WHY DO WE PROCESS YOUR DATA?We only process your personal data for specific, explicit and legitimate purposes, in strict compliance with the principles of the GDPR.
MSH INTERNATIONAL, as data controller, processes data for the following purposes:
- Issue of the quotation
- Contract subscription
- Execution of the contract (administrative and financial)
- Creation of customer accounts
- Claims management
- Quality survey to assess and improve your level of satisfaction
- Commercial prospecting
- Compliance with legal obligations
- Claims management
- Statistics and actuarial studies
- The legal basis for processing is the performance of the insurance contract.
- Statistical processing, anonymisation and commercial canvassing have a legal basis linked to MSH INTERNATIONAL's legitimate interest in improving its services.
MSH INTERNATIONAL may also process your data in order to meet its legal or regulatory obligations, in its capacity as data controller.
To this end, the purposes pursued would be:
- To keep the data required to meet its legal obligations
- To manage data communication requests from authorised authorities such as the CNIL.
HOW LONG WILL YOUR DATA BE KEPT?We will only keep your personal data for as long as is necessary for the purposes set out in this Privacy Policy and then it will be deleted or anonymised once it is no longer required.
WHAT DATA IS PROCESSED?We ensure that the collection of this data is relevant, adequate, not excessive and strictly necessary for our activities.
This data may include :
- Identification data: surname, first name, age group, etc.
- Contact data: email, telephone number, postal address, billing address
- Data required to draw up a quotation (reason for stay, period of cover under the insurance contract, country of residence, country of destination, health insurance card holder)
- Health details
- e-mail address
- Technical data (IP address)
WHO RECEIVES YOUR DATA?As part of the various activities we carry out, your data may be made accessible to the following categories of people:
- staff responsible for the conclusion, management and performance of contracts,
- medical advisers and staff authorised to access health data,
- management delegates, insurance intermediaries, partners,
- service providers and subcontractors,
- the entities of the DIOT-SIACI group to which the data controller belongs in the performance of their duties,
- where applicable, co-insurers and reinsurers,
- persons involved in the contract, such as lawyers, experts, court and ministerial officers, curators, guardians and investigators.
WHERE IS YOUR DATA PROCESSED?Your personal data may be processed both inside and outside the European Union (EU), always subject to contractual restrictions on confidentiality and security, in accordance with the applicable data protection legislation and regulations.
We will take steps to ensure that the transfer of your personal data outside the EU is carried out with an adequate level of protection, in the same way as if it were a transfer within the EU.
WHAT ARE YOUR RIGHTS?In accordance with the applicable regulations, you have the following rights:
- Right of access: you may obtain information about the processing of your personal data and a copy of that data.
- Right of rectification: if you believe that your personal data is inaccurate or incomplete, you may request that it be amended accordingly.
- Right to erasure: you may request the erasure of your personal data to the extent permitted by law.
- Right to restrict processing: you may request that the processing of your personal data be restricted.
- Right to object: you may object to the processing of your personal data on grounds relating to your particular situation. You have the absolute right to object to the processing of your personal data for direct marketing purposes, including direct marketing profiling.
- Right to withdraw your consent: if you have given your consent to the processing of your personal data (this right applies only to processing based on the legal basis of consent), you have the right to withdraw that consent at any time.
- Right to data portability: where this right applies, you have the right to have the personal data you have provided us with returned to you or, where technically possible, transferred to a third party.
If you wish to exercise the rights listed above, you may send a written request as specified in the ‘HOW TO CONTACT US’ section.
All requests must be sent with proof of your identity (e.g. a copy of your identity card).
In accordance with the applicable regulations, in addition to your rights mentioned above, you also have the right to lodge a complaint with the CNIL -
https://www.cnil.frHOW IS YOUR DATA SECURED?We ensure that your data is processed in complete security and confidentiality, including when certain operations are carried out by our IT service providers.
To this end, appropriate technical and organisational measures are put in place to prevent the loss, misuse, alteration and deletion of your personal data. These measures are adapted according to the level of sensitivity of the data processed and the level of risk presented by the processing or its implementation.
HOW CAN YOU CONTACT US?If you have any questions about the use of your personal data under this Privacy Policy, you can contact our Data Protection Officer by sending an email to the Data Protection Officer at the following address:
dpo@s2hgroup.com, who will do his or her best to reply as soon as possible.
