Confidentiality Policy

Confidentiality Policy

When you:

  • access and use the website and/or the Lovys mobile application (the “Lovys Platform“); and
  • consult the information available concerning the insurance products offered on the Lovys Platform, request a free quote with a view to possibly subscribing to an insurance contract, subscribe to one of our products and/or services and manage your insurance contracts or service online (the “Services“), 

you provide us with certain data and information, including data that identifies you or makes you identifiable (e.g., name, email, copy of ID), which constitutes the “Personal Data“.

Lovys is committed to enabling you to use the Lovys Platform and the Services in confidence and to protecting your Personal Data.

This Policy on Confidentiality and Protection of Personal Data (the “GDPR Policy“) informs you about how we collect and process your Personal Data, and about our commitments and your rights in this regard.

The Lovys GDPR Policy in force is the one accessible on the Lovys Platform on the date when you connect to the Lovys Platform. It may be modified at any time by Lovys, in particular for the purpose of updating, or on the basis of changes in the regulations in force. 


What does it mean for Lovys to be the Data Controller for your Personal Data?

Lovys, a simplified joint stock company with a share capital of 2,036.79 euros registered with the Registry of Trade and Companies of Bobigny, under the number 832028021 and with its registered office located at 12 rue Anselme, 93400 Saint-Ouen-sur-Seine (France) (“Lovys“), is the “Data Controller” for the Personal Data collected and processed on the Lovys Platform and in connection with the provision of the Services. In the sense of the GDPR, Lovys in fact determines the purposes and means of the processing of your Personal Data carried out in this context.

In this respect, Lovys undertakes to ensure the protection, security and confidentiality of the Personal Data processed, in accordance with the Law No. 78-17 of 6 January 1978 known as the French Data Protection Act, as amended, and the General Data Protection Regulation No. 2016/679 of 27 April 2016 (“GDPR“) and the opinions and deliberations of the competent supervisory authorities.

What Personal Data can be collected on the Lovys Platform? 

When using the Lovys Platform, the Personal Data that Lovys collects and processes may include: 

  • data relating to your identity, your family and professional situation and your economic and property situation; 

data relating to your banking information;

data relating to the management of your insurance contract(s) with Lovys;

  • data required to enable Lovys to comply with its regulatory obligations, including the fight against insurance fraud, money laundering and financing of terrorism; and
  • your communication preferences and your login data for connection to the Lovys Platform (see our [Cookie Policy]).

Why is Personal Data collected on the Lovys Platform? For what duration?

Lovys only collects your Personal Data for specific, explicit and legitimate purposes.

Lovys undertakes to ensure that your Personal Data collected in this context is only processed for the purposes described below and limited to those strictly necessary and relevant to these purposes. 

Each processing of Personal Data by Lovys is based on one of the legal bases provided for by the GDPR and described below.  

In addition, Personal Data is kept only for the time necessary to achieve the purposes for which they are collected; a longer retention period is possible when it results from a legal or regulatory obligation to which Lovys is subject.

In order to guarantee you complete transparency regarding the purposes of the processing and the retention periods applied at Lovys, you will find below an explanatory table: 

Processing purpose  Legal bases for the processing  Retention period 
Management and performance of the insurance contract(s) subscribed, including issuing contractual documents, managing claims and guarantees The processing is necessary for the performance of the insurance contract(s) subscribed (Article 6.1(b) of the GDPR).  The entire duration of the contract(s) and an additional 24 months from the end of the contractual relationship.
Management of information requests sent by e-mail or via our online chat tool The processing is necessary for the legitimate interest of Lovys, which is to respond to requests for information about its Services (Article 6.1(f) of the GDPR). 36 months from your last contact. 
Combating insurance fraud, money laundering and the financing of terrorism, The processing is carried out in the legitimate interest of Lovys (Article 6.1(f) of the GDPR) and to meet its legal or regulatory obligations (Article 6.1(c) of the GDPR).  Combating insurance fraud: when an insurance fraud alert is raised, the Personal Data are kept for no more than 5 years from the closure of the fraud case if the alert has been qualified as “relevant”; it is deleted without delay when the alert is qualified as “irrelevant”. 

Combating money laundering and the financing of terrorism: the Personal Data processed are kept for the duration of the contract(s) plus 5 years following the end of the contractual relationship.

Communication and customer loyalty operations or improvement of the quality of service (e.g., offers of products and services and/or those of our partners in the insurance field, satisfaction surveys, polls, loyalty programmes, etc.) The processing may be necessary for the legitimate interest of Lovys, which is to offer its customers new Services related, complementary or similar to those already provided (Article 6.1(f) of the GDPR).

In some cases, processing is based on the consent of the data subject (Article 6.1(a) of the GDPR).

The Personal Data relating to a non-customer prospect is kept for a period of 36 months after the date it is collected by Lovys or after the last contact from the prospect. 

Personal Data relating to a customer is kept for the duration of the contract(s) plus an additional 24 months after the end of the contractual relationship.

Recruitment The processing is based on the consent of the person submitting the application (Article 6.1(a) of the GDPR); the processing may also be necessary for the performance of pre-contractual measures (Article 6.1(b) of the GDPR) and/or carried out in the legitimate interest of Lovys (Article 6.1(f) of the GDPR) which is to contact the applicants For successful applicants: The Personal Data is kept for the duration of the recruitment process and may be used for personnel management purposes. 

For unsuccessful applicants: The Personal Data is kept for the duration of the recruitment process.

With the applicant’s consent, the Personal Data may be retained for a further 24 months.

Are your Personal Data shared with third parties?  

In connection with the use of the Lovys Platform, Lovys undertakes to limit access to your Personal Data to only those persons who need to use them, namely: 

  • The collaborators of Lovys;
  • The insurance partners of Lovys;
  • The co-distributors of Lovys; and
  • The subcontractors and data processors of Lovys (including partners involved in the management of claims).

Lovys never discloses Personal Data to third parties, unless: (1) disclosure is necessary for the performance of your insurance contract(s) with Lovys; (2) an administrative or judicial authority requests disclosure from Lovys; (3) disclosure is necessary to comply with contractual, legal and/or regulatory obligations; (4) you request or authorize disclosure. 


Are your Personal Data transferred outside the European Economic Area?  

When Lovys transfers your Personal Data outside of the European Union, Lovys undertakes to take all the necessary guarantees to protect your Personal Data and to ensure that it is processed in accordance with the GDPR. 


How are your Personal Data protected? 

Lovys requires its employees, partners, co-distributors and subcontractors or data processors (including partners involved in the management of claims) to be fully compliant with the GDPR. This implies, in particular, written contractual guarantees regarding the security and confidentiality of the processing carried out, including in order to prevent Personal Data from being destroyed, distorted, damaged or communicated to third parties without authorization. 

Lovys undertakes to comply with and to ensure compliance by the third parties described in the paragraph “Are your Personal Data shared with third parties?” with the following obligations: 

  • not to make any copy of the Personal Data entrusted to them, with the exception of those strictly necessary for the performance of the Services offered on the Lovys Platform and the performance of the contract(s) subscribed; 
  • not to use the Personal Data processed for purposes other than those set out or agreed with you in this GDPR Policy; 
  • not to disclose Personal Data to persons not entitled to have access to it, whether private or public, natural persons or legal entities, unless required by law or regulations; 
  • to implement the necessary measures to avoid any misuse or fraudulent use of the computer files; 
  • to implement the necessary measures to ensure the secure storage of the Personal Data processed throughout the duration of the contractual relationship; 
  • to pass on to any subcontractors or data processors all the obligations incumbent on it under the GDPR. 


In addition, in order to limit the risk of your data being pirated, Lovys helps you manage your password. In this context, we have established a password policy with the following principles: 

  • to create your password, Lovys asks you for your email address in order to validate the creation of your account;  
  • the password you choose must be at least 8 characters long; 

To maintain the security of your Lovys account, we recommend that you change your password at least once a year. 

In the event of suspected misuse or unauthorised use of your password, we suggest that you reset your password and notify Lovys without delay by email, chat or telephone.   


What are your rights under the GDPR? 

In accordance with the regulations in force, you have rights over your Personal Data, and in particular:  

  • a right to information: you will be provided with clear information on the use of your Personal Data and on how to exercise your rights;  
  • a right of access: you can request access to your Personal Data and ask for it to be transmitted; 
  • a right of rectification and deletion: you may request the rectification, updating or deletion of all or part of your Personal Data; and 
  • a right to object: you may object to the processing of your Personal Data, subject to Lovys’ legal or contractual obligation to carry out such processing in order to provide you with its Services and/or to fulfil its legal and contractual obligations. 

To exercise your rights, or to find out more about this subject, you can contact our Data Protection Officer:  

  • by post: Lovys – Data Protection Officer (DPO), 12, rue Anselme, 93400 Saint-Ouen-sur-Seine 
  • by e-mail: 


Your request will be processed within a maximum of 1 month, renewable for the same period if necessary. Lovys reserves the right to ask you for a copy of a proof of identity in order to verify your personal interest in exercising your rights, unless your identity is sufficiently established; this copy will be kept only for this purpose and for the duration of processing your request. 

If you consider that Lovys does not respect its obligations in terms of Personal Data Protection or does not respond to your requests in a satisfactory manner, you may refer the matter to the French National Data Protection Agency (the Commission Nationale de l’Informatique et des Libertés (CNIL)) via its website ( or by post: CNIL, Service des Plaintes, 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07.