We are Globality S.A. We have our registered office at Luxembourg and our principal place of business at 1 A, rue Gabriel Lippmann, L-5365 Munsbach. We are registered with the Luxembourg Trade and Companies Register under number B 134.471
In the context of our activities, we collect, hold, disclose and/or otherwise process personal data. Pursuant to applicable data protection and privacy legislation, we qualify as the controller with respect to the personal data that we process.
We value your right to privacy and strive to protect your personal data in accordance with applicable data protection legislation and more specifically with the General Data Protection Regulation (“GDPR”) and its national implementing legislation.
Note: this does not constitute your ‘consent’ to the processing of your personal data. We do not process your personal data on the basis of your consent, unless specifically indicated.
In the context of our services, we may collect personal data relating to our customers, their family members or visitors of our website.
We may collect information about you in various ways:
You will find in the table below an overview of the personal data that we may collect from you, as well as the related purposes and legal basis justifying the processing of these data.
|Personal data||Purposes||Legal basis|
|Identification and contact information (name, age, (future) address, telephone number, email address, or other contact details)
Insurance, bank, credit and asset details pertaining to the policy holder, the insured and/or the beneficiaries of the insurance contract.
|To answer a request from you; to provide you with a quick quote; to be able to establish and grant you the insurance cover;||Necessity to take steps at your request prior to entering into a contract|
|For the performance of the insurance contract (i.e. including to provide insurance cover or to pay for a claim, to manage the risk associated to the insurance coverage through reinsurance, etc.); for the provision of related assistance services, advice and support (including contacting a repatriation service provider, assisting in finding an appropriate medical services provider, etc.).||Necessity to perform the insurance contract|
|For the purposes of the legitimate interests that Globality S.A. pursues, including ensuring IT security and IT operations, carrying out client satisfaction surveys and questionnaires, and preventing and investigating punishable offenses.||Our legitimate interest to improve our services and protect our assets.|
|Fraud detection, anti-money laundering rules and regulatory requirements applicable to insurance companies, including the requirements of the law of 7th December 2015 on the insurance sector, as amended.||Necessity to comply with a legal obligation to which we are subject|
|Health data||To grant you the insurance cover;
For the performance of the insurance contract (i.e. including to provide insurance cover or to pay for a claim, to manage the risk associated to the insurance coverage through reinsurance, etc.);
For the provision of related assistance services, advice and support (including contacting a repatriation service provider, assisting in finding an appropriate medical services provider, etc.).
|Your explicit consent.|
As indicated above, for the processing of your health data, we rely upon your consent. You have the right to withdraw that consent at any time. You may do so by either addressing a registered letter to the Data Protection Officer of Globality S.A. at 1 A, rue Gabriel Lippmann, L-5365 Munsbach or by email to firstname.lastname@example.org.
In case you withdraw your consent, you have to understand that we may not be able to provide you with our services anymore. This is because your health data are essential for the performance of the insurance contract. Withdrawing your consent may therefore make it impossible for us to perform our obligations.
In the context of the purposes as listed above, we may share your personal data with third parties, such as:
Some of these Recipient may be located outside the European Economic Area (EEA), including in countries that do not offer a level of protection that is equivalent to the protection afforded in the EEA (‘Non-Adequate Country’). Transfer of your personal data to these Recipients may however be necessary for the provision of assistance services, advice and support in a Non-Adequate Country in which you require health insurance cover, support and assistance.
When possible, Globality S.A. has or will enter into appropriate contractual arrangements with Recipients located in Non-Adequate Countries, in order to guarantee adequate safeguards for the processing and protection of personal data. A copy of such agreements may be consulted at the registered office of Globality S.A.
A list of outsourced activities and/or services whereby your information may be shared with Globality S.A. service providers can be found below:
|Outsourced services||Countries of outsourcing|
|Data Center and related services||Luxembourg|
|Strategic asset allocation services (Investment management agreement)||Germany|
|Back office and Group financing functions||Germany|
|Financial portfolio management||Germany|
|Assistance, call center and claims handling services||Thailand, China, Turkey
Spain, Brazil, South Africa
Czech Republic, United
States of America, Cyprus,
|Claims handling services||Spain|
|Assistance & evacuation services||Germany|
|Internal audit function||Germany|
|Assistance & evacuation services||Germany|
|Claims handling services and coinsurance service||Spain|
A copy of such agreements may be consulted at the registered office of Globality S.A.
If Globality could not enter into appropriate contractual arrangement, transfer to a Recipient located in a Non-Adequate Country shall only be made on one of the following basis:
As an exception, if none of the above applies, we will request your explicit consent for such transfer. Our request will be addressed to you separately, prior to the transfer. In all cases, health data shall only be transferred by Globality S.A. in compliance with specific medical secrecy and related provisions.
Your personal data and/or person profiles shall not be rented, nor sold to third parties without your prior explicit consent.
Withdrawing your consent for processing your data to third party providers may lead to the termination of your insurance contract.
Your personal data will not be stored for longer than is necessary in relation to the purposes for which we process them (we refer to the purposes as listed above in paragraph "5 What personal data do we collect and for what purposes do we use your personal data?"). Only where we are legally obliged to, or where this is necessary for defending our interests in the context of judicial proceedings (e.g. in case of a dispute), we will store the personal data for longer periods.
More specifically, we will store all insurance policy and supporting documents for 10 years starting with the termination of the insurance policy.
We will implement the necessary administrative, technical and organisational measures for ensuring a level of security appropriate to the specific risks that we have identified. We protect your personal data against destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed. More specifically, we have taken the following measures:
Further, we seek to ensure that we keep your personal data accurate and up to date. In view thereof, we kindly request you to inform us of any changes to your personal data (such as a change in your contact details).
You have the right to:
Finally, you have the right to lodge a complaint with the competent data protection authority relating to the processing of your personal data by us. You may, for example, lodge a complaint to the data protection authority of Luxembourg (where Globality S.A. is established) or of your country of residence:
You may at any time request more information on our processing activities and the personal data that we are keeping from you.
You have the right to require us to , without undue delay, rectify or complete any of your personal data that is inaccurate or incomplete.
You may request us to delete (part of) your personal data in the following situations:
We note that in some case, we may refuse to delete your personal data: (i) for exercising the right of freedom of expression and information; (ii) for compliance with a legal obligation; or (iii) for the establishment, exercise or defence of legal claims.
You may request us to (temporarily) restrict the processing of your personal data in the following situations:
You may under certain circumstances object to the processing of your personal data, when such processing is based on our “legitimate interests”. If we agree, we will no longer process your personal data, unless we have compelling legitimate grounds to do so, or because such a processing is necessary. Where we process your personal data for direct marketing purposes, you may at any time object to the processing thereof or withdraw your consent thereto. You also have the right not to be subject to direct marketing purposes.
In some cases, you have the right to receive all your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. This right applies: in case the processing is based on consent or on the necessity for the performance of a contract; and in case the processing is carried out by automated means.
As a Google AdWords customer we use Google Conversion Tracking, an analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). Google AdWords sets a cookie on your computer ("conversion cookie"), if you have reached our website via a Google ad. These cookies expire after 30 days and are not used for personal identification. If you visit certain of our pages and the cookie has not expired, we and Google may recognize that someone clicked on the ad and was redirected to our site. Each AdWords customer receives a different cookie. Cookies can therefore not be tracked through the websites of AdWords customers. The information collected through the conversion cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. The AdWords customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information that personally identifies users.
In addition, we use the "visitor action pixel" of Facebook, Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook") for evaluation and support of online marketing activities. This allows us to track users' actions after they have seen or clicked on a Facebook advertisement. This allows us to measure the effectiveness of Facebook Ads for statistical and market research purposes. The data collected in this way is anonymous to us, which means we do not see the personal data of individual users. However, this data is stored and processed by Facebook, which we will inform you about according to our state of knowledge. Facebook may link this data to your Facebook account and also use it for its own advertising purposes, in accordance with Facebook's Data Usage Policy (http://www.facebook.com/about/privacy). You can enable Facebook and its partners to place advertisements on and outside of Facebook. A cookie may also be stored on your computer for these purposes.