Privacy Policy

Article 1

Data controller

The controller of your personal data is HELLO SAFE, a French simplified joint-stock company (société par actions simplifiée) with a share capital of €1,588.36, registered with the Rennes Trade and Companies Register under number 883 069 593, whose registered office is located at 5 allée de la Grande Treille, 35200 Rennes, France.

For any question about your personal data or to exercise your rights, you can write to us at dpo@hellosafe.com or by post to the registered office, for the attention of the data protection officer.

Article 2

Data we collect

We only collect the data needed for the services you use.

When you request a quote or a personalised comparison: your country of residence, your destination, your travel dates, the number and age of the travellers to insure and the purpose of the trip. No identity data (name, email, phone) is required at this stage: you compare anonymously.

When you take out a policy via the Site: your first and last name, email address, phone number where applicable, date of birth, postal address, your payment details (processed by our secure payment provider, never stored on our servers) and, for certain policies, information about your state of health or your planned activities when the insurer requires it to price the risk.

When you browse the Site: connection and usage data (IP address, browser type, pages viewed, visit duration), collected via cookies and trackers under the conditions described in Article 8.

When you contact us: the content of your exchanges with our teams, by email or via the Site's forms.

Health-related data is sensitive data within the meaning of the GDPR. We only collect it when it is strictly necessary to subscribe to the chosen policy, with your explicit consent, and we pass it on only to the insurer concerned.

Article 3

Why we use your data

Each processing operation relies on a legal basis provided for by the GDPR.

To build your personalised comparison and your quotes: this processing is necessary to carry out the pre-contractual steps you request.

To pass your subscription on to the insurer you have chosen: this processing is necessary for the performance of the contract. Without this data, subscription is impossible.

To comply with our legal obligations as a broker: anti-money laundering and counter-terrorist financing, keeping evidence of our duty to advise, handling complaints. These operations are based on our legal obligations under the French Insurance Code and the French Monetary and Financial Code.

To send you our commercial communications: offers and advice related to travel insurance, if you have given us your email address. This processing is based on your consent if you are not a customer, or on our legitimate interest in offering you similar services if you are. You can unsubscribe at any time via the link in every email.

To measure the Site's audience and improve our services: these operations are based on your consent where they involve non-essential cookies, or on our legitimate interest for strictly anonymised statistics.

We never sell your personal data to third parties.

Article 4

Who receives your data

Your data is accessible only to those who need it to serve you.

Internally: authorised HELLO SAFE teams (customer service, compliance), bound by a confidentiality obligation.

Partner insurers: only when you take out a policy with them. As long as you stay at the comparison stage, no data is passed on to them. From the moment you subscribe, they process your data as separate data controllers, under their own privacy policy.

Our technical processors: Site hosting, email sending, payment provider, audience measurement tools. Each is bound by a contract compliant with Article 28 of the GDPR and may only use your data on our instructions.

The authorities: administrations, courts or supervisory authorities, only where the law requires us to.

If some of our processors are located outside the European Union, transfers are governed by appropriate safeguards: an adequacy decision of the European Commission or standard contractual clauses. You can obtain a copy of these safeguards by writing to dpo@hellosafe.com.

Article 5

How long we keep your data

We keep your data for as long as needed for each purpose, then we delete or anonymise it.

The parameters of a quote request without subscription (destination, dates, traveller profile) are not linked to any identity and are anonymised for statistical purposes. Data linked to a subscribed policy is kept for the whole duration of the contractual relationship, then archived for the applicable legal limitation periods, in principle 5 years after the end of the policy, and up to 10 years for accounting documents. Commercial prospecting data is kept for 3 years after your last contact, and deleted immediately if you unsubscribe. Cookies and trackers have a maximum lifespan of 13 months, and the data they collect is kept for no more than 25 months.

Article 6

Your rights

In accordance with the GDPR and the French Data Protection Act, you have the following rights over your data: the right of access (obtain a copy of the data we hold about you), the right to rectification (correct inaccurate data), the right to erasure (request the deletion of your data, within the limits of our legal retention obligations), the right to restriction of processing, the right to object (in particular to commercial prospecting, at any time and without justification), the right to data portability (receive your data in a structured, machine-readable format) and the right to set instructions on what happens to your data after your death.

To exercise these rights, write to dpo@hellosafe.com stating your request. We may ask you for proof of identity if there is reasonable doubt about the identity of the requester. We respond within one month, extendable by two months for complex requests, in which case we will let you know.

If you believe your rights are not being respected, you can lodge a complaint with the CNIL, the French data protection authority: Commission Nationale de l'Informatique et des Libertés, 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France, or online at www.cnil.fr.

Article 7

How we protect your data

We implement technical and organisational measures suited to the sensitivity of the data processed: encryption of exchanges (HTTPS protocol across the whole Site), secure hosting within the European Union, internal access control following the least-privilege principle, and regular awareness training for our teams.

In the event of a data breach likely to create a high risk for your rights and freedoms, we will inform you under the conditions set out in Article 34 of the GDPR, and we will notify the CNIL within 72 hours.

Article 8

Cookies and trackers

On your first visit, a cookie management module lets you accept, refuse or customise the use of non-essential cookies. Your choice is kept for 6 months and can be changed at any time via the "Manage my cookies" link in the footer.

Cookies strictly necessary for the Site to work (security, session management, remembering your consent choices) are exempt from consent. Audience measurement, personalisation and advertising cookies are only set with your agreement. Details of the cookies used, who sets them and how long they last can be found in our Cookie Policy.

Article 9

Changes to this policy

We may update this policy to adapt it to legal, regulatory or technical developments. The applicable version is the one published on the Site, whose update date appears at the top of the document. In the event of a substantial change affecting your rights, we will inform you by email or by a visible notice on the Site.

Article 10

Contact

For any question about this policy or your personal data: dpo@hellosafe.com. For any other request: hellotravel@hellosafe.com or HELLO SAFE, 5 allée de la Grande Treille, 35200 Rennes, France.