The GDPR is a major new EU regulatory and political milestone. It has been brought into being after more than three years of political negotiation, achieving a shared, unified vision of data confidentiality for European citizens, which represents a vital step towards the single digital market.
The GDPR is important legislation, which AXA is adopting in full.
The aim of the GDPR is to protect the rights of citizens regarding the way in which their personal data are processed by businesses operating within the EU, as well as by businesses outside the EU which process the personal data of European citizens.
It introduces a set of “digital rights” for EU citizens (explicit consent, access to data, deletion, portability, etc.) and a set of obligations for businesses (such as protection by design and by default, data breach notifications, etc.).
The GDPR is more than a set of technical standards, as it incorporates many ethical and moral concepts relating to privacy as a “human right”, and emphasises values such as “fairness” and “transparency”.
By virtue of this regulation, AXA Luxembourg is responsible for implementing appropriate measures, such as:
The GDPR allows anyone whose personal data may be processed to obtain all information on the processing their data will undergo.
a. Right of Access
Every data subject has the right to access their data held by AXA Luxembourg. Before granting access, the data controller will always verify the identity of the person making the access request regardless of who this is.
The data controller will make the required data available within one month from receipt of the request.
The right of access is theoretically exercised free of charge for the data subject unless it involves an excessive expense for the Companies, in which case payment may be requested.
b. Right to withdraw consent
All data subjects have the opportunity to withdraw their consent at any time. The withdrawal of consent does not compromise the lawfulness of the processing for which it was originally given.
c. Right to erasure / correction
Anyone whose personal data has been collected for processing is entitled to have incomplete data completed or inaccurate data changed as quickly as possible.
Data subjects also have the option of requesting that the data controller delete their data, as soon as possible, when:
d. Right to oppose or restrict processing
All data subjects may request that the processing of their data be restricted where:
e. Right to data portability
Data subjects have the right to receive personal data concerning them from AXA Luxembourg in a structured, commonly used and machine-readable format, and may send this data to another data controller without being hindered by the data controller to whom the personal data was disclosed.
AXA Luxembourg reserves the right, in the event of a manifestly unfounded or excessive request (repeated request, etc.), to refuse to respond to the request. In case of refusal, AXA Luxembourg undertakes to indicate the reasons for the refusal and the possibilities for appeal to a higher authority.
In order to allow us to process your request as soon as possible, please provide the following information:
- Your client number
- Your last name
- Your first name
- Your email address
- Your telephone number
- The purpose of your request
- A description of your request