Go directly to content

Chapka travel Insurance

We are keen to protect personal data. Our commitment is reflected in the emphasis we place on the trust placed in us by our clients, business partners and all those who share personal data with us.


What is the purpose of this Policy?

This Policy (‘Policy’) contains information on how we collect and process your personal data.

It applies to all the personal data we collect from you and to information about you that is provided to us by a third party.

It contains essential complementary information applicable to all the processing carried out by Chapka Assurances. 

The Policy is not contractually binding and does not impose an obligation on either party beyond those imposed by the legislation governing the protection of personal data and/or the contractual commitments applicable between us. 


Who is the data controller?

Chapka Assurances, a brand of Aon France, whose offices are at 31-35 rue de la Fédération, 75015 Paris, is responsible for the content of this Policy. 

We generally act as data controller in relation to the services we provide to our clients when directly or indirectly collecting and processing clients’ personal data. 

If you have taken out a policy with AXA Assistance:

You may retrieve all informations regarding the insurer's privacy policy by clicking the link below:


When and how do we collect your personal data?

In the context of our business as insurance brokers, we process our clients’ personal data. For example, when you subscribe an insurance policy, submit a claim online, browse our websites, use our tools or apply for a job with us, you will send us information some of which is liable to identify you directly or indirectly. 


What data do we collect?

When you request a quote or subscribe a policy online, we ask you to provide the personal data we require for the transaction. We undertake to protect your personal data and privacy. We use the information you provide to record your requests for a quote and the policies you subscribe. 

The information we request from you varies according to the services we provide. 

However, certain data are required for all the services we provide:


The data you provide to us directly when subscribing a policy with us 

During our various contacts, you may provide us with information about you. Your personal details are collected particularly when you subscribe a policy and so that you can access other offers and services.

These data include the following:


Data we collect during a business relationship 

These data include the following:


Data we collect in connection with the subscription, management and performance of insurance and/or reinsurance policies


Sensitive data – Data minimisation

We only process sensitive data that we strictly require in order to provide our services. Such data primarily include unique identification numbers, medical data and banking data, and are processed in order for us to fulfil our contractual obligations and provide the requested service. Accordingly, we may request your consent to process and share such data. If you provide us with sensitive data concerning other individuals such as relatives, you must inform the relevant individuals and, where necessary, obtain their consent. 


Source of data

We collect data directly from you as well as from the following:


Information we collect via our websites and social media

‘Websites’ means our online policy subscription website and our professional blogs. 

When you purchase one of our services, wish to access content or browse one of our websites, we may collect some or all of the following information:

In certain circumstances, we automatically collect certain types of information when you browse our websites and we exchange e-mails. Automated technologies include the logging of information when users connect to our servers in order to collect IP addresses, cookies and web tags. Additional information on the use of cookies is available on our cookie policy page.


Social media

You can contact us through social media, links on our websites, plug-ins and social media applications.

You may also choose to link your account with us with third-party social media. When you link your account or contact us, you can authorise us to access information from your social media account (your name, e-mail address, photo, title, birthday, posts and ‘likes’). 

If you post information when interacting with us through social media, plug-ins or other applications, depending on your privacy settings, this information could become public.

You can control the information you share on social media using your privacy settings on each social media site. For more information on how to set your privacy settings and how social media sites manage your personal data, please refer to their help guide, privacy policies and conditions of use. 


Mobile phones

If you browse our websites on your mobile phone or other mobile device, we may collect the IP address temporarily assigned to your device by your provider as well as information on your device’s operating system, your internet service provider and your location. 


How do we use your personal data?

Below are details of the various purposes for which we may process your personal data.

Insurance and reinsurance advice and brokerage services:

Managing relations with clients and prospects – Invoicing 

We process the data of some of our clients’ representatives in order to:

Data analysis 

We process our clients’ data on an aggregated basis in order to prepare placement statistics and develop innovative services for our clients. 

We undertake to seek your prior consent to re-use your data for a purpose other than that for which they were collected.

Know-your-client and checks linked to vigilance and anti-corruption.


Legal basis

The legal bases for processing the personal data we collect are as follows:


Do we collect data concerning children?

We do not directly collect personal data from children. 


For how long do we retain your personal data?

The period for which we retain data depends on the purpose for which they were collected. 

The period for which we retain your data will depend primarily on the services purchased by you and the term of our business relationship. 

Owing to our contractual obligations with risk bearers (insurers and reinsurers) as well as the various limitation periods applicable by law, we will retain some of your data after our contractual relationship has ended.

If you do not subscribe a policy, data will be retained for no more than three years from the date they are collected (preparation of a quote, request for information, etc.). 

We have adopted appropriate organisational and security measures to ensure that data are permanently destroyed or archived. 


Will we share your personal data?

The following persons may access your personal data: 

Business partners 

We do not sell, hire or make available to unaffiliated third parties your personal data for marketing purposes. 

We may communicate information concerning you to our partners (insurers, co-brokers, reinsurers, etc.), and certain third parties that provide specialist services (online payment services) may access your personal data. These business partners act as separate or joint data controllers (if management duties are delegated for example) and are responsible for the protection of personal data.

Service providers

We may use the services of selected service providers. 

These third parties are contractually required not to communicate or access personal data transmitted to them in connection with the services provided. 

These service providers are:


Cross-border transfers

As data are processed by some of our insurance partners in order to manage your claims, processing is likely to involve the transfer of personal data to countries that may or may not be members of the European Economic Area or the United Kingdom, whose data protection legislation differs from that in force in the European Union. 

Where data are transferred to these countries, we ensure that adequate legal measures are taken to protect your rights and data in accordance with the requirements imposed by law and our obligations. 

Accordingly, we: 

The personal data transfers that are strictly necessary are carried out under conditions and subject to guarantees that ensure that the data remain confidential and secure. 

Data transferred outside the European Economic Area are transferred primarily to the United Kingdom and Mauritius. 

Additional information on how your data are accessed by recipients outside the EEA can be obtained by contacting us as stated below. 

We can also provide you with details of the security measures we have adopted. 


What security measures are applied to protect your data?

The security of your personal data is crucial for us, and we have adopted state-of-the-art physical, technical and organisational security measures to protect your data against loss, misuse, accidental modification and destruction. We will protect your data from unauthorised access, use and disclosure, using encryption procedures and access restrictions. Your data may only be accessed by individuals who require such access for the purpose of their duties.

Our service providers are contractually required to keep all personal data confidential and must not use any personal data other than as permitted.


What choices do you have regarding your personal data?

When we collect your personal data or data concerning your relatives, we will inform you which data are compulsory or optional and of the consequences that will arise should you fail to reply. 

Our information policies, data forms and questionnaires indicate the fields that must be completed and the reasons why we collect data.

We may suggest products and services to you similar to those for which you contacted us. You may unsubscribe from our communications at any time by clicking on the link in our e-mail or SMS. 



Consumers who do not wish to receive unsolicited calls can sign up free of charge to the telephone preference service referred to in Article L223-1 of the French Consumer Code, either directly on the www.bloctel.gouv.fr website or by sending a letter to: Opposetel, Service Bloctel, 6 Rue Nicolas Siret, 10000 Troyes.

However, if you so wish, we will contact you by telephone if you request a quote or submit a request via our online services.


How can you update your communication preferences?


Even if you agree to receive e-mails from us, you can unsubscribe at any time, by following the instructions included in our e-mails.


Other rights

Right of access

You have the right to access the personal data we hold about you. 

You may also get in touch with your usual contact or request a copy of your personal data stored in our databases in accordance with applicable law. 

In order to do so, you must produce proof of your identity by providing us with a copy of a valid form of ID. We may ask you to cover the cost of any unjustified or repeated request. 

Unless you ask us to use a different way of communication, we will send you the information you request in writing or by e-mail.

You may exercise your right of access by sending an e-mail to cil@chapka.com.

Your request will be processed as quickly as possible and in any case within 30 days. We will inform you if we are unable to reply within this timeframe and will process your request as soon as possible.

If we are unable to respond positively to your request for legal reasons, we will inform you accordingly unless we are prohibited from doing so by virtue of a decision by an administrative or judicial authority or a statutory obligation. 

Right to rectification

You have the right to obtain the rectification of inaccurate or incomplete data by providing us with a supplementary statement. 

Right to be forgotten – Right to erasure

You have the right to obtain the erasure of your personal data for a specific reason. This applies where data are no longer necessary in relation to the purposes for which they were collected, processed or archived, they have been unlawfully processed or they have to be erased for compliance with a legal obligation. 

In certain circumstances, you may also issue instructions concerning the retention, erasure and communication of your personal data after your death. 

Right to data portability

You have the right to portability of the data you have provided to us as well as data resulting from the performance of the policy or policies you subscribed with us and data collected with your consent. This right does not apply to anonymous data, data that have been deduced or derived, or structured data included in our information systems.

This right applies on the condition that it is technically feasible to transmit data in a structured, commonly used format that is readable by the information system of another controller. 

Right to object

You have the right to object to processing of personal data in our legitimate interests, unless the reasons for the processing are greater than the potential threat to the rights and freedoms of the data subject. 

Right to restriction of processing

You can ask us to restrict the processing of your personal data where one of the following applies:


Contact us

Please do not hesitate to contact us at cil@chapka.com for any further information about this Policy.



You have the right to submit a complaint to the Commission Nationale de l’Informatique et des Libertés (CNIL), the regulator that oversees compliance with personal data obligations. 


Commission Nationale Informatique et Libertés

3 Place de Fontenoy

TSA 80715

75334 Paris Cedex 07


Policy updates

We may update this Policy and you are encouraged to consult the Policy at regular intervals for information on how we process data. 

This document was updated on 19 April 2019.