Privacy policy AG

supporter de votre vie

This is a new version of our Privacy Policy. It is made up of three parts:

The changes made to the previous version (May 2018) are:

  • general updates to text, structure, layout and format;
  • additions, with the most significant ones as follows:
Relevant section Modification Potential impact on your privacy

Item

1. "Your privacy: our shared responsibility", "Who are we?" 

AG's Privacy Notice is intended for all visitors to our websites or platforms. We now specify the names of the relevant websites and platforms (MyAG, AG Expert, Mobility Assist, Pronto, Yongo).

However, a specific privacy notice may sometimes apply to certain websites or platforms (e.g. the specific Privacy Policy that applies to the MyAG Employee Benefits platform).

 None in practice. This is simply a clarification.

Items

2. 2. "Your rights" "Why?"

3.2 "What?"

3.3. "How do we protect your personal data?"

 

Among the personal data that we collect, we sometimes process your national register number, but only when:

 

  • such processing is necessary to verify your identify with certainty
  • the law authorises or requires us to do so, and
  • there is a legal basis for such processing.  

 

In certain situations, we need to be able to verify your identify with certainty and/or make sure that we are addressing the right person.

None in practice. This clarifies the situations where your national register number may be processed.

We only process your national register number in cases where this is permitted by law, and to prevent making mistakes about your identity.

In addition, as is the case with all other data, we only process this data when we have a valid legal basis to do so.

You may continue to exercise your privacy rights, which remain unaffected.

Items

2.2. "You may revoke your consent" What does that mean?

"You can object to the processing of your data for canvassing purposes". What does that mean?

3.2. "What?"

"We sometimes process your data for direct marketing purposes on the basis of your consent." What does that mean?

 

In the context of direct marketing, we may process your data, depending on the situation and the type of commercial communication, based on our legitimate interest (for commercial communications about products, services, offers or benefits provided by AG), or on the basis of your consent (for other commercial communications).

 

Note that any data processing carried out in the context of commercial communications about products, services, offers or advantages relating to:

 

  • Yongo & Uppie will be carried out based on your consent, in accordance with this Privacy Policy;
  • AG Employee Benefits will be carried out based on your consent, in accordance with this Privacy Notice and the MyAG Employee Benefits Privacy Notice.

 

In this context, AG allows you to configure some of your communication preferences (including canvassing) in your customer area on the relevant platforms (Yongo & Uppie, MyAG Employee Benefits).

 

You can then decide to consent (or not) to various types of commercial communications from AG (concerning Yongo & Uppie or MyAG Employee Benefits), by using the slider bars in this area.

 

 [Legal2] If you have given your consent using a slider bar made available by AG on a platform, this can be withdrawn at any time by placing the same slider bar in the negative position corresponding to the absence of consent.

If direct marketing is carried out based on our legitimate interest (for commercial communications about products, services, offers or benefits provided by AG - except those relating to Yongo & Uppie, or MyAG Employee Benefits), you may also object to the processing of your data by placing the corresponding slider bar in the negative position

, or by contacting our Data Protection Officer (AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be).

 

In practice: this change has a positive impact.

You have greater control over how your data is processed.

In certain cases (Yongo & Uppie, MyAG Employee Benefits), AG now lets you decide exactly what type of commercial communications you wish to receive from us.

For these commercial communications, AG makes it easier for you to have a clear overview of your preferences, and to configure or change them at any time, by providing you with an online tool in your customer area on the relevant platforms (Yongo, MyAG Employee Benefits).

You may withdraw your consent or object to the processing of your data at any time.

You may continue to exercise your privacy rights, which remain unaffected.

Item

3.2. "What?"

"What are the specific purposes and what is the lawful basis for processing your personal data in each individual case?"

AG processes your personal data to comply with legal, regulatory and administrative requirements.

Note that we are legally required to process some of your data pursuant to the legislation on the protection of persons reporting breaches of the law (whistleblowers).

None in practice. This is simply a clarification.

In accordance with the law on the protection of whistleblowers (Law of 28 November 2022 on the protection of persons who report breaches of EU or national law observed at a legal entity in the private sector), we are required to process and retain certain personal data until the reported breach is time-barred.

Item

3.2. "What?"

"What are the specific purposes and what is the lawful basis for processing your personal data in each individual case?"

AG sometimes processes your personal data based on its legitimate interest.

 

We would like to inform you that, on this basis, we sometimes process your data in order to carry out satisfaction surveys.

 

None in practice.

 

We strive to achieve a fair balance between our legitimate interest and respecting your privacy.

 

Participation in our satisfaction surveys is always on a purely voluntary basis.

 

Moreover, you can always exercise your right to object to the processing of your data for this purpose and ask us to provide you with information about the fair balance that we strive for between your privacy and our legitimate interest.

 

In addition, we will never contact to participate in a survey if you are on an exclusions list (DoNotCallMe or Robinson list).

 

You may continue to exercise your privacy rights, which remain unaffected.

 

Items

 

3.2. "What?"

"What are the specific purposes and what is the lawful basis for processing your personal data in each individual case?"

 

3.3. "How", "Typical data recipient in the insurance sector"

 

AG sometimes processes your personal data based on its legitimate interest.

 

We have a legitimate interest, just like our customers and third parties, in detecting, preventing and combating abuse and fraud (e.g. insurance fraud).

 

Note that in this context, we may transfer and exchange information, including personal data, with other insurance companies (sometimes via a dedicated platform managed by a third party - e.g. Alfa Belgium, Datassur).

 

None in practice. This is simply a clarification.

Sharing information with other insurance companies (if necessary, via a dedicated platform managed by a third party - e.g. Alfa Belgium, Datassur) is one of the means we have to detect and combat fraud.

You can always exercise your right to object to the processing of your data for this purpose and ask us to provide you with information about the fair balance that we strive for between your privacy and our legitimate interest.

You may continue to exercise your privacy rights, which remain unaffected.

Item

3.3. "How", "Typical data recipient in the insurance sector"

As a data subject, you have the right to information, the right of access, the right to rectification, the right to erasure, the right to restrict processing, the right to object and the right to file a complaint with the Data Protection Authority (35 rue de la Presse, 1000 Brussels, contact@apd-gba.be, https://www.autoriteprotectiondonnees.be ).

In addition, to exercise your rights concerning:

 

  • the RSR file, you can always contact Datassur (Phoenix Building, 19 boulevard du Roi Albert II, 1210 Brussels, or privacy@datassur.be)
  • the claims data base, you can always contact Alfa Belgium (Phoenix Building, 19 boulevard du Roi Albert II, 1210 Brussels, or info@alfa-belgium.be)

 

You must provide a copy of an identification document (or any other means of identification) along with your letter or e-mail. If you provide us with a copy of your identity card, passport or a similar document, you may remove any data that is not relevant to verifying your identity.

 

Further information on Datassur's and Alfa Belgium's policy regarding the processing of personal data and your rights as a data subject is available at https://www.datassur.be/fr/privacy-notice-fr

 (Datassur) and https://www.alfa-belgium.be/fr/privacy-statement (Alfa Belgium).

 

None in practice. This is simply a clarification.

We provide more information on how you can exercise your rights with certain third parties (Datassur and Alfa Belgium). 

Item

3.3. "How", "Typical data recipient in the insurance sector"

We process your personal data in order to perform a contract or to take pre-contractual measures upon your request.

Note that in this context, we communicate some of your personal data (surname, first name and address) to Touring Club Royal de Belgique asbl/vzw (hereafter “TCRB”). Retail customers become members of the Club when they take out an insurance policy with AG Insurance featuring the "Touring" brand name.

In this context, AG collects certain data (surname, first name and address) in its role as the data controller and transfers it to TCRB, which is also data controller for processing its members' data for administrative purposes.

(https://www.touring.be/fr/notice-vie-privee-tcrb)

 

In practice: this change has a very minor impact.

 

As of 1 July 2023, when retail customers take out an AG insurance policy featuring the "Touring" brand name, they automatically become members of Touring Club Royal de Belgique asbl/vzw, headquartered at 4 boulevard du Roi Albert II, box 12, 1000 Brussels, and registered under company number 0403.471.597.

 

Some of your details are then shared with TCRB so that it can manage its members and their enrolment.

 

This processing will be carried out in connection with performing a contract that you took out voluntarily.

 

You may continue to exercise your privacy rights, which remain unaffected.

 

Item

3.3. "How", "Typical data recipient in the insurance sector"

We process your personal data in order to perform a contract or to take pre-contractual measures upon your request.

 

Note that, in order to fulfil our contractual obligations as an insurance company, your data may be communicated not only to reinsurance companies, but also to reinsurance intermediaries through whom we are reinsured.

 

 None in practice. This is simply a clarification.

Item

3.3. "How", "Typical data recipient in the insurance sector"

AG processes your personal data to comply with legal, regulatory and administrative requirements.

Note that we are legally required to disclose some of your personal data to the authorities via Sigedis (sigedis.be) pursuant to the regulations on 2nd pillar insurance products (supplementary pension plans).

 None in practice. This is simply a clarification.

Item

3.3. "How", "Typical data recipient in the insurance sector"

We process your personal data in order to perform a contract or to take pre-contractual measures upon your request.

Note that in this context, your data may be communicated to Assuralia (assuralia.be) in connection with the Verifleet service and platform, which allows certain vehicle fleet data to be exchanged between intermediaries and insurance companies.

None in practice.

This processing will be carried out in connection with performing a contract that you took out voluntarily.

You may continue to exercise your privacy rights, which remain unaffected.

Items

3.2. "What?" "What are the specific purposes and what is the lawful basis for processing your personal data in each case?" 

3.3. "How", "Typical data recipient in the insurance sector"

AG sometimes processes your personal data based on its legitimate interest.

Our legitimate interest is to be able to assess the quality of customer data to ensure that we have correct and up-to-date data.

For this purpose, your data may be shared with a data quality assessment service provider.

None in practice.

 

The sole purpose of this processing is to check the quality of the data that we have.

For example, this will prevent us from sending correspondence to an incorrect address.

We do not receive any additional data about you.

 

In addition, you can always exercise your right to object to the processing of your data for this purpose, and ask us to provide you with information about the fair balance that we strive for between your privacy and our legitimate interest.

 

You may continue to exercise your privacy rights, which remain unaffected.

At AG, we believe your privacy is important. Incredibly important. As a supporter of your life, we care deeply about protecting it. We process your personal data lawfully and transparently. In this Privacy Policy, we explain why and how we do so, but we will also tell you what you can do to help us. Because your privacy is our shared responsibility.

  1. Why?

Because your privacy is about protecting you. Your name, photo, phone number, password, contract number and email address are details that identify you as a person. That is why we call this information 'personal data'.

  1. What? 

A lot. You can view and correct your data, and in certain cases you can have it erased. Sometimes you can also object to a certain use of your data, refuse to have it processed completely automatically or ask for your data to be transferred to you or to a third party. You can also reject marketing communications at any time.

  1. How? 

Easily. Just contact us by email or post. Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.. AG, Data Protection Officer, Emile Jacqmainlaan 53, 1000 Brussel, AG_DPO@aginsurance.be.

  1. Why? 

As a supporter of your life, it is normal for us to keep track of your details so we can reach you quickly and help you as best as we can with your insurance file. But we also process your personal data to provide you with commercial information about our products and services that interest you. Moreover, your data also serves to fulfil our legal obligations, prevent fraud and evaluate and optimise our internal processes and services

  1. What? 

When we process your data, we are generally responsible for processing it. That means collecting it, recording it, organising it, structuring it, storing it, updating it or rectifying it, querying it, accessing it, using it, transferring it, distributing it or otherwise making it available, aligning it or combining it, protecting it, deleting it or destroying it… But in any case, we only act for the specific purposes stated in the relevant privacy clause and specified in this privacy policy.

  1. How? 

With the utmost care. Not everyone within AG has access to your data. Only people who handle your account may access and process your data. These people have a strict duty of confidentiality and are very aware of this. Furthermore, our specialist teams make it technically impossible for unauthorised persons to access your personal data. We do not automatically share your data with third parties. Furthermore, we will not store your data for any longer than is necessary and required by law.

Contact

If you have questions for us about your privacy, please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO, that is our specialist in the matter, will get back to you within one month. 

 

AG Insurance, Data Protection Officer, Emile Jacqmainlaan 53, 1000 Brussel, AG_DPO@aginsurance.be


If you have any complaints about how we handle your privacy, please contact the Belgian data protection authority: Data protection authority, 35 rue de la Presse, 1000 Brussel, contact@apd-gba.be, +32 2 274 48 00

At AG, we believe your privacy is important. Incredibly important. As a supporter of your life, we care deeply about protecting it. We process your personal data lawfully and transparently. In this Privacy Policy, we explain why and how we do so, but we will also tell you what you can do to help us. Because your privacy is our shared responsibility.

As a loyal supporter of your life, it is our job to collect, store and use certain data about you in order to deliver our services to you. We always do so with the utmost care, in a completely transparent way and, of course, within the boundaries of the law. Because your privacy is our shared responsibility.

This Privacy Policy is intended for all natural persons who are policyholders (whether existing or prospective customers or policyholders) or insured persons, beneficiaries or third parties (injured parties, witnesses, experts, insurance brokers, prospective employees, website or platform visitors (for example MyAG, Yongo), mobile app users (for example AG Expert, Mobility Assist, Pronto), employees of our partners, etc.). However, a specific privacy notice may sometimes apply to certain websites or platforms (e.g. the specific Privacy Notice that applies to the MyAG Employee Benefits platform).[Legal1] . This Privacy Policy is not intended for legal entities.

  • Registered office at 53 boulevard Emile Jacqmain, 1000 Brussels
  • VAT BE 0404.494.849; RLE Brussels 
  • IBAN: BE13 2100 0007 6339; BIC: GEBABEBB
  • info@aginsurance.be
  • www.aginsurance.be; www.ag.be
  • Belgian insurance company licensed under code 0079, under the supervision of the National Bank of Belgium, 14 boulevard de Berlaimont, 1000 Brussels

  • By law, AG is generally the controller as far as your data is concerned.
  • We determine why (for what purposes) and how (by what essential means) we process your data.
  • We are the point of contact for you and the competent authorities for any queries regarding our use of your personal data

  • In a limited number of cases, we act solely on the instruction of another controller that is your first point of contact for all your privacy queries.
  • We recommend that you read the privacy policy of other relevant controllers carefully.
  • However, even in these limited cases, we will continue to take the measures needed to protect your personal data.

  • In this cases, we will inform you if another party also acts as a controller in the privacy clause in your insurance contract or on the relevant (web)form.
  • We also require our partner to treat your personal data with great care. We will lay this down in a data processing agreement concluded with our partner.

Because your privacy is about protecting you.

Your name, photo, phone number, password, contract number and email address are details that identify you as a person. That is why we call this information 'personal data'.

Depending on the context in which we process your personal data (e.g. you are a policyholder, an affiliate, an applicant or a prospect), we store different types of data about you:

  • basic personal data and/or non-special categories of personal data, and/or
  • certain special categories of personal data, specifically health data and data relating to criminal convictions and offences.

Other types of special categories of personal data (i.e. data on race and ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data to uniquely identify a physical person and data on sexuality or sexual orientation) are not processed.

You will find a list below.

Data that identifies you so we can be sure you are who you say you are

  • Name, first name, date of birth, address, vehicle registration plate, etc.
  • Technical data such as information that identifies the devices you are using (e.g. IP address)
  • National register number (where authorised/required by law and insofar as there is a legal basis)

Data that helps us to operate as a company and serve you as best as we can

  • Your (use of) insurance products, family circumstances (marital status, children, etc.), living habits, preferences and interests (hobbies, etc.), global financial situation (salary, property, etc.), work (profession, education, etc.) features of your home, images and sound recordings, photos, etc.

Contact details so we can get in touch with you

  • Address, telephone number, email 

Health data so we can manage certain  insurance contracts and claims

  • Description of existing conditions in a medical questionnaire
  • Description of physical injury after loss
  • Your medical expenses, as indicated by you under your hospitalisation insurance
  • etc.

Personal data relating to criminal convictions and offences to manage certain claims

  • Criminal record (or part thereof) if we have the prior consent of the Public Prosecutor's Office or the investigating judge
  • etc.

Contact

Sometimes this is not just about your data, it is about the data of someone associated with you, such as your children, your partner, the beneficiary of your life insurance, your employees for whom you have taken out group insurance or even a person involved in a loss, such as a victim or a witness. If you provide data about these people to us, you must let them know.

Hebt u vragen voor ons over uw privacy?

If you have any questions for us about your privacy or want to know which categories of personal data we process about you, please get in touch by email or post. Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

 

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

We collect your data in various ways (only if we have a valid legal basis for this, see below), for example:

You share your data with us

  • When you become our customer with us
  • When you fill in the forms and contracts we provide you with
  • When you use our services and products
  • When you accept our invitations (to attend an in-person or online conference), take part in competitions, etc.
  • When you contact us (by phone, text message, instant message, email, letter, WhatsApp, etc.), in which case we may store and process your data as well as the message itself and the metadata (e.g. time sent), provided that we have a valid legal basis for this
  • When you visit or use one of our websites or one of our mobile apps using cookies and similar technologies (more information about cookies can be found in our Cookie Policy at www.ag.be by clicking Cookies at the bottom of the page)
  • When you share data (including images and/or audio/video content) while using our websites (including our social media pages) and our mobile applications, for example, when you:
    • share data with us when you subscribe to our newsletter
    • request an insurance quote online
    • fill in your details online to apply for a job with us
    • claim for a loss, enter medical expenses or request personal assistance via mobile apps (e.g. AG Expert, Mobility Assist, Pronto)
    • report a hospitalisation admission
    • take out a contract online (e.g. a Yongo or Vivay product)
    • fill in your details when logged into one of our websites, e.g. MyAG Employee Benefits, Car Repair, Yongo and Bonus Modulis
    • disclose your data to us when you sign up, identify yourself or register on one of our websites or platforms, or when you enter your data in the "personal zones" of these websites or platforms (for example: My AG, Car Repair, Yongo, Bonus Modulis, etc.)
    • etc.

Your data is published or shared by others

  • By entities that have given special authority (e.g. the Belgian Official Gazette, your insurance broker , Bpost - in connection with its moving service -, and partners with whom we work)
  • By entities that tackle fraud (e.g. Datassur, Alfa Belgium, etc.), money laundering and terrorism
  • By government agencies (e.g. tax authorities)
  • By your employer (under your professional insurance or occupational accident insurance policy)
  • By professional data providers (e.g. World-check) to correct and/or enrich data (e.g. family composition, inclusion on embargo lists, geographical data)
  • By the Public Prosecutor’s Office or the investigating judge who preceded us has granted access to a (part of the) criminal record in the event of a loss
  • By other companies when they consider transferring some or all of their operations to AG (through restructuring, transferring shares or otherwise), but only if and to the extent that the data transfer is necessary for AG to consider, evaluate and conduct the acquisition
  • etc.

You are filmed by surveillance camera in and around our premises

  • These images are stored only to ensure the safety and security of goods and persons and to prevent and detect abuse, fraud and other offences that could harm our customers and ourselves.
  • The presence of surveillance cameras is indicated on signs with our contact details.

Contact

If we ask for your personal data, you have a right not to give it to us. However, this may make it impossible for us to achieve the specific purpose and/or to continue handling your file.

If you would like to know where the personal data that we process about you comes from, please get in touch by email or post.

Our ‘Data Protection Officer’ or  ‘DPO’, that is our specialist in the matter, will get back to you within one month.
AG, Data Protection Officer, 53 boulevard Emile Jacqmain,  1000 Brussel, AG_DPO@aginsurance.be

You can ask us:

  • whether we process your personal data or not;
  • why (for what purposes) we process your personal data;
  • which categories of personal data we process about you;
  • which categories of recipients we share your data with;
  • how long we store your data;
  • for more information about the rights you can exercise or about submitting a complaint to the data protection authority;
  • what the logic is that is underlying the automated use (including profiling) of certain of your personal data .

If you want to know what personal data we process about you please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

We do our utmost to keep the data we store about you as accurate and complete as possible. But if you still find that your data is incomplete or incorrect, you can ask for it to be rectified. We will happily comply, because a good supporter of your life works with the right data. If we have rectified personal data,

we will notify any recipient of the data about the rectification, unless this proves impossible or requires a disproportionate effort. If you so request, we will provide you with information about these recipients.

If you would like us to rectify your data, please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

You have a right to be forgotten. You can ask us to delete the personal data we store about you. We can do this if:

 

  • the data is no longer necessary for the purposes for which we have collected it; or
  • you had given us permission to process your data but you have decided to revoke it; or
  • you object to the use of your data and there is no reason to continue processing it;
  • you gave consent when you were a minor; and you now wish to revoke your consent, because you are now aware of the risks associated with using your data.

 

If you would like us to erase your personal data, please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

In some cases, we still need to store your details.

This is to comply with a legal obligation or for as long as we establish, exercise or defend a legal claim. Once we have deleted your data, we will notify any recipient of the data about the deletion, unless this proves impossible or requires a disproportionate effort. If you so request, we will provide you with information about these recipients.

You can ask us to intervene if you believe that:

  • your personal data is inaccurate and we are still investigating whether it is indeed inaccurate; or
  • we no longer require your personal data, but you do need the data to establish, exercise or defend a legal claim.

In some cases, we may still be permitted to process your data.

This applies if you tell us that you no longer need to restrict us from processing your data, or when we have to process your data in order to establish, exercise or defend a legal claim. It may also be necessary to use your data for the public interest or to protect the rights of a physical person or legal entity.

Once we have restricted processing of your data, we will notify any recipient of the data about the restricted processing, unless this proves impossible or requires a disproportionate effort. If you so request, we will provide you with information about these recipients.

If you would like us to restrict processing of your personal data, please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

In some cases, we may still be permitted to process your data.

This applies if you tell us that you no longer need to restrict us from processing your data, or when we have to process your data in order to establish, exercise or defend a legal claim. It may also be necessary to use your data for the public interest or to protect the rights of a physical person or legal entity.

Once we have restricted processing of your data, we will notify any recipient of the data about the restricted processing, unless this proves impossible or requires a disproportionate effort. If you so request, we will provide you with information about these recipients.

You have the right not to be subject to certain decisions based solely on automated processing, including profiling. What does this mean?

In some cases, a decision regarding your file cannot be based solely on the automated use of data (including profiling; see below) if it may produce legal effects concerning  you or similarly significantly affect you. The law provides for that, but we too believe very strongly in this right.

As a supporter of your life we believe that the best service can be provided by taking an individual approach to each case.

Specifically, in addition to fulfilling all other obligations to protect your privacy, we:

  • always have a human person involved in every case; or
  • ensure that our solely automated decisions do not produce any legal effects concerning you and do not similarly significantly affect you; or
  • guarantee that our solely automated decisions:
    • (i)    are necessary to enter into, or perform a contract between us and you;
    • (ii)  are based on your explicit consent (which we will ask for on the (web)form provided for this purpose); or
    • (iii) are permitted by law.
  • Important: point (ii) only applies in the case of health data or data relating to criminal convictions and offences. However, in all cases, we will let you know if we make decisions based solely on the automated use (including profiling) of your personal data, and if these produce legal effects for you or similarly significantly affect you. We will also tell you why we have made that decision and what the expected consequences are. If you have any questions about this or if you do not agree with an automated decision made, please speak to your contact at AG. If the automated decision is based on your explicit consent, you can also revoke your consent at any time free of charge.

Weigert u dat bepaalde beslissingen genomen worden die uitsluitend gebaseerd zijn op een geautomatiseerde verwerking of bent u niet akkoord met de beslissing?

If you wish not to be subject to a decision based solely on automated processing or if you do not agree with a decision made on that basis, please get in touch by email or post. Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

You may ask us to transfer the data that you have shared with us directly to you or another controller, provided that:

  1. this is technically possible; and
  2. you have given us consent to use your data or the use is necessary to perform an agreement; and
  3. the usage of your data is automated

If you would like us to transfer the data that you have shared with us to you or a third party, please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

If you gave us your consent to process your data, you can revoke it free of charge at any time.

Wenst u uw toestemming voor de verwerking van uw persoonsgegevens in te trekken?

If you wish to revoke your consent for us to process your personal data, please get in touch by email or post. Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

Revoking your consent does not affect the lawfulness of processing your data on the basis of your consent prior to revocation. This means that, if you revoke your consent, we will still have processed your data lawfully because you had given us your consent.

However, if you revoke your consent, it may become impossible for AG to fulfil the intended purpose and/or to continue handling your file.

If you believe that we are not lawfully permitted to process your data, you can object to this processing at any time. You can exercise this right if we process your personal data based on a general interest or our legitimate interest (see point 3.2).

If we process your personal data based on our legitimate interest, you can also ask us to inform you about the fair balance we strive for between your privacy and our legitimate interest. You can also object to our processing of your data for marketing purposes at any time and free of charge (see below).

Wenst u bezwaar te maken tegen de verwerking van uw persoonsgegevens?

If you wish to object to our processing of your personal data, please get in touch by email or post. Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

In some cases, we cannot comply with your objection, if our legitimate interest is much greater than yours or if the use of your data remains necessary to establish, exercise or defend a legal claim.

We process your data as part of our marketing (commercial communications). Further in this document, we will explain what that means. This processing may be carried out based on our legitimate interest (for commercial communications about products, services, offers or benefits provided by AG), or based on your consent (for other commercial communications).

Note that any data processing carried out in the context of commercial communications about products, services, offers or benefits relating to:

  • Yongo & Uppie is carried out based on your consent, in accordance with this Privacy Notice;
  • AG Employee Benefits is carried out on the basis of your consent, in accordance with this Privacy Notice and the MyAG Employee Benefits Privacy Notice.

In this regard, you can let us know if you do not want us to process your data as part of marketing (any longer) at any time free of charge.

If you let us know that you do not or no longer want us to process your data for marketing, we will not or no longer use your data for marketing and will stop all other related data processing (such as profiling your data for marketing).

You can let us know if you do not want us to process your data as part of marketing in the following ways:

During the conclusion of your insurance contract

  1.  by ticking the box in the contract documents; or
  2.  by letting your intermediary know. 
At any other time

by sending us an email or letter AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be or, where possible: set your preferences for commercial communications via your customer area on the relevant platform.

After receiving a marketing email
by clicking on the link in the email, marked “unsubscribe”

If you do not want us to process your data for marketing, remember to disable cookies or other similar technologies on our websites and mobile apps. You can also do this on our social media pages to prevent data from being collected through these cookies that you may have previously accepted yourself.

For more information about how cookies work and how to accept or disable them, please see our Cookie Policy at www.ag.be (click Cookies at the bottom of the page).

Exercising your privacy rights is easy.

If you would like to exercise any of your privacy rights. please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

The power is in your hands!

Please be specific about which right(s) you want to exercise, so we can handle your query as best as possible and exactly as you wish.

It is important for us to verify your identity to prevent someone else from exercising your rights. Therefore, we may ask you to provide an identity document or other means of identification. If you provide us with a copy of your identity card, passport or a similar document, you may redact any data that is not relevant to verifying your identity. You can also specify our name, the date and the purpose on this copy, so it cannot be used for any other purpose afterwards.

As a supporter of your life, it is normal for us to keep track of your details so we can reach you quickly and help you as best as we can. But we also process your personal data to provide you with commercial information about our products and services that interest you. Moreover, your data also serves to fulfil our legal obligations, prevent fraud and optimise our internal processes and services.

We process your personal data for different purposes, but we only process the information that is relevant and strictly necessary to achieve the intended purpose. To learn what these purposes are and how we process your data exactly, see 3.2 (what) and 3.3 (how).

When we start working with your data, we are generally responsible for processing it. That means collecting it, recording it, organising it, structuring it, storing it, updating it or rectifying it, querying it, accessing it, processing it, transferring it, distributing it or otherwise making it available, aligning it or combining it, protecting it, deleting it or destroying it, but only ever with the greatest care and for purposes clarified in this Privacy Policy.

We do not process your personal data unless:

  1. there is a legal basis; and 
  2. there is a specific purpose.

Below is an overview of the four legal bases on which we process personal data.

Please note that this is only a general summary. Each individual case of processing is based on a single legal basis only (see below).

Legal basis

  • We process your personal data in order to perform a contract or to take pre-contractual measures at your request
  • In addition, we as an insurer need to meet a number of legal, regulatory and administrative obligations.
  • However, we may also process your personal data if we have a legitimate interest in doing so. In such case, we strive to maintain a fair balance between our legitimate interest and respect for your privacy. You may exercise your right to object and request information about the fair balance we strive for (see point 2.2 above).
  • Finally, we may process your personal data for a specific purpose when none of the other legal bases apply, if we have received your consent. If we require your consent to use your personal data for one or more specific purposes, we will ask you for this at the relevant time, e.g. on a (web)form. You may revoke your consent at any time and free of charge (see above).

Each individual case of processing is based on a single legal basis only. In each case, we determine the legal basis in consideration of:

  • the nature of the personal data we process; and
  • the specific purpose for which we process the personal data.

Both conditions are cumulative.

If processing includes health data and/or data relating to criminal convictions and offences, then:

  • we base the processing of health data to establish, exercise or defect a legal claim on our legitimate interest (in which case you have a right to object, see above);
  • we base the processing of health data under an occupational accident policy on the need to exercise specific employee rights under employment law and social security and social protection law;
  • we base the processing of personal data relating to criminal convictions and offences in order to manage disputes in which we are involved on our legitimate interest (in which case you have a right to object, see above); and
  • we base all other processing of health data and personal data relating to criminal convictions and offences on your prior express consent (which you may revoke at any time free of charge, see above).

If basic personal data (i.e. non-special categories of your personal data) is used in processing, the purpose of processing will determine which legal basis we use.

Here are some examples of processing, their purposes and their relevant legal basis.

 


Examples:

Contract management

  • When we analyse an opportunity to enter into an insurance or credit agreement and/or the conditions related thereto
  • When we conclude, manage and perform insurance contracts, e.g. customer relationship management, loss management and assessment, tracking payment of premiums, informing customers about changes to guarantees or other contractual terms, etc.
  • When we record the most recent communications in order to identify the frequency of contact and to keep in touch
  • When we perform a service you request, e.g. after you have provided your data online to subscribe to the newsletter, apply for a job, or ask for an insurance quote
  • When we process your national registration number to identify and authenticate you when you want to connect to one of our IT platforms
  • When we place and use strictly necessary cookies on our websites and mobile applications to ensure they function properly and so we can provide the online services you have requested (for more information, see our Cookie Policy by clicking Cookies at the bottom of our websites)
  • etc.
  • Please note that we will never process your health data or data relating to criminal convictions and offences on this basis.

Law

  • To draw up all the reports we are required to
  • To implement our legal or regulatory obligations to identify, prevent and tackle money laundering, fiscal fraud and terrorism
  • To comply with the legislation on the protection of individuals who report breaches of the law (whistleblowers)
  • To comply with MiFID legislation and all other regulations applicable to the insurance sector (insurance distribution, etc.)
  • To comply with our obligations regarding financial embargos and freezing assets
  • To comply with our tax obligations (e.g. forward information as required by FATCA)
  • etc.
  • Please note that we will never process your health data or data relating to criminal convictions and offences on this basis, except when we base the processing of health data under an occupational accident policy
  • on the need to exercise specific employee rights under employment law and social security and social protection law.

Our legitimate interest

  • Our legitimate interest lies in being able to function as a company, for example:
    • managing our insurance portfolio;
    • drawing up business plans, risk analyses, and so on;
    • building up a complete picture of customers (e.g. compiling statistics about our customers to know who they are and get to know them better);
    • evaluating the quality of our customer data to ensure that the information is correct and up-to-date
    • testing, evaluating, simplifying, optimising and/or automating our internal risk assessment and acceptance processes, record management and so on;
    • testing, evaluating, simplifying and optimising online systems to improve your user experience (e.g. bug fixes on our websites and mobile apps, and contacting you to resolve technical issues when we have determined that you have started filling in your data online to request a particular service, but you have not been able to complete this process);
    • carrying out satisfaction surveys
    • managing and optimising our distribution channels (our brokers and the BNP Paribas Fortis and bpost/bpost bank network);
    • direct marketing within the limits of our legitimate interest (see below) in which case you have the right to object to the processing of your personal data for direct marketing, including the associated profiling, at any time free of charge (see above);
    • developing new products to meet your changing needs and preferences that evolve along with living conditions.
  • Our legitimate interest (just like our customers and third parties) lies [Legal1] in detecting, preventing and combating fraud and abuse (e.g. insurance fraud). In this context, we may sometimes exchange information, including personal data, with other insurance companies.
  • Our legitimate interest (just like our customers and third parties) lies in protecting persons and goods (including our IT networks and systems), such as through surveillance cameras in and around AG premises.
  • Our legitimate interest (just like our customers and third parties) lies in establishing, exercising, defending and protecting our rights or those of whom we may represent (e.g. in disputes) and compile evidence.
  • Our legitimate interest lies in being able to reveal the presence and content of communications (phone calls, emails, instant messages, text messages, letters, WhatsApp messages, etc.) between our employees and our customers and partners, and to retain communications and metadata for the purposes of proof, quality control and/or training/coaching of our employees, as well as in certain cases, for use within the context of  the automation of our internal processes (e.g. development of a chatbot/virtual assistant).
  • etc.
  • Please note that we will only process your health data under this legal basis in order to establish, exercise or defend a legal claim. We will only process your data relating to criminal convictions and offences under this legal basis to manage disputes in which we are involved.
  • Please note that when we process your data on the basis of our legitimate interest, we strive to maintain a fair balance between our legitimate interest and respect for your privacy. You may exercise your right to object and request information about the fair balance we strive for (see point 2.2 above).

Your consent

  • For processing your health data (e.g. to conclude, manage and perform your hospitalisation insurance or insured income, to manage a physical injury case, etc.), unless we process your health data to establish, exercise or defend a legal claim (based on our legitimate interest, see above) or for processing your health data under occupational accident policy to the extent necessary to exercise specific employee rights under employment law and social security and social protection law
  • For direct marketing, when we do not  rely on legitimate interest as our lawful basis (see below)
  • For processing personal data relating to criminal convictions and offences (e.g. to manage certain cases of damage when a criminal investigation is opened), except where we process such data to manage disputes in which we are involved (in which case we have a legitimate interest, see above)
  • For placing (not strictly necessary) cookies or similar technologies on our websites and mobile applications that allow us to track and record your browsing habits in your customer profile so we can optimise your experience on our websites and advertisements for our products (for more information, see our Cookie Policy by clicking Cookies at the bottom of our websites)
  • For placing third-party cookies (e.g. Facebook Like button) on our websites and mobile applications where your personal information may be shared with third parties that can use your data for direct marketing purposes, analytical studies or market research (for more information, see our Cookie Policy by clicking Cookies at the bottom of our websites)
  • When we inform you that we will record some or all of a telephone and/or video conference (e.g. via Teams) for specific purposes, you may agree to record and process your voice and image by choosing to turn on your microphone and camera; if you do not want your voice and image to be recorded and processed, you can join the conversation through the chat feature
  • etc.
  • Please note that if we process your data based on your consent, you have the right to revoke your consent at any time and free of charge (see above).

If you would like to find out the purposes and legal bases for processing your personal data, revoke your consent or object to processing, please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

As a trusted supporter of your life, we will only send you information, proposals or offers if we are firmly convinced that this really interests you and will benefit you. Specifically, this means that, in the context of direct marketing based on our legitimate interest, we will only provide you with information, proposals or offers for AG's own products and services. You have the right to object to the use of your data for direct marketing at any time (see  above). If you have done so, we will no longer process your data for direct marketing. You can also ask us for information at any time about the fair balance we strive for when we process your personal data for direct marketing on the basis of our legitimate interest (see point 2.2 above).

Here are some examples of how we use your data for direct marketing based on our legitimate interest:
  • If you have a pension savings product, a free supplementary pension for self-employed persons or another similar product,  we would like to tell you about the indexation of the amounts that are tax deductible in order to optimise your products
  • If you have taken out an investment product, we might want to tell you about other investment opportunities with a better return or about reinvestment opportunities after the investment has been settled.
  • If you are already an AG customer we would like to tell you about new and existing insurance products that fit your needs, keep you up to date with certain campaigns and/or invite you to certain events that we organise or sponsor.
  • If you are a customer and retire we might want to advise you on the options available to you at this important time in your life, such as a financial needs consultation.

In cases where we don’t rely on our legitimate interest, we will always ask for your prior consent to provide you with commercial communications (information, quotes, proposals, etc.).

This is for example the case:

  • if we would like to contact you to provide you with information, offers or proposals about products or services from partners, subsidiaries or other third parties
  • if we would like to use the information you provide when you request an online insurance offer or take part in a competition for this purpose
  • if we would like to share your data with third parties for their own direct marketing purposes
  • if we would like to provide you with information, offers or proposals, but you are not a customer with us yet

Depending on the case, you can give your consent via the relevant (web) form, or by setting your preferences regarding commercial communications via your customer area on the platform in question (Yongo, MyAG Employee Benefits).

You may withdraw your consent at any time, free of charge (see above).

In addition, if your consent has been given using a slider bar on a platform, it can also be withdrawn at any time by placing this same slider bar on the negative position corresponding to the absence of consent.

AG or your insurance broker may contact you through the usual channels (e.g. phone, letter or email) for marketing purposes. But rest assured, if your phone number is listed on the Do Not Call list, we will no longer use your phone number for marketing, unless you give us your consent to do so later on.

We think it is important for you to know that we handle your data carefully even when using it for direct marketing.

As a supporter of your life, we process your data for direct marketing

  • if you provided it to one of our contacts or your insurance intermediary (e.g. if you informed us that you only want to be contacted via email for direct marketing);
  • that we have obtained during our interactions (e.g. you told us about your payment habits when messaging us or let us know about any damage suffered);
  • if we collected it through cookies or other similar technologies that you accepted on AG’s websites or mobile apps, including AG's social media pages (e.g. AG Facebook page) For more information about how cookies work and how to accept or disable them, please see our Cookie Policy at www.ag.be(click Cookies at the bottom of the page);
  • but we do not process special categories of personal data (e.g. health data) and data relating to criminal convictions and offences committedwithout your explicit consent, which you can revoke free of charge at any time.

The quality of this data can sometimes be assessed by a professional service provider to ensure that we have accurate and up-to-date data.

We may also share this data with your insurance broker so that they can contact you regarding AG products and services.

To ensure that you receive information and offers that interest you and are best adapted to your preferences and needs, we can also process your personal data for profiling and making decisions based on the profile that we have built in the course of our direct marketing. For more information on profiling in general, see below. In the context of direct marketing, this means:

We put together general or specific customer profiles to better assess your needs, behaviours and/or purchasing potential. Examples:

  • the category of policyholder that you are in
  • your investment insurance risk profile, which gives us a picture of your knowledge, experience, financial strength and/or your investment objectives
  • the extent to which certain characteristics of you as a customer correspond to a model (e.g. your choice of products shows a behaviour that allow us to deduce whether certain insurance products or services might be of interest to you)
  • major milestones in your life, such as your first job, a new job, getting married, a new car or home, a new addition to your family and taking out a pension, to determine whether certain insurance products or services might be of interest to you
  • the expectations you place on AG in terms of service, e.g. if you prefer to take the initiative in terms of insurance or receive regular feedback on your portfolio
  • etc.

We look at the clues you have given us to determine whether you might be interested in other products that we at AG offer directly or indirectly Examples:

  • taking part in a competition
  • running a simulation
  • using an application
  • requesting information (e.g. brochure on inheritance planning)
  • for future events (e.g. a new home, a new car or addition to the family)
  • etc.

We look at all your products and services to determine whether you are getting the best out of them or not.

  • to offer a range of similar products and services that may be of greater benefit to you
  • to offer you other products or services better suited to your personal circumstances
  • etc.

If you wish to revoke your consent for us to process your personal data, please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

If your consent has been given using a slider bar provided on a platform, it can also be withdrawn at any time by placing this same slider bar on the negative position corresponding to the absence of consent.

Why?

As a trusted supporter of your life, we use new technologies to bring you a better service and develop innovative tools that meet your needs and expectations

as they evolve. We therefore sometimes process your personal data for profiling and making decisions based on a profile, including analysing the data and compiling statistics, models and profiles. You have the right to refuse to have certain decisions made about you based solely on profiling (see 2.2) at any time.

 

What is profiling exactly?

Profiling is any form of automated use of personal data to evaluate certain personal aspects of a particular person (e.g. their economic circumstances, health, personal preferences, interests, trustworthiness, behaviour, location or relocation). If we use your personal data for profiling purposes, we don’t do so lightly. Profiling is not a purpose in itself. We only use your data for profiling for a specific purpose and only if there is a lawful basis to do so.

 

What is the legal basis for and purpose of profiling?

The legal basis for profiling depends on:

  • the nature of the personal data used for profiling;
  • the purpose of profiling.

Both conditions are cumulative. If we perform profiling using health data and/or data relating to criminal convictions or offences, then this is based on your prior consent (except under an occupational accident policy in which case we only process health data to the extent necessary to assert specific employee rights under employment law and social security and social protection law). In this context, you may withdraw your consent at any time.

If basic personal data (i.e. non-special categories of your personal data) is used in profiling, the purpose of the profiling will determine which legal basis we use.

The need to perform the contract or take pre-contractual measures at your request

  • For example, in order to assess the risk accurately (to accept insurance or determine the premium and scope of the guarantees), we process objective ‘segmentation criteria’ that meet all legal requirements. These criteria vary by product and are based on statistical findings that tell us whether they can have an impact on the likelihood or severity of a loss. You will find a list of the segmentation criteria and more information on how we use them on our website www.ag.be.
  • For example, when we use automated internal processes to optimise and/or adapt the services we provide to our customers and partners to emerging needs and expectations that evolve along with the new technological developments, for example:
  1.  when automated systems make recommendations or suggestions to our employees, who then respond to you or make a decision in your insurance file, e.g. when they receive suggestions for how to answer your questions;
  2. when our incoming mail (letters, emails, etc.) is automatically sorted and assigned to your account or account manager for handling your file;
  3. when IT systems automatically apply the acceptance/premium calculation criteria that we have pre-defined ourselves to a specific insurance application.
  • For example, when cookies (or other similar technologies) which are strictly necessary for the functioning of our websites and/or mobile applications are placed there so that these, as well as the online services you have requested, can function properly (for more information, see our Cookie Policy by clicking Cookies at the bottom of our websites).

Our legitimate interest

We strive to achieve a fair balance between our legitimate interest and respecting your privacy. You can also exercise your right to object and ask us for information about the fair balance we strive for (see point 2.2 above).

We may process your data for profiling as part of our direct marketing (see above).

For example, we may process your data for profiling as part of fraud detection, management and prevention.

For example, we may automatically assign scores to claims; records with a score indicating an anomaly or potential fraud are then investigated by our specialists.

We kunnen bijvoorbeeld uw gegevens verwerken om modellen te ontwikkelen die wij vervolgens kunnen verwerken voor onder meer: (i) prospectie (zie hoger); (ii) het opstellen van bedrijfsinzichten; (iii)fraudeanalyse; (iv) automatisering van interne processen waarbij wij systemen ontwikkelen die wij geleerd hebben hoe zichzelf voortdurend te trainen om nadien zelfstandig bepaalde taken te kunnen uitvoeren, bijvoorbeeld: - de ontwikkeling van een autonome chatbot of virtuele assistent die onze klanten en partners snel en efficiënt kan bijstaan bij diverse vragen; - het ontwikkelen en verbeteren van een systeem dat onze inkomende post automatisch sorteert en toewijst aan uw dossier(beheerder).

We may process your data to develop models for purposes including:

(i)    direct marketing (see above);

(ii)  developing business insights;

(iii) fraud analysis;

(iv) automating internal processes to develop systems that we have continually trained to perform certain tasks independently afterwards, for example:

  • developing an autonomous chatbot or virtual assistant that can help our customers and partners quickly and efficiently with various questions;
  • developing and improving a system that automatically sorts and assigns our incoming mail to your account or account manager.

Your consent to the use of your personal data for one or multiple well-defined purposes. You may revoke your consent at any time and free of charge (see above).

  • If you have given us consent on our websites and mobile applications, we may use cookies or similar technologies that allow us to track and record your browsing habits in your customer profile, so we can optimise your experience on our websites and advertisements for our products (for more information, see our Cookie Policy by clicking Cookies at the bottom of our websites).
  • If we wish to make decisions that (1) are based solely on profiling and (2) that may produce legal effects for you or may significantly similarly impact you, then we cannot invoke a legitimate interest. In such case, we rely on either your explicit consent, a legal obligation or the need to conclude or perform a contract (see above). You will still have the right to refuse to have those decisions made based on profiling (see above).
  • You also have the right to object to profiling based on our legitimate interest (see above).
  • And you have the right to revoke your consent to profiling (see above).

If you wish to object to our processing of your personal data for profiling, revoke your consent or not to be subject to a certain decision based solely on profiling, please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

In some cases (Yongo & Uppie, MyAG Employee Benefits), you can also configure your preferences for commercial communications directly via your customer area on the relevant platform (Yongo, MyAG Employee Benefits).

Met de allergrootste zorg. Niet iedereen binnen AG heeft toegang tot uw gegevens. Enkel medewerkers die uw dossier behandelen, kunnen ze raadplegen en verwerken. Zij hebben een strikte geheimhoudingsplicht en gaan er heel bewust mee om. Maar er is meer: onze gespecialiseerde teams zorgen ervoor dat het technisch gezien onmogelijk is dat onbevoegden toegang krijgen tot uw gegevens en wij dragen uw gegevens niet zomaar over aan derden. We bewaren uw gegevens ook niet langer dan nodig en zoals wettelijk voorzien.

As a supporter of your life, we are very careful with how we handle your data and we take a range of measures to protect it.

Only collaborators who need to use your personal data to perform their duties can access it. They must also comply with a strict duty of confidentiality as well as all technical and organisational requirements to ensure the confidentiality of your personal data.

We may only disclose your data to others in certain cases and only if they have undertaken to process the data in a secure and confidential manner and process it only for the purpose for which they have received it.

For example, we will only be able to share your data with another party if we have a legal basis for doing so. The legal basis for sharing your data with others is determined in each case by:

  • the nature of the personal data we intend to share; and
  • the purpose of sharing it. Both conditions are cumulative.

 

If this includes health data and/or data relating to criminal convictions and offences, then:

  • we will only share health data to establish, exercise or defend a legal claim based on our legitimate interest (in which case you have a right to object, see above); or
  • we will only share health data under an occupational accident policy if there is a need to exercise specific employee rights under employment law and social security and social protection law; or
  • we will only share personal data relating to criminal convictions and offences in order to manage disputes in which we are involved based on our legitimate interest (in which case you have a right to object, see above); and
  • we base all other instances of sharing health data and personal data relating to criminal convictions and offences on your prior express consent (which you may revoke at any time free of charge, see above).

If we share “basic” personal data (i.e. non-special categories of personal data), the purpose of this will determine which legal basis we use; for example, we can only share “basic” personal data if:

  • we contract the recipient to perform certain services associated with our activities and, consequently, the data transfer is required in the context of an insurance contract; or
  • we are required by law to disclose your data to the recipient; or
  • we have a legitimate interest in sharing your data, in which case we strive to maintain a fair balance between our legitimate interest and respect for your privacy. In such case, you may exercise your right to object and ask us for information about the fair balance we strive for (see point 2.2 above); or
  • you have given us your consent to share your data (e.g. on the (web)form provided for this purpose), in which case you have the right to revoke your consent at any time and free of charge (see above).

 

Rest assured: we will never share your data if we have no good reason to do so. As a supporter of your life, we will NOT pass your data on to other parties for commercial use without your consent.

 

If we have a legal basis for sharing your data with another party, that party might be considered by law to be:

  • either a data processor;
  • or a controller of your data, and in certain cases, together with AG.

Both situations are governed by law in a different way, but in both situations we will protect your privacy as explained below:

Recipient = processor

  • A processor may only act on our instructions that we contractually stipulate.
  • A processor must follow our instructions and comply with the principles set out in our Privacy Policy.
  • We ensure in particular that our processors only receive the data they need to carry out their duties for us.

Recipient = controller

  • A controller does not act on our instructions.
  • However, we will ensure that it receives only the data that we are legally required to share or that it needs to perform its duties for us, or the data that we may share on the basis of your consent or a legitimate interest that justifies sharing the data.
  • If the recipient is a joint controller together with AG, we will inform you in the privacy clause in your insurance contract or on the relevant (web)form that another controller will also process your data.

 

Below are some examples of why we might share “basic” personal data (i.e. non-specific categories of personal data) along with the legal basis:

Recipient typical in the insurance sector

  • Your insurance intermediary (e.g. a broker, BNP Paribas Fortis, Touring or Protections): to perform your insurance contract
  • Insurance brokerages, their representatives in Belgium and their contacts abroad when handling a loss
  • Insurance companies in the case of co-insurance
  • Reinsurance companies and/or reinsurance intermediaries with or through whom we are reinsured  in order to comply with our contract obligations as an insurance company.
  • Experts, lawyers, technical advisers and bailiffs involved in a loss
  • Claims settlement organisations
  • Repairers that intervene in case of claims (e.g. Homeras NV, a subsidiary of AG, which coordinates urgent assistance or a repair in kind)
  • Medical consultants
  • Touring that takes care of car and roadside assistance and  in the event of an insured claim
  • Platforms for sharing data with car repairers
  • AssurCard (assurcard.be)
  • Your employer, if it has taken out insurance for your benefit
  • TRIP (Terrorism Reinsurance and Insurance Pool) asbl, founded pursuant to the Act of 1 April 2007 on insurance against damage caused by terrorism (https://www.tripvzw.be/nl/home/index.asp)
  • Assuralia (assuralia.be), as part of the scheme to speed up compensation for road accident victims (material damages) (https://www.datassur.be/nl/diensten/rdr)
  • Assuralia (assuralia.be), as part of the SIABIS + database for assistance insurance, intended for the federal police coordination centre and the traffic control centre in Wallonia (https://www.datassur.be/nl/diensten/siabis)
  • Assuralia (assuralia.be), as part of the SIPASS-Verpais platform, which is used for communication between insurers and public prosecutors on applications and information relating to consultation of criminal records with respect to traffic offences (https://www.datassur.be/nl/diensten/verpais)
  • Assuralia (assuralia.be), as part of Crashform, the mobile app for the European Accident Statement (https://www.datassur.be/nl/diensten/crashform)
  • Datassur (datassur.be[Legal1] ) in connection with the Verifleet service and platform, which enables certain vehicle fleet data to be exchanged between intermediaries and insurance companies.
  • TRIP (Terrorism Reinsurance and Insurance Pool) VZW, founded pursuant to the Act of 1 April 2007 on insurance against damage caused by terrorism (https://www.tripvzw.be/fr/home/index.asp)
  • Assuralia (assuralia.be), as part of the scheme to speed up compensation for road accident victims (material damages) (https://www.datassur.be/fr/services/rdr)
  • Assuralia (assuralia.be), as part of the SIABIS + database for breakdown insurance, intended for the federal police coordination centre and the traffic control centre in Wallonia (https://www.datassur.be/fr/services/siabis)

  • Supervisory authorities (e.g. NBB and FSMA)
  • Datassur (datassur.be) for Car@ttest, where policyholders have quick and direct access to their vehicle insurance claims history in the context of an insurance contract for car Civil Liability
  • (https://www.datassur.be/nl/diensten/carattest#_ftn1)
  • The eHealth platform (ehealth.fgov.be)
  • Assuralia (assuralia.be), as part of the database with 'ten-year liability' insurance certificates for professionals in the construction sector (Article 19/1-19/2 of the Act of 31 May 2017)
  • The insurance ombudsman in the event of disputes
  • Tax authorities and social administrations for compliance with our legal obligations as a health insurer

  • Private detectives for fraud investigations
  • Other insurance companies to combat fraud.
  • Datassur (datassur.be) to combat insurance fraud committed in the case of special risks (such as fire, accidents and other risks, including motor insurance) (https://www.datassur.be/nl/diensten/rsr)
  • Alfa Belgium (alfa-belgium.be ) and Datassur (datassur.be ), in connection with the use of Alfa Belgium's platform and "claims database" (managed by Datassur), which enables neutral information relating to motor vehicle claims (including certain data on the insured driver and the other party) to be collected and made available to insurers. This information can then be used by insurance companies to detect and combat fraud. For more information on your rights and on the processing carried out by Alfa Belgium:https://www.alfa-belgium.be/fr/privacy-statement.

Recipient not typical in the insurance sector

  • IT providers
  • Cloud service providers

  • External auditor

  • Consultants to advise on the functioning of AG as a company
  • Providers of data quality assessment services
  • Debt collection agencies
  • If some or all of AG's operations are acquired by a third party, your personal data might be forwarded to that party, but only if and to the extent that this isnecessary for the potential buyer to study, evaluate, negotiate and implement the acquisition if necessary.

  • Companies that use third-party cookies (e.g. the Facebook Like button) with your consent on our websites and mobile applications (for more information, see our Cookie Policy by clicking Cookies at the bottom of our websites)

If you have any questions about how we share your personal data (recipient category, legal basis, purpose(s), etc.), or how you can exercise your privacy rights, please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

In addition, to exercise your rights concerning:

•   the RSR file, you can always contact Datassur (Phoenix Building, 19 boulevard du Roi Albert II, 1210 Brussels, or privacy@datassur.be)

•   the claims data base, you can always contact Alfa Belgium (Phoenix Building, 19 boulevard du Roi Albert II, 1210 Brussels, or info@alfa-belgium.be)

You must include a copy of an identification document (or any other means of identification) along with your letter or e-mail. If you provide us with a copy of your identity card, passport or a similar document, you may remove any data that is not relevant to verify your identity.

Further information on Datassur's and Alfa Belgium's policy regarding the processing of personal data and your rights as a data subject is available at https://www.datassur.be/fr/privacy-notice-fr (Datassur) and https://www.alfa-belgium.be/fr/privacy-statement (Alfa Belgium).

We might transfer your data to a third country outside the European Economic Area (EEA) if we have a legal basis for doing so (see above).

In this case, we will ensure that an adequacy decision has been made for the third country in question, which means that the European Commission has determined the third country concerned to provide an adequate level of protection for personal data. A list of third countries with an adequacy decision

can be found at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/ adequacy decisions_en.

If the third country in question does not have an adequacy decision, AG will protect your data by increasing IT security and demanding that an increased level of security from its international partners be contractually stipulated using the standard data protection contractual clauses for data transfers adopted by the European Commission. If, in any case, these standard clauses do not yet guarantee that the level of protection of your personal data in the third country is adequate, we will require additional technical, contractual and/or organisational measures to be contractually stipulated to ensure such level of protection.

We have technical resources and specialist teams dedicated to protecting your personal data. This is to prevent unauthorized persons from accessing, processing, modifying or destroying the data. Furthermore, when we process personal data, we will aggregate and pseudonymise it as much as possible.

If we process your personal data, we will limit ourselves to the personal data that is strictly necessary for the purposes (see above) for which it is processed.

We only process your personal data if and for as long as there is a specific purpose. This means that we will store your personal data:

for the entire term of your (insurance)contract, but only for as long as we so require  »  to perform your (insurance)contract and manage claims

and/or

for as long as is necessary to achieve the stated purpose » for which you gave us consent, e.g. on a (web)form or otherwise

and/or

for as long as is necessary to comply with our obligations » imposed on us by legislation and regulations

and/or

for as long as is necessary to achieve a legitimate purpose » that is in our legitimate interest

Once all the stated purposes have been achieved, the data will be stored until the:


applicable statutory retention period expires, in which case we will only store personal data that is necessary to establish legal claims or to defend ourselves against legal claims. In the event that a legal claim is brought against us, we will retain the personal data for as long as is necessary to defend ourselves against the claim » Examples:

  • claims arising under the (insurance)contracts
  • claims arising from a lossen 
and

retention periods imposed by applicable laws and regulations expire,

in which case we will only store personal data that we need to comply with our legal, regulatory or administrative obligations » Examples:

  • We are obliged by the tax authorities under accounting and tax law to keep supporting documents for a certain period of time.
  • AG is obliged under AssurMiFID to store certain information for at least 5 years in order to enable the FSMA to exercise its supervisory duties.
  • We are required to store certain data in order to assist the CFI or other competent authorities in preventing, detecting or investigating suspected cases of money laundering or terrorist financing.
  • Pursuant to the legislation on whisteblowing, we are required to retain certain data until the reported breach is time-barred.
  • We are required by FATCA/CRS to store certain customer identification data for a certain period.

As soon as the statutory retention periods and any other applicable retention periods imposed by legislation or regulations expire, we will delete or anonymise your personal data.

Please note that, in some cases, we are required by law to delete personal data after a certain period. For example:

  • The images we obtain via surveillance cameras in and around our premises are deleted after one month, unless they help to provide evidence of one or more incidents, in which case, they may be kept for as long as necessary to provide such evidence.
  • Telephone call recordings to promote the quality of service are deleted after 30 days, unless they help to provide evidence of one or more incidents, in which case, they may be kept for as long as necessary to defend ourselves.

We do not generally process this type of data. But sometimes we have to process your health data, while still protecting your privacy:

We will process your health data only if:

  • either, specifically with regard to the occupational accidents policy, to the extent necessary to exercise specific employee rights under employment law and social security and social protection law (e.g. when we handle an accident at work covered by the occupational accidents policy that your employer has taken out);
  • or, for the purpose of establishing, exercising or defending a legal claim;
  • or, in all other cases, after we have received your explicit consent:
    • e.g. when we manage certain insurance contracts (life or hospitalisation insurance, insured income, occupational accidents insurance, etc.) or when we handle a physical loss case.
    • through a consent clause in our contractual documents or standard forms, or through another person involved (e.g. your employer in the case of professional insurance)

When we process your health data, we will do so with the utmost care:

  • Only our employees who need to use your personal data to perform their duties can access it.
  • They may process those data only to achieve the purpose for which you have given consent, or for the purpose of establishing, exercising or defending a legal claim, or, specifically, in the case of an occupational accidents policy, to the extent necessary to exercise specific employee rights under employment law and social security and social protection law.

We process personal data about criminal convictions and offences in the course of our services. We only process this kind of data if it is needed to manage disputes or if you have given us your explicit written consent.

We also protect the personal data we receive online

When you submit personal data to us through one of our websites or mobile applications (e.g. when you apply for an insurance quote online or through cookies or similar technology), we use that personal data in accordance with this Privacy Policy and you are entitled to exercise the same rights as those described herein.

We also have a Cookie Policy

  • If you access one of our websites from one of our mobile apps, you can choose whether or not to accept cookies (and other technologies that collect data and information about your surfing behaviour)
  • For more information,visit www.ag.be + Click Cookies at the bottom of the page.
 
We bring to your attention the existence of terms and conditions, and privacy conditions of third parties
 
  • Our websites and mobile apps may sometimes contain links to third-party sites (social media, organisers of events we sponsor, etc.)
  • If you wish to communicate with us through services offered by third parties (e.g. WhatsApp and Facebook Messenger), those third parties may be able to process your data
 

The terms of use and how your personal data is possibly used by those third parties fall neither within the scope of this Privacy Policy nor under our responsibility. » We recommend that you read the privacy policies of those third parties carefully so that you know how they protect your privacy and possibly process personal data.

In een veranderende wereld waarin ook de technologie nooit stilstaat, kan deze privacyverklaring wijzigingen ondergaan. We zorgen er steeds voor dat u online de meest recente versie van deze privacyverklaring kan raadplegen. Via een banner op de internetsite van AG www.ag.be en eventueel via andere gebruikelijke communicatiekanalen houden we u hiervan op de hoogte. 

Contact

If you have questions for us about your privacy, please get in touch by email or post.

Our ‘Data Protection Officer’ or ‘DPO’, that is our specialist in the matter, will get back to you within one month.

AG, Data Protection Officer, 53 boulevard Emile Jacqmain, 1000 Brussels, AG_DPO@aginsurance.be

If you have any complaints about how we handle your privacy, please contact the Belgian data protection authority: Data Protection Authority, 35 rue de la Presse, 1000 Brussels, contact@apd-gba.be, +32 2 274 48 00

Download the privacy notice in pdf

Cookie Policy

Read more

Manage your cookie preferences

Adjust cookie preferences