WBNetADD connect
Direct contact

+32 16 43 11 00


info@add.be Contact us

You are here

Privacy

ADD NV Privacy Statement

 

Part 1: To safeguard your privacy, we must work together

Your privacy is very important to us. Our aim is to process personal data in a manner that is lawful, fair and transparent. In this Privacy Statement, we explain which of your personal details we collect from you as a natural person and then process.

The data referred to in this document concerns details that we have on you as a (prospective) policyholder, insured person, payee or other data subject, such as a contact at a company, agent holding power of attorney, aggrieved party, victim, counterparty, witness, expert, insurance broker, etc. Regardless of the capacity you act in, your rights are the same and ADD treats your details with equal care.

1.1 Make sure you read all of this information and look at what action is open to you.

We recommend that you read this information carefully, so that you know the purposes for which ADD uses your data. This Privacy Statement also contains more information about your privacy rights and how you can exercise them.

ADD may make amendments to this Privacy Statement. The most recent version is always available at https://www.add.be/privacy. In the case of important substantive changes, ADD will inform you via its website, ADD Connect or other communication channels.

You will also find more information about the Belgian data protection legislation on the website of the Belgian Data Protection Authority (previously called the Privacy Commission) at www.dataprotectionauthority.be.

1.2 ADD takes great care when dealing with your personal data.

ADD NV is an insurance broker with registered office at Industrieweg 1, 3001 Heverlee.

ADD is a member of the KBC group.

ADD operates in Belgium and also abroad via a network (Worldwide Broker Network).

ADD insures business customers and private individuals. That means that ADD acts as an intermediary between you as customer and an insurance company when arranging insurance policies and in fulfilling its role and mediator during the policy term.

ADD is a member of the Worldwide Broker Network ('WBN'), an international network of insurance brokers. Thus, via placing brokers, ADD can help insure your undertaking in foreign countries. To do this, certain personal details concerning the contact dealing with the insurance file at your business and the insured persons need to be transferred to the WBN broker.

In addition to the WBN, ADD also itself operates in selected countries for customers wanting to take out insurance outside Belgium. Most such cases involve France and Luxembourg.  In exceptional cases, other countries may be involved in any part of the world.

You will find more information about what ADD does on its website at www.add.be.

1.3 Contact ADD if you have any questions about the processing of your data.

If you have questions about data protection or if you wish to exercise your rights, you can contact ADD by one of the following means:

  • Call or e-mail your permanent contact.
  • Complete a contact form on the website at www.add.be (under the ‘Contact’ tab).
  • Contact the welcome desk at one of our regional head offices (in Heverlee or Merelbeke; www.add.be).
  • Pop into one of our regional head offices (in Heverlee or Merelbeke; find us via www.add.be).

 

Part 2: Your right to privacy.

You have a lot of rights when it comes to processing your data. When ADD asks you for consent to process your data, you can subsequently withdraw that consent again any time you wish.

2.1 You can inspect your data.

If you would like to inspect the data that ADD processes about you, let them know. Corporate customers see certain details themselves without a request, such as via ADD Connect.

If you exercise your right of inspection, ADD will give you as complete a list as possible of your data. It can happen that some personal data from the usual back-up files, logs and stored records is not included in that list. Nonetheless, it does get removed from such files in the course of subsequent routine cleaning-up processes

2.2 You can have your data corrected.

It can happen that certain information held on you by ADD is not (or or is no longer) correct. You can ask for the data to be corrected or completed at any time.

2.3 You can have your data deleted.

If you suspect that ADD is unlawfully processing certain data, you can ask for it to be deleted.

2.4 You can object to your data being used for certain purposes.

If you disagree with how ADD invokes its legitimate interests to process certain data (see 3.4), you can object. We shall heed objections unless there are overriding grounds not to do so, such as when we process data with a view to combating fraud.

2.5 You can ask for your data to be transferred to a third party.

You are entitled to ask for personal data that you yourself have provided to ADD to be transferred back to you or to a third party. The data protection laws do lay down a number of restrictions on exercise of this right, so that it is not applicable to all data.

2.6 You may exercise your rights.

Be as specific as possible any time you wish to exercise your rights. ADD can only properly answer queries couched in sufficient detail. ADD will need to verify your identity in as much detail as possible in case someone else tries to exercise your rights. We may therefore ask you to provide ID when such a request is made.

Do you have a question or a comment? If so, please get in touch with your permanent contact or surf to the 'Contact' tab on the website at www.add.be, Or by e-mailing privacy@add.be. This is your primary point of contact in relation to privacy matters.

If you have a complaint about the exercise of your rights, ADD Complaints Management will be happy to look into it.

ADD Complaints Management, Industrieweg 1, 3001 Heverlee

via ADD's digital channels, including its website at www.add.be – Contact – Contactformulier

If you cannot obtain adequate resolution of the matter by the above routes, you can contact the ‘Data Protection Officer’ at ADD by writing to ADD NV, F.a.o. the Data Protection Officer, Industrieweg 1, 3001 Heverlee.

If you would like more information or if you do not agree with the standpoint adopted by ADD, be sure to visit the website of the Belgian Data Protection Authority at www.dataprotectionauthority.be. You can also lodge complaints there.

 

Part 3: ADD has many reasons for processing your personal data.


3.1 ADD has to comply with certain legal requirements.

The main legal grounds for ADD having to process certain information about you are summed up here.

  • The legislation on insurance distribution obliges insurance brokers to analyse the wants and needs of prospective policyholders in the lead-up to taking out a policy. It is sometimes necessary to categorise customers in the course of doing so. Natural persons are automatically classified as non-business customers though they may be regarded as being in the business category in certain circumstances. Where insurance brokers give advice on savings-type and investment-type insurance, then, depending on customer type, they have to gather information about the customer’s knowledge and experience, financial capacity, investment objectives and attitude to risk/return in relation to the products offered.
  • Insurance brokers must deploy all possible means to prevent and uncover money laundering and report it to the authorities, and so ADD has to take appropriate steps in this regard as well. For example, they have to gather data on customers and groups of customers or issue risk alerts.

Specifically, for certain life insurance policies, ADD has to:

  • identify you as a customer, representative or ultimate beneficial owner;
  • verify your identity;
  • determine your profile (in relation to the risk of money laundering), which involves collating various personal and business details, such as whether you're a politically exposed person;
  • check your actions and transactions and prevent certain transactions and report them to the Financial Intelligence Processing Unit.

In doing so, ADD uses details given to it by you plus data that can come from other channels (like Thomson Reuters's World-Check, Graydon, Dun & Bradstreet, Trends, Company Web and Internet search engines).
For example, ADD has to be in possession of a recent copy of your identity card. This is why Add requests a copy of identity cards when insurance is contracted that falls under the money-laundering rules.

  • Insurance brokers are required to prevent, discover and/or report abuse of inside information or market manipulation and to report suspicious transactions to the authorities.
  • Insurance brokers that take responsibility themselves for collecting insurance premiums from their customers have to take care of processing such transactions in books of account.
  • In the context of the fight against terrorism and the sanctions rules, insurance brokers are required to screen customer details against sanctions lists. Transactions are also monitored. In some cases, underlying documents are requested and payments may be held back. Here, too, ADD uses outside sources such as Thomson Reuters's World-Check.
  • Insurance also have responsibilities in tracing policyholders and beneficiaries under life policies in the context of activating dormant insurance contracts.
  • Insurance brokers are responsible for appropriately controlling risk (including at group level). They are required to detect, prevent, mitigate and address risks. These include information management and statutory compliance risks, the risk of staff, customer and/or supplier fraud, and the risk of unethical behaviour by staff or breaches by them of their duties of care. This risk management has to be ensured at both central level (gathering data on customers and groups of customers) and local level (e.g. by disseminating risk alerts).
  • Insurance brokers also have to respond appropriately when you exercise your rights under the data protection legislation: they are also required to answer questions from the Data Protection Authority, e.g. where a complaint is made.
  • Insurance brokers must submit reports to, and be able to answer questions from, the regulators of financial institutions, such as the Financial Services and Markets Authority (FSMA) (www.fsma.be) and the National Bank of Belgium (www.nbb.be) in the context of the supervisory legislation.
  • Insurance brokers are also obliged to respond to enquiries from the judicial authorities (police, prosecutors and the bench, investigating judges and courts. These concern questions in the context of police legislation and (criminal) judicial procedure (including the Judicial Code and the Criminal Procedure Code).

3.2 ADD has to be able to assess whether an agreement or service may be contracted.

Before ADD is able to intervene to contract insurance with an insurance company, it can happen that certain details need to be processed in order to deal with the application and make a correct assessment of whether the contact is feasible and, if so, under what conditions.

Thus, ADD needs to collect details on you so as to:

-     gain a proper view of the insurance needs (in a meeting, a completed insurance application, etc.);
-     assess which product from which insurance company could provide appropriate cover for your risk;
-     pass the right information to an insurance company or to insurance companies;
-     be able to contact you with a tailored proposal.
- …

This applies for both non-life insurance (like car insurance, property insurance for your business) and life insurance (like group insurance or loan balance insurance). In the latter case, it can happen that certain health details will be processed. This may be so where, in correspondence further to your request to take out insurance or open a claim file, you have already included medical info. Your medical details are processed in accordance with Article 4.3 (Medical data), which sets out the health policy of ADD.

3.3 ADD must be able to perform a contract correctly.

  • As a customer of ADD, you use a number of services, which ADD, as an insurance broker, has to process for administrative and accounting purposes.
  • There have to means of contacting ADD.
  • There are a number of channels you can use to communicate with ADD including telephone, e-mail, letter, going to one of our offices, via ADD Connect, the website at www.add.be via Contact – Contactformulier. In some cases, ADD may use the contact and security data for those communication channels for the purposes of communication and carrying out checks. Examples include login details, passwords and certificates.
  • ADD passes personal data given to it by you on to insurers and may also pass it on to other parties like loss assessors. Thus, ADD will forward the insurance application completed by you on to the insurance company.
  • ADD also exchanges data with its commercial partners.

ADD has to give information and data to the insurance company in order to fulfil its role as an intermediary between customer and insurer.

The purposes for which an insurance broker processes data include:

  • keeping information received from customers in an electronic file for further monitoring purposes
  • forwarding information received on to the insurance company (e.g., to prepare a policy, open a claim file or settle a claim).
  • discussing an insurance file with the insurer
  • collecting and recovering premiums that fall due
  • etc.

To do so, ADD sometimes requires to submit certain personal details to internal or external specialists for an assessment of bodily injuries or losses to which value can be attributed, as also to relevant third parties (such as co-insurers and re-insurance companies, lawyers, lease companies, repairers or relevant government agencies such as the Industrial Accidents Fund).
ADD also exchanges necessary information with WBN partners if you want to insure risks abroad using ADD and the WBN.

3.4 ADD has to be able to function as a business.

This is known as its ‘legitimate interests’.

In addition to the purposes set out above, ADD, as a commercial business, also has a number of legitimate interests that form the basis for processing personal data. In that regard, ADD ensures that the impact on your privacy is kept to a minimum and that, in all events, ADD’s legitimate interests remain proportionate to the impact that upholding them has on your privacy. If you nonetheless object to this data being processed, you can exercise your right to object.

There are various situations in which personal data is processed.

  • ADD uses the basic data set to carry out surveys, to develop risk, marketing and other models, and to produce statistics; in all these cases, links to identifiable individuals are ruptured as soon as practicable. ADD may develop these models for different purposes: customer analysis, fraud analysis, process analysis, risk analysis, etc., and may subsequently apply them either generically or to individuals.
  • Personal data can be used as evidence (stored records),
  • It can also be used for ascertaining, exercising, defending and safeguarding the rights of ADD or of those it represents (e.g., in disputes).
  • It may be used to create synergies, raise efficiency or generate other organisational or process-related benefits.
  • Data processing may be done to ensure the safety, security and surveillance of persons and goods. Personal data can be used for the administration, (risk) management and oversight of the KBC group's organisation, such as the legal department (including dispute management and legal risks), compliance (such as prevention of money laundering and fraud, protection of investors and consumers, and privacy), risk management (such as credit risk and insurance risk vis-à-vis customers and customer groups worldwide), risk functions and inspections, complaints management and internal and external audit.
  • It can be used for supporting and simplifying the acquisition, and termination of products and services by customers, including avoiding your having to again submit information already previously given and also to send you messages for a service you have signed up for from us, in order to, say, make it easier to use.
  • It can be used to put together an improved proposal or qualify for a discount.
  • ADD may also may pass limited details about you and your insurance to members of your family or other related parties if this is needed to ensure an appropriate service, such is to avoid over-insurance.
  • We can used it to position ourselves in relation to our direct and indirect competitors.
  • Whilst apps are being developed, tests need to be carried out using personal data, including the final acceptance test before an app can be put into production.
  • Personal data can be used to assess, simplify, test and improve processes, applications and designs by, say, optimising campaigns, simulations and sales on our website (e.g., by reviewing simulations (whether completely filled in or otherwise), statistics, satisfaction surveys or the information communicated by cookies (default settings and browsing history on the website).

3.5 ADD uses your personal data for direct marketing

ADD wants to be able to make proposals to you as a representative of your business concerning an extensive range of insurance policies and services. It may do so in response to explicit requests or where ADD has an idea that you might be interested in or could benefit from a given product or service .

To make such proposals, ADD uses a basic set of personal data pertinent to you as contact, representative or relevant person at the business, including:

  • who you are,
  • your job,
  • your contact details,
  • the products you have and those you have no interest in.

The sole aim is ultimately to be able to contact you with insurance information we can assume is of interest to your business.

If, in certain situations or for certain projects, ADD wishes to use additional personal data, we will ask for your consent.

These proposals can be received by you in all sorts of ways: via the Internet and via apps, by e-mail, by post, by phone and at events. In addition, ADD likes to keep up with the constantly evolving range of new technologies. ADD is at pains to ensure that information is provided in a way that's clear and will choose the most appropriate channel to inconvenience you as little as possible.

ADD imposes a number of restrictions on itself:

  • ADD takes care in handling your personal data as a prospect. E.g., marketing material is only e-mailed to you with your consent.
  • ADD does not use spyware.

If you as a natural person do not want to receive any publicity whatsoever, you should exercise your right to object to direct marketing.

When ADD offers you something, you're under no obligation to take it but it wouldn't do so it it weren't certain that it would truly be of service to you.

3.6 ADD will not sell your personal data

ADD does not sell or hire your personal data to third parties for their own use, unless you opt for this yourself and give your consent.

3.7 ADD also shares information with other KBC entities.

In its function as an insurance broker and service provider, ADD also exchanges information with other KBC entities (e.g., KBC Insurance and KBC Autolease).

If there are good reasons for doing so, for example those listed in part 3, above, data may also be made available to other KBC entities in Belgium or abroad. Or it may be processed if it has been lawfully collected from another KBC entity in Belgium or abroad. Naturally, this is only possible provided there is no legal impediment, such as a confidentiality obligation or data protection legislation.

Information exchanges concern not just personal data but also information on legal persons, such as for the reasons listed above in this part 3. The practice of exchanging information on legal persons is particularly justified by KBC's desire to provide the support services it does in a manner that is efficient, mainly because its doing so means that each KBC group entity has the same overview of the customer relationship, complete to the same extent, and that they are all able to issue messages of a commercial nature explaining the KBC group's financial services and products.

 

Part 4: ADD uses different types of data depending on the intended purpose.

ADD processes your personal data for a variety of purposes. The different types of data that exist are set out below.

4.1 They are information that's used to identify you, to contact you and to offer you the right advice

What data ADD uses for which purpose is also explained below.

Data used to IDENTIFY you

Name, sex, date of birth, nationality, address, identity card, customer number, national registration number, vehicle registration number, driving licence, your position within a company (as a contact within an ADD business customer).

Data used to CONTACT you (securely)

This information includes your telephone number, e-mail address, language and your user name in social media. However it also covers technical details such as identifiers for the devices you use (such as your Mac address, IP addresses or unique identifiers for your devices).

To give you proper ADVICE and SERVICE

The information stored by ADD includes:

  • the products you have acquired and that you use (non-life and life insurance);
  • your potential interest in insurance products and previous advice from us to you in this regard;
  • your customer profile: based on the insurance you have taken out via ADD, ADD may analyse and detect your needs and advise you in this regard;
  • your family situation (mutual relations, family composition; civil status, etc.
  • your occupational experience;
  • your health (if related on the relevant documents that you pass to us);
  • your salary (if of relevance to the policies to be contracted);
  • your feedback (past suggestions and complaints, answers to satisfaction surveys), so that they can help in serving you better in future.
  • the information that you provide to us (such as in insurance applications, by e-mail, in letters, etc.) to be able to initiate and manage insurance files;
  • the information provided to us by an insurance company within the context of our role as insurance broker (such as insurance policies, notes of charges or claims settlements);
  • the information that we receive from brokers in the WBN;
  • the information received by us from third parties in connection with your insurance file (such as loss assessors, lawyers or lease companies);
  • ...

 

4.2 Information in the public domain and information obtained through third parties

ADD sometimes processes public data.

  • This might include information subject to a reporting duty (like being appointed a company director).
  • Data you yourself place in the public domain such as information on your website, your blog or via your publicly accessible social media profile, or information about you that ADD obtains from third parties (e.g., members of your immediate family).
  • Or data that is in the public domain, say, because it is common knowledge in your area or because it has appeared in the press. Information from sources such as the companies register and Graydon also fall into this category.

ADD may also receive personal data via third parties, for example by buying it from companies such as Trends or Company Web, which are responsible for making sure that information is gathered using lawful means.

Public data and data obtained via third parties may be relevant and may be used for the purposes set out by ADD in this privacy statement, it may be used to verify the accuracy of the information held by us and it may serve to support direct or indirect marketing campaigns.

4.3 Medical details

Health details are personal data relating to the state of your physical or mental health and include details of health services you've received that provide you with information as to what your state of health is.

ADD processes some of your medical data.
In principle, ADD only processes your medical data if it has a bearing on its role as insurance broker.

ADD processes medical data with particular care.

  • For instance, if you have to complete a medical questionnaire before taking out hospitalisation insurance or life insurance, we ask you to send the completed form directly to the insurance company's doctor.
  • For the most part, ADD only processes medical data so as to pass it to the insurance company. These documents that you send to us are not therefore retained by us.
  • However, if you mention medical details in your general communications with us (by e-mail or letter, for instance), such communication will be retained in our records.
  • Thus, when it's necessary, the processing is done under the supervision of a professional healthcare practitioner (typically a doctor or physiotherapist). medical data is given a special classification of its own and, as a rule, is separately filed to alert staff to its sensitive nature. ADD staff are furthermore bound under a strict duty of confidentiality and are given special training in this regard.
  • ADD also provides insurance companies with medical data provided to us by you (like hospital bills or certificates of temporary work disability) so as to substantiate your claim and so that you are paid.
  • Where medical data is passed to a third party (like an insurance company), this is done with appropriate care to ensure that the info is sent to the right person.

ADD only requests your consent to be able to retain medical data.

4.4 ADD retains data from offers, insurance applications, etc.

When you fill in an ADD form, they naturally process the data needed to administer the relevant matter at hand.

  • It can be an insurance application or some other app that ADD provides that you complete in order to receive an offer of an insurance policy. When this is done, your details may be stored. A number of details no longer have to be retrieved. You will nevertheless sometimes be asked to check that the information is complete and up to date.
  • Some details will be pre-populated on the form if they are available; you will still be able to revise them.

4.5 What you tell ADD staff members may be processed.

If you contact an ADD staff member at one of our offices, by telephone or via chat, etc., this is generally registered:

  • in order to constitute a record of what contacts there are between us and our customers;
  • so that there is a (short) record of what was said during that contact;
  • to remind our employee what still needs to be done.

Even if you are not a customer, ADD will store such information as you disclose. That information can be used if you become a customer subsequently.

By adopting this approach, ADD seeks to avoid your having to constantly provide information or answer questions a second time. It also allows us to improve the continuity of our service to you.

4.6 Written ADD correspondence is carefully monitored.

If you use e-mail to contact ADD or if you have digital communication channels that ADD uses (e.g., the website at www.add.be or ADD Connect), ADD can use them to intimate to you its statutory and official communications.

Correspondence with staff members in their capacity as ADD employees (sent to an office address, an office fax or a job-linked or personal ADD e-mail address, etc.) is deemed to be business-related and may therefore be examined in the context of:

  • their duties;
  • the production of evidence;
  • workplace checks;
  • security;
  • the fight against fraud;
  • optimisation and/or continuity of service  to help ADD staff to correspond with you quickly and efficiently.

4.7 Recording telephone, video and chat conversations ?

ADD does not record telephone conversations. Your voicemail messages are, by contrast, recorded and listened to on mobile phones.

If you wish, you can also chat with ADD. If they are of relevance for execution of your policy, such conversations are stored in our applications.

4.8 More than just your own personal details may be involved.

If you have a company or children, for example, you agree that ADD can also keep a record of those relationships and process the details of any associated persons. We may also process personal details of parties we have no direct relations with but who are involved in a relationship with us, like being the beneficiary under a life insurance policy or as a usual driver under a car insurance policy, or as a witness to an accident. And, if you provide information about your family members or related persons, we ask you to inform them of that fact (e.g., of a change of address that you've forwarded to us). If necessary in order to provide services as befits, we may also pass certain information on you and your insurance policies to members of your family or related parties, to avoid over-insurance for instance.

This has the following implications for legal persons.

  • You agree that you're amenable to ADD's processing data relevant to the relationship with associated legal or natural persons as well as the details of those entities (e.g., parent company, subsidiaries, representatives, ultimate beneficial owners).
  • In addition to the personal details of contact people, ADD also naturally stores details of your business.
  • Please note that legal entities may only provide us with personal details of natural persons associated with them if those persons are sufficiently informed of this and, where necessary, have given their consent.
  • The legal entity accordingly indemnifies ADD in respect of all liability in this regard (vis-à-vis those concerned). For example, the company is responsible for complying with the data protection legislation when it submits lists of users for online applications or of beneficiaries of employee profit-sharing bonus programmes.

 

Part 5: Security and confidentiality

5.1 Not everyone can inspect your data at ADD

ADD takes the necessary steps to secure your data.

ADD is organised in a way that, when certain staff are absent, other staff can continue to work on files. Moreover, staff that administer an insurance policy have to be able to see the terms of the offer that was issued. And claims managers involved in settling insurance claims have to be able to see the policy conditions, and so on.

Therefore only the confidential and sensitive information is stored in a partitioned-off compartment of your file. This information can only be accessed by the group of staff that process it.

Only those with appropriate authorisation can access personal data, and then only if it is relevant to the performance of their duties. Within ADD, your personal data is in principle only processed and consulted by certain departments that:

  • you have a contractual relationship or contact with, or had one in the past or would like one in the future;
  • require to be involved in the provision or aftercare of services;
  • fulfil legal requirements (at group level) or requirements imposed by regulators or stemming from corporate governance principles;
  • that are tasked with preventing fraud, including money laundering, by employees and customers.

For example:

  • In a ‘total loss’ motor vehicle accident under a fleet file, the claims manager informs the contract manager that the vehicle can be removed from the insurance policy.
  • In relation to prevention of terrorism, we notify our compliance operatives.

Persons who are authorised to consult your data are moreover bound by a strict professional duty of confidentiality and must abide by all technical instructions to ensure the confidentiality of your personal data and the security of the systems in which the data is held.

5.2 Your data is processed at a limited number of locations.

ADD uses the services of several processors to process personal data. These are companies that process data on the instructions of ADD.

5.2.1 Processors characteristic of the insurance sector

ADD uses specialist third parties in Belgium and abroad to perform some processing operations. Such parties include:

  • insurance companies for drawing up offers, insurance contracts and administering and settling claims files;
  • insurance brokers that operate worldwide:
    (via the WBN (www.wbnglobal.com) or https://live.origamirisk.com) for the purposes of insuring international risks;
  • the management platform for accruing supplementary pension rights (‘E-gor’: www.harukey.be) with information for cooperation between insurance companies, insurance brokers, accountants and you as customer;
  • the Gloriant platform (www.xpofleet.com) for management by you as a business customer of large and small car fleets (if you have opted for it);
  • lawyers and other consultants;
  • loss assessors;
  • lease companies;
  • repairers and repairs of broken glazing;
  • Veridass;
  • etc.

5.2.2 Other processors

ADD may also make direct or indirect use of other processors, such as:

consultants;

  • ICT (security) service providers like Microsoft, Fortinet, OOdrive, IBM and Amazon;
  • marketing and communication agencies and similar companies, whereby ADD uses personal profile information on you that is held by them to be able to make targeted proposals to you via their channels (e.g., Google, Facebook, etc.);
  • companies that support ADD in identifying and analysing your user behaviour in our apps and on our websites (e.g., Exabeem);
  • companies specialising in digital information archiving and access;
  • companies specialising in solvency investigations;
  • companies specialising in health and safety;
  • etc.

5.2.3 Processors outside the EU

When ADD uses the services of processors, data may end up in countries where those processors’ data centres are located.

In the cooperation arrangements with WBN partners, it can happen that, for these specific foreign insurance contracts, personal data may be located outside the European Economic Area.

The law in countries outside the EEA (like Israel, the United States of America and India) doesn't always afford the same level of data protection as in EEA member states. Where a non-EU country is viewed by the European Commission as not offering an adequate level of protection, ADD can cover the deficiency by, say, contracting with those processors according to a model approved by the European Commission.

5.3 ADD takes specific measures to protect your data.

ADD ensures that strict rules are followed and that the processors concerned:

  • only have the data they need in order to perform their tasks;
  • give ADD a commitment that they will process the data securely and confidentially and only use it for carrying out the instructions issued to them.

ADD declines liability if a local processor is able (according to law) to pass customers' personal data to local authorities.

ADD takes internal technical and organisational measures to prevent personal data finding its way into the hands of, or being processed by, unauthorised parties or being accidentally altered or deleted.

Strict security measures are in place to protect premises, servers, the network, data transfers and the data itself,

To make online access to insurance as secure as possible, security experts at ADD continuously analyse cyber-criminal activity so that they can hone the relevant security measures accordingly. ADD has the support of security experts at KBC Group (see also www.kbc.be/secure4u) as well as by outside cyber experts to ensure it has the best possible security in place.

Together with you, we need to be aware that information shared by e-mail can sometimes be intercepted and, where possible, we must aim to use a different means of communication or to limit the amount of information sent.

ADD websites and apps may contain links to websites or information of third parties. ADD does not check such websites or information. Parties offering these websites or this information may have their own privacy policies in place, which we advise you to read. ADD is not responsible for the content of those websites, their use or their privacy policy.

It sometimes seems easy to make personal data known via social media like LinkedIn.

Bear in mind that these channels have their own terms of use, with which you must comply. Publishing information on social media may have (undesirable) consequences, including for your privacy or that of persons about whom you share information. You may not be able to delete such published information quickly. You should therefore assess the consequences yourself, because the decision to disclose information on such media ultimately lies with you. ADD does not accept any responsibility in that regard.

5.4 ADD does not keep your data for ever

ADD uses your personal data where it has a clear aim in mind. Once that aim no longer exists, ADD deletes the data. As an insurance broker, ADD has to show that we have provided you with sufficient information.

ADD keeps the details in your file for seven years after termination of the insurance contract.

For business customers, personal data are kept for seven years after termination of the last contract.

The details that you provide to ADD so that it can produce an offer will, when the policy is taken out, form part of the file that we maintain in order to defend your interests in relation to that insurance. If the policy never comes into being, we keep the details that you provide us with when requesting an offer for a further five years after your initial request. That way we are able to further help you if you change your mind and decide after all to take out the insurance policy. That way, we can help you further and avoid you having to give us the same information or answer the same questions.

If the result of the offer led to an insurance policy being drawn up, this info is kept until seven years after termination of the insurance policy.

Medical data is retained only to a limited extent and no longer than seven years after contract termination. ADD keeps such data to be able to defend you rights vis-à-vis the insurance company.

Personal data on potential customer prospects is used by ADD for five years unless, in the meantime, there has been contact with the prospect. In that case, a new five-year period starts. Prospects can always ask for their personal data to be removed.

5.5 ADD does not simply respond to questions from third parties without consideration.


5.5.1 It adheres to its confidentiality obligation.

ADD obeys its confidentiality duties and the data protection legislation and we will only answer third-party queries if (i) they arise pursuant to a legal requirement or a legitimate interest; (ii) doing so is a prerequisite for performing the relevant contract; or (iii) the data subject has given permission for us to do so.

In the last case, it actually advises requesting the information directly from the data subject.

ADD declines liability if, under applicable (foreign) legal obligations, the lawful recipients of personal data require to pass personal data about customers on to the local authorities or process it without an adequate level of security.

5.5.2 Third parties must direct enquiries to the registered office of ADD NV, Industrieweg 1, 3001 Heverlee.

If you as a third party have queries about customers, for example because you work for the police or are a notary public or lawyer, you can contact ADD NV's Third-Party Enquiries department, Industrieweg 1, 3001 Heverlee. This specialist department will answer your question bearing in mind its secrecy obligation and the privacy legislation. Our staff and other departments will therefore refer pass your enquiry on.

5.6 You can also help protect your data

There are certain aspects of (technical) data processing over which ADD has no or insufficient influence and is unable to guarantee total security. Examples include the Internet or mobile communications (e.g., smartphones).

If hackers are active, ADD does not always succeed in defeating their cyber-attacks in time. It sometimes does not even know that it is happening, for example if a hacker manages to obtain your identification details by installing illegal software on your computer (spyware) or by creating a fake website (phishing).

ADD invites you to regularly refresh your knowledge of safe Internet use. Various sites give you tips and recommendations for keeping things safe:

https://www.belgium.be

https://www.ccb.belgium.be

https://www.kbc.be