Personal data

 

 

1. OUR COMMIMENTS _____________________________________________________

 

AXA Epargne Entreprise, 313 Terrasses de l'arche, 92000 Nanterre, as Data Controller, respects the following principles:

  • Your data is only used for explicit, legitimate and specific purposes related to our business as account holder,
  • Only data that is useful to us is collected,
  • We do not keep your data beyond the period necessary for the operations for which they were collected, or those provided for by the recommendations of the CNIL (guidelines, practice sheets, etc.) or by law (such as legal requirements),
  • We communicate your data to authorised partners or professional organisations that need to have access to it in order to carry out employee savings operations,
  • We inform you in a clear and transparent manner about the purpose of the use of your data, whether your answers in the forms are optional or compulsory and about your rights in terms of data protection,

 

 

2. THE USE OF YOUR DATA ________________________________________________

2.1 Legal basis, purposes of processing and retention periods :

The insurer uses your data for the following purposes, based on the legal bases and in accordance with the following retention periods:

 

Legal basis

Goals

Shelf life

Performance of the contract or pre-contractual measures

Subscription, management, regulatory organisation carried out within the framework of the activity of custodian of shares in an employee savings scheme

Data retention standards and supporting documents for processing operations whose legal basis is the execution of the employee savings contract: 30 years, pursuant to Articles D3324-37, D3324-38, R3332-20 of the Labour Code and L135-7 7° of the Social Security Code.

Management of telephone reception and related operations

 

Telephone conversations recorded for 5 years in application of the monetary and financial code (RGAMF 313-49 and COMOFI L533-10).

No retention of connection data concerning the interactive voice service.

Other data 30 years.

Consultation and action on your employee savings account via our customer areas

No data retention

Compliance with our legal and regulatory obligations

The fight against money laundering and the financing of terrorism, with the implementation of contract monitoring that can lead to the drafting of a suspicious transaction report or an asset freeze, in accordance with the Monetary and Financial Code

5 years.

In the event of litigation, these data are kept for the duration of the proceedings and until the expiry of the ordinary and extraordinary remedies

Management and follow-up of conventional or judicial opposition to employee savings accounts managed by AXA Epargne Entreprise

30 years (limitation period)

Process inactive assets and employees and pending means of payment.

Identification of dormant assets

To manage the information and settlement campaigns for inactive employees

Issuance of financial flows to the Caisse des Dépots et des Consignations

Manage the consignment processing of uncashed issued cheques

Managing the processing of non-controlling assets

27 years from the date of deposit at the CDC.

Legitimate interest (1)

 

Customer satisfaction surveys for statistical purposes

24 months

Reporting and monitoring of employee complaints

24 months

Your consent.

For processing based on consent, you can withdraw your consent at any time

Commercial canvassing of prospects or by electronic means (e-mail, SMS, etc.)

1 year from last contact

Collect memberships to trigger automatic account creation in easyprojets

24 months

1 In case of processing based on legitimate interest, a balance of interests has been carried out and you have the possibility to have access to this document upon request to the controller.

 

The account holder is legally obliged to check that your details are accurate, complete and, where necessary, kept up to date. We may ask you to verify this or we may need to complete your file (for example by recording your email if you have written to us by email or by consulting databases such as public directories or registers). Your data is thus collected in the documents you fill in, in the forms you fill in for the exercise of the contract (management act), when you are contacted (telephone call, email). We may also consult the databases of public bodies or partners (in particular the SIRENE database of companies and their establishments, the file of removals from the Post Office for changes of address). The categories of data processed are in particular identification data, data relating to the management of the contract, data relating to the family situation and/or professional situation and/or financial situation. The data collected may come from publicly available sources.

 

If you have any questions about the management of your personal data, you can contact the DPO by sending an e-mail to service.informationclient@axa.fr.

 

2.2 Recipients of the data 

We communicate your data to authorised partners or professional bodies who need to have access to it in order to carry out our operations. For those recipients located outside the European Union, the transfer is limited to countries listed by the European Commission as providing an adequate level of protection or to recipients who comply with either the European Commission's standard contractual clauses or the AXA Group's binding corporate data protection rules (BCR). 

This data may also be communicated to the supervisory authorities, the competent public services and any other public or private body with which AXA may be required to exchange personal data in accordance with the applicable legislation.

 

3. SECURITY ________________________________________________________

 

Confidentiality measures

We are committed to ensuring the security of your data by implementing enhanced data protection through the use of physical and logical security measures that comply with the rules of the art and the standards imposed on us.

Control of data transfers

The AXA Group, which is present in more than 50 countries, has adopted a policy and governance dedicated to the protection of personal data at the international level.

They include strict control of transfers of your data, particularly when they are made outside the European Union and its protective legislation, under conditions that comply with the regulations.

AXA France currently transfers data outside the European Union to the following countries

- United States

- Mauritius

- India

- Morocco

- Vietnam

These transfers are governed by standard contractual clauses and Binding Corporate Rules (BCR).

We are the first insurance group to have binding corporate rules approved by the European data protection authorities, including the CNIL. These rules guarantee an intangible and minimum level of protection of your data by the various AXA Group companies around the world.

AXA Epargne Entreprise does not currently make transfers outside the European Union.

You can obtain more information from service.informationclient@axa.fr and consult our BCRs by clicking on this link.

 

4. YOUR RIGHTS__________________________________________________________

 

Rights of access, rectification, deletion, restriction, portability, opposition and to decide what happens to your data after your death

You have the right to :

  • access your data,
  • request their correction in case of error,
  • request their deletion,
  • ask for their processing to be restricted,
  • request their portability,
  • to object to their processing,
  • to set out guidelines for what should happen to them after your death.

If, after contacting us, you feel that your rights have not been respected, you can submit a complaint online to the CNIL or by post. (3 place de Fontenoy - TSA 80715 - 75334 Paris cedex 07).

Finally, once you have given your consent to data processing, you may withdraw it at any time, without calling into question the operations carried out prior to this withdrawal.

To find out more about your rights, visit the CNIL website (www.cnil.fr/fr/comprendre-vos-droits).

You can exercise them by sending an e-mail to service.informationclient@axa.fr or by post to AXA Epargne Entreprise, Service Information Clients, 313 Terrasses de l'Arche, 92727 Nanterre cedex.

When exercising your rights, you must prove your identity by any means. However, if there are reasonable doubts as to the accuracy of your identity, AXA Epargne Entreprise may ask you for additional information that appears necessary including, when the situation requires it, a signed photocopy of an identity document.

Telephone canvassing

If you do not wish to be the subject of commercial canvassing by telephone, you can register free of charge on the BLOCTEL list of opposition to telephone canvassing.

For more information, please visit www.bloctel.gouv.fr

 

This document was validated by the AXA Epargne Entreprise data protection officer prior to its distribution.

 

Date : June 2022.