PHOENIX CAPITAL SRL, established and having its registered office at Chaussée de Louvain 233 in 1410 Waterloo (Belgium), hereinafter referred to as "the Company", processes personal data (hereinafter referred to as "Personal Data") relating to natural persons as part of its statutory activities. In its capacity as Data Processing Manager, the Company complies with the rules applicable to the protection of personal data.
This Privacy Policy intends to describe the way in which Personal Data are used and protected by the Company according to the type of relationship concerned.
Scope
The Company's Privacy Policy sets out the principles and guidelines of its obligations as a “Data
Controller” (person who determines the purposes and means of processing personal data) arising from
the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the
protection of natural persons with regard to the processing of personal data and on the free movement
of such data, and repealing Directive 95/46 / EC (“General Data Protection Regulation”), entering into
force on May 25, 2018 (hereinafter “the GDPR”).
The Company can fulfill the role of processor of your Personal Data on behalf of the insurance companies with which we work as an intermediary and whose products we offer you. In this case, it is the insurance companies that are responsible for processing your personal data and we, as an insurance broker, are their subcontractor.
The Company can also fulfill the role of controller of your Personal Data when we process data on our behalf. We are then responsible for the processing of your Personal Data.
Responsible for data processing
The person responsible for the processing of your Personal Data is:
Phoenix Capital SRL
Chaussée de Louvain 233
B-1410 Waterloo (Belgium)
Company number: BE0676.729.507
Data collected
The data collected is limited to that what is necessary for the achievement of the purposes identified by the Company.
They are collected in particular:
Different categories of personal data are collected in compliance with legal provisions:
The Personal Data that you communicate with regard to third parties (family members, employer, ...), are treated in the same way as your own Personal Data, according to the corresponding services and purposes. It is your responsibility to inform those concerned.
We collect your Personal Data when you complete our documents and forms, during face-to-face meetings, during email exchanges.
We use these Personal Data to:
Conditions for the lawfulness of Personal Data processing
All Personal Data processing carried out by the Company is based on one of the following conditions:
If we were to process Personal Data for purposes other than those established in this Policy, we will give you information about this new purpose as well as any other necessary information before starting the new processing.
Profiling and automated individual decisions
The Company may be required to use profiling, i.e. any form of automated processing of personal data
consisting in using these Personal Data to assess certain personal aspects relating to a natural person,
in particular to search for or identify homogeneous categories of persons likely to be interested in a
new product.
In this context, your Personal Data can be processed in the legitimate interest of the Company:
Right to object to the processing of special categories of data
You have the right to object to some types of Personal Data processing described above:
This right to object can be exercised by email or letter to the following address:
Phoenix Capital SRL
For the attention of the Administrator
Chaussée de Louvain 233
B-1410 Waterloo (Belgium)
privacy@phoenix-cap.com
Consent
Insofar as certain types of processing of your Personal Data is based on your consent, this processing
will only be performed after having explicitly received it from you. A consent granted by you may be
withdrawn by you at any time, according to the same modalities as those specified for the withdrawal
of consent.
Transfer of your Personal Data to third parties
The Company may transfer Personal Data to the following persons and entities when legal, regulatory
or contractual provisions authorize or require it to do so:
These third parties are also themselves required to comply with legal or contractual obligations with regard to the protection of Personal Data as Data Controller or Subcontractor.
Transfer of your Personal Data outside the European Economic Area
Your Personal Data are not transferred by the Company outside the European Economic Area (“EEA”)
unless a legal or regulatory provision requires it. In accordance with the GDPR, the Company will
ensure, for the non-EEA countries, that an adequacy decision has been issued by the European
Commission or that appropriate guarantees have been put in place.
In the context of transfers of funds or transactions on financial instruments, the data necessary for the execution of transactions are processed by third parties involved in the transaction (e.g. correspondent banks, stock exchanges, providers of financial messaging services, etc.) and which may be located outside the EEA.
Data retention period
Personal data are kept for 40 years after the end of each contract. For the individuals who have signed
our “Fiche Client”, thereby agreeing to this Privacy Policy, but who have not subscribed to any
products, the Personal Data will be destroyed 12 months after signing this Privacy Policy.
If you provide us with Personal Data with respect to other individuals, you agree: (a) to inform the individual of the existence and contents of this Privacy Policy, and (b) to obtain the legally required consent for collection, use, disclosure, and transfer (including cross-border transfer) of Personal Data in relation to that individual in accordance with the terms of this Privacy Policy.
Security of your data
The Company is committed to protecting and securing your Personal Data in order to ensure their
confidentiality and prevent their destruction, loss, modification or disclosure. To this end, the
Company has implemented physical, technical, organizational and procedural protection measures:
Notification
In the event of a violation of the rules relating to Personal Data, the Company shall notify this fact to
the Data Protection Authority (www.autoriteprotectiondonnees.be) as soon as possible and, if
possible, 72 hours at the latest after becoming aware of it. If this violation concerns your Personal Data
and if the incident is likely to generate a high risk for your rights and freedoms, the Company will
inform you as soon as possible.
Your rights
The GDPR grants you specific rights over your Personal Data processed by the Company:
If you wish to exercise one of the rights mentioned above, you can send your request by email or post to the following address:
Phoenix Capital SRL
For the attention of the Administrator
Chaussée de Louvain 233
B-1410 Waterloo (Belgium)
privacy@phoenix-cap.com
For the sake of confidentiality and data protection, the Company must verify your identity before responding to your request. Thus, any request sent by post or electronic mail must be accompanied by a copy of an identification document.
The Company will endeavor to respond to your request within one month of receipt of the request.
Depending on the complexity of the request or the number of requests to be processed, the Company
has the option of extending this period by two months. You will be informed of this extension and the
reasons for the postponement within one month of receiving the request.
The Company reserves the right to refuse the request if it is unable to identify you with certainty or if it considers the request excessive or unfounded. You will be informed of the reasons for the refusal within one month of receiving the request.
The Company may also require the payment of reasonable costs in the event of unfounded or excessive requests, especially if they are made repeatedly.
If you are not satisfied with the outcome of your request, you can lodge a complaint with the Data Protection Authority (information on the website www.autoriteprotectiondonnees.be).
You will also find more information on data protection in Belgium on the website mentioned above.
If you are not satisfied with the treatment of your personal data, you can send a complaint by email or postal mail to the following address:
Phoenix Capital SRL
For the attention of the Compliance Officer
Chaussée de Louvain 233
B-1410 Waterloo (Belgium)
privacy@phoenix-cap.com