ARK Capital, is a Société par Actions Simplifiée (simplified joint stock company) of insurance brokerage and investment advice with a capital of 10,000 euros, having its registered office at 7bis Rue Jeanne d’arc – 76000 Rouen and registered with the Rouen Trade and Companies Register under number 905 252 847.
ARK Capital is committed to complying with the legislation in force in France and in Europe (Regulation 2016/679 of 27 April 2016), to ensuring the protection, confidentiality and security of personal data, as well as to ensuring respect for privacy.
This Personal Data Protection Policy (hereinafter “the Policy”) describes how ARK Capital collects and processes the personal data of ARK Capital and all other persons affected by the processing carried out by ARK Capital.
The Policy also sets out the legal basis on which we process personal data, with whom we share it and how it is stored.
ARK Capital is, depending on the processing, a Data Controller or a Data Processor:
Where ARK Capital processes data as a Controller, this means that ARK Capital determines the purposes and means of processing;
Where ARK Capital processes data as a processor, this means that ARK Capital processes data on the instructions of a controller, for example an insurance company.
ARK Capital complies with applicable privacy regulations and is committed to the following principles:
Your Data is used only for explicit, legitimate and specified purposes related to ARK Capital’s various businesses. It is processed in a lawful and fair manner;
Only Data that is useful to us is collected;
You are informed, in a clear and transparent manner, about the purpose of the use of Your Data, the optional or mandatory nature of Your answers in the forms and Your Rights in terms of data protection.
Article 1. Definitions
“Personal data” / “Personal data” / “Data”: any information relating to an identified or identifiable natural person, directly by name or surname, for example, or indirectly by reference to an identifier, such as an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, psychological, economic, cultural or social identity. ”Health data” means personal data relating to the physical or mental health of a natural person, which reveal information about that person’s health status. ”Processing” means any operation or set of operations which may or may not be carried out by automated means and which are applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, limitation, erasure or destruction. ”Data subject” / “You”: an identified or identifiable natural person whose personal data is processed. ”Controller”: the natural or legal person, who alone or jointly with others, determines the purposes and means of the processing. In this case, ARK Capital is the controller. ”Sub-processor”: natural or legal person who processes personal data on behalf of the controller. ”Cookie”: tracers that allow access to information stored in the terminal equipment of a visitor. ”Recipient”: natural or legal person who receives the communication of personal data, whether or not it is a third party. ”Third party”: authorized natural or legal person, public authority, service or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or the processor, are authorized to process personal data. ”Personal data breach” means a breach resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed. ”You” / “Your”: means the individual to whom ARK Capital processes personal data.
Article 2. For which purposes your data are processed
Your Personal Data are used for the following purposes:
The analysis of Your insurance needs;
The analysis, the examination of the risk;
The management of requests from a client or prospect, for example when the request is made via the ARK Capital website;
Analysis of the prospect’s insurability;
The conclusion, management and execution of Your insurance contracts;
The operations necessary for the implementation of guarantees in the event of a claim and in order to manage the claim;
Communicating with You in the context of the management of Your contracts;
To set up a personal space on the ARK Capital website;
The fight against money laundering and against the financing of terrorism,
The fight against insurance fraud;
Analysis, review and management of claims/litigation;
Fulfilling legal, regulatory or administrative obligations.
The realization of satisfaction surveys, in particular to solicit your opinion and in order to improve our services; The elaboration of statistics, in particular commercial or of audience;
To respond to applications;
To build up a CV library.
ARK Capital may process the Data provided in order to make a decision (automated or not) on the basis of your profile, in the context of establishing the risk profile. This study allows for a better assessment of the risk in relation to the contracts that may be offered by ARK Capital. This may lead to a refusal to consider your application, and may therefore have a legal consequence on the offers proposed. If you wish, you can request a review of your situation by a member of the ARK Capital team, express your point of view, and obtain an explanation of the decision made. You may also contest the decision made.
When subscribing to a contract, certain data are mandatory, in particular to allow the contract to be executed. If you do not provide this information, ARK Capital will not be able to execute the contract or respond to your request.
As ARK Capital may act as a subcontractor, it processes the Data in accordance with the data protection policies of the insurance companies, which then have the status of data controller. The processing of the Data therefore varies depending on the insurance company. For the sake of transparency, links to the applicable data protection policies are provided below.
Some Data processed by ARK Capital may qualify as “sensitive data” within the meaning of Article 9 of the GDPR on sensitive data, such as health data.
Article 3. On what legal basis is the data processed? How long are my data kept
When health data are collected and processed, the legal bases are, on the one hand, the one on which the processing is based, and, on the other hand, consent.
For some processing operations, ARK Capital acts as a processor. For example, insurance companies may subcontract certain processing to ARK Capital.
In such cases, your Data is processed in accordance with the Data Protection Policies of those companies.
In some cases, provisions for the protection of your Data are contained in contracts with insurers.
In the interest of transparency, ARK Capital informs you that in the insurance contracts, the insurance companies insert links to their data protection policies:
One Life: https://www.onelife.com/wp-content/uploads/2019/12/Politique-protection-donnees-OneLife-Clients-FR.pdf
SwissLife : https://www.swisslife.fr/Protection-des-donnees
AG2R : https://www.ag2rlamondiale.fr/protection-des-donnees-personnelles
Cardif : https://www.bnpparibascardif.com/en/data-protection-notice
SPVIE : https://www.spvie.com/donnees-personnelles
Article 4. Who are the recipients of your data?
Only those persons who need to know your data in the context of their missions have access to it. These are other companies linked to ARK Capital, which are
7bis, rue Jeanne d’Arc
RCS Rouen 834 041 618
These companies are likely to collect the Data concerned by this Policy.
ARK Capital’s insurance partners and their management delegates who may have the status of data processors depending on the type of processing in question;
ARK Capital’s employees or insurance intermediaries; – insurance intermediaries in partnership with ARK Capital;
administrative and judicial authorities to meet legal and regulatory obligations.
ARK Capital’s subcontractors.
Article 5. Transfer of data outside the European Union
When the processing of Your data involves a transfer outside the European Union, these transfers are made in return for appropriate guarantees in terms of confidentiality and security of the data, in full compliance with the applicable regulations. Transfers outside the European Union are based on standard contractual clauses, in accordance with the model clauses validated by the European Commission.
Article 6. What rights do You have regarding Your Personal Data?
You have the following rights regarding Your Personal Data:
To learn more about Your rights, you can visit the CNIL website (www.cnil.fr/fr/comprendre-vos-droits).
When ARK Capital processes Your Data as a subcontractor (for example of an insurance company), your request to exercise these rights may be transmitted to this company. The above rights are exercised within the legal and regulatory framework and within the limits of our contractual obligations to you or to the insurers we work with.
When requesting the exercise of rights, proof of identity may be requested, in particular to preserve the security of the processing that is the subject of the request. A reply will be sent to you, depending on the complexity of your request, within the time limits prescribed by article 12.3 of the RGPD. For any complaint to the Commission Nationale Informatique et Libertés (CNIL), you can write to the following address CNIL, 3 place de Fontenoy, TSA 80715, 75334 Paris cedex 07.
Article 7. How is your personal data protected?
ARK Capital ensures that the data is treated with complete security and confidentiality, including when certain operations are carried out by subcontractors.
To this end, we put in place appropriate technical and organizational measures to prevent the loss, misuse, alteration and deletion of Your personal data.
These measures are adapted according to the level of sensitivity of the processed data and the level of risk that the processing or its implementation presents.
If a breach of security of Your data occurs, We will inform You within the time limits and according to the methods specified by the legal and regulatory provisions in force.
Article 8. How to exercise my rights?
To exercise Your rights, ARK Capital’s Data Protection Officer (DPO) is available at email@example.com or at ARK Capital’s postal address – 7bis Rue Jeanne d’Arc – 76000 Rouen.
ARK Capital has, in accordance with Article 12 of the GDPR, one month to respond to your request. This period may be extended by two months, taking into account the complexity and number of requests.