PRIVACY POLICY
MSH INTERNATIONAL

WHY DO WE PROCESS YOUR PERSONAL DATA?

We only process your personal data for specific, explicit and legitimate purposes, in strict compliance with the principles of the GDPR.

MSH INTERNATIONAL, as data controller, processes personal data for the following purposes:

• Performance of the policy (administrative and financial aspects)
• Creation of the client account
• Claims management
• Quality survey to assess your level of satisfaction and improve it
• Compliance with legal requirements
• Management of complaints

The legal ground for personal data processing is the performance of the policy.
Statistical and anonymization processing is based on a legal ground linked to MSH INTERNATIONAL’s legitimate interest in improving its services.

MSH INTERNATIONAL may also process your data to meet its legal or regulatory obligations, as data controller.
To this end, the purposes of personal data processing would be:

• Storing the required data to be able to meet its legal obligations
• Managing data communication requests from authorized authorities such as the CNIL (French Data Protection Agency)

HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We will only keep your personal data for the period required for the purposes specified in this Privacy Policy on the protection of your personal data. Then, it will be deleted or anonymized when it is no longer necessary.

WHAT IS THE PERSONAL DATA PROCESSED?

We ensure that data collection is relevant, appropriate, reasonable and strictly required by our activities.

This data may include:

• Identity data: last name, first name, date of birth
• Contact data: email address, telephone number, postal address, billing address
• Nationality, period of coverage of the insurance plan, country of residence, country of destination, insurance card
• Bank details, medical data, policy/plan number, Social security number

WHO ARE THE RECIPIENTS OF YOUR PERSONAL DATA?

As part of the different actions that we carry out, your data may be disclosed to the following categories of persons:

• staff in charge of executing, managing and implementing the policy,
• insurers and reinsurers, broker partners,
• providers and subcontractors,
• entities of the DIOT-SIACI group to whom the data controller belongs in the performance of their duties,
• persons involved in the policy such as lawyers, experts, auditors, court officials and ministry officials, legal guardians, investigators.

WHERE IS YOUR PERSONAL DATA PROCESSED?

Your personal data may be processed both within and outside the European Union (EU), always subject to contractual limitations on confidentiality and security, in compliance with applicable data protection laws and regulations.
We will take actions to ensure that your personal data is transferred outside the EU with the appropriate level of protection, under the same conditions as if it was transferred within the EU.

WHAT ARE YOUR RIGHTS?

In accordance with the applicable regulations, you have the following rights:

• The right to access your data: you can obtain information regarding the processing of your personal data as well as a copy of this personal data.
• The right to rectify your data: if you believe that your personal data is inaccurate or incomplete, you may ask for this personal data to be amended accordingly.
• The right to have your data erased: you may ask for your personal data to be erased within the limits of what is permitted by the regulations.
• The right to restrict the processing of your data: you may ask for the processing of your personal data to be restricted.
• The right to object to the processing of your data: you may object to the processing of your personal data, for reasons related to your particular circumstances. You have the absolute right to object to the processing of your personal data for direct marketing purposes, including profiling related to direct marketing.
• The right to withdraw your consent: when you have given your consent to the processing of your personal data (this right only applies to data processing based on the legal ground of the consent), you have the right to withdraw this consent at any time.
• The right of portability of your data: when you have given your consent for your personal data to be used, you have the right for this data to be returned to you or to be passed on to a third-party if this is technically possible.

To exercise the rights listed above, you can send a request in writing as indicated in the “HOW TO CONTACT US ” section.
Any request should be submitted together with a proof of identity (copy of your identity card, for example).
In accordance with the applicable regulations, in addition to your above mentioned rights, you can also lodge a complaint with the CNIL – https://www.cnil.fr

HOW IS YOUR DATA SECURED?

We ensure that your data is processed in total security and confidentiality, in particular when some operations are carried out by our IT service providers.

To this end, appropriate technical and organizational measures are taken to prevent the loss, misuse, alteration and deletion of your personal data. These measures are adapted depending on the level of sensibility of the data processed and the level of risk faced with the processing or its implementation.

HOW TO CONTACT US

If you have any questions regarding the use of your personal data under this Privacy Policy, you can email our Data Protection Officer at: dpo@s2hgroup.com who will make their best efforts to answer them in a timely manner.