Skip to main content
What can we help you find?
main content, press tab to continue

Privacy Notice - Health & Benefits and Pensions Brokerage

Last Updated: November 2019

DATA PROTECTION NOTICE

This Data Protection Notice describes how Gras Savoye Consulting (Belgium) SA/NV (“Willis Towers Watson,” “we,” “us,” or “our”) collects and processes Personal Data when we provide Health & Benefits and Pension Brokerage transactional and advisory services ("Services") to our clients.

Gras Savoye Consulting is a company of the Willis Towers Watson group. The Willis Towers Watson group operates worldwide through subsidiary and affiliate companies.

In providing the Services, we may be required to process Personal Data of individuals that are employees of our clients or their family members, or that otherwise have an interest under or in relation to any insurance policy or benefits programme which we manage for our clients as part of the Services. This Data Protection Notice applies to any individual whose Personal Data we process in the course of providing the Services (each a "data subject" or "you").

  1. SCOPE OF THIS DATA PROTECTION NOTICE

    2. This Data Protection Notice describes how Willis Towers Watson collects and processes your Personal Data in the course of providing the Services, and it applies to all Personal Data we collect or process about you.

  2. PERSONAL DATA WE COLLECT

    3. Personal Data” is information that identifies you as an individual or relates to an identifiable individual.

    We may collect your Personal Data in the following ways:

    • Our client may provide your Personal Data to us. Our client, your employer, is also a controller in respect of your Personal Data and you may wish to consult with your employer in the first instance if you have any questions about the processing of Personal Data.
    • You may provide your Personal Data directly to us if you are directly our client as an individual or if you are making or are involved in a claim that we are handling for a client.
    • We may collect your Personal Data from public sources.

    The Personal Data we may collect about you may include:

    • name and contact information;
    • demographic information (such as gender, age, date of birth, marital status, nationality, employment details, hobbies, family composition, and dependents);
    • personal identification documentation and related information such as passport numbers and employee identification numbers;
    • financial and payment data such as bank account numbers and transaction information;
    • information related to the provision of the Services, such as policy information, claims information, benefits selections and payment records;
    • information about your property and assets;
    • statements made by or about you;
    • records of communications; and
    • human resources data, such as job title and role; benefits and compensation information; dependent/beneficiary information; educational, academic and professional qualifications information; emergency contact information; and performance management information.

    Depending on the Services we are providing, all or some of the above categories of Personal Data may be provided to, or made available to us, by our clients.

    We may collect publicly available information such as information available on social media platforms, information about your registered property or assets and information about claims and convictions on public record.

  3. LEGAL BASES FOR PROCESSING PERSONAL DATA

    4. We must have a legal basis to process your Personal Data. In most cases the legal basis will be one of the following:

    • for our legitimate interests, for example to provide Services to our clients, to ensure that the Services we provide are appropriate to our clients' requirements, to improve our Services, manage our risks, maintain accurate transaction records, and manage our business in an efficient way; or
    • for the legitimate interests of our clients and other third parties (for example, to investigate and assess claims made against policies held or underwritten by them and to prevent and detect suspicions of fraud); or
    • to comply with our legal obligations such as due diligence and reporting obligations.

  4. HOW WE MAY USE YOUR PERSONAL DATA

    5. We may use your Personal Data:

    • to provide the Services and fulfill our contractual obligations to clients;
    • to conduct data analysis;
    • for fraud monitoring and prevention;
    • to help develop new services and to enhance, improve or modify our Services;
    • to operate and expand our business activities;
    • to carry out background checks and conduct due diligence;
    • to perform administrative activities in connection with our Services;
    • to exercise, defend or protect our legal rights or the rights of our clients or third parties; and
    • to comply with legal and professional obligations and to cooperate with regulatory bodies.

    The way we analyse Personal Data for the purposes of risk assessment, fraud prevention and detection, and to report to our clients as part of the Services may involve profiling, which means that we may process your Personal Data using software that is able to evaluate your personal aspects and predict risks or outcomes.

    We may also aggregate or anonymise information about you. Aggregated or anonymised data is not capable of being used to identify individuals and is not treated as Personal Data under this Data Protection Notice.

  5. DISCLOSURE OF YOUR PERSONAL DATA

    6. We may share your Personal Data with third parties under the following circumstances:

    • to any Willis Towers Watson group company if required for the provision of the service, permitted by law or agreed with the client or individual;
    • to our clients, intermediaries, advisers and business partners (such as insurance companies) for the purposes of fulfilling our contractual obligations to clients, for example to deliver our Services and to arrange insurance products for clients;
    • to the insurance companies in the relevant cases for arranging insurance coverage or checking tariffs and quotes;
    • to service providers such as entities providing customer service, email delivery, auditing and other services;
    • to any court, regulator, law enforcement agency, government body or professional body if we are obliged to do so under applicable law or regulation, which may include applicable laws or regulations outside your country of residence; and
    • to a potential buyer, investor or business partner in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).

    When we share Personal Data with third parties, we take all reasonable steps to ensure that appropriate security measures and confidentiality undertakings are in place to protect the information shared.

  6. SECURITY AND RETENTION

    7. Willis Towers Watson maintains appropriate technical and organizational security measures to protect the security of your Personal Data against loss, misuse, unauthorized access, disclosure or alteration. These measures are aimed at ensuring the ongoing integrity and confidentiality of Personal Data. We evaluate these measures on a regular basis to ensure the security of the processing of your Personal Data.

    We will retain your Personal Data for as long as is necessary for the provision of Services to our clients. When we no longer need your Personal Data in connection with the Services, we will then retain your Personal Data for a period of time that reasonably allows us to:

    • Maintain business records for analysis and/or audit purposes;
    • Comply with record retention requirements under applicable law or regulation;
    • Comply with any legal or other regulatory obligations;
    • Defend or bring any existing or potential legal claims; and
    • Deal with any complaints regarding our activities.

    We will delete your Personal Data when it is no longer required for these purposes. If there is any Personal Data that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the Personal Data.

  7. CROSS-BORDER TRANSFER

    8. To the extent that it is legally permitted, your Personal Data may be transferred to, stored, and processed in a country that is not regarded as ensuring an adequate level of protection for Personal Data under European Union law, namely to the USA, UK or shared service centers in The Philippines or India.

    When we transfer such Personal Data outside the European Economic Area, we put in place appropriate safeguards via contractual clauses including EU Standard Contractual Clauses (SCC) from the EU Commission in accordance with applicable legal requirements to ensure that your data is adequately protected. For more information on the appropriate safeguards in place, please contact us at the details provided under the ‘Contact & Comments’ section below.

  8. CHOICES AND ACCESS

    9. Willis Towers Watson and our client (your employer) are each an independent data controller responsible for the Personal Data respectively collected and processed.

    If you would like to review, correct, update, suppress, object to, or restrict the processing of your Personal Data or request a copy of Personal Data about you, you may contact us by sending us an email at dataaccessrequest@willistowerswatson.com or sending your request by postal mail to the address provided in the “Contact & Comments” section below.

    In your request, please make clear what Personal Data you would like to have changed, whether you would like to have your Personal Data removed from our database or otherwise let us know what limitations you would like to put on our use of your Personal Data. For your protection, we may only implement requests with respect to the Personal Data associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request.

    We are committed to working with you to obtain a fair resolution of any complaint or concern about your Personal Data. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the Data Protection Authority, the Belgian data protection regulator. For further information on your rights and how to complain please see https://www.autoriteprotectiondonnees.be/introduire-une-requete-une-plainte (in French) and https://www.gegevensbeschermingsautoriteit.be/verzoek-klacht-indienen (in Dutch).

  9. CHANGES TO OUR DATA PROTECTION NOTICE

    10. You may request a copy of this Data Protection Notice from us using the contact details set out below.

    We may modify or update this Data Protection Notice from time to time by notifying or providing a revised version to our clients. Where changes to this Data Protection Notice will have a fundamental impact on the nature of the processing or otherwise have a substantial impact on you, we will ask that our clients give you sufficient advance notice of these changes so that you have the opportunity to exercise your rights (e.g. to object to the processing).

  10. CONTACT & COMMENTS

    11. The controller of your Personal Data is Gras Savoye Consulting (Belgium) SA/NV, with registered office at Quai des Vennes 18-20, 4020 Liège, Belgium and registered at FSMA under number 0453.774.413. If you have any questions or comments regarding this Data Protection Notice, please contact our Global Privacy Office, at Quai des Vennes 18-20, 4020 Liège, Belgium or by email at the following email address: DPO@willistowerswatson.com.

Contact us