Privacy Policy and Cookies
Preamble
We know that you care about your personal data and how it is used. You can trust SMERRA to use it with the utmost care. This Privacy Policy explains the type of personal data we collect, why we collect it, and how we use it. Please take the time to familiarize yourself with our privacy practices and let us know if you have any questions by sending us a message using this form.
Personal data: any information that can be used to directly or indirectly identify a specific individual.
Data processing: Personal data processing is an operation or set of operations performed on personal data (collection, extraction, adaptation, storage, etc.).
Data controller: The controller of personal data is, in principle, the person, public authority, company, or body that determines the purposes and means of the file and decides on its creation.
Purpose: The purpose of the processing is the main objective of the use of personal data. The data is collected for a specific and legitimate purpose and is not further processed in a manner incompatible with that initial purpose
Processor: The processor, within the meaning of the GDPR, is the natural or legal person (company or public body) that processes data on behalf of another body (the controller), as part of a service or provision
Sensitive data: This is information that reveals the alleged racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation. The European regulation prohibits the collection or use of such data, except in the following cases:
• If the data subject has given their express consent (active, explicit, and preferably written, which must be freely given, specific, and informed);
• If the information is clearly made public by the data subject;
• If it is necessary to save human life;
• If its use is justified by public interest and authorized by the CNIL;
• If it concerns members or subscribers of an association or political, religious, philosophical, political, or trade union organization.
Data breach: characterized by the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
Identity and contact details of the data controller
When you visit our website, the UITSEM group, as data controller, may collect your personal data in connection with the performance of your insurance contracts.
All personal data provided to or collected by SMERRA is controlled by the UITSEM group, 43 rue Jaboulay, 69007 Lyon, France.
Why and how is your personal data collected?
We may collect your data in various ways:
- Data you provide directly to us
- – Website
- – Personal account
- – Telephone
- Data we collect automatically (cookies)
- Data we collect from other sources (prospecting, partners)
You are not obliged to provide SMERRA with the personal data we request, but if you choose not to do so, we may not be able to provide you with our products and services, or a high quality of service, or respond to any requests. We only collect data that is strictly necessary for the purpose of data processing.
| Data processing and purpose | Legal basis | Data category | Recipient | Shelf life |
| Membership management: • Health • Student life • Insurance |
Performance of a contract Legitimate interests pursued by the data controller |
Identification data: surname, first name, date and place of birth, social security number Professional life: occupation and place of work Personal life: family situation Economic and financial information: income, bank account details, tax residence |
Employees and subcontractors authorized to manage them solely for the purposes of managing your contracts and services | 5 years from the end of the contract |
| Management of benefit reimbursements: • Insurance • Supplementary health insurance |
Performance of a contract Legitimate interests pursued by the data controller |
Identification data Professional life Personal life Economic and financial information Medical data |
Employees and subcontractors authorized to manage them solely for the purpose of reimbursing your services. | 5 years from the end of the contract |
| Claims management: insurance |
Performance of a contract Legitimate interests pursued by the data controller |
Identification data Professional life Personal life Economic and financial information |
Employees and subcontractors authorized to manage them solely in connection with the management of your claims | 5 years from the end of the contract |
| Beneficiary management | Performance of a contract Legitimate interests pursued by the data controller |
Identification data Economic and financial information |
Employees and subcontractors authorized to manage them solely for the purpose of managing your contracts. | 5 years from the end of the contract |
| Contact request: • Form • Personal space |
Consent Legal obligation (telephone recording) Performance of a contract |
Identification data Telephone recording |
Internal employees authorized to manage them solely for the purpose of managing your contracts and services | 5 years from the end of the contract |
| Cookie management | Consent | Connection data: IP, logs, etc. Browsing data |
Internal employees | 13 months |
How do we determine how long we keep your personal data?
We keep data for as long as necessary for the purposes for which it was collected and in accordance with applicable regulations. The length of time data is kept varies and depends on its nature, purpose, and the legal and regulatory requirements to which it is subject. These periods are based on legal requirements for legal action.
In this case, the initial retention period takes into account the term of your contract. The retention period begins at the end of the contract.
Under common law, Article 2224 of the Civil Code imposes a retention period of five years because “Personal or movable actions are time-barred after five years from the date on which the holder of a right knew or should have known the facts enabling them to exercise it. ”
With regard to your other data that is not in our possession, as the compulsory scheme was transferred to the CNAM in 2019, we invite you to submit a request to the latter for data concerning the compulsory health insurance scheme.
Cookie policy
When you visit our website, cookies are sent to your computer, tablet, or mobile device. Our cookie policy allows you to better protect yourself against cookies while understanding their usefulness.
You can accept or refuse cookies directly from our site by expressing your choice using the banner that appears at the bottom of your screen.
What is a cookie?
A cookie is a text file that the site you visit stores on your hard drive or in your browser’s RAM. It allows your computer to store various technical data such as the number of visits, the frequency of exposure to an advertising banner, and connections to other websites. It also allows you to personalize your future connections by remembering your choice of website language, your connection information, and your preferences.
Why does our website use cookies?
Our website collects cookies to ensure its proper functioning and to facilitate your browsing.
– Technical and navigation cookies: These cookies facilitate your navigation between the pages of our website and are necessary to enable you to benefit from certain features, such as the use of your user account. These cookies expire when you close your web browser.
– Audience measurement cookies: To measure the audience of our website, we collect information such as the amount of time you spend on our website, which buttons you click on, and how you arrived at the website (referring sites, social networks, search engines, etc.). These cookies enable us to measure the effectiveness of our interactive content and improve our services.
– Cookies placed by third parties: These are cookies placed by third-party companies. Our site uses the FAZAE hosting service, which automatically integrates some third-party cookies. These third-party companies collect cookies to feed their advertising targeting systems.
– Social media cookies: Cookies may also be used on sites that offer the possibility of sharing our content, particularly social media sites. Cookies placed by social media sites are their sole responsibility. You can view the privacy policies of each of these sites at the following addresses:
• Facebook: https://www.facebook.com/about/privacy/
• Instagram: https://privacycenter.instagram.com/policy/
• YouTube and Google+: https://www.google.fr/intl/fr/policies/privacy/
• LinkedIn: https://www.linkedin.com/legal/privacy-policy
Cookie retention period
The cookies we collect are stored for a maximum period of 13 months.
Necessary
Necessary cookies are crucial for the basic functions of the website, and the website will not function as intended without them.
These cookies do not store any personally identifiable data.
| Cookie | Duration | Description |
|---|---|---|
| _pk_id.17.27d6 | 1 an 27 jour | Matomo utilise ce cookie pour stocker l’identifiant unique de l’utilisateur. |
| _pk_ses.17.27d6 | 30 minute | Matomo utilise ce cookie pour stocker un identifiant de session unique afin de recueillir des informations sur la manière dont les utilisateurs se servent du site web. |
| _pk_testcookie_domain | Moins d’une minute | <p>CookieYess utilise ce cookie pour vérifier si le navigateur du visiteur prend en charge les cookies. Il est directement supprimé après création.</p> |
| _pk_id.24.a80d | 1 an 27 jour | <p>Matomo utilise ce cookie pour stocker l’identifiant unique de l’utilisateur.</p> |
| _pk_ses.24.a80d | 30 minute | <p>Matomo utilise ce cookie pour stocker un identifiant de session unique afin de recueillir des informations sur la manière dont les utilisateurs se servent du site web.</p> |
| laravel_session | 2 heure | <p>laravel utilise laravel_session pour identifier une instance de session pour un utilisateur, ceci peut être modifié</p> |
| PHPSESSID | session | Ce témoin est natif des applications PHP. Le témoin stocke et identifie un identifiant de session unique d’un utilisateur afin de gérer les sessions d’utilisateurs sur le site Internet. Ce témoin est un témoin de session et sera supprimé lorsque toutes les fenêtres du navigateur seront fermées. |
| AWSALBCORS | 7 jour | Amazon web Services utilise ce témoin pour l’équilibrage des charges. |
| cookieyes-consent | 1 an | CookieYes place ce témoin pour mémoriser les préférences des utilisateurs en matière de consentement afin que leurs préférences soient respectées lors des visites ultérieures de ce site. Il ne collecte ni ne stocke aucune information personnelle sur les visiteurs du site. |
| csrftoken | 1 an | <p>Ce cookie est associé à la plateforme de développement web Django pour Python. Utilisé pour aider à protéger le site web contre les attaques de type Cross-Site Request Forgery.</p> |
| attribution_user_id | 1 an | <p>Ce cookie est mis en place par Typeform pour les statistiques d’utilisation et est utilisé dans le contexte des questionnaires pop-up et de la messagerie du site web.</p> |
| AWSALB | 7 jour | AWSALB est un cookie d’équilibreur de charge d’application défini par Amazon Web Services pour faire correspondre la session à la cible. |
| _pk_ref.17.27d6 | 6 mois | <p>Matomo utilise ce cookie pour stocker un identifiant de session unique afin de recueillir des informations sur la manière dont les utilisateurs se servent du site web.</p> |
Functional
Functional cookies enable certain features such as sharing website content on social media platforms, collecting feedback, and other third-party features.
| Cookie | Duration | Description |
|---|---|---|
| AWSALBTGCORS | 7 jour | <p>Typeform enregistre quel groupe de serveurs sert le visiteur. Ceci est utilisé dans le contexte de l’équilibrage de charge afin d’optimiser l’expérience utilisateur.</p> |
| tf_respondent_cc | 6 mois | <p>Description pas encore disponible</p> |
| AWSALBTG | 7 jour | <p>Typeform enregistre quel groupe de serveurs sert le visiteur. Ceci est utilisé dans le contexte de l’équilibrage de charge afin d’optimiser l’expérience utilisateur.</p> |
| _os_session | 14 jour | <p>Ce cookie protège le widget Opinion Stage contre les attaques de robots telles que la falsification des réponses de l’utilisateur. Il ne contient aucune information spécifique à l’utilisateur.</p> |
| remember_82e5d2c56bdd0811318f0cf078b78bfc | passé(e) | <p>Utilisé pour enregistrer le compte utilisé et ne pas avoir à se reconnecter pendant une certaine période.</p> |
| _hjAbsoluteSessionInProgress | 30 minute | Hotjar définit ce témoin pour détecter la première session de consultation de page d’un utilisateur, qui est un indicateur Vrai/Faux défini par le témoin. |
| mx_t | 1 an 1 mois 4 jour | <p>Ce cookie est défini par le fournisseur Mixcloud. Ce cookie est utilisé pour l’implémentation de fichiers audio sur le site web. Il permet d’intégrer le lecteur audio de Mixcloud.</p> |
| chid | session | <p>Ce cookie est défini par le fournisseur Mixcloud. Ce cookie est utilisé pour l’implémentation de fichiers audio sur le site web. Il permet d’intégrer le lecteur audio de Mixcloud.</p> |
| VISITOR_PRIVACY_METADATA | 5 mois 27 jour | <p>Ce cookie fait actuellement l’objet d’un examen et sa finalité est en cours d’attribution. Une fois cette étape franchie, la présente description sera mise à jour en conséquence.</p> |
Analytical
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on the number of visitors, bounce rate, traffic source, etc.
| Cookie | Duration | Description |
|---|---|---|
| _ga | 1 an 1 mois 4 jour | Google Analytics utilise ce témoin pour calculer les données relatives aux visiteurs, aux sessions et aux campagnes et suivre l’utilisation du site pour le rapport d’analyse du site. Le témoin stocke les informations de manière anonyme et attribue un numéro généré de manière aléatoire pour reconnaître les visiteurs uniques. |
| _gid | 1 jour | Google Analytics utilise ce témoin pour stocker des informations sur la façon dont les visiteurs utilisent un site Internet tout en créant un rapport d’analyse des performances du site. Certaines des données collectées comprennent le nombre de visiteurs, leur source et les pages qu’ils visitent de manière anonyme. |
| _gat_UA-* | 1 minute | <p>Google Analytics définit ce cookie pour le suivi du comportement des utilisateurs.</p> |
| _fbp | 3 mois | Facebook définit ce témoin pour afficher des publicités lorsque vous êtes sur Facebook ou sur une plateforme numérique alimentée par la publicité de Facebook après avoir visité le site Internet. |
| _hjIncludedInSessionSample_838428 | 2 minute | <p>Hotjar définit ce cookie pour déterminer si un utilisateur est inclus dans l’échantillonnage de données défini par la limite de session quotidienne de votre site.</p> |
| _hjSessionUser_* | 1 an | <p>Hotjar définit ce cookie pour s’assurer que les données des visites ultérieures sur le même site sont attribuées au même identifiant d’utilisateur, qui persiste dans l’identifiant d’utilisateur Hotjar, qui est unique pour ce site.</p> |
| _hjFirstSeen | 30 minute | Hotjar définit ce témoin pour identifier la première session d’un nouvel utilisateur. Il stocke la valeur vrai/faux, indiquant si c’était la première fois que Hotjar voyait cet utilisateur. |
| _hjSession_* | 30 minute | <p>Hotjar définit ce cookie pour s’assurer que les données des visites ultérieures sur le même site sont attribuées au même identifiant d’utilisateur, qui persiste dans l’identifiant d’utilisateur Hotjar, qui est unique pour ce site.</p> |
| _gat_gtag_UA_* | 1 minute | <p>Google Analytics utilise ce cookie pour stocker l’identifiant unique de l’utilisateur.</p> |
| _ga_* | 1 an 1 mois 4 jour | <p>Google Analytics utilise ce cookie pour stocker et compter les pages vues.</p> |
| _hjTLDTest | session | Pour déterminer le chemin d’accès le plus générique qui doit être utilisé à la place du nom d’hôte de la page, Hotjar définit le cookie _hjTLDTest pour stocker différentes alternatives de substrats d’URL jusqu’à ce qu’il échoue. |
| _gat | 1 minute | Google Universal Analytics utilise ce témoin pour limiter le nombre de requêtes et donc la collecte de données sur les sites à fort trafic. |
| CONSENT | 2 an | YouTube place ce témoin par le biais des vidéos YouTube intégrées et enregistre des données statistiques anonymes. |
Advertising
Advertising cookies are used to provide visitors with personalized advertisements based on previously visited pages and to analyze the effectiveness of the advertising campaign.
| Cookie | Duration | Description |
|---|---|---|
| uuid2 | 3 mois | Le cookie uuid2 est défini par AppNexus et enregistre des informations qui permettent de différencier les appareils et les navigateurs. Ces informations sont utilisées pour repérer les publicités diffusées par la plateforme et évaluer les performances des publicités et le paiement de leurs attributs. |
| anj | 3 mois | <p>AppNexus met en place le cookie anj qui contient des données indiquant si un ID de cookie est synchronisé avec les partenaires.</p> |
| test_cookie | 15 minute | doubleclick.net place ce témoin pour déterminer si le navigateur de l’utilisateur accepte les témoins. |
| rl_page_init_referrer | jamais | <p>Rudderstack définit ce cookie, qui est utilisé pour mémoriser les actions effectuées sur le site web.</p> |
| rl_user_id | jamais | <p>RudderStack utilise ce cookie pour stocker un identifiant d’utilisateur unique à des fins de marketing et de suivi.</p> |
| rl_page_init_referring_domain | jamais | <p>Rudderstack définit ce cookie, qui est utilisé pour mémoriser les actions effectuées sur le site web.</p> |
| rl_group_id | jamais | <p>RudderStack place ce cookie pour collecter les activités des utilisateurs sur le web.</p> |
| rl_group_trait | jamais | <p>Rudderstack définit ce cookie, qui est utilisé pour mémoriser les actions effectuées sur le site web.</p> |
| rl_trait | jamais | <p>Rudderstack définit ce cookie, qui est utilisé pour mémoriser les actions effectuées sur le site web.</p> |
| rl_anonymous_id | jamais | <p>RudderStack utilise ce cookie pour stocker des données statistiques sur le comportement des utilisateurs sur le site web, qui peuvent être utilisées à des fins d’analyse interne par l’opérateur du site web.</p> |
| YSC | session | YouTube place ce témoin pour suivre les vues des vidéos intégrées dans les pages YouTube. |
| VISITOR_INFO1_LIVE | 5 mois 27 jour | YouTube utilise ce témoin pour mesurer la bande passante et déterminer si l’utilisateur obtient la nouvelle ou l’ancienne interface du lecteur. |
| yt-remote-device-id | jamais | YouTube utilise ce témoin pour enregistrer les préférences de l’utilisateur en matière de vidéo lorsque des vidéos YouTube sont intégrées. |
| yt-remote-connected-devices | jamais | YouTube utilise ce témoin pour enregistrer les préférences de l’utilisateur en matière de vidéo lorsque des vidéos YouTube sont intégrées. |
| yt.innertube::requests | jamais | YouTube utilise ce témoin pour enregistrer un identifiant unique afin de stocker des données sur les vidéos de YouTube que l’utilisateur a vues. |
| yt.innertube::nextId | jamais | YouTube utilise ce témoin pour enregistrer un identifiant unique afin de stocker des données sur les vidéos de YouTube que l’utilisateur a vues. |
With whom do we share your personal data?
The UITSEM group may share your personal information internally and with selected third parties. For example, we may share your personal information with third-party service providers, other third parties, partners, or for legal disclosure purposes.
• Third-party service providers: In order to fulfill your requests, respond to your inquiries, process your contracts, allow you to participate in contests, and provide you with other features, services, and materials on our sites, we share your personal data with third-party service providers who perform functions on our behalf. These are companies that: host or operate sites, make payments, analyze data, provide customer service, postal or delivery services. They have access to the personal information necessary to perform their functions but may not use it for other purposes. In addition, they must process this personal information in accordance with this Privacy Policy and in compliance with applicable data protection laws and regulations.
List of service providers: Sogecommerce
• Legal disclosure. We may transfer and disclose your personal data to third parties
– To comply with a legal obligation;
– At the request of government authorities conducting an investigation;
– To verify or enforce our “Terms of Use” or other applicable policies
– To detect and protect against fraud, or any technical or security vulnerability;
– To respond to an emergency; to protect the rights, property, safety, or security of third parties, visitors to UITSEM Group websites
International data transfers
The UITSEM Group shares personal data internally or with third parties for the purposes described in this Privacy Policy.
The UITSEM Group will only transfer personal data collected in the European Economic Area (EEA) to foreign countries in situations such as:
• Following your instructions;
• Complying with a legal obligation
• Working with our partners and advertisers who we use to help us manage our group and our services.
If we need to transfer personal data outside the EEA, the UITSEM Group will ensure that it is protected in the same way as within the EEA. We will use one of the following safeguards:
• Transfer to a country outside the EEA whose privacy legislation guarantees an adequate level of protection of personal data as in an EEA country;
• Enter into a contract with the foreign third party that requires it to protect personal data according to the same standards as the EEA
• Transfer personal data to organizations that are part of specific agreements relating to cross-border data transfers with the European Union (e.g., the Privacy Shield is a framework that defines the standards of confidentiality for data transferred from European Union countries to the United States).
How do we protect your personal data?
The UITSEM Group takes the security of your personal data very seriously. We strive to protect your personal data from any data breaches: misuse, interference, loss, unauthorized access, modification, or disclosure.
Our measures include implementing appropriate access controls and investing in the latest information security capabilities to protect the IT environments we operate.
Access to your personal data is only permitted among our employees and agents on a need-to-know basis and is subject to strict contractual confidentiality obligations when the data is processed by third parties.
What are your rights?
In accordance with the amended French Data Protection Act of January 6, 1978, and European Regulation No. 2016/679/EU of April 27, 2016, you may access your personal data, correct it, request its deletion, or exercise your right to data portability or to restrict the processing of your data.
You may also withdraw your consent at any time. To exercise these rights or if you have any questions about the processing of your data in this system, you can contact our Data Protection Officer (DPO) electronically by following this link.
If, after contacting us, you feel that your data protection rights have not been respected, you can lodge a complaint with the French Data Protection Authority (CNIL) either via the following URL: https://www.cnil.fr/fr/plaintes, or by email at the following address: 3 place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07
You can opt out of tracking your browsing on this website. This will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.
How do we update this privacy policy?
Updates to this Privacy Policy incorporate customer feedback and changes to our products and services, where appropriate. When we make changes to this statement, we will revise the “last updated” date at the top of this document. If the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of changes to the Privacy Policy). We will also archive previous versions of this Privacy Policy for your review.
Processing of telephone calls
The information collected by UITSEM is processed exclusively by authorized internal personnel. The purpose of this processing is to continuously improve our services. This data will be kept for as long as necessary for this purpose. In accordance with the amended French Data Protection Act of January 6, 1978, and European Regulation No. 2016/679/EU of April 27, 2016, you may access your personal data, correct it, request its deletion, or exercise your right to data portability or to restrict the processing of your data. You may also withdraw your consent at any time. To exercise these rights or if you have any questions about the processing of your data in this system, you can contact our Data Protection Officer (DPO) electronically by following this link.
If, after contacting us, you feel that your data protection rights have not been respected, you can lodge a complaint with the French Data Protection Authority (CNIL) either via the following URL: Online complaints | CNIL, or by email at the following address: 3 place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07.