Who are we?


We are Globality S.A. We have our registered office at Luxembourg and our principal place of business at 1 A, rue Gabriel Lippmann, L-5365 Munsbach. We are registered with the Luxembourg Trade and Companies Register under number B 134.471

In the context of our activities, we collect, hold, disclose and/or otherwise process personal data. Pursuant to applicable data protection and privacy legislation, we qualify as the controller with respect to the personal data that we process.

 

We know your privacy is important to you


We value your right to privacy and strive to protect your personal data in accordance with applicable data protection legislation and more specifically with the General Data Protection Regulation (“GDPR”) and its national implementing legislation.

In this Privacy Policy we set forth how we collect your personal data, how and for what purposes we may use your personal data and to whom your personal data may be disclosed by us. Further, this Privacy Policy includes important information regarding your rights with respect to the processing of your personal data. Therefore, we encourage you to read this Privacy Policy very carefully.

From time to time, we may need to change this Privacy Policy. The most recent version of this Privacy Policy is available on our website https://myglobality.globality-health.com/privacy. We encourage you to regularly review this Privacy Policy. You may also ask us to send you a copy of the most recent version of this Privacy Policy.

Attention: By using our products, services and/or our website and by sharing your personal data with us, you acknowledge that your personal data will be processed in the manner as described in this Privacy Policy.

Note: this does not constitute your ‘consent’ to the processing of your personal data. We do not process your personal data on the basis of your consent, unless specifically indicated.

 

Whose personal data do we collect?


In the context of our services, we may collect personal data relating to our customers, their family members or visitors of our website.

 

How do we collect personal data relating to you?


We may collect information about you in various ways:

  • directly from you, for example by sending us claims, letters, invoices, emails;
  • directly from you when you visit our website http://www.globality-health.com/en which may include information you provide to us by means of contact forms and quick quotes on that website;
  • from third parties, for example:
    • insured family members;
    • your employer or your broker, if the insurance contract is concluded and maintained with his involvement, in order to determine whether insurance claims filed at a later stage by employees are covered;
    • in certain cases, medical services providers and their staff, for health data; and
    • other insurance companies and statutory health insurance institutions for insurance data when you have consented to such release of information;
    • otherwise, for example when you visit our website http://www.globality-health.com/en, web portals or mobile application by means of cookies.

 

What personal data do we collect and for what purposes do we use your personal data?


You will find in the table below an overview of the personal data that we may collect from you, as well as the related purposes and legal basis justifying the processing of these data.

Personal data Purposes Legal basis
Identification and contact information (name, age, (future) address, telephone number, email address, or other contact details)

Insurance, bank, credit and asset details pertaining to the policy holder, the insured and/or the beneficiaries of the insurance contract.
To answer a request from you; to provide you with a quick quote; to be able to establish and grant you the insurance cover; Necessity to take steps at your request prior to entering into a contract
For the performance of the insurance contract (i.e. including to provide insurance cover or to pay for a claim, to manage the risk associated to the insurance coverage through reinsurance, etc.); for the provision of related assistance services, advice and support (including contacting a repatriation service provider, assisting in finding an appropriate medical services provider, etc.). Necessity to perform the insurance contract
For the purposes of the legitimate interests that Globality S.A. pursues, including ensuring IT security and IT operations, carrying out marketing activities, market surveys and questionnaires, and preventing and investigating punishable offenses. Our legitimate interest to improve our services and protect our assets.
Fraud detection, anti-money laundering rules and regulatory requirements applicable to insurance companies, including the requirements of the law of 7th December 2015 on the insurance sector, as amended. Necessity to comply with a legal obligation to which we are subject
 
Health data To grant you the insurance cover;
For the performance of the insurance contract (i.e. including to provide insurance cover or to pay for a claim, to manage the risk associated to the insurance coverage through reinsurance, etc.);
For the provision of related assistance services, advice and support (including contacting a repatriation service provider, assisting in finding an appropriate medical services provider, etc.).
Your explicit consent.

 

As indicated above, for the processing of your health data, we rely upon your consent. You have the right to withdraw that consent at any time. You may do so by either addressing a registered letter to the Data Protection Officer of Globality S.A. at 1 A, rue Gabriel Lippmann, L-5365 Munsbach or by email to dataprotection@globality-health.com.

In case you withdraw your consent, you have to understand that we may not be able to provide you with our services anymore. This is because your health data are essential for the performance of the insurance contract. Withdrawing your consent may therefore make it impossible for us to perform our obligations.

 

With whom do we share your personal data?


In the context of the purposes as listed above, we may share your personal data with third parties, such as:

  • hospitals, clinics or other medical institutions;
  • service providers, including group companies, reinsurer, banks, auditors and legal advisors;
  • regulatory or judicial authorities (together ‘the Recipients’).
  • Information about the identity and registered office of these Recipients is available from Globality S.A. upon request at any time.

Some of these Recipient may be located outside the European Economic Area (EEA), including in countries that do not offer a level of protection that is equivalent to the protection afforded in the EEA (‘Non-Adequate Country’). Transfer of your personal data to these Recipients may however be necessary for the provision of assistance services, advice and support in a Non-Adequate Country in which you require health insurance cover, support and assistance.

When possible, Globality S.A. has or will enter into appropriate contractual arrangements with Recipients located in Non-Adequate Countries, in order to guarantee adequate safeguards for the processing and protection of personal data. A copy of such agreements may be consulted at the registered office of Globality S.A.

If Globality could not enter into appropriate contractual arrangement, transfer to a Recipient located in a Non-Adequate Country shall only be made on one of the following basis:

  • when necessary for the performance of your insurance contract;
  • when necessary for the performance of a contract concluded in your interest between us and that Recipient; or
  • when necessary to protect your vital interests or the vital interests of another individual (for example, a family member).

 

As an exception, if none of the above applies, we will request your explicit consent for such transfer. Our request will be addressed to you separately, prior to the transfer. In all cases, health data shall only be transferred by Globality S.A. in compliance with specific medical secrecy and related provisions.

Your personal data and/or person profiles shall not be rented, nor sold to third parties without your prior explicit consent.

Withdrawing your consent for processing your data to third party providers may lead to the termination of your insurance contract.

 

How long do we store your personal data?


Your personal data will not be stored for longer than is necessary in relation to the purposes for which we process them (we refer to the purposes as listed above in paragraph "5 What personal data do we collect and for what purposes do we use your personal data?"). Only where we are legally obliged to, or where this is necessary for defending our interests in the context of judicial proceedings (e.g. in case of a dispute), we will store the personal data for longer periods.

More specifically, we will store all insurance policy and supporting documents for 10 years starting with the termination of the insurance policy.

 

How do we protect your personal data?


We will implement the necessary administrative, technical and organisational measures for ensuring a level of security appropriate to the specific risks that we have identified. We protect your personal data against destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed. More specifically, we have taken the following measures:

  • Communications between your browser and our server are secured;
  • Our systems are secured, protected by firewalls and regularly maintained;
  • We also perform regular vulnerability checks;
  • We have implemented appropriate right of access for each user.

Further, we seek to ensure that we keep your personal data accurate and up to date. In view thereof, we kindly request you to inform us of any changes to your personal data (such as a change in your contact details).

 

What are your rights and how you can exercise them?


You have the right to:

  • information about and access to your personal data;
  • rectify your personal data;
  • erasure of your personal data (‘right to be forgotten’);
  • restriction of processing of your personal data;
  • object to the processing of your personal data;
  • receive your personal data in a structured, commonly used and machine readable format and to (have) transmit(ted) your personal data to another organization.

To read more about these rights, and circumstances under which you can use these rights, in particular your right to object, please refer to the Annex to this Privacy Policy. Globality S.A. may also be contacted by mail at its registered office indicated on its letterhead or by e-mail at dataprotection@globality-health.com.

Finally, you have the right to lodge a complaint with the competent data protection authority relating to the processing of your personal data by us. You may, for example, lodge a complaint to the data protection authority of Luxembourg (where Globality S.A. is established) or of your country of residence:

  • Luxembourg: Commission Nationale pour la Protection des Données or Nationale Kommission für den Datenschutz,
  • Germany: Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit,
  • UK: The Information Commissioner’s Office,
  • Spain: Agencia de Protección de Datos.

 

Use of cookies


We use certain cookies on our public website http://www.globality-health.com/en, web portals, mobile application. Some of them are essential to make our website, web portals and mobile application work, others serve to provide you a better, faster and safer user experience.

Cookies are small pieces of data that are stored on your computer or mobile device via your browser. On our website, web portals and mobile application, we use the following cookies:

  • JSESSIONID
    Type :  Necessary/technical cookie
    Purpose :  This cookie is indispensable for the functioning of our website, web portals, mobile application and allows you to use certain parts of it. For instance, it allows you to navigate between the different parts of the website, web portals, mobile application], to fill in forms, etc. If you refuse the use of session cookies you cannot access our website, web portals, mobile application. If you refuse the use of session cookies you cannot access our website, web portals, mobile application.
    Storage period :  30 minutes with logout
  • NSC_xxxxxxx
    Type :  Necessary/technical cookie
    Purpose :  This cookie allows us to keep the load balancer to choose and keep the best routing for you on our website, web portals, mobile application. If you refuse the use of session cookies you cannot access our website, web portals, mobile application.
    Storage period :  30 minutes
  • Globme and globrem
    Type :  Logging/functional cookie
    Purpose :  This cookie remembers the user name in the login form from the Web Portal.
    Storage period :  1 year
  • 5115fbafa38d13ee39ab661224008a0c, 9e4f072e576f9756bb40d9955b4182a0, b0cc320a6bc41736dfa711c25f4182a0t, 6724acd8688a2a91fb2606f28b4182a0, b02053a8d6cd21009d633f65f4182a0, ce4d4b70f0ede21448ff22a28b4182a0
    Type :  Preference/functional cookie
    Purpose :  This cookie makes it easier for our website, web portals, mobile application to work, makes it more pleasant for visitors, and ensures that you have a more personalised browsing experience. For example, these cookies can remember your language preferences.
    Storage period :  6 months
  • Globconsent, cookieconsent_dismissed
    Type :  Consent/functional
    Purpose :  These cookies remember the consent on the web application
    Storage period :  1 day
  • _ga, _gid, _utm*
    Type :  Analytical cookies
    Purpose :  This cookie allows us to recognize the visitors of our website, web portals, mobile application, to count the number of visitors and to identify the way in which they navigate. This allows us to improve the user navigation and to ensure that visitors can faster and easier find what they need.
    Storage period :  Up to 24 months

 

Please note that Google Analytics may be used without the prior consent of the website user, but only if certain conditions are met: (i) a data processing agreement is entered into with Google; (ii) the IP address of the website user is partly redacted; (iii) you do not share further information with Google; and (iv) you do not use Google Analytics in combination with other Google services. If this is the case, you must include this information in this paragraph of the Privacy Policy.

 

How can you manage / delete these cookies?


All major internet browsers offer the option to manage the cookies that were installed on your computer or mobile device.

In case you do not wish that this website, web portals, mobile application places cookies on your computer / mobile device, you may limit or delete these easily by adjusting you mobile or browser settings. In addition, you can set you mobile or browser settings in such a way that you get a notification every time you receive a cookie on your computer or mobile device, so that you can decide whether you wish to accept this cookie or not.

Please note that when you disable certain cookies of which we are making use, the possibility exists that certain parts of our website, web portals, mobile application will no longer function properly and you will no longer enjoy an optimal user experience.

 

Contact


If you have any questions, comments or complaints in relation to this Privacy Policy or the processing of your personal data by us, please feel free to contact us at by regular mail at our registered office indicated on the letterhead or by e-mail at dataprotection@globality-health.com.

 

Annex


Right to information and right to access your personal data

You may at any time request more information on our processing activities and the personal data that we are keeping from you.

Right to rectification of inaccurate or incomplete personal data of

You have the right to require us to , without undue delay, rectify or complete any of your personal data that is inaccurate or incomplete.

Right to deletion of your personal data (‘right to be forgotten’)

You may request us to delete (part of) your personal data in the following situations:

  • when the processing is no longer necessary for achieving the purposes for which they we collected or otherwise processed these; or
  • when the processing was based on your consent and you have decided to withdraw that consent;
  • when you have other reasonable grounds to object to the processing of your personal data;
  • when we would unlawfully process your personal data;
  • when your personal data have to be erased in compliance with a legal obligation directed to us.

We note that in some case, we may refuse to delete your personal data: (i) for exercising the right of freedom of expression and information; (ii) for compliance with a legal obligation; or (iii) for the establishment, exercise or defence of legal claims.

Right to restriction of processing

You may request us to (temporarily) restrict the processing of your personal data in the following situations:

  • when you have contested the accuracy of your personal data, for a period enabling us to verify this accuracy; or
  • when the processing appears to be unlawful and you request us the restriction of use of your data instead of the deletion of this data; or
  • when we no longer need the personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims; or
  • pending verification whether our legitimate grounds override yours in the framework of an objection.
Right to object to the processing of your personal data

You may under certain circumstances object to the processing of your personal data, when such processing is based on our “legitimate interests”. If we agree, we will no longer process your personal data, unless we have compelling legitimate grounds to do so, or because such a processing is necessary. Where we process your personal data for direct marketing purposes, you may at any time object to the processing thereof or withdraw your consent thereto. You also have the right not to be subject to direct marketing purposes.

Right to data portability

In some cases, you have the right to receive all your personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. This right applies: in case the processing is based on consent or on the necessity for the performance of a contract; and in case the processing is carried out by automated means.