EN FR

Privacy Policy

PHOENIX CAPITAL SRL, established and having its registered office at Chaussée de Louvain 233 in 1410 Waterloo (Belgium), hereinafter referred to as "the Company", processes personal data (hereinafter referred to as "Personal Data") relating to natural persons as part of its statutory activities. In its capacity as Data Processing Manager, the Company complies with the rules applicable to the protection of personal data.

This Privacy Policy intends to describe the way in which Personal Data are used and protected by the Company according to the type of relationship concerned.

Scope
The Company's Privacy Policy sets out the principles and guidelines of its obligations as a “Data Controller” (person who determines the purposes and means of processing personal data) arising from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (“General Data Protection Regulation”), entering into force on May 25, 2018 (hereinafter “the GDPR”).

The Company can fulfill the role of processor of your Personal Data on behalf of the insurance companies with which we work as an intermediary and whose products we offer you. In this case, it is the insurance companies that are responsible for processing your personal data and we, as an insurance broker, are their subcontractor.

The Company can also fulfill the role of controller of your Personal Data when we process data on our behalf. We are then responsible for the processing of your Personal Data.

Responsible for data processing

The person responsible for the processing of your Personal Data is:

Phoenix Capital SRL
Chaussée de Louvain 233
B-1410 Waterloo (Belgium)
Company number: BE0676.729.507

Data collected
The data collected is limited to that what is necessary for the achievement of the purposes identified by the Company.

They are collected in particular:

  • when entering into a business relationship and during that relationship (e.g. contacts with your advisers, updates of your customer data, invitations to events, etc.);
  • when you contact us for advice on insurance contracts or to assist you in setting up an insurance proposal and in managing your insurance contracts;
  • with third parties (e.g. public authorities or institutions, establishments operating professional databases, other professionals, financial institutions, etc.);
  • through the Company's website (www.phoenix-cap.com). In this case, automatic collection of non-personal data can be done through cookies and other technologies. This data concerns: the type of web browser, the user's operating system, the user's IP address, the duration of the connection, the pages visited by the user for statistical and security purposes.

Different categories of personal data are collected in compliance with legal provisions:

  • personal information (e.g. name, date and place of birth, address, telephone number, email address, gender, language(s), marital status, profession, employer, job title, professional experience, the name of your company and its VAT number, the legal representative, the agent, ...);
  • relationship between policyholder(s), insured persons and beneficiary(ies) of a life insurance policy;
  • identification information: national identification number, identity card number, driver's license number;
  • financial data: bank account number, information on income and other financial information, data on financial transactions;
  • sensitive data, medical and legal data (current or previous medical conditions, state of health, information on injuries or disabilities, relevant personal habits, medical history, data relating to criminal records, criminal convictions), only to the extent where they are necessary for the assessment of the insured risk
  • information on the insurance policy, on the quotes which individuals receive and on the insurance policies they obtain;
  • data concerning the origin of a person's fortune (e.g. inheritance, gifts, sale of a company, sale of real estate, professional income, etc.);
  • data on the family and patrimonial situation of a prospect or a client (e.g. names of heirs, type of prenuptial agreement, income, credits, assets in Belgium and abroad);
  • electronic communications (emails, instant messages, video calls, etc.)
  • marketing data depending on the lawfulness of the processing in order to receive advertising from us and third parties.

The Personal Data that you communicate with regard to third parties (family members, employer, ...), are treated in the same way as your own Personal Data, according to the corresponding services and purposes. It is your responsibility to inform those concerned.

We collect your Personal Data when you complete our documents and forms, during face-to-face meetings, during email exchanges.

We use these Personal Data to:

  • respond to your requests and communicate with you and others in connection with our activities;
  • allow you to access the information we make available online to users of our services;
  • provide you with support and assistance in connection with our services;
  • send you important information regarding changes to our products and services, our terms and conditions and other administrative, technical or commercial information make decisions about providing services to you;
  • provide you with marketing information (including information relating to our products or other products and services offered by our selected third-party partners) in accordance with the preferences you have selected;
  • allow you to actively participate in our activities, including forums, discussions, seminars, meetings and other events and manage these activities. Some of these activities are subject to additional terms and conditions which may contain additional information relating to how we use and disclose your Personal Data. We therefore suggest that you read them carefully;
  • resolve complaints and manage requests for access or correction of data;
  • comply with applicable laws and regulatory obligations (including laws outside your country of residence), such as those relating to the prevention of money laundering and financing of terrorism, comply with legal proceedings and respond to requests from public authorities and governments (including those outside your country of residence).

Conditions for the lawfulness of Personal Data processing
All Personal Data processing carried out by the Company is based on one of the following conditions:

  • the consent of the data subject who has, at any time, the right to withdraw his consent (without this compromising the lawfulness of the processing based on the consent made before such withdrawal);
  • the processing is necessary for compliance with legal and regulatory obligations to which the controller is subject, for example in the fight against money laundering and financing of terrorism or regulatory reporting to the authorities;
  • the processing is necessary for the execution of a contract to which the data subject is a party or for the execution of pre-contractual measures, for example the execution and recording of your financial transaction;
  • communication of personal data to insurance companies with whom we work in the context of insurance contracts for which you are soliciting us
  • processing is necessary for the purposes of the legitimate interests pursued by the controller, for example the detection and prevention of fraud, or even commercial actions with customers, such as prospecting, advertising, sending newsletters, customer event management;
  • the processing is necessary for the performance of a mission of public interest or relating to the exercise of public authority vested in the controller.

If we were to process Personal Data for purposes other than those established in this Policy, we will give you information about this new purpose as well as any other necessary information before starting the new processing.

Profiling and automated individual decisions
The Company may be required to use profiling, i.e. any form of automated processing of personal data consisting in using these Personal Data to assess certain personal aspects relating to a natural person, in particular to search for or identify homogeneous categories of persons likely to be interested in a new product.

In this context, your Personal Data can be processed in the legitimate interest of the Company:

  • for commercial purposes, in order to provide the services best suited to your needs, in particular the promotion of financial products and services complementary to the services already subscribed, marketing actions (newsletter, invitations to events, etc.), conduct satisfaction surveys;
  • for the purposes of categorizing transactions, calculating available balances;
  • decisions based exclusively on automated processing, based on an algorithm in order to quickly offer you customized services. For example, when establishing your investor profile and defining the investment strategy that best suits your needs, you answer a series of questions about your financial and personal situation. The tool then proceeds to an evaluation of these answers in order to determine the investment strategy best suited to your profile.

Right to object to the processing of special categories of data
You have the right to object to some types of Personal Data processing described above:

  • with regard to the categorization of transactions;
  • with regard to all communications and commercial actions (mailings, invitations to conferences, ...).

This right to object can be exercised by email or letter to the following address:

Phoenix Capital SRL
For the attention of the Administrator
Chaussée de Louvain 233
B-1410 Waterloo (Belgium)
privacy@phoenix-cap.com

Consent
Insofar as certain types of processing of your Personal Data is based on your consent, this processing will only be performed after having explicitly received it from you. A consent granted by you may be withdrawn by you at any time, according to the same modalities as those specified for the withdrawal of consent.

Transfer of your Personal Data to third parties
The Company may transfer Personal Data to the following persons and entities when legal, regulatory or contractual provisions authorize or require it to do so:

  • External third-party service providers such as insurance companies, experts, IT systems service providers, internet hosting providers, printing service providers and other similar third-party vendors and contracted service providers who assist us with the accomplishment of our activities;
  • Governmental authorities and third parties involved in legal proceedings or by virtue of a legal obligation;
  • Other third parties with whom we may share personal data in the context of a current or planned reorganization, merger, sale, joint venture, transfer of portfolio or other transaction related to all or part of our activities.

These third parties are also themselves required to comply with legal or contractual obligations with regard to the protection of Personal Data as Data Controller or Subcontractor.

Transfer of your Personal Data outside the European Economic Area
Your Personal Data are not transferred by the Company outside the European Economic Area (“EEA”) unless a legal or regulatory provision requires it. In accordance with the GDPR, the Company will ensure, for the non-EEA countries, that an adequacy decision has been issued by the European Commission or that appropriate guarantees have been put in place.

In the context of transfers of funds or transactions on financial instruments, the data necessary for the execution of transactions are processed by third parties involved in the transaction (e.g. correspondent banks, stock exchanges, providers of financial messaging services, etc.) and which may be located outside the EEA.

Data retention period
Personal data are kept for 40 years after the end of each contract. For the individuals who have signed our “Fiche Client”, thereby agreeing to this Privacy Policy, but who have not subscribed to any products, the Personal Data will be destroyed 12 months after signing this Privacy Policy.

If you provide us with Personal Data with respect to other individuals, you agree: (a) to inform the individual of the existence and contents of this Privacy Policy, and (b) to obtain the legally required consent for collection, use, disclosure, and transfer (including cross-border transfer) of Personal Data in relation to that individual in accordance with the terms of this Privacy Policy.

Security of your data
The Company is committed to protecting and securing your Personal Data in order to ensure their confidentiality and prevent their destruction, loss, modification or disclosure. To this end, the Company has implemented physical, technical, organizational and procedural protection measures:

  • the staff of the Company is made aware of the protection of Personal Data through regular notes, the dissemination of good practices ...;
  • the Company guarantees that all the measures necessary for the protection of personal data are incorporated from the design stage (“Privacy by Design”), whether in new technological or commercial applications, or in existing applications for which functionalities are added, replaced or modified;
  • the Company guarantees by default the highest possible level of protection of the Personal Data it processes (“Privacy by Default”). By default, only data that can actually be used can be collected and stored. This rule extends to the quantity of Personal Data, the extent of processing, the duration of data retention and the accessibility of the data. The special categories of Personal Data (sensitive data) are subject to reinforced security measures;
  • with regard to the subcontracting of the processing of Personal Data, the Company contractually requires its subcontractors to comply with the same security guarantees for Personal Data;
  • the Company Security Policy guarantees a level of protection of Personal Data compliant with the GDPR.

Notification
In the event of a violation of the rules relating to Personal Data, the Company shall notify this fact to the Data Protection Authority (www.autoriteprotectiondonnees.be) as soon as possible and, if possible, 72 hours at the latest after becoming aware of it. If this violation concerns your Personal Data and if the incident is likely to generate a high risk for your rights and freedoms, the Company will inform you as soon as possible.

Your rights
The GDPR grants you specific rights over your Personal Data processed by the Company:

  • right to access your Personal Data and, where applicable, to obtain a copy of this data;
  • right to request rectification or updating of your Personal Data, if you consider that they are incomplete or incorrect;
  • right to obtain the erasure of your Personal Data, unless a legitimate reason justifies their retention;
  • right to object at any time to the processing of your Personal Data with the possibility of withdrawing consent, unless a legitimate reason prevails over your interests and your rights and freedoms;
  • right to request the limitation of the processing of your Personal Data;
  • the right to the portability of certain Personal Data, that is to say to receive them in a structured format commonly used, machine-readable in order to transmit them to another Data Controller.

If you wish to exercise one of the rights mentioned above, you can send your request by email or post to the following address:

Phoenix Capital SRL
For the attention of the Administrator
Chaussée de Louvain 233
B-1410 Waterloo (Belgium)
privacy@phoenix-cap.com

For the sake of confidentiality and data protection, the Company must verify your identity before responding to your request. Thus, any request sent by post or electronic mail must be accompanied by a copy of an identification document.

The Company will endeavor to respond to your request within one month of receipt of the request.
Depending on the complexity of the request or the number of requests to be processed, the Company has the option of extending this period by two months. You will be informed of this extension and the reasons for the postponement within one month of receiving the request.

The Company reserves the right to refuse the request if it is unable to identify you with certainty or if it considers the request excessive or unfounded. You will be informed of the reasons for the refusal within one month of receiving the request.

The Company may also require the payment of reasonable costs in the event of unfounded or excessive requests, especially if they are made repeatedly.

If you are not satisfied with the outcome of your request, you can lodge a complaint with the Data Protection Authority (information on the website www.autoriteprotectiondonnees.be).

You will also find more information on data protection in Belgium on the website mentioned above.

If you are not satisfied with the treatment of your personal data, you can send a complaint by email or postal mail to the following address:

Phoenix Capital SRL
For the attention of the Compliance Officer
Chaussée de Louvain 233
B-1410 Waterloo (Belgium)
privacy@phoenix-cap.com