SCOR respects your privacy and undertakes to protect your personal data. SCOR processes your data in a fair and transparent manner.
Who We Are
SCOR SE is a Societas Europaea headquartered in Paris, France. Our headquarters are located at:
5 Avenue Kleber
75795 Paris Cedex 16
Tel: +33 (0)1 58 44 70 00
SCOR engages in business on its own behalf and through a variety of subsidiaries (collectively referred to as “SCOR” or “We” in this Notice unless specifically stated otherwise). Information about the SCOR can be found on SCOR’s website, www.scor.com and SCOR’s subsidiaries that process Personal Data are listed by country in Appendix 1 to this Notice.
What We Do
SCOR is primarily a “Reinsurer”. In most cases, our clients are insurance companies, which are also known as “Insurers”. Insurers provide insurance coverage to individuals, firms and companies, who are often called “Insureds”. SCOR also acts in certain circumstances as an Insurer.
Typically, Insurers and Insureds enter contracts called “Policies”. Insurance Policies can protect the Insured against a wide variety of losses, including loss of life, loss or damage to property, loss associated with health issues or problems and loss arising from third-party liabilities of the Insured.
A Reinsurer provides insurance coverage to Insurers in much the same way that Insurers provide insurance coverage to Insureds. Reinsurers and Insurers enter contracts that are often called Reinsurance Agreements or Treaties. These Reinsurance Agreements or Treaties provide coverage to the Insurers against losses, usually related to one or more underlying Policies between the Insurer and its Insured(s). Reinsurers receive premiums from Insurers and pay claims to them.
Reinsurers such as SCOR may also have their own Reinsurers (usually called Retrocessionaires) who provide insurance coverage to the Reinsurer. In this manner, reinsurance serves to spread the risk of loss across two or more companies, which helps to ensure that funds will be available to pay claims, particularly when a significant loss-making event occurs.
In addition, SCOR carries out an asset management activity through its subsidiary SCOR Investment Partners SE both for the management of its own assets and on behalf of third parties.
SCOR operates around the globe and thus data is accessed and exchanged amongst SCOR subsidiaries (see Appendix 1) and with third parties in the normal course of doing business. The Retrocessionnaires who may receive personal data from SCOR and that are located outside the European Union are located in the countries listed in Appendix 2. SCOR is committed to complying with data protection principles in the processing of Personal Data concerning its clients, underlying insureds, employees, business partners and others and to respect their fundamental rights and privacy in accordance with applicable laws.
SCOR’s Data Protection Officer
SCOR has appointed a Data Protection Officer who is bound by secrecy and confidentiality concerning the performance of his/her duties. SCOR’s Data Protection Officer is:
5 Avenue Kleber
75795 Paris Cedex 16
Questions or inquiries concerning SCOR’s processing of Personal Data should be directed to SCOR’s Data Protection Officer.
Why We Process Personal Data
When an Insurer issues an insurance Policy to an Insured, the Insurer needs to know certain information about the Insured. The Insurer typically collects such information from the Insured during the process of underwriting the Policy. This information is necessary to evaluate the risk presented by the Insured.
When SCOR, as a Reinsurer, enters into a Reinsurance Agreement or Treaty with an Insurer to provide reinsurance coverage, that coverage is usually linked to a Policy, or group of Policies, that the Insurer has written with its own Insured(s). Like an Insurer, the Reinsurer needs to know certain information about the Insured(s). For this reason, the Insurer transmits some data about the underlying Policy(ies) and the associated Insured(s) to the Reinsurer. Some of this data is Personal Data.
In a similar manner, SCOR may also pass some Personal Data on to its own Retrocessionaires.
In connection with the Insurer-Reinsurer relationship or the Reinsurer-Retrocessionaire relationship, SCOR will engage in a variety of exchanges of information including, but not limited to, letters, emails, contractual reporting and other similar activities that necessarily may include Personal Data relating to Insured(s) or business-related Personal Data related to employees of the Insurers, Reinsurers and Retrocessionaires.
In addition, SCOR has employees, contractors, interns and other similar types of workers. In the course of its professional relationship with its workers, SCOR will come into possession of Personal Data concerning those workers. SCOR also receives information from prospective workers such as curriculum vitae (CV), resumes, letters of interest and other similar documentation and therefore SCOR also possesses Personal Data about such prospective workers.
Legal Basis for Processing of Personal Data
As described above, primarily acting as a Reinsurer and secondarily as an Insurer, SCOR processes Personal Data, in furtherance of its legitimate business interests, as a data controller and a party to reinsurance agreements or treaties with Insurers / to insurance policies with Insureds. This interest is the fulfilment of SCOR’s contractual obligations to the Insurer who, in turn, has its own contractual obligations to the Insured (or directly the Insured when SCOR is acting as an Insurer). SCOR’s processing of such Personal Data as a Reinsurer is therefore in the interests of both the Insurer and the underlying Insured.
In addition, SCOR as a reinsurer regulated under French law within the European Union, is required by law to process certain Personal Data for the purpose of establishing reserves and capital requirements, paying claims in a timely manner and otherwise complying with all applicable laws and regulation relating to its business as a reinsurer.
As described above, primarily acting as a Reinsurer , SCOR processes Personal Data, in furtherance of its legitimate business interests, as a data controller and a party to reinsurance agreements or treaties with Insurers. This interest is the fulfilment of SCOR’s contractual obligations to the Insurer who, in turn, has its own contractual obligations to the Insured. SCOR’s processing of such Personal Data is therefore in the interests of both the Insurer and the underlying Insured.
In addition, SCOR as a reinsurer regulated under French law within the European Union, is required by law to process certain Personal Data for the purpose of establishing reserves and capital requirements, paying claims in a timely manner and otherwise complying with all applicable laws and regulations relating to its business as a reinsurer.
The Personal Data We Process
The Personal Data provided by Insurers to SCOR may include:
- identifying information such as name, address, occupation and date of birth;
- information concerning health status and other medical information;
- information concerning the death, injury or loss to a person that may be covered by a Policy;
- information concerning certain personal characteristics or habits such as whether a person smokes cigarettes or engages in hobbies or activities that present special insurance risks such as hang gliding or parachuting;
- other information as may be necessary to evaluate any aspect of premiums, claims or coverages under a Policy.
This data is usually provided to SCOR pursuant to contracts between SCOR and the Insurers. In a similar manner, SCOR may provide the same type of Personal Data to its Retrocessionaires, again pursuant to contractual agreements between them. Where those Retrocessionaires are located outside of the European Union, SCOR has entered into appropriate data transfer agreements. In addition, SCOR also maintains a Data Transfer Agreement covering transfers of Personal Data amongst SCOR subsidiaries. SCOR has adopted technical and organizational measures to provide a satisfactory level of protection of such data transferred outside of the European Union. You may request, through SCOR’s Data Protection Officer, that SCOR inform you as to whether your Personal Data in SCOR’s possession has been sent to one or more of our Retrocessionaires and, if so, the identity(ies) of such Retrocessionare(s). You may also request that SCOR’s Data Protection Officer provide you with a copy of the Data Transfer Agreement(s) applicable to your Personal Data.
Our Processing of Personal Data
SCOR’s processing of Personal Data is for one or more of the following purposes:
- Provision of Reinsurance / Insurance Coverage – SCOR processes Personal Data for the purpose of identifying, evaluating, underwriting, reserving and making claims payments relating to specific underlying Insureds or to Insureds. SCOR does not conduct automated decision-making activities within the European Union. While SCOR does not engage in profiling as part of its business, one might consider underwriting to be a form of profiling. In this regard, underwriting means that SCOR may review Personal Data concerning a person– such as age, height, weight, occupation, gender, medical history, hobbies or recreational activities, personal habits affecting health such as smoking cigarettes – in order to make a determination as to the risk of mortality (risk of dying) or morbidity (risk of sickness or health problems). When SCOR is acting as a Reinsurer, the results of this underwriting may be passed on to the Insurer who in turn may utilize the information in deciding whether to issue life or health insurance and at what price.
- Obtaining Reinsurance Coverage – As described above, SCOR may purchase its own reinsurance coverage from Retrocessionaires. In this regard, SCOR may provide information to its Retrocessionaires that is similar to the information provided to SCOR by Insurers, as described above.
- Financial Calculations – SCOR is required to evaluate its business and to perform a variety of calculations based on such evaluations. These include establishing reserves for the payment of present or future claims and establishing the capital needed to operate SCOR’s business.
- Statistical Analysis and Studies – Both in conjunction with the required financial calculations described above as well as SCOR’s own understanding of its business needs, SCOR may conduct studies of the loss experience of its business in the past. These studies help SCOR make projections into the future.
- Fraud monitoring and prevention – SCOR regularly reviews certain aspects of Personal Data, such as names, dates of birth, addresses and countries of residence to monitor and prevent insurance fraud. This process helps SCOR ensure that it and its clients do not engage in any business transactions, or enable any business transactions, that are part of any fraudulent scheme.
- Communication, Marketing and Training – SCOR may send professional letters, emails or other correspondence and communications, provide trainings to the employees of its business clients, prospective clients, brokers, or other individuals with whom it does business or who may be involved in one or more business transactions with SCOR. Similarly, SCOR may send newsletters, notices and similar information to individuals in the reinsurance and insurance industry.
- Screening and Review – SCOR regularly screens certain aspects of Personal Data, such as names, dates of birth, addresses and countries of residence against lists provided by governments or organizations relating to sanctions, embargoes, money laundering, politically exposed persons and other similar subjects. SCOR may also undertake a review and evaluation of transactions or proposed transactions to determine whether there is or may be money laundering or terrorism activity. This process helps SCOR ensure that it does not engage in any business transactions, or enable any business transactions, with regard to any sanctioned individuals or legal entities.
- Human Resources – SCOR collects and processes Personal Data in order to establish an application for a specific job advertisement or as an unsolicited application, in particular, for the following purposes: checking and assessing suitability for the position to be filled, performance and behavioral evaluations to the extent allowed by applicable law, if necessary for registration and authentication for application via SCOR’s website, if necessary for drawing up any employment contract.
Storage – With the exception of certain Personal Data originating from outside the European Union, SCOR stores all personal data in the European Union.
Retention – SCOR retains Personal Data pursuant to a data storage and retention schedule that is designed to keep Personal Data for so long as SCOR may be required to keep it in order to manage its business and for a reasonable period thereafter. In some instances, SCOR may be required to keep Personal Data for a specified period of time, but in the absence of a specific legal requirement SCOR will keep Personal Data relating to underlying Insureds for a reasonable period beyond the date when SCOR no longer reinsures the risk or is potentially liable to pay claims, whichever is later.
Your Right to Access and Correct Your Personal Data
You have the right to know if SCOR has any of your Personal Data. In the event you wish to see a copy of the Personal Data SCOR has concerning you, please contact SCOR’s Data Protection Officer. SCOR will investigate your request promptly.
If after reviewing your Personal Data in SCOR’s possession, you determine that there is an error(s), you may request the error(s) be corrected. If you make such a request, SCOR will investigate and, if appropriate, correct any errors promptly.
Your Right to Object to Processing of Your Personal Data and/or Restrict Processing
If you desire to object to SCOR’s processing of your Personal Data or if you desire to have SCOR restrict its processing of your personal data, you may lodge an objection and/or request for restriction of processing with SCOR’s Data Protection Officer. If you make such a request, SCOR will investigate and, if appropriate, cease processing of your Personal Data or, if applicable, restrict processing of your Personal Data, promptly. However, under applicable law and SCOR’s contractual obligations, your objection and/or request for restriction does not automatically mean that SCOR is required to stop processing your Personal Data, or that SCOR must delete it or restrict its processing of it.
Your Right to have SCOR Erase Your Personal Data and Withdrawal of Your Consent to Process
If you desire to request that SCOR erase your Personal Data or you wish to withdraw your consent to the processing of your Personal Data, you may make your request to SCOR’s Data Protection Officer. If you make such a request, SCOR will investigate and, if appropriate, erase your Personal Data and/or cease to process your Personal Data promptly. However, under applicable law and SCOR’s contractual obligations your request does not automatically mean that SCOR is required to stop processing your Personal Data, or to delete it.
Your Right to Have SCOR Assist You in Moving Your Personal Data
Although SCOR considers it to be very unlikely given the nature of its business, if you desire to request that SCOR assist you with moving your Personal Data to another Reinsurer or Insurer, you may make your request to SCOR’s Data Protection Officer. If you make such a request, SCOR will investigate and, if appropriate, provide such assistance promptly. However, under applicable law and SCOR’s contractual obligations your request does not automatically mean that SCOR is required to stop processing your Personal Data, or to delete it.
Your Right to Complain
Although SCOR always makes every effort to address concerns of which it is made aware, you have the right to lodge a complaint with a supervisory authority concerning SCOR’s processing of your Personal Data.
Changes to this Privacy Notice
SCOR keeps its privacy notice under regular review. This privacy notice was first published on May 25, 2018 and last updated on January 18, 2023.
Appendix 1 & 2 : SCOR Companies by Location that Process Non-Employee Personal Data and the Mechanism of Protection for Intra-Group Transfers of Personal Data and the List of countries of Retrocessionnaires.