Under the GDPR, personal data is any information relating to a natural person who is identified or can be identified, directly or indirectly, by reference to an identification number or to one or more factors specific to that person.

In the insurance brokerage sector, the identification of a person by surname, first name, date of birth, the use of information associated with the person such as contract numbers and any information relating to the person are personal data within the meaning of the GDPR. This information is not limited to policyholders, as insurers and/or brokers collect personal data relating to third parties when necessary.

XPLORASSUR, processes your personal data using secure protocols in order to meet the requirements of our pre-contractual, contractual and, where applicable, commercial relationship with you, as well as to meet the various legal obligations.

XPLORASSUR, limits the collection of personal data to what is strictly necessary (data minimisation principle). The collection of your personal data is accompanied by information on :

• The data controller and the purposes for which the data is collected;
• The legal basis for processing your personal data;
• Whether the collection of personal data is compulsory or optional and the categories of personal data processed;
• Recipients of your personal data;
• How long we keep your personal data;
• Your rights concerning your personal data and how to exercise them with XPLORASSUR.
• Where applicable, the existence of any data transfers outside the European Union or automated decision-making.

The recipients of your personal data may be, within the strict framework of the purposes mentioned above: the duly authorised personnel of XPLORASSUR, its partners (in particular insurers), subcontractors, service providers and, where applicable, persons interested in the contract.

XPLORASSUR, only keeps your personal data for the purposes for which it was collected and in compliance with the statutory limitation periods and the various obligations imposed by the regulations.

Depending on the case and the associated purposes, your personal data and your contract will therefore be kept for a different period.

For the hosting and processing of your data, XPLORASSUR, uses resources located in France and in the European Union.

The rights of access, rectification, opposition and deletion were already guaranteed by the amended Data Protection Act (Articles 38 to 40). The GDPR gives these rights a new scope and redefines the conditions under which they may be exercised:

• Right of access: the right of access allows you to obtain information about your personal data. For example, it gives you the opportunity to find out about your personal data held by XPLORASSUR, the purposes for which it is processed and its recipients. (Art.15 of the GDPR))
• Right of rectification: the right of rectification allows you to have your personal data rectified if it is inaccurate and to complete any data that is incomplete. (Art. 16 of the GDPR)
• Right to erasure: under certain conditions, you may obtain the erasure of your personal data (Art. 17 of the GDPR);
• Right to object: under certain conditions, you can object at any time to the processing of your personal data and in particular object to it being used for commercial prospecting purposes (Art. 21 of the GDPR).

With the GDPR, two new rights have been added to those set out in the amended Data Protection Act of 4 July 1978:

• Right to restrict processing: under certain regulatory conditions, you may obtain a restriction on the processing of your personal data, i.e. the use made of it. For example, if your data is inaccurate, you may request that it be restricted until it has been corrected. (Art. 18 of the GDPR) ;
• Right to portability: under certain conditions, you can request that your data be transmitted in an easily reusable format and passed on to a third party. (Art. 20 of the GDPR).

If you wish to exercise these rights, you may contact the Data Protection Officer of :

• By post to the following e-mail address: dpo@finaxy.com or ;
• By post to the following address: " Finaxy DPO, 5 rue du Général Foy, 75008 ".

In case of persistent disagreement concerning your data, you have the right to contact the CNIL at the following address: Commission Nationale Informatique et Libertés, 3 place de Fontenoy 75007 Paris, https://www.cnil.fr/en/contact-us , 01 53 73 22 22.