Various data are collected, used, stored, as e.g.:

Data regarding the company

• information allowing to identify the policyholder such as the name of the company, the national registration number, the registered office, the location of economic activity; the number of persons employed; the structure of the business group; the extract of the Mémorial C about the foundation of the company, a copy of the statutory powers;
• contact details such as the mailing address, the phone number;
• information allowing the identification of the parties involved such as a copy of the administrators' identity cards;
• information regarding the identification of the economical beneficiaries such as their name, address, date and place of birth, nationality;
• bank details for the payment processing such as your bank account number.

Data concerning the members of the supplementary pension scheme

• personal data such as the name as well as the date and place of birth;
• contact details such as the address, phone number and email address;
• bank details for the payment processing such as the bank account number;
• data required for the calculation of the insurance premium;
• information provided by the former supplementary pension scheme manager such as extra insurance premiums that have been applied or exclusions;
• information regarding the family situation such as the number of persons living in a household;
• heath data, subject to the affiliated member's authorization;
• data of the beneficiaries designated by the affiliated members;
• information regarding the use of the online access (e.g. via cookies).

Once the legal retention period of these data has expired or the data are no longer required, they will be purely and simply erased.

1.2.1. Management of contracts and settlement of claims

We collect, retain and process your data as well as those of the supplementary pension scheme members in case we need them to:

• manage the customer relationship;
• establish a client profile;
• offer services;
• evaluate risks;
• settle claims;
• establish invoices;
• answer questions;
• offer technical assistance.

1.2.2. Enhancement of products

We collect, retain and process your data in order to evaluate and enhance our existing services and to develop new products and services.

1.2.3. Compliance with the legal regulations

In order to comply with our legal obligations we need to have some information in particular in the context of money laundering prevention or simply tax information exchange.

We wish to insure you in the best possible manner. We may transmit your data to other insurance companies (in the context of coinsurance) or reinsurers.

Where necessary, data may be exchanged with the following persons:

• our medical officer at the time of the subscription or a claim settlement;
• a reinsurer at the time of the subscription or a claim settlement;
• an insurance agent or broker for the administration of your contracts;
• an insurer in the context of a coinsurance transaction (subscription and claim settlement) or just claim settlements;
• a bankruptcy administrator.

On request we can also receive (or share) relevant supplementary information provided by authorities, private insurers, reinsurers, social security organizations and intermediaries or even other third parties which are legitimately involved in the set up or the administration of the contract or in a claim settlement.

By external service providers we are targeting mainly experts or lawyers.

The service providers are bound by contractual obligation to solely use the data received for the purpose of the fulfilment of the mission they have been entrusted with.

If necessary we impose on the service providers outside the EU the obligations that have been introduced by the European Commission, in order to grant you the best possible safety of your personal data.

You and the affiliated members of the supplementary pension scheme have the possibility to:

• know precisely which personal data we hold about you;
• rectify or complete false or missing data;
• suppress part or all of your data except if the laws in force oblige or authorize us to keep them;
• limit the processing of your data for certain purposes or to oppose any processing at all;
• ask for the transmission of your data to other third parties.

To that end, you and the affiliated members of the supplementary pension scheme may forward a written request either by regular mail or email attached with a copy of an identification document.

Should either you or the affiliated members of the supplementary pension scheme notice that your rights are not (or no more) respected, you have the possibility to lodge a complaint with the National Commission for Data Protection (https://www.cnpd.lu).

We do not keep your data or those of the affiliated members of the supplementary pension scheme any longer than necessary or prescribed by law.

We treat your data and those of the affiliated members of the supplementary pension scheme (such as details on insurance policies or claim settlements) as confidential. We ensure their safety and take any measures required for the protection/security of the data. The implemented information safety standards are constantly being adapted in order to grant an optimal level of data protection.

Generally, if you submit data via the internet, it shall be at your own risk. However, we can assure you that on the Baloise websites, the data transmitted are protected by appropriate locking mechanisms.

We also undertake technical and organizational safety measures in order to decrease the risk on our websites. However, we ignore the level of security of the equipment you are using. Hence, you need to get informed about the prevention measures that are required and to take the necessary steps to this end.