At Lombard International Assurance S.A., we take personal data protection seriously and we are dedicated to protecting the confidentiality and privacy of information entrusted to us.
This Privacy Statement provides information on the processing of personal data by LOMBARD INTERNATIONAL ASSURANCE S.A with its offices at 4, rue Lou Hemmer, L-1748 Luxembourg, Grand Duchy of Luxembourg, and registered with the Luxembourg Trade and Companies Register under number B37604.
At Lombard International Assurance S.A., we collect such Personal data mainly by requesting it directly from the persons whose personal data we process. In some limited circumstances, personal data may come from others sources, mainly in the case of anti-money laundering research.
Personal data includes any information by which you may be directly or indirectly identified which may be held on paper, electronically or otherwise.
This Privacy Notice sets out:
We may modify or update this Privacy Notice from time to time. You will be able to see when we last updated our Privacy Notice by looking up the revision date shown below .
To whom does this privacy notice apply?
This Privacy Notice is applicable to the processing of all personal data of our customers and other persons interested in our products, our suppliers, service providers and professional partners (e.g. intermediaries, banks and investment managers), and prospects.
> Back to top
For which purposes do we process your personal data?
Lombard International Assurance S.A. may collect and process your personal data (including but not limited to the following categories of data: identification data, contact details, medical and health data, professional data, financial and tax information, health information, AML (Anti-Money Laundering) and CTF (Counter-Terrorist Financing) related data, voice recordings, computer device data such as IP address and logon details) for the following purposes:
- The processing is necessary in view of entering into or for the performance of a contract (e.g. insurance policy, service agreement);
- The processing is necessary for compliance with a legal obligation (e.g. disclosure to government institutions or supervisory authorities, AML/CTF checks);
- The processing is necessary for the purpose of the legitimate interests of the company (e.g. call recording to limit corporate liability when clarifying instructions over the phone).
- The processing is necessary to respond to your query(ies) submitted via our website contact form, email or any other means.
We may ask for your written consent before processing your personal data for a purpose other than those listed above. If you have given your consent for the processing of your personal data, you have the right to withdraw this consent at any time, without affecting the lawfulness of the processing based on consent before withdrawal.
We will not use your personal data for direct marketing purposes without your explicit prior consent. If, at any time, you decide not to receive any commercial or promotional information from us, you may, without having to provide any justification, opt-out of any direct marketing campaigns and oppose to the future processing of your personal data for such purposes by sending an email to the attention of our Marketing and Communication departments at email@example.com.
> Back to top
How long will we keep your personal data?
Your personal data can be retained for different periods of time, depending on the purposes of the processing and category of personal data, however it will always be retained in compliance with the applicable laws and/or regulations.
> Back to top
Who has access to your personal data?
1.1 Access to your personal data by our employees
Your personal data is available on a need to know basis within Lombard International Assurance S.A., and can only be accessed by the employees of the relevant internal departments to the extent necessary to fulfil their respective tasks and responsibilities. Our employees process your personal data in accordance with our policies and procedures to ensure an adequate level of security.
1.2 Access to your personal data by third parties
Depending on the purpose for the processing of your personal data, third parties may have access to your personal data when this is necessary for the provisioning of their products or services to Lombard International Assurance S.A. These third parties may be other group companies, banks, insurance companies, head-hunters/recruitment agencies, IT suppliers, service suppliers, financial, tax or legal advisors, auditors, IT forensic experts, partners or a regulatory or government body.
If your personal data is transferred to a recipient in a country that does not provide an adequate level of protection of personal data, Lombard International Assurance S.A. will transfer your personal data in compliance with the applicable laws (including Luxembourg professional secrecy law), as well as on the basis of appropriate and suitable safeguards such as EU Standard Contractual Clauses with these third parties.
1.3 Sub-processing of your Personal Data
Lombard International Assurance S.A. may use external providers (data processors) to process your personal data on its behalf. Lombard International Assurance S.A. shall only use processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of the General Data Protection Regulation and ensure the protection of your privacy. As data controller, Lombard International Assurance S.A. will ensure that processors act under its authority and only process personal data insofar as strictly necessary for the performance of the services contracted.
> Back to top
How do we secure your personal data?
Protecting your privacy is very important to us.
Lombard International Assurance S.A. has taken adequate safeguards to ensure the confidentiality and security of your personal data by implementing appropriate technical, physical and organisational measures to protect personal data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorised disclosure or access, and against all other forms of unlawful processing (including, but not limited to unnecessary collection) or further processing.
Lombard International Assurance S.A. is ISO/IEC 27001 certified.
> Back to top
How can you exercise your rights?
You have certain rights regarding your personal data.
You may exercise your right to request access to or rectification of and, as the case may be, erasure of any Personal Data relating to you, or to object to processing, or restriction of processing, as well as your right to data portability, in compliance with applicable data protection law, by sending a signed request form with a copy of your ID card, passport or other proof of identity to the attention of our Data Protection Officer (whose details are mentioned below).
> Back to top
Who can you contact?
If you have any questions related to your personal data or you have concerns regarding the way in which your personal data is processed by Lombard International Assurance S.A., please contact our Data Protection Officer at firstname.lastname@example.org or by post at the address of the company.
You can find more information about the privacy legislation on the website of the Luxembourgish Data Protection Authority (CNPD) at www.cnpd.public.lu.
We are committed to working with you to obtain a fair resolution of any concern about privacy. If, however, you believe that we do not comply with the applicable privacy rules, you have the right to lodge a complaint with the Luxembourg supervisory authority, the Commission Nationale de la Protection des Données, using the form available on the website: https://cnpd.public.lu/en/particuliers/faire-valoir/formulaire-plainte.html
; or any other competent EEA data protection authority.
> Back to top