Data protection policy
The Société des Etudiants Mutualistes (SEM) is a mutual health insurance company subject to the provisions of Book II of the Code de la Mutualité or French Mutual Insurance System Code, registered under the SIREN Registration number 443 963 988 and with a headquarters established at 28 rue Fortuny 75017 Paris, France.
The SEM processes your personal data in keeping with its data processing role in the context of the use of its website available at this address: www.mutuelle-sem.fr
It respects the private life and protects the personal data of the users of its services.
The principle aim of this policy is to inform users on how their personal data is gathered, processed and used, and on their rights in terms of protection of personal data considering in particular the applicable provisions, notably the French “Information technology and Liberties” Act 78-17 of 6 January 1978 on data processing, data files and individual liberties.
When do we process data?
Your personal data may be collected or processed totally or partially when:
- managing your subscription to the SEM top-up health insurance;
- managing the customer relationship, or undertaking animation and prospection actions;
- carrying out satisfaction surveys;
- processing your requests and claims;
- managing your reimbursements and services overall;
- managing risks;
- managing debt recovery
The data is collected directly from you, at your request and during your use of the SEM website.
Which categories of collected data do we process?
In the context of the use of the website, several types of personal data may be collected.
The collected data mainly corresponds to the following categories:
- identification data: this concerns such data as marital status, name, e-mail address, telephone number, postal address, date of birth, as well as certain personal identification documents;
- data concerning your school or university establishment: notably the name and postal address of your establishment;
- your navigation history;
- data concerning your professional and non-professional activities;
- commercial relationship follow-up data: documentation or information requests, requests concerning proposed services, amounts, regularity, addresses, correspondence with the customer service, exchanges with and comments of customers and prospective customers,
- localisation and connection data;
- data concerning the selection of persons chosen for actions of customer loyalty creation, prospection, surveying, products and services testing and promotions.
The obligatory information is indicated by an asterisk on the data collection forms. It must be provided in order to receive the service associated with this collection (if not provided, the service could be not received).
Why is the data collected?
Depending on the circumstances, the SEM processes your data totally or partially for the following main purposes:
- management of your subscription to the SEM top-up health insurance;
- commercial management and customer relationship management;
- carrying out of satisfaction surveys;
- processing of your requests and claims;
- management of your reimbursements and services in general;
- management of debt recovery;
- management of accounts;
- communication and marketing;
- analysis of the visits to and utilization of the site in order to carry out statistical summaries and to improve the significance of the proposed on-line advertising;
- statistics gathering;
- monitoring, risk management and auditing;
- carrying out prospection and commercial animation actions;
- management of debt recovery, of disputes and potential disputes.
To whom is it transmitted?
Depending on the circumstances, the processed data, collected through the site, is aimed at the following persons:
- the authorised services of the SEM
- the bodies authorised by the SEM to be aware of this data
- the SEM service providers
Also, the data may be communicated to any authority legally authorized to be aware of it, in particular, in the case of court orders of the judicial, police or administrative authorities.
Transfer of data outside the European Union (EU)
We also inform you that your data may be provided to entities based outside the EU.
In this case, in the context of the finalisation, the management and the execution of your contractual relationship with the SEM, notably in the context of the treatment of your claims by telephone or by email, some of your data collected by the SEM may be transferred to a service provider based in Morocco, a country without an adequate level of data protection. These data streams are subject to a cross-border data stream convention conform to the typical contractual clauses issued by the European Commission.
Also, for the provision of services in general, and notably liquidation operations, certain elements of your data collected by the SEM may be transferred to health professionals established in Monaco, a country without an adequate level of data protection. These transfers are necessary for the fulfilment of your contractual relationship with the SEM.
What are your rights?
In conformity with the French Act of 6 January 1978 on data processing, data files and individual liberties, you have a right of access, examination and correction of your personal data.
You also have the right to oppose, for legitimate reason, that your personal data be subject to processing, and the right to oppose that the data be used for prospection (notably commercial) purposes.
You also have the right, depending on the circumstances, that your data be corrected, completed, updated, blocked or deleted if it is incorrect, incomplete, ambiguous, out-of-date, or if the collection, use, communication or conservation of this data is forbidden.
You can exercise your rights by writing to the SMEREP-SEM - Service Informatique et libertés - 16 boulevard du Général Leclerc - 92115 Clichy Cedex, France.
In order to ensure confidentiality and protection of personal data, the Smerep must verify the identity of the user before responding to his or her request. All requests concerning the exercise of these rights must therefore be accompanied by a signed copy of a personal identification document.
Cookies and other tracers
What security measures are in operation?
In order to ensure the security of your data, the Smerep takes all relevant precautions whether physical, logic, administrative or organizational considering the nature of the data processed by it and the risks involved in the various processing procedures, in order to preserve data security and prevent data from being deformed, damaged or accessed by a non-authorised third party.
These measures include, among others:
- the management of authorisations for data access
- a reinforced authentication of access to the personal secure zone.
In the case of partial or total processing of personal data, the Smerep imposes contractually on its subcontractors’ security and confidentiality guarantees for personal data by means of technical protective measures for this data and the appropriate human means.
Sites belonging to third-parties
You may be directed to external sites by links on the Smerep website.
To this effect, we would like to point out that the policies of personal data protection of these sites may differ from ours.
In this context, it is recommended in all cases, to take note of the policy of personal data protection of each of the sites in question.
In any case, the responsibility of the SEM will not be sought should the content of one of these sites contravene the legal or regulatory provisions in force.
Update of the data protection policy.
The confidentiality policy is susceptible to modification or adaptation at any moment.