GB Life Luxembourg - Privacy notice

  • GB Life Luxembourg does not use your personal data to do direct marketing.
  • GB Life Luxembourg will not sell your personal data

 

GB Life Luxembourg takes care in handling your personal details

We recommend that you read this information carefully, so that you know the purposes for which GB Life Luxembourg uses your data. This privacy statement also contains more information about your privacy rights and how you can exercise them.

Your privacy is very important to us. Our aim is to process your personal data in a manner that is lawful, appropriate and transparent. In this privacy statement, we explain which of your personal details we collect from you as a natural person and then process.

You can find more information about the Luxembourgish privacy legislation on the website of the Luxembourgish Data Protection Authority (CNPD) at www.cnpd.public.lu.

 

  • GB Life Luxembourg is an insurance company operating in Luxembourg and a selection of countries in the European Union. GB Life Luxembourg has its registered office at 3, rue Jean Piret, L-2350 Luxembourg.
  • GB Life Luxembourg focuses principally on retail clients, SMEs and high net worth clients, and is active mainly in Luxembourg, Belgium, Spain, Italy and France (More information on the activities of GB Life Luxembourg is available at gblife.lu.)
  • GB Life Luxembourg is the controller as regards to personal data and does not process personal data on behalf of other entities. GB Life Luxembourg processes your personal details as policyholder, insured person or payee of those contracts.
  • GB Life Luxembourg confirms that the company will use external providers to process the personal data on its behalf, in order to duly fulfil and perform all obligations under the Policy. GB Life shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the General Data Protection Regulation and ensure the protection of the Policyholders’ rights. GB Life Luxembourg confirms, as Data Controller, that processors will act under its authority and shall only process personal data insofar as strictly necessary for the performance of the services contracted.

 

Contact GB Life Luxembourg if you have any questions about the processing of your data

  • You have the right to access, delete, modify or correct your personal data by submitting a substantiated, written request to GB Life at GDPR@gblife.lu.
  • If you have any questions about privacy or if you would like to change your privacy settings or exercise your rights, you can contact GB Life Luxembourg on (00352) 27 05 27 05.
  • If you would like to inspect the data that GB Life Luxembourg processes about you, let us know. You can view some of the data directly yourself. If you exercise your right of inspection, GB Life Luxembourg will give you a list of your data. If you disagree with how GB Life Luxembourg invokes its legitimate interests to process certain data, you can object.
  • In order for GB Life to be able to properly answer your queries, be as specific as possible any time you wish to exercise your rights. GB Life Luxembourg will need to verify your identity in as much detail as possible in case someone else tries to exercise your rights. We may therefore ask you to provide ID when such a request is made.

 

GB Life Luxembourg has many reasons for processing your personal data

GB Life Luxembourg has to compulsory comply with certain legal obligations

  • The laws governing insurance policies in general or special insurance arrangements in particular oblige insurance companies to prepare policy documents and to keep them on record throughout certain statutory retention periods.
  • The legislation on insurance distribution obliges insurance companies and intermediaries to analyse the desires and needs of potential policyholders when preparing the signature of the contracts. It is sometimes necessary to categorise clients in the course of doing so. Natural persons are automatically classified as non-business clients though they may be regarded as being in the business category under certain conditions. Insurance companies offering savings-type and investment-type insurance, depending on the client type, they have to gather information about the client’s knowledge and experience, financial capacity, investment objectives and attitude to risk/return in relation to the products offered.
  • Insurance companies must deploy all possible means to prevent and uncover money laundering and report it to the authorities. GB Life Luxembourg therefore has to take the necessary steps for this, at both centralised and local levels.
  • Specifically, for life insurance policies, GB Life Luxembourg is required to
    • (i) identify you as a client, representative or ultimate beneficial owner;
    • (ii) determine your profile (in relation to the risk of money laundering), which involves collating various personal and business details, such as whether you’re a politically exposed person;
    • (iii) check your actions and transactions and prevent certain transactions and report them to the Financial Intelligence Processing Unit.
  • GB Life Luxembourg stores the information that it is required to hold by law to prevent, discover and/or report abuse of inside information or market manipulation and to report suspicious transactions to the government. In the context of the fight against terrorism and the sanctions rules, insurance companies are required to screen client details against sanctions lists. Transactions are also monitored. In some cases, underlying documents are requested and payments may be held back.

 

GB Life Luxembourg must be able to perform a contract correctly

  • The performance of insurance contracts include the administration of insurance policies, collecting payment of premiums, processing claims, assessing cover in relation to claims based on investigations, whether involving loss adjusters or otherwise, contacts with other relevant parties (such as other insurers, parties liable for causing damage, insured, beneficiaries, etc.), loss assessment, claims settlement, defending and determining the extent of the parties’ rights by way of court action, etc.
  • GB Life Luxembourg sometimes requires to submit certain personal details to internal or external specialists for an assessment of losses to which value can be attributed, as also to relevant third parties (such as co-insurers and re-insurance companies, lawyers or relevant government agencies).
  • GB Life Luxembourg works with a diversified distribution network of exclusive and independent insurance agents. GB Life Luxembourg also works together with a number of insurance brokers. To ensure a proper level of service, it is important to share data within that distribution network.

 

GB Life Luxembourg has to be able to function as a business (This is known as its ‘legitimate interests’)

In addition to the purposes set out above, GB Life Luxembourg, as a commercial business, also has a number of legitimate interests that form the basis for processing personal data. In that regard, GB Life Luxembourg ensures that the impact on your privacy is kept to a minimum and that, in all events, GB Life Luxembourg legitimate interests remains proportionate to the impact that upholding them has on your privacy.

GB Life Luxembourg uses the basic data to develop risk and other models, and to produce statistics; in all these cases, links to identifiable individuals are ruptured as soon as practicable. GB Life Luxembourg may develop these models for different purposes: client analysis, fraud analysis, process analysis, risk analysis, etc., and may subsequently apply them either generically or to individuals.

For example: Personal data can be used as evidence (stored records), it can be used for ascertaining, exercising and safeguarding the rights of GB Life Luxembourg or of those it represents (e.g. in disputes).

 

GB Life Luxembourg does not keep your data forever

GB Life uses your personal data where GB Life has a clear aim in mind. Once that aim no longer exists, we delete the data. Law defines the period for which your personal data has to be retained. The period can be up to 30 years corresponding the prescription period in relation to some rights linked to a life insurance policy.