking your consent does not affect the lawfulness of processing your data on the basis of your consent prior to revocation. This means that, if you revoke your consent, we will still have processed your data lawfully because you had given us your consent.

However, if you revoke your consent, it may become impossible for AG to fulfil the intended purpose and/or to continue handling your file.

If you believe that we are not lawfully permitted to process your data, you can object to this processing at any time. You can exercise this right if we process your personal data based on a general interest or our legitimate interest (see point 3.2).

If we process your personal data based on our legitimate interest, you can also ask us to inform you about the fair balance we strive for between your privacy and our legitimate interest. You can also object to our processing of your data for marketing purposes at any time and free of charge (see below).

Wenst u bezwaar te maken tegen de verwerking van uw persoonsgegevens?

If you wish to object to our processing of your personal data, please get in touch by email or post. Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

In some cases, we cannot comply with your objection, if our legitimate interest is much greater than yours or if the use of your data remains necessary to establish, exercise or defend a legal claim.

We process your data as part of our direct marketing. Here below we explain you what this means. You can let us know if you do not want us to process your data as part of direct marketing at any time free of charge.

If you let us know that you do not or no longer want us to process your data for direct marketing, we will not or no longer use your data for direct marketing and will stop all other related data processing (such as profiling your data for direct marketing).

You can let us know if you do not want us to process your data as part of direct marketing in the following ways:

During the conclusion of your insurance contract

  1.  by ticking the box in the contract documents; or
  2.  by letting your intermediary know. 
At any other time

by sending us an email or letter AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

After receiving a marketing email
by clicking on the link in the email, marked “unsubscribe”

If you do not want us to process your data for marketing, remember to disable cookies or other similar technologies on our websites and mobile apps. You can also do this on our social media pages to prevent data from being collected through these cookies that you may have previously accepted yourself.

For more information about how cookies work and how to accept or disable them, please see our Cookie Policy at www.ag.be (click Cookies at the bottom of the page).

Exercising your privacy rights is easy.

If you would like to exercise any of your privacy rights. please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

The power is in your hands!

Please be specific about which right(s) you want to exercise, so we can handle your query as best as possible and exactly as you wish.

It is important for us to verify your identity to prevent someone else from exercising your rights. Therefore, we may ask you to provide an identity document or other means of identification. If you provide us with a copy of your identity card, passport or a similar document, you may redact any data that is not relevant to verifying your identity. You can also specify our name, the date and the purpose on this copy, so it cannot be used for any other purpose afterwards.

As a supporter of your life, it is normal for us to keep track of your details so we can reach you quickly and help you as best as we can. But we also process your personal data to provide you with commercial information about our products and services that interest you. Moreover, your data also serves to fulfil our legal obligations, prevent fraud and optimise our internal processes and services.

We process your personal data for different purposes, but we only process the information that is relevant and strictly necessary to achieve the intended purpose. To learn what these purposes are and how we process your data exactly, see 3.2 (what) and 3.3 (how).

When we start working with your data, we are generally responsible for processing it. That means collecting it, recording it, organising it, structuring it, storing it, updating it or rectifying it, querying it, accessing it, processing it, transferring it, distributing it or otherwise making it available, aligning it or combining it, protecting it, deleting it or destroying it, but only ever with the greatest care and for purposes clarified in this Privacy Policy.

We do not process your personal data unless:

  1. there is a legal basis; and 
  2. there is a specific purpose.

Below is an overview of the four legal bases on which we process personal data.

Please note that this is only a general summary. Each individual case of processing is based on a single legal basis only (see below).

Legal basis

  • We process your personal data in order to perform a contract or to take pre-contractual measures at your request
  • In addition, we as an insurer need to meet a number of legal, regulatory and administrative obligations.
  • However, we may also process your personal data if we have a legitimate interest in doing so. In such case, we strive to maintain a fair balance between our legitimate interest and respect for your privacy. You may exercise your right to object and request information about the fair balance we strive for (see point 2.2 above).
  • Finally, we may process your personal data for a specific purpose when none of the other legal bases apply, if we have received your consent. If we require your consent to use your personal data for one or more specific purposes, we will ask you for this at the relevant time, e.g. on a (web)form. You may revoke your consent at any time and free of charge (see above).

Each individual case of processing is based on a single legal basis only. In each case, we determine the legal basis in consideration of:

  • the nature of the personal data we process; and
  • the specific purpose for which we process the personal data.

Both conditions are cumulative.

If processing includes health data and/or data relating to criminal convictions and offences, then:

  • we base the processing of health data to establish, exercise or defect a legal claim on our legitimate interest (in which case you have a right to object, see above);
  • we base the processing of health data under an occupational accident policy on the need to exercise specific employee rights under employment law and social security and social protection law;
  • we base the processing of personal data relating to criminal convictions and offences in order to manage disputes in which we are involved on our legitimate interest (in which case you have a right to object, see above); and
  • we base all other processing of health data and personal data relating to criminal convictions and offences on your prior express consent (which you may revoke at any time free of charge, see above).

If basic personal data (i.e. non-special categories of your personal data) is used in processing, the purpose of processing will determine which legal basis we use.

Here are some examples of processing, their purposes and their relevant legal basis.

 


Examples:

Contract

  • When we analyse an opportunity to enter into an insurance or credit agreement and/or the conditions related thereto
  • When we conclude, manage and perform insurance contracts, e.g. customer relationship management, loss management, tracking payment of premiums, informing customers about changes to guarantees or other contractual terms, etc.
  • When we record the most recent communications in order to identify the frequency of contact and to keep in touch
  • When we perform a service you request, e.g. after you have provided your data online to subscribe to the newsletter, apply for a job, or ask for an insurance quote
  • When we process your national registration number to identify and authenticate you when you want to connect to one of our IT platforms
  • When we place functional and technical cookies on our websites and mobile applications to ensure they function properly and so we can provide the online services you have requested (for more information, see our Cookie Policy by clicking Cookies at the bottom of our websites)
  • etc.
  • Please note that we will never process your health data or data relating to criminal convictions and offences on this basis.

Law

  • To draw up all the reports we are required to
  • To implement our legal or regulatory obligations to identify, prevent and tackle money laundering, fiscal fraud and terrorism
  • To comply with MiFID legislation and all other regulations applicable to the insurance sector (insurance distribution, etc.)
  • To comply with our obligations regarding financial embargos and freezing assets
  • To comply with our tax obligations (e.g. forward information as required by FATCA)
  • etc.
  • Please note that we will never process your health data or data relating to criminal convictions and offences on this basis, except when we base the processing of health data under an occupational accident policy
  • on the need to exercise specific employee rights under employment law and social security and social protection law.

Our legitimate interest

  • Our legitimate interest lies in being able to function as a company, for example:
    • managing our insurance portfolio;
    • drawing up business plans, risk analyses, and so on;
    • building up a complete picture of customers (e.g. compiling statistics about our customers to know who they are and get to know them better);
    • testing, evaluating, simplifying, optimising and/or automating our internal risk assessment and acceptance processes, record management and so on;
    • testing, evaluating, simplifying and optimising online systems to improve your user experience (e.g. bug fixes on our websites and mobile apps, and contacting you to resolve technical issues when we have determined that you have started filling in your data online to request a particular service, but you have not been able to complete this process);
    • managing and optimising our distribution channels (our brokers and the BNP Paribas Fortis and bpost/bpost bank network);
    • direct marketing within the limits of our legitimate interest (see below) in which case you have the right to object to the processing of your personal data for direct marketing, including the associated profiling, at any time free of charge (see above);
    • developing new products to meet your changing needs and preferences that evolve along with living conditions.
  • Our legitimate interest lies in being able to detect, prevent and tackle fraud and abuse (e.g. insurance fraud).
  • Our legitimate interest lies in being able to protect persons and goods (including our IT networks and systems), such as through surveillance cameras in and around AG premises.
  • Our legitimate interest lies in being able to establish, exercise, defend and protect our rights or those of whom we may represent (e.g. in disputes) and compile evidence.
  • Our legitimate interest lies in being able to reveal the presence and content of communications (phone calls, emails, instant messages, text messages, letters, WhatsApp messages, etc.) between our employees and our customers and partners, and to retain communications and metadata for the purposes of proof, quality control and/or training/coaching of our employees, as well as in certain cases, for use within the context of  the automation of our internal processes (e.g. development of a chatbot/virtual assistant).
  • etc.
  • Please note that we will only process your health data under this legal basis in order to establish, exercise or defend a legal claim. We will only process your data relating to criminal convictions and offences under this legal basis to manage disputes in which we are involved.
  • Please note that when we process your data on the basis of our legitimate interest, we strive to maintain a fair balance between our legitimate interest and respect for your privacy. You may exercise your right to object and request information about the fair balance we strive for (see point 2.2 above).

Your consent

  • For processing your health data (e.g. to conclude, manage and perform your hospitalisation insurance or insured income, to manage a physical injury case, etc.), unless we process your health data to establish, exercise or defend a legal claim (based on our legitimate interest, see above) or for processing your health data under occupational accident policy to the extent necessary to exercise specific employee rights under employment law and social security and social protection law
  • For direct marketing, unless we can rely on our legitimate interest (see below)
  • For processing personal data relating to criminal convictions and offences (e.g. to manage certain cases of damage when a criminal investigation is opened), except where we process such data to manage disputes in which we are involved (in which case we have a legitimate interest, see above)
  • For placing cookies or similar technologies on our websites and mobile applications that allow us to track and record your browsing habits in your customer profile so we can optimise your experience on our websites and advertisements for our products (for more information, see our Cookie Policy by clicking Cookies at the bottom of our websites)
  • For placing third-party cookies (e.g. Facebook Like button) on our websites and mobile applications where your personal information may be shared with third parties that can use your data for direct marketing purposes, analytical studies or market research (for more information, see our Cookie Policy by clicking Cookies at the bottom of our websites)
  • When we inform you that we will record some or all of a telephone and/or video conference (e.g. via Teams) for specific purposes, you may agree to record and process your voice and image by choosing to turn on your microphone and camera; if you do not want your voice and image to be recorded and processed, you can join the conversation through the chat feature
  • etc.
  • Please note that if we process your data based on your consent, you have the right to revoke your consent at any time and free of charge (see above).

If you would like to find out the purposes and legal bases for processing your personal data, revoke your consent or object to processing, please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

As a trusted supporter of your life, we will only send you information, proposals or offers if we are firmly convinced that this really interests you and will benefit you. Specifically, this means that, in the context of direct marketing based on our legitimate interest, we will only provide you with information, proposals or offers for AG's own products and services. You have the right to object to the use of your data for direct marketing at any time (see  above). If you have done so, we will no longer process your data for direct marketing. You can also ask us for information at any time about the fair balance we strive for when we process your personal data for direct marketing on the basis of our legitimate interest (see point 2.2 above).

Here are some examples of how we use your data for direct marketing based on our legitimate interest:
  • If you have a pension savings product, a free supplementary pension for self-employed persons or another similar product,  we would like to tell you about the indexation of the amounts that are tax deductible in order to optimise your products
  • If you have taken out an investment product, we might want to tell you about other investment opportunities with a better return or about reinvestment opportunities after the investment has been settled.
  • If you are already an AG customer we would like to tell you about new and existing insurance products that fit your needs, keep you up to date with certain campaigns and/or invite you to certain events that we organise or sponsor.
  • If you are a customer and retire we might want to advise you on the options available to you at this important time in your life, such as a financial needs consultation.

In some specific cases, we will still ask you to give us your consent to provide you with information, offers and proposals, for example:

  • when you apply for an insurance quote online or enter a competition;
  • if we would like to pass your data on to third parties for their own direct marketing;
  • if we would like to contact you to provide you with information, offers or proposals about products or services from partners, subsidiaries or other third parties; or
  • if we want to provide you with information, offers or proposals, but you are not a customer with us yet. In such cases, you can revoke your consent at any time and free of charge (see above).

AG or your insurance intermediary may contact you through the usual channels (e.g.

phone, letter or email) for direct marketing purposes. But rest assured, if your phone number is listed on the Do Not Call list, we will no longer use your phone number for direct marketing, unless you give us your consent to do so later on.

We think it is important for you to know that we handle your data carefully even when using it for direct marketing.

As a supporter of your life, we process your data for direct marketing

  • if you provided it to one of our contacts or your insurance intermediary (e.g. if you informed us that you only want to be contacted via email for direct marketing);
  • that we have obtained during our interactions (e.g. you told us about your payment habits when messaging us or let us know about any damage suffered);
  • if we collected it through cookies or other similar technologies that you accepted on AG’s websites or mobile apps, including AG's social media pages (e.g. AG Facebook page) For more information about how cookies work and how to accept or disable them, please see our Cookie Policy at www.ag.be(click Cookies at the bottom of the page);
  • but we do not process special categories of personal data (e.g. health data) and data relating to criminal convictions and offences committedwithout your explicit consent, which you can revoke free of charge at any time.

This data can sometimes be corrected by a professional data provider (e.g. Bisnode) to ensure that we have accurate and up-to-date data.

We may also share this data with your insurance intermediary so that they can contact you regarding AG products and services.

To ensure that you receive information and offers that interest you and are best adapted to your preferences and needs, we can also process your personal data for profiling and making decisions based on the profile that we have built in the course of our direct marketing. For more information on profiling in general, see below. In the context of direct marketing, this means:

We put together general or specific customer profiles to better assess your needs, behaviours and/or purchasing potential. Examples:

  • the category of policyholder that you are in
  • your investment insurance risk profile, which gives us a picture of your knowledge, experience, financial strength and/or your investment objectives
  • the extent to which certain characteristics of you as a customer correspond to a model (e.g. your choice of products shows a behaviour that allow us to deduce whether certain insurance products or services might be of interest to you)
  • major milestones in your life, such as your first job, a new job, getting married, a new car or home, a new addition to your family and taking out a pension, to determine whether certain insurance products or services might be of interest to you
  • the expectations you place on AG in terms of service, e.g. if you prefer to take the initiative in terms of insurance or receive regular feedback on your portfolio
  • etc.

We look at the clues you have given us to determine whether you might be interested in other products that we at AG offer directly or indirectly Examples:

  • taking part in a competition
  • running a simulation
  • using an application
  • requesting information (e.g. brochure on inheritance planning)
  • for future events (e.g. a new home, a new car or addition to the family)
  • etc.

We look at all your products and services to determine whether you are getting the best out of them or not.

  • to offer a range of similar products and services that may be of greater benefit to you
  • to offer you other products or services better suited to your personal circumstances
  • etc.

If you wish to object to our processing of your personal data for direct marketing, please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

What does this mean?

As a trusted supporter of your life, we use new technologies to bring you a better service and develop innovative tools that meet your needs and expectations

as they evolve. We therefore sometimes process your personal data for profiling and making decisions based on a profile, including analysing the data and compiling statistics, models and profiles. You have the right to refuse to have certain decisions made about you based solely on profiling (see 2.2) at any time.

 

What is profiling exactly?

Profiling is any form of automated use of personal data to evaluate certain personal aspects of a particular person (e.g. their economic circumstances, health, personal preferences, interests, trustworthiness, behaviour, location or movements). If we use your personal data for profiling, then we do not do this routinely. Profiling is not a purpose in itself. We only use your data for profiling for a certain purpose and only if there is a legal basis.

 

What is the legal basis for and purpose of profiling?

The legal basis for profiling depends on:

  • the nature of the personal data used for profiling;
  • the purpose of profiling.

Both conditions are cumulative. If we perform profiling using health data and/or data relating to criminal convictions or offences, then this is based on your prior consent (except under an occupational accident policy in which case we only process health data to the extent necessary to assert specific employee rights under employment law and social security and social protection law). If basic personal data (i.e. non-special categories of your personal data) is used in profiling, the purpose of the profiling will determine which legal basis we use.

The need to perform the contract or take pre-contractual measures at your request

  • For example, in order to assess the risk accurately (to accept insurance or determine the premium and scope of the guarantees), we process objective ‘segmentation criteria’ that meet all legal requirements. These criteria vary by product and are based on statistical findings that tell us whether they can have an impact on the likelihood or severity of a loss. You will find a list of the segmentation criteria and more information on how we use them on our website www.ag.be.
  • For example, when we use automated internal processes to optimise and/or adapt the services we provide to our customers and partners to emerging needs and expectations that evolve along with the new technological developments, for example:
  1.  when automated systems make recommendations or suggestions to our employees, who then respond to you or make a decision in your insurance file, e.g. when they receive suggestions for how to answer your questions;
  2. when you receive an automated response to the Frequently Asked Questions section on the My Global Benefits platform;
  3. when our incoming mail (letters, emails, etc.) is automatically sorted and assigned to your account or account manager for handling your file;
  4. when IT systems automatically apply the acceptance/premium calculation criteria that we have pre-defined ourselves to a specific insurance application.
  • For example, when technical and functional cookies (or other similar technologies) are placed on our websites and mobile applications so that our websites and mobile applications, as well as the online services you have requested, function properly (for more information, See our Cookie Policy by clicking Cookies at the bottom of our websites).

Our legitimate interest

We strive to achieve a fair balance between our legitimate interest and respecting your privacy. You can also exercise your right to object and ask us for information about the fair balance we strive for (see point 2.2 above).

We may process your data for profiling as part of our direct marketing (see above).

For example, we may process your data for profiling as part of fraud detection, management and prevention.

For example, we may automatically assign scores to claims; records with a score indicating an anomaly or potential fraud are then investigated by our specialists.

We kunnen bijvoorbeeld uw gegevens verwerken om modellen te ontwikkelen die wij vervolgens kunnen verwerken voor onder meer: (i) prospectie (zie hoger); (ii) het opstellen van bedrijfsinzichten; (iii)fraudeanalyse; (iv) automatisering van interne processen waarbij wij systemen ontwikkelen die wij geleerd hebben hoe zichzelf voortdurend te trainen om nadien zelfstandig bepaalde taken te kunnen uitvoeren, bijvoorbeeld: - de ontwikkeling van een autonome chatbot of virtuele assistent die onze klanten en partners snel en efficiënt kan bijstaan bij diverse vragen; - het ontwikkelen en verbeteren van een systeem dat onze inkomende post automatisch sorteert en toewijst aan uw dossier(beheerder).

We may process your data to develop models for purposes including:

(i)    direct marketing (see above);

(ii)  developing business insights;

(iii) fraud analysis;

(iv) automating internal processes to develop systems that we have continually trained to perform certain tasks independently afterwards, for example:

  • developing an autonomous chatbot or virtual assistant that can help our customers and partners quickly and efficiently with various questions;
  • developing and improving a system that automatically sorts and assigns our incoming mail to your account or account manager.

Your consent to the use of your personal data for one or multiple well-defined purposes. You may revoke your consent at any time and free of charge (see above).

  • If you have given us consent on our websites and mobile applications, we may use cookies or similar technologies that allow us to track and record your browsing habits in your customer profile, so we can optimise your experience on our websites and advertisements for our products (for more information, see our Cookie Policy by clicking Cookies at the bottom of our websites). If you have given us explicit consent to use your health data to conclude an insurance contract, our IT systems may automatically apply the acceptance terms and/or
  • premium calculation criteria that we have pred-defined ourselves based on a medical questionnaire for a specific insurance application.
  • If we wish to make decisions that (1) are based solely on profiling and (2) that may produce legal effects for you or may significantly similarly impact you, then we cannot invoke a legitimate interest. In such case, we rely on either your explicit consent, a legal obligation or the need to conclude or perform a contract (see above). You will still have the right to refuse to have those decisions made based on profiling (see above).
  • You also have the right to object to profiling based on our legitimate interest (see above).
  • And you have the right to revoke your consent to profiling (see above).

If you wish to object to our processing of your personal data for profiling, revoke your consent or not to be subject to a certain decision based solely on profiling, please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

Met de allergrootste zorg. Niet iedereen binnen AG heeft toegang tot uw gegevens. Enkel medewerkers die uw dossier behandelen, kunnen ze raadplegen en verwerken. Zij hebben een strikte geheimhoudingsplicht en gaan er heel bewust mee om. Maar er is meer: onze gespecialiseerde teams zorgen ervoor dat het technisch gezien onmogelijk is dat onbevoegden toegang krijgen tot uw gegevens en wij dragen uw gegevens niet zomaar over aan derden. We bewaren uw gegevens ook niet langer dan nodig en zoals wettelijk voorzien.

As a supporter of your life, we are very careful with how we handle your data and we take a range of measures to protect it.

Only collaborators who need to use your personal data to perform their duties can access it. They must also comply with a strict duty of confidentiality as well as all technical and organisational requirements to ensure the confidentiality of your personal data.

We may only disclose your data to others in certain cases and only if they have undertaken to process the data in a secure and confidential manner and process it only for the purpose for which they have received it.

For example, we will only be able to share your data with another party if we have a legal basis for doing so. The legal basis for sharing your data with others is determined in each case by:

  • the nature of the personal data we intend to share; and
  • the purpose of sharing it. Both conditions are cumulative.

 

If this includes health data and/or data relating to criminal convictions and offences, then:

  • we will only share health data to establish, exercise or defend a legal claim based on our legitimate interest (in which case you have a right to object, see above); or
  • we will only share health data under an occupational accident policy if there is a need to exercise specific employee rights under employment law and social security and social protection law; or
  • we will only share personal data relating to criminal convictions and offences in order to manage disputes in which we are involved based on our legitimate interest (in which case you have a right to object, see above); and
  • we base all other instances of sharing health data and personal data relating to criminal convictions and offences on your prior express consent (which you may revoke at any time free of charge, see above).

If we share “basic” personal data (i.e. non-special categories of personal data), the purpose of this will determine which legal basis we use; for example, we can only share “basic” personal data if:

  • we contract the recipient to perform certain services associated with our activities and, consequently, the data transfer is required in the context of an insurance contract; or
  • we are required by law to disclose your data to the recipient; or
  • we have a legitimate interest in sharing your data, in which case we strive to maintain a fair balance between our legitimate interest and respect for your privacy. In such case, you may exercise your right to object and ask us for information about the fair balance we strive for (see point 2.2 above); or
  • you have given us your consent to share your data (e.g. on the (web)form provided for this purpose), in which case you have the right to revoke your consent at any time and free of charge (see above).

 

Rest assured: we will never share your data if we have no good reason to do so. As a supporter of your life, we will NOT pass your data on to other parties for commercial use without your consent.

 

If we have a legal basis for sharing your data with another party, that party might be considered by law to be:

  • either a data processor;
  • or a controller of your data, and in certain cases, together with AG.

Both situations are governed by law in a different way, but in both situations we will protect your privacy as explained below:

Recipient = processor

  • A processor may only act on our instructions that we contractually stipulate.
  • A processor must follow our instructions and comply with the principles set out in our Privacy Policy.
  • We ensure in particular that our processors only receive the data they need to carry out their duties for us.

Recipient = controller

  • A controller does not act on our instructions.
  • However, we will ensure that it receives only the data that we are legally required to share or that it needs to perform its duties for us, or the data that we may share on the basis of your consent or a legitimate interest that justifies sharing the data.
  • If the recipient is a joint controller together with AG, we will inform you in the privacy clause in your insurance contract or on the relevant (web)form that another controller will also process your data.

 

Below are some examples of why we might share “basic” personal data (i.e. non-specific categories of personal data) along with the legal basis:

Recipient typical in the insurance sector

  • Your insurance intermediary: to perform your insurance contract
  • Intervening insurance companies, their representatives in Belgium and their contacts abroad when handling a claim
  • Insurance companies in the case of co-insurance
  • The re-insurance companies concerned with whom we reinsure so we can comply with contractual obligations as an insurance company
  • Experts, lawyers, technical advisers and bailiffs involved in a claim
  • Claims settlement organisations
  • Repairers that intervene in case of claims (e.g. Homeras NV, a subsidiary of AG, which coordinates urgent assistance or a repair in kind)
  • Medical consultants
  • Touring that takes care of car and roadside assistance and  in the event of an insured claim
  • Platforms for sharing data with car repairers
  • AssurCard (assurcard.be)
  • Your employer, if it has taken out insurance for your benefit
  • TRIP (Terrorism Reinsurance and Insurance Pool) asbl, founded pursuant to the Act of 1 April 2007 on insurance against damage caused by terrorism (https://www.tripvzw.be/nl/home/index.asp)
  • Assuralia (assuralia.be), as part of the scheme to speed up compensation for road accident victims (material damages) (https://www.datassur.be/nl/diensten/rdr)
  • Assuralia (assuralia.be), as part of the SIABIS + database for assistance insurance, intended for the federal police coordination centre and the traffic control centre in Wallonia (https://www.datassur.be/nl/diensten/siabis)
  • Assuralia (assuralia.be), as part of the SIPASS-Verpais platform, which is used for communication between insurers and public prosecutors on applications and information relating to consultation of criminal records with respect to traffic offences (https://www.datassur.be/nl/diensten/verpais)
  • Assuralia (assuralia.be), as part of Crashform, the mobile app for the European Accident Statement (https://www.datassur.be/nl/diensten/crashform)
  • Health insurance funds for compensation

  • Supervisory authorities (e.g. NBB and FSMA)
  • Datassur (datassur.be) for Car@ttest, where policyholders have quick and direct access to their vehicle insurance claims history in the context of an insurance contract for car Civil Liability
  • (https://www.datassur.be/nl/diensten/carattest#_ftn1)
  • The eHealth platform (ehealth.fgov.be)
  • Assuralia (assuralia.be), as part of the database with 'ten-year liability' insurance certificates for professionals in the construction sector (Article 19/1-19/2 of the Act of 31 May 2017)
  • The insurance ombudsman in the event of disputes
  • Tax authorities and social administrations for compliance with our legal obligations as a health insurer

  • Private detectives for fraud investigations
  • Datassur (datassur.be) to combat insurance fraud committed in the case of special risks (such as fire, accidents and other risks, including motor insurance) (https://www.datassur.be/nl/diensten/rsr)

Recipient not typical in the insurance sector

  • IT providers
  • Cloud service providers

  • External auditor

  • Consultants to advise on the functioning of AG as a company
  • Debt collection agencies
  • If some or all of AG's operations are acquired by a third party, your personal data might be forwarded to that party, but only if and to the extent that this isnecessary for the potential buyer to study, evaluate, negotiate and implement the acquisition if necessary.

  • Companies that use third-party cookies (e.g. the Facebook Like button) with your consent on our websites and mobile applications (for more information, see our Cookie Policy by clicking Cookies at the bottom of our websites)

If you have any questions about how we share your personal data (recipient category, legal basis, purpose(s), etc.), please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

We might transfer your data to a third country outside the European Economic Area (EEA) if we have a legal basis for doing so (see above).

In this case, we will ensure that an adequacy decision has been made for the third country in question, which means that the European Commission has determined the third country concerned to provide an adequate level of protection for personal data. A list of third countries with an adequacy decision

can be found at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/ adequacy decisions_en.

If the third country in question does not have an adequacy decision, AG will protect your data by increasing IT security and demanding that an increased level of security from its international partners be contractually stipulated using the standard data protection contractual clauses for data transfers adopted by the European Commission. If, in any case, these standard clauses do not yet guarantee that the level of protection of your personal data in the third country is adequate, we will require additional technical, contractual and/or organisational measures to be contractually stipulated to ensure such level of protection.

We have technical resources and specialist teams dedicated to protecting your personal data. This is to prevent unauthorized persons from accessing, processing, modifying or destroying the data. Furthermore, when we process personal data, we will aggregate and pseudonymise it as much as possible.

If we process your personal data, we will limit ourselves to the personal data that is strictly necessary for the purposes (see above) for which it is processed.

We only process your personal data if and for as long as there is a specific purpose. This means that we will store your personal data:

for the entire term of your (insurance)contract, but only for as long as we so require  »  to perform your (insurance)contract and manage claims

and/or

for as long as is necessary to achieve the stated purpose » for which you gave us consent, e.g. on a (web)form or otherwise

and/or

for as long as is necessary to comply with our obligations » imposed on us by legislation and regulations

and/or

for as long as is necessary to achieve a legitimate purpose » that is in our legitimate interest

Once all the stated purposes have been achieved, the data will be stored until the:


applicable statutory retention period expires, in which case we will only store personal data that is necessary to establish legal claims or to defend ourselves against legal claims. In the event that a legal claim is brought against us, we will retain the personal data for as long as is necessary to defend ourselves against the claim » Examples:

  • claims arising under the (insurance)contracts
  • claims arising from a lossen 
and

retention periods imposed by applicable laws and regulations expire,

in which case we will only store personal data that we need to comply with our legal, regulatory or administrative obligations » Examples:

  • We are obliged by the tax authorities under accounting and tax law to keep supporting documents for a certain period of time.
  • AG is obliged under AssurMiFID to store certain information for at least 5 years in order to enable the FSMA to exercise its supervisory duties.
  • We are required to store certain data in order to assist the CFI or other competent authorities in preventing, detecting or investigating suspected cases of money laundering or terrorist financing.
  • We are required by FATCA/CRS to store certain customer identification data for a certain period.

As soon as the statutory retention periods and any other applicable retention periods imposed by legislation or regulations expire, we will delete or anonymise your personal data.

Please note that, in some cases, we are required by law to delete personal data after a certain period. For example:

  • The images we obtain via surveillance cameras in and around our premises are deleted after one month, unless they help to provide evidence of one or more incidents, in which case, they may be kept for as long as necessary to provide such evidence.
  • Telephone call recordings to promote the quality of service are deleted after 30 days, unless they help to provide evidence of one or more incidents, in which case, they may be kept for as long as necessary to defend ourselves.

We do not generally process this type of data. But sometimes we have to process your health data, while still protecting your privacy:

We will process your health data only if:

  • either, specifically with regard to the occupational accidents policy, to the extent necessary to exercise specific employee rights under employment law and social security and social protection law (e.g. when we handle an accident at work covered by the occupational accidents policy that your employer has taken out);
  • or, for the purpose of establishing, exercising or defending a legal claim;
  • or, in all other cases, after we have received your explicit consent:
    • e.g. when we manage certain insurance contracts (life or hospitalisation insurance, insured income, occupational accidents insurance, etc.) or when we handle a physical loss case.
    • through a consent clause in our contractual documents or standard forms, or through another person involved (e.g. your employer in the case of professional insurance)

When we process your health data, we will do so with the utmost care:

  • Only our employees who need to use your personal data to perform their duties can access it.
  • They may process those data only to achieve the purpose for which you have given consent, or for the purpose of establishing, exercising or defending a legal claim, or, specifically, in the case of an occupational accidents policy, to the extent necessary to exercise specific employee rights under employment law and social security and social protection law.

We process personal data relating to criminal convictions and offences in the course of our services. We only process this kind of data if it is needed to manage disputes or if you have given us your express written consent. As with health data, we also handle this data with the greatest case.

We also protect the personal data we receive online

When you submit personal data to us through one of our websites or mobile applications (e.g. when you apply for an insurance quote online or through cookies or similar technology), we use that personal data in accordance with this Privacy Policy and you are entitled to exercise the same rights as those described herein.

We also have a Cookie Policy

  • If you access one of our websites from one of our mobile apps, you can choose whether or not to accept cookies (and other technologies that collect data and information about your surfing behaviour)
  • For more information,visit www.ag.be + Click Cookies at the bottom of the page.
 
We bring to your attention the existence of terms and conditions, and privacy conditions of third parties
 
  • Our websites and mobile apps may sometimes contain links to third-party sites (social media, organisers of events we sponsor, etc.)
  • If you wish to communicate with us through services offered by third parties (e.g. WhatsApp and Facebook Messenger), those third parties may be able to process your data
 

The terms of use and how your personal data is possibly used by those third parties fall neither within the scope of this Privacy Policy nor under our responsibility. » We recommend that you read the privacy policies of those third parties carefully so that you know how they protect your privacy and possibly process personal data.

In een veranderende wereld waarin ook de technologie nooit stilstaat, kan deze privacyverklaring wijzigingen ondergaan. We zorgen er steeds voor dat u online de meest recente versie van deze privacyverklaring kan raadplegen. Via een banner op de internetsite van AG www.ag.be en eventueel via andere gebruikelijke communicatiekanalen houden we u hiervan op de hoogte. 

Contact

If you have questions for us about your privacy, please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

If you have any complaints about how we handle your privacy, please contact the Belgian data protection authority: Data Protection Authority, 35 rue de la Presse, 1000 Brussels, contact@apd-gba.be, +32 2 274 48 00

Download the privacy notice in pdf

Cookie Policy

Read more

Manage your cookie preferences

Adjust cookie preferences