The scope of application
Habit Analytics, Inc., registered as a Delaware C Corp, and its subsidiary Habit Analytics PT, LDA, registered in Portugal, are both hereinafter referred to as “habit”, “Habit”, “Habit Analytics” or “the company”.
Habit cares about data protection in all its activities and is respectful of all the applied laws and regulations in our areas of actuation.
The Policy covers the following operations :
Surfing on Habit’s websites ;
Submitting your data over our website.
The entity responsible for processing the data
As part of your browsing on the Habit’s website, your personal data might be processed by Habit.
For all these processing operations, Habit is the entity that determines the means and purposes, and thus acts as a data controller or data processor within the meaning of the applicable regulations on personal data and in particular EU Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
The purposes of the processing of personal data
Habit collects different types of personal data concerning you for the following purposes
The management of the website:
Follow-up of contact request and complaints ;
Navigation on the website ;
Management of Habit’s selfcare platform;
Data collected by Habit
Habit collects different types of data as part of the navigation on the site:
Browsing and website usage data such as:
Your IP address and other identification data points;
Operating systems and browser type;
Retention of your personal data
Habit retains your personal data only for as long as necessary to fulfil the purpose for which it holds the data in question, in order to provide you information or access to our products and services.
If you are an policy holder, where habit might have mediated the transaction, the following criteria apply:
The data collected on Habit’s platform will be kept until the end of the contractual relationship between you, our distribution partner and our insurance partner. After this period, we will keep the data for an additional period of 5 years due to regulatory and compliance requirements.
The data collected via our selfcare or our API will be kept for the duration of the contractual relationship. After this period, we will keep the data for an additional period of 5 years due to regulatory and compliance requirements.
Habit may retain certain personal data in order to fulfil its legal and/or regulatory obligations and exercise its rights or for statistical or historical purposes. In this case, all measures are put in place to ensure data anonymization (where applicable), security and privacy.
Habit will delete your data, once not needed or it will proceed to an anonymization process.
The personal data security system
Habit undertakes to protect the personal data collected and/or processed against any loss, destruction, alteration, unauthorised access or disclosure. Habit implements technical and organisational measures to preserve the security and confidentiality of your personal data. These measures may include, but are not limited to, practices such as limited access to data by staff of departments authorized to access it because of their functions, contractual guarantees in the event of recourse to an external service provider, privacy impact assessments, regular reviews of our privacy practices and policies and/or physical and/or logical security measures
The recipients of the personal data
Your personal data may be transmitted to the following recipients:
Persons acting within the framework of the usual missions assigned to them such as, and not exhaustively :
- People responsible for the management, monitoring and performance analysis of contracts;
- Management agents, insurance intermediaries, insurance organisations or distribution partners entrusted under a partnership contract with Habit;
- subcontractors or anyone working on behalf of Habit
Persons authorised on behalf of authorized third parties such as, but not limited to :
- The court concerned, arbitrators, mediators;
- The regulatory and supervisory authorities and all authorised public bodies;
- The departments responsible for control, such as statutory auditors and auditors, as well as the departments responsible for internal control.
International data transfers
The data collected from you by Habit may be :
Transferred, accessible and stored in a country outside the European Economic Area (“EEA”);
Communicated to service providers located outside the EEA. In this case, Habit ensures that this transfer is governed by adequate legal guarantees and undertakes to ensure that service providers comply with all necessary security and confidentiality obligations. Standard contractual clauses have been established between Habit and its service provider located outside the EEA.
The exercise of your rights
Concerning the processing of your personal data, you have the following rights which you can exercise by sending a letter to this effect to the following address: firstname.lastname@example.org
Right to information : you have the right to obtain clear, transparent and understandable information about how we use your personal data and your rights ;
Right of access, rectification and deletion : you have the right to ask to Habit:
- Access to the personal data it hols and obtain a copy of it;
- The rectification of any inaccurate data concerning you;
- The deletion of your personal data in certain circumstances.
Right of portability : you have the right to request that your personal data be transmitted to you in a format that allows it to be used in another database.
Right to limit processing : you have the right, under certain conditions, to request that the processing of your personal data be temporarily suspended.
Right of opposition for legitimate interests;
Right to withdraw your consent at any time;
Right to lodge a complaint to the competent authority.