In this Privacy Policy, ACA SEGURS SAU (hereinafter, we or ACASSE) informs you what personal data we collect through the services offered and as shown on this website, how we process them, and what rights you have concerning your personal data and our processes, according to the applicable data protection regulations.
Applicable Regulations
This policy is structured in the following drop-down sections to facilitate access to the points of interest to you. Nevertheless, you are recommended to read all of it.
This Policy applies to visitors to this website (our Website), to users of the services offered by ACASSE for the purposes described in section 4 of this policy (the Services), and to all people whose personal data (for example, their images) may appear on our Website or in the context of the Services.
The sole controller of the use of your personal data as shown in section 4 is the owner of this Website:
We have an external Data Protection Officer - Win2win, SLU, an Andorran company specialising in personal data protection and privacy, which you can approach through the email address dpd@aca.ad.
ACASSE is not responsible for any activities carried on by other websites, even if the latter are accessed through links on our Website. This is why we strongly recommend that you read carefully the information provided by these other controllers before giving them your personal data (especially the privacy and cookie policies of each website you visit), and you should contact this controller if you have any concerns or queries.
In general, it is you that provides us with your personal data, for example, in the forms that exist on this Website. The only exceptions to this rule are the following:
If you represent a supplier of products or services, we collect your contact data and signature to:
Processing associated with purposes a) and b) is legitimised by your employment or service contract with the supplier you represent and our legitimate interest in contacting them. Processing associated with purpose c) is legitimised by being necessary to fulfil the contract or contracts you have signed with us.
We collect your data in verbal or written form either straight from you or from a third party you represent or of which you are the beneficiary, when you take out a contract for a service or product (for example, car insurance) for the purpose of managing the said contract.
You are further informed that, in connection with this contractual relationship, we may give you, verbally or in writing, commercial information related to the products or services for which you have taken out contracts.
Processing of these data is legitimised by being necessary to fulfil the contract for services or products in which you are an interested party, and by our legitimate interest in keeping you informed about the products or services you have acquired.
We capture your image through our video surveillance systems in order to assure the security of people, goods and our own premises.
The legitimate basis for the above-mentioned processing is the public interest in public safety, our legitimate interest in the security of our premises and the legitimate interest of third parties wishing to request access to justice in relation to a crime that might be proven by part of a recording.
We process the data in a CV you voluntarily send us to manage our relations with you concerning your candidature for a place of work at ACASSE, including the process of searching, filtering and storing your CV as a potential candidate, the personnel selection process and the hiring process.
The legitimate basis for the above-mentioned processing is your consent, which you give by sending us your CV, taking pre-contractual steps, and if we do not have a current selection process, or you are not hired and we think you might fit into future selection processes, our legitimate interest in keeping your CV with a view to including it in future processes. You may withdraw your consent or object to our legitimate interest as shown in section 7 of this policy and, if you do so, this will have no effect other than the destruction of your CV (if you withdraw your consent) or the limitation of its storage to the selection process for which you sent us the said CV.
We collect your email address when you join ACASSE, purchase any of our services or subscribe to our commercial communication service (newsletters) to keep informed about events, novelties, news, advice, competitions and games to take maximum advantage of ACASSE products and services.
Moreover, we record your clicks on the contents of these newsletters to profile you for the sole purpose of further personalising the newsletters you receive.
If you give us your name and surnames, either when registering, acquiring or subscribing to newsletters, or through the "update subscription preferences" option to be found at the foot of each newsletter (and which also allows you to delete these optional fields), we will link this profile to your member account in order to advise you better.
If you subscribed through our Website, the legal basis for this processing is fulfilment of the agreement to subscribe to the newsletter, with its terms and conditions, including profiling to personalise its content, and you can undo this at any time by exercising the right described below in this policy, or using the link at the foot of each email. The only consequence of cancelling your subscription is that you will stop receiving the newsletters we were sending you by email, and we will irreversibly anonymise the data that allowed us to personalise them.
If you are receiving the information because you have purchased one or more of our services, the legal basis for this processing is our legitimate interest in keeping you informed about our products and services related to those you have purchased. You may object to this processing at any time, just as in the above case and with the same consequences, by exercising your right as shown below in this policy, or using the link provided for this purpose at the foot of all our emails.
We collect the data you give us through this website or at our offices in order to offer you the service in question.
The legitimate basis for this processing is that it is necessary to fulfil the contract governing the terms and conditions for the use of the service you are asking us for.
We collect the data you give us through the website, in person or by email to help you find insurance and pre-select it on your behalf, handing over your personal data in order to make the contract between you and the insurance company, if the product we present to you is acceptable to you.
To find out more about how your data will be processed by the selected insurance company to which we will give them, we suggest you consult the privacy policy of the company in question, which you will find on its own website.
The legitimate basis for processing your data for this purpose is the consent you explicitly gave when requesting it on the pertinent page of our website, by email or in person. Also, the legitimate basis for giving them to the insurance company of your choice is your consent, as the said data are necessary to make the insurance contract in your name.
We may process the data you give us, for example, when contracting a service, to ask you for your rating of the attention you received.
We may also extract aggregated statistics (i.e. a statistical result that includes no personal information whatever) concerning the interest generated by our marketing campaigns.
The legitimate basis for this processing is our legitimate interest in improving the quality of our services and of the events we organise or promote, as well as our marketing campaigns.
We collect the personal data you give us in your emails, by telephone, in forms of the type "Find out more, we'll contact you" or "You're interested, shall we contact you?", via the contact page or through applications to exercise your rights, to deal with your requests, queries or complaints regarding our services or your rights with regard to your personal data.
The legal basis for this processing is the consent you give when you send us or give us these data, our legal obligation to respond to your rights applications and our legitimate interest in attending to you. Supplying your personal data is therefore voluntary, though if you do not give us them we will be unable to deal with your request, enquiry or claim. You can withdraw your consent whenever you want, though such withdrawal will again make it impossible for us to carry on processing your application, enquiry or claim.
We keep whatever data may be necessary to deal with your - or our - possible claims, on the basis of our legitimate interest in defending ourselves in order to uphold our rights.
We collect the contents of any conversations you voluntarily enter into on the chat (WhatsApp) on our website, including the telephone number from which you contact us, in a system to deal with requests and incidents. The purpose of collecting and subsequently processing these data is to manage your request/enquiry in our system, so that the first expert available can reply, and the other experts who consider your request/enquiry/incident can give more information. We record conversations on our management system for 6 months in case you need to refer to it in future contacts, and to deal with any problems if we see that more than one person sends us an enquiry/request/complaint similar to yours.
We delete conversations from our corporate WhatsApp about a month after they have been resolved, and we have implemented extra security measures over and above those of WhatsApp to ensure that neither this conversation within their app, nor the copy that stays on our system for 6 months, is affected in terms of its confidentiality, integrity and availability.
The legal basis for this processing is our legitimate interest in improving our client care, and you can object to this at any time, though not attending to your request through our management system might mean a small delay in the response from WhatsApp and we cannot relate your conversation with that of other interested parties or reopen a conversation when it is more than a month old.
We use functional cookies to collect, store, consult and process personal information (linked to you by unique identifiers or IP addresses), from the browser on your device, to ensure the proper functioning of our website.
As these cookies are necessary for the proper functioning of the website, their use does not require you to give explicit consent, and the legitimate basis for using them is our legitimate interest in being able to offer you the services on our website.
You can find out more about these cookies in our cookie policy.
We use analytical or statistical cookies to identify which pages are visited more or less, to analyse which content is of the greatest interest to our visitors and to measure the success or our information campaigns, all with the goal of enhancing the services we offer you through the Website. All these purposes give aggregated results, in which it is not possible to identify the interests of any particular person.
As they are analytical cookies, we will not use them until we have your consent, and refusing or withdrawing this will have no effect other than impeding our purpose of improving the website by analysing aggregate statistics about our users' browsing.
You can find out more about these cookies in our cookie policy.
We download our own and third-party advertising cookies. These files help our advertising partners to infer your interests according to the pages you visit, the content you click on and other actions you take online.
As they are non-essential cookies, we will not use them until we have your consent, and refusing or withdrawing this will have no effect other than that your visit to our website cannot be used to make the advertising you receive more interesting to you.
You can find out more about these cookies in our cookie policy.
Additionally, as an obligation imposed by Google LLC, of which Google Ireland Ltd is a subsidiary, on organisations that, like us, use the Google Analytics and Google Ads tools, you are informed that these two services are operated by Google Inc., domiciled at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, and that Google Inc. is the beneficiary of these.
The information generated by the cookies about your use of this website and your preferences in the area of advertising in general are sent to a Google server in the USA and stored there. If you would like to find out more, you can consult the page that describes how Google uses the information from our website and/or the Google privacy policy on the said services.
You are informed that we have activated the IP anonymisation function in the Google service to add additional safeguards to the standard contractual clauses protecting this international transfer of data to the USA. Thus, Google will truncate your IP address before sending it to the USA (process of masking your identity). In exceptional cases only the full IP address is sent to a Google server in the USA and truncated there. Google guarantees that the IP address sent by your browser to Google Analytics will not be processed together with any other data Google possesses.
You can consult the categories of personal data processed by these services at privacy.google.com/businesses/adsservices
At ACASSE we take security measures appropriate to the risk level to protect personal information against loss, misuse and unauthorised access, revelation, alteration and destruction, taking into account the risk involved in processing and the nature of the personal information. Nevertheless, should we find that your data has been misused (even by an employee or ex-employee of ACASSE), exposed to a security breach or illicitly acquired by a third party, exposing you to a high risk, we will inform you of such a security breach, appropriation or improper acquisition immediately, together with what measures we have taken and those we recommend you take so that the breach does not affect you.
The legitimate basis for this processing is the legal obligation stipulated in article 37 of the LQPD, and our legitimate interest in stopping this security breach from harming you.
We may use your personal data for other purposes that are not incompatible with those outlined above (such as archive purposes for public interest reasons, scientific or historical research purposes or statistical purposes), providing this is permitted by current data protection regulations, and of course acting in accordance with such regulations and any others that are applicable.
We do not transfer your personal data to anyone, except if:
No international transfers of personal data are envisaged. Should any such transfer become necessary, we will comply with whatever current regulations may be applicable at any given time.
ACASSE keeps your personal data only for the time the processing that requires them lasts, and then until the expiry of the legal responsibilities applicable to us at any time as a result of the processing in question, including the obligation to be able to prove that we have complied with your request to destroy personal data.
For example, we will keep video surveillance recordings for a maximum of 30 days if they do not contain any incidents and, if on an exceptional basis there has been a security incident or there is evidence that a crime has been committed (robbery, for example), we will extract a copy of the part of the recording that records the incident, and this will be kept until it is handed over to the police or to the interested party who requires it of us to prove their legal case.
We will destroy CVs more than five years old, on the grounds that they are out of date for the purpose for which they existed.
Furthermore, the profiling data we use to personalise the information you receive in our newsletters will be irreversibly anonymised when you cancel your subscription.
When we have no legitimate purpose for which to process any of your personal data, we will erase or anonymise them. If this is not possible (for example, because they exist in backup copies), we will store them securely and block them to isolate them from any subsequent processing until they can be erased.
You are entitled to get confirmation of whether or not we have any of your personal data.
You are reminded that when we share personal data with other data controllers, you will have to exercise your rights directly with these controllers, by following the instructions provided in their privacy policies.
Specifically, with regard to the data our cookies share with Google, you are informed that you can install a plug-in for your browser - Chrome, Internet Explorer, Safari, Firefox and/or Opera - to stop it from sending Google Analytics or Google Ads data to Google Inc. You can find it here.
Below we explain what other rights you have and how to exercise them.
You can ask us to execute the following rights:
You can exercise your rights:
In both cases, if we cannot verify that you are who you say you are, we will ask you to send us proof of your identity to make sure we are only responding to the natural person or their legal representative.
However, especially if you consider that you have not obtained full satisfaction from our attention when you exercise your rights, you are informed that you can lodge a complaint with the national supervisory authority in your country, or approach the Andorran Data Protection Agency (APDA) for this purpose.
To help you exercise your rights, we recommend you use the appropriate application forms from among the following:
We are fully committed to protecting your privacy and your personal data. We have prepared a record of all the personal data processing activities in which we engage, we have analysed the possible risk to you of each of these activities and we have implemented appropriate legal, technical and organisational safeguards to avoid as far as possible any alteration, misuse, loss, unauthorised access or unauthorised processing of your personal data. We keep our policies duly updated to ensure that we provide you with all the information we have concerning the processing of your personal data, and to guarantee that our staff receive pertinent instructions on how to process your personal data. We have signed data protection clauses and data processing clauses with all our service providers, according to the need each of them has to process personal data.
We restrict access to personal data to those employees who really need to know to carry out any of the processing referred to in this policy, and we have trained them and made them aware of the importance of confidentiality, integrity, and availability of information, as well as the disciplinary measures that would result from any infringement in this area.
We will update this policy as necessary to reflect any changes arising in regulations or our processing. If these changes are substantial, we will inform you before they come into effect by sending you a notification or publishing a prominent notice on this website, and you will have the option of exercising your rights as outlined above. In any case, you are recommended to review this privacy policy regularly to see how we protect your personal data.
If you have any questions about this policy, do not hesitate to send them to us by email at dpd@aca.ad
Last update: 13th March 2023