Chance

Give yourself the best chance. Insurance reimagined!

Get in touch

Protection policy of personal data

This Policy sets out the principles and guidelines for the protection of personal data (hereinafter “Personal Data”) and the safeguarding of the rights of individuals whose data is processed by Chance. Its purpose is to inform you about how Personal Data is collected, processed, and used, as well as the rights you have regarding such data in the context of:

  • The use of websites and online platform extranets;
  • The subscription and management of insurance contracts designed, distributed, and/or managed by Chance.
 

This Policy may be supplemented or replaced by any contractual document with the same purpose concluded by Chance with one or more data subjects. It may also be modified based on changes to the websites.

 

Definition of Personal Data Personal Data refers to the definition provided by Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”):

  • Personal Data means any information relating to an identified or identifiable natural person (hereinafter “data subject”).

This Policy applies to all Personal Data processed by Chance, regardless of the method of collection or processing.

 

Core Principles In this context, Chance’s commitments regarding the processing of Personal Data are based on the following principles:

  • Legal Basis: The collection and processing of Personal Data are lawful and based on a legal ground determined according to the purpose and context of the processing.
  • Data Relevance: The collection and processing of data are adequate, relevant, and not excessive in relation to the purposes for which they are processed.
  • Retention Period: A retention period for your data is defined based on the objectives of each processing activity and any legal obligations.
  • Security and Confidentiality: Chance takes all necessary measures to ensure the confidentiality of your data and prevent unauthorized access, loss, or damage.
  • Transparency: Chance informs data subjects about how their Personal Data is used and shared with third parties.
  • Respect for Your Rights: Chance respects the rights of data subjects, including the right of access, rectification, erasure, and objection to the processing of their data.
 

 

1. Scope of Application 

Personal Data is collected and processed by Chance as the Data Controller.

Prime Assurances, a SAS registered with the Paris Trade and Companies Register under number 822 787 081 and with ORIAS under number 16006177 (www.orias.fr), with its head office at 101 boulevard Malesherbes, 75008 Paris, France, processes Personal Data as part of its activities, both for its own account and for other entities, under the global service brand “Chance.”

Chance may also act as a joint controller, processor, or sub-processor on behalf of other data controllers with whom Chance has entered into contractual agreements.

 

2. Data Subjects 

Chance, as a data controller or processor, may process the Personal Data of the following categories of individuals:

  • Visitors and users of websites and extranets;
  • Potential individual customers;
  • Employees and managers of potential corporate customers;
  • Individual customers;
  • Employees and managers of corporate customers;
  • Beneficiaries of individual or corporate customers;
  • Individual commercial partners;
  • Employees and managers of corporate commercial partners;
  • Individual suppliers and subcontractors;
  • Employees and managers of suppliers and subcontractors;
  • Employees and managers of Chance or its subsidiaries;
  • Any third party identified through a regulated document received by Chance;
  • Job applicants;
  • Temporary workers.

 

3. Special Categories of Data Subjects 

If the consent of a minor under sixteen is required for a purpose related to the direct offer of services by Chance, consent will be obtained from their legal representative. Similarly, Chance will seek the consent of the legal representative of a protected adult.

In accordance with regulations, Chance informs minors over fifteen of their right to object to the exercise of their data protection rights by their legal guardians.

 

4. Personal Data Processed The following types of Personal Data may be processed by Chance:

  • Identification data (name, first name, addresses, ID card number, passport number, phone number, email, etc.);
  • Contract management data (customer/insured/claim identification numbers, duration, amounts, payment authorization, transaction details, social security number, driver’s license number, etc.);
  • Family situation data (marital status, household composition, age, legal capacity, guardianship, etc.);
  • Economic, financial, and asset data (income, movable/immovable assets, tax data, bank details, etc.);
  • Professional situation data;
  • Risk assessment data;
  • Data related to the determination or evaluation of damages and benefits;
  • Geolocation data related to insured risks or services;
  • Lifestyle and usage data related to insured risks or services;
  • Connection and traceability data (IP/MAC address, cookies, client area logs, etc.);
  • Data related to offenses, criminal convictions, and security measures (if applicable);
  • Data related to commercial relationship management (promotional operations, loyalty actions, surveys, satisfaction studies, etc.);
  • Candidate selection data (qualifications, professional background, job sought, etc.);
  • Data from your interactions with Chance (websites, phone calls, correspondence, social media, etc.);
  • Data necessary for combating insurance fraud, money laundering, and terrorism financing.

Chance emphasizes that it does not process data related to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, or sexual orientation.

 

5. Purposes and Legal Bases for Processing 

Chance processes your data for the following purposes and legal bases: 

a) Compliance with Legal and Regulatory Obligations

  • Fulfillment of advisory duties;
  • Prevention of insurance fraud;
  • Combating money laundering and terrorism financing;
  • Prevention of tax fraud and compliance with fiscal obligations;
  • Risk monitoring and reporting;
  • Response to official requests from public or judicial authorities.
 

b) Contract Execution

  • Risk assessment for pricing;
  • Claims management;
  • Contract execution;
  • Communication of contract information;
  • Response to your requests;
  • Evaluation of contract proposals.
 

c) Legitimate Interests

  • Analysis of your habits and preferences in using communication channels;
  • Commercial management of customers and prospects (communication, loyalty, satisfaction, statistics);
  • Commercial interests (satisfaction evaluation, prospecting);
  • Implementation of prevention measures;
  • Research and development activities;
  • Defense of administrative and judicial interests;
  • Recruitment for operational needs.
 

d) Consent

Chance obtains consent for specific processing activities, such as subsequent processing or purposes not covered by this Policy (e.g., navigation data management).

 

5. Data Retention Periods Personal Data is retained for the purposes described above and in compliance with applicable legal requirements (civil, fiscal, commercial, criminal). Data may be archived for evidentiary purposes, with access strictly limited. After the statutory limitation period, data will be destroyed or irreversibly anonymized.

 

6. Recipients of Personal Data Personal Data is primarily intended for personnel responsible for contract execution, customer/prospect management, and may be shared with insurers, healthcare networks, and social organizations involved in claims settlement. Data may also be transmitted to co-controllers, processors, service providers, and suppliers for internal operations.

Chance may also disclose Personal Data if required by law, regulation, or judicial decision, or if necessary to comply with legal procedures, respond to claims, or protect the security of Personal Data.

 

7. Data Transfers Outside the EEA If data is transferred outside the European Economic Area (EEA), Chance ensures that:

  • The recipient is in a country deemed by the European Commission to provide an adequate level of protection;
  • If not, the recipient is bound by the European Commission’s Standard Contractual Clauses or certified under an adequate data protection framework (e.g., U.S. government certification).

 

8. Rights of Data Subjects In accordance with regulations, data subjects have the following rights:

  • Right of access;
  • Right to rectification;
  • Right to restriction;
  • Right to erasure/right to be forgotten;
  • Right to object to specific processing;
  • Right to data portability.
 

You may exercise these rights online or by mail, accompanied by proof of identity, to: Chance 101 boulevard Malesherbes 75008 Paris – France

Chance reserves the right to request additional documents to verify your identity. Some data or purposes (e.g., anti-money laundering) may not be subject to these rights due to public order rules.

If you believe your rights under the GDPR or applicable data protection laws have not been respected, you may file a complaint with the CNIL (French Data Protection Authority): CNIL 3 Place de Fontenoy – TSA 80715 75334 Paris Cedex 07

 

9. Security of Processing Chance acknowledges its role as a data controller and is committed to ensuring the security of Personal Data processing to prevent any breach. A breach is defined as a security incident leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.

Chance implements appropriate technical and organizational measures to ensure a level of security commensurate with the risks. However, absolute security cannot be guaranteed due to evolving intrusion techniques and inherent risks in data transmission.

Chance has established intrusion detection systems and incident management procedures. Users are encouraged to protect their access credentials and report any suspicious activity promptly.

 

10. Use of Cookies Visitors and users of Chance’s websites are referred to the legal notices for information on the use of cookies.

 

11. Data Protection Officer (DPO) Due to the nature, scope, and purposes of its processing activities, Chance has appointed a Data Protection Officer. You may contact the DPO for any questions regarding your Personal Data or to exercise your rights via the online service or by mail to the address above.

 

12. Amendments to the Data Protection Policy This Policy may be updated at any time, with immediate effect. The date of the last update is indicated at the end of the document.

 

13. Glossary

  • “Data Protection Policy” or “Policy”: Refers to this document describing the measures for processing, managing, and protecting Personal Data.
  • “Personal Data”: Any information relating to an identified or identifiable natural person.
  • “Processing”: Any operation or set of operations performed on Personal Data.
  • “Data Controller”: The entity within the Chance Group responsible for processing Personal Data.
  • “Processor”: A natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of the controller.
  • “Data Subject”: The natural person whose Personal Data is processed.
  • “Consent”: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they agree to the processing of their Personal Data.
  • “Purpose of Processing”: The objective or main goal of a Personal Data processing activity.
  • “Personal Data Breach”: A security incident leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.
  • “Recipient”: A natural or legal person, public authority, agency, or other body to which Personal Data is disclosed.