Last date of revision: 3 October 2018
The Global Federation of Insurance Associations (GFIA) ("We”) is established to represent national and regional insurance associations that serve the general interests of life, health, general insurance and reinsurance companies and to make representations to national governments, international regulators and others on their behalf.
We act as a data controller for all personal data processed by GFIA. We process any personal data as safely and reasonably as possible and in strict compliance with the applicable data protection legislation, including the General Data Protection Regulation 2016/679 of 27 April 2016 (GDPR).
Please note that data protection rules apply to personal data. Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
This Privacy Statement covers:
Separate privacy statements apply to GFIA members (national and regional member associations) or (re)insurance companies affiliated to GFIA’s members.
This Privacy Statement tells you what personal data we process, why and how we process your personal data when we perform our business activities, when you participate in GFIA events or when you use our websites ("the Sites”) and any of the services we offer through the Sites, to whom we give that information, what your rights are and who to contact for more information or queries.
When we refer to "the Sites”, we mean the web pages containing the domain name ‘gfiainsurance.org‘ and including all its subsites (http://www.gfiainsurance.org).
The Sites may link to other websites provided by members, members’ members or third parties. Whilst we try to link only to websites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices of other websites.
When linking to any such websites, we strongly recommend that you read the Privacy Statements on those sites, before disclosing any personal information.
The main personal data we collect and hold in our database includes:
We obtain your personal data:
We will use your personal data only for the purposes for which we collected it or for reasons compatible with the original purpose. If we intend to use your personal data for reasons that are not related to the original purpose, we will contact you and notify you of the legal basis that allows us to do so.
We process your personal data for the purposes mentioned in the previous section relying upon the following legal bases:
GFIA is registered on the EU transparency registry and its mission is expressly included therein.
This includes, for instance, supporting our business activities, supplier management, or responding to your queries, organising our events in the best possible way and promoting our future public relations activities.
We will also rely on our legitimate interest to process your personal data when you buy products or services via our Sites in order to process your order and send you future update emails on paid services or products.
When you use our Sites, your IP address is processed based on our legitimate interest to ensure the functionality and security of the Sites.
In this respect, we will always determine case by case whether our interests are not overridden by your interests, fundamental rights and freedoms.
You have several rights concerning the personal data we hold about you. You have the right to:
You can also click on the unsubscribe link included in relevant mailings, including direct marketing emails, to stop receiving such communication.
To exercise any of your rights, you can send us a request, indicating the right you wish to exercise by e-mailing us at . You may also use these contact details if you wish to make a complaint to us relating to your privacy.
If you are unhappy with the way we have handled your personal data or any privacy query or request that you have raised with us, you have a right to complain to the Data Protection Authority ("DPA”) in your jurisdiction.
All GFIA secretariat staff members who are responsible for our internal and external communications and the organisation of events, will have access to your personal data on a "need-to-know” basis for the purposes described above.
We may disclose your personal data to our members, our members’ members, third parties that provide services to us that reasonably require access to personal data relating to you for one or more of the purposes outlined in the "Why we process your personal data” section above. The following external parties may for instance be involved:
If you are a participant in one of our events, we may disclose your personal data (eg your name and the company or entity you work for) to all attendees of this event. We may also share your personal data (eg job title and email address) with our sponsors if you provide us your consent to do so.
If our federation enters into a joint venture with or is sold to or merged with another entity, your information may be disclosed to our new partners or owners.
To achieve the objective of our processing as described above, we may transfer your personal data outside the European Economic Area (EEA). We transfer your personal data only to third parties outside the EEA when that country provides an adequate level of protection according to an adequacy decision issued by the European Commission or when the third party has agreed to provide appropriate safeguards that ensure your personal data is protected (within the limits permitted by the GDPR, eg by means of Standard Contractual Clauses). You can ask for more information and/or obtain a copy of those safeguards by sending us an e-mail ().
When an event you are subscribed to is organised outside the EEA, it may be necessary that a company located in a third country outside the EEA, requires access to your personal data to process and/or store these personal data (eg travel agency, hotel) where necessary for the performance of a contract with you or to take precontractual measures to execute your subscription to our event in the best possible way (article 49(b) or (c) GDPR).
In general, we will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Statement.
We reserve the right to disclose your personal data as required by law, or when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on us.
You can refuse the installation of cookies on your device. The ability to enable, disable and/or delete cookies can be completed in your browser. You can delete all cookies that are already on your device and you can set most browsers to prevent them from being placed. The settings are usually in the "options” or "preferences” menu of your browser. To understand them, the "Help” option in your internet browser or the following links may be helpful:
You can find more information about cookies at: www.allaboutcookies.org. Please note that turning off functional cookies might restrict your use of our website(s).
The Sites use the following types of cookies:
These cookies are used to gather statistics about your visit to the Sites to improve their performance and design ("web audience measuring”). They are first-party cookies, which means that we have complete control over the information collected through them. This data is anonymised, so we cannot identify you by processing it.
These cookies collect information about the number of times that you visit the Sites, how long a visit takes, etc.
The analytical cookie we use is Google Analytics, which expires after two years and allows us to gather statistics about the web pages visited.
We employ strict technical and organisational (security) measures to protect your personal data from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage both online and offline.
These measures include:
Although we use appropriate security measures once we have received your personal data, the transmission of data - especially over the internet (including by e-mail) - is never completely secure. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to us or by us.
We limit access to your personal data to those who we believe reasonably need to access that information in order to carry out their tasks.
We will retain your personal data for as long as:
For website visitors: the IP that we collect when you visit our Sites is retained for 90 days.
For information about the expiry dates of the cookies used on the Sites, please consult the cookie section.
Automated decisions are defined as decisions about individuals that are based solely on the automated processing of personal data and that produce legal effects that significantly affect the individuals involved.
As a rule, your personal data will not be used for automated decision-making. We do not base any decisions about you solely on automated processing of your personal data.
We hope that this Privacy Statement helps you understand, and feel more confident about, the way we process your data. If you have any further queries about this Privacy Statement, please contact us:
We may modify or amend this Privacy Statement in the future. Should this happen, the revised Privacy Statement will be posted on our website, and you may also be notified by e-mail.