GDPR

GDPR - Personal Data Protection Statement

Pursuant to the Data Protection Regulation (in particular the European Data Protection Regulation of April 27, 2016, hereinafter "GDPR") and national data protection laws, SMA Neutra wishes to clarify its data protection practices.

The data we collect is necessary for the performance of the insurance contract between you and SMA Neutra.

Data Controller & Data Protection Officer

The mutual insurance company “Neutra” (hereinafter referred to as SMA Neutra), located at Rue de Joie 5, 4000 Liège, company number 0472.020.311, acts as Data Controller insofar as Neutra determines the means and purposes of the Processing.

SMA Neutra is an insurance company approved by the Office for the Supervision of Mutual Insurance Companies and National Unions of Mutual Insurance Companies, by decisions of November 23, 2011, and June 24, 2013, to offer health insurance within the meaning of Branch 2 of Annex 1 of the Royal Decree of February 22, 1991, laying down general regulations on the supervision of insurance companies, as well as to provide supplementary cover for risks relating to assistance as referred to in branch 18 of Annex 1 of the aforementioned Royal Decree, under code number OCM 250/02.

In accordance with the GDPR, SMA Neutra has appointed a Data Protection Officer (DPO) whose mission is to inform all data subjects about the processing of their personal data and to ensure compliance with the applicable regulations in this area.

You can contact our DPO for any questions relating to the processing of your personal data and the exercise of your rights.

Contact details:

• Email: protection_donnees@neutrassur.be ;
• Postal address: Rue de Joie 5 à 4000 Liège.

What data is processed?

Depending on the services you use, SMA Neutra collects and processes the following data:

• identification data (national registration number, first and last name(s), date of birth, nationality);
• contact details (email address, residence);
• financial data (bank account);
• sex, gender;
• date of death;
• social data from the Crossroads Bank;
• sensitive health-related data (physical health, mental health, data relating to care).

Why are your data processed?

SMA Neutra processes your data in order to register you as an insured person and/or policyholder in our databases and manage customer relations (contact you; provide you with information; create a customer file) and execute the hospitalisation and/or dental care insurance contract and provide you with the requested services.

Your data is also processed for the following purposes:

• managing your contacts with our services, regardless of the channel used;
• improving the quality of our services, including fraud prevention;
• complying with our legal obligations as an insurer, in particular with regard to the Office of Mutual Insurance Control.

In certain cases, for direct marketing purposes, in particular to send you newsletters, but only when you have given your explicit consent to this effect.

What are the legal bases for processing your data?

In the context of managing your health insurance contracts, the data processed by SMA Neutra is based on Article 9.2 a) of the European Regulation, i.e. on your consent.

We also rely on the performance of the contract concluded with you for your personal data, in order to perform the contract or when your data is used in accordance with our legitimate interests and your rights and freedoms.

We are also required to disclose certain data to the competent authorities.

We also rely on the following specific legislation:

• Law of August 6, 1990, on mutual insurance companies and national unions of mutual insurance companies;
• Law of April 4, 2014, on insurance;
• Law of March 13, 2016, on the status and supervision of insurance and reinsurance companies.

What are our sources of information?

The data concerning you mainly comes from:

• from yourself, your legal representative, or any person authorized by you;
• from healthcare providers (hospitals, doctors, etc.) that you have consulted, particularly through the third-party payment system;
• from the Crossroads Bank for Social Security and any other public administration involved in social security matters;
• your health insurance fund or the National Union of Neutral Health Insurance Funds, with which you have agreed that we may contact them directly in order to optimize your reimbursements based on the data they have received in the context of compulsory and supplementary insurance.

Who processes your data?

Your data is processed by authorized personnel who are contractually bound by confidentiality and professional secrecy obligations. IT security measures are also in place to ensure the confidentiality, integrity, and availability of your data.​

To whom may your date be communicated?

Your personal data may be shared with:

• your legal representatives (including provisional administrators) or your representative (professional advisor, lawyer, mediator, etc.) who has been granted power of attorney;
• your mutuality;
• our medical advisor;
• to hospitals with which SMA Neutra has signed a collaboration agreement, in order to avoid the payment of a deposit and to ensure the application of the third-party payment system;
• to the Health Insurance Control Office and other authorized legal bodies, within the framework of their legal control missions;
• to our company auditor, our external and internal auditors, and the Insurance Ombudsman, all of whom are bound by a confidentiality obligation;
• to our lawyers and the courts in the event of litigation or (extra-)judicial proceedings;
• to our bailiff in the event of debt collection and to your creditors in the context of enforcement proceedings;
• to a duly authorized third party (law, contract, authorization, consent);
• to third parties who perform services on our behalf and provide us with IT, financial, postal, and other services, etc

We may also disclose your personal data in order to comply with our legal requirements or in the context of legal proceedings. However, your personal data is neither sold nor rented to third parties.

Who are our subcontractors?

SMA Neutra mainly uses the following subcontractors:

• Mutual-IT, Squareflow & Sagacify for IT management and maintenance;
• the medical advisor;
• your mutuality ;
• our law firm and bailiff;
• Speos for managing some of our correspondence;
• XeniT for document digitization;
• BDO for internal auditing function.

Are your data transferred to countries outside the EEA?

Your data may be transferred abroad if this is:

• necessary for the performance of measures prior to the conclusion of the contract, taken at your request;
• necessary to protect your vital interests;
• necessary for the conclusion or performance of a contract concluded or to be concluded with a third party, in your interest.

How long are your data retained?

Since the need to retain data depends on the type of data and the purpose of the processing, retention periods may vary.

To give you a general overview, your identification data is retained from your first contact with SMA Neutra with a view to taking out a policy until five years after the end of your insurance contract, regardless of the reason for the termination of the contractual relationship.

Health-related data is always retained for 30 years after your last contact with SMA Neutra.

What are your rights?

In accordance with the law, you have the right to obtain confirmation that your data is being processed by SMA Neutra and the right to access it.

To do so, you can send a written, dated, and signed request to our DPO, attaching a copy of both sides of your identity card.

Provided that your rights do not conflict with the contractual and legal obligations to which SMA Neutra is subject, you also have the right, with regard to data concerning you:

• to request the rectification of any inaccurate or incomplete data;
• to request the deletion of any data;
• to object to the processing of data;
• to digital oblivion (right to erasure);
• to limit the processing of your data;
• not to be subject to automated decision-making, including profiling.

In case of disagreement, you always have the option of contacting the Data Protection Authority (APD), located at Rue de la Presse 35, 1000 Brussels, or via the website http://www.autoriteprotectiondonnees.be/.

Are you subject to automated decisions, including profiling?

No.