Privacy Policy

A privacy policy is often a big, intimidating block of text that is supposed to reassure you but you don't read.

We have written ours to be as clear and accessible as possible, so that you understand exactly how your personal data is used by Alan.

Enjoy your reading.

 Table of contents

 Why a privacy policy?

In the course of its activity as a health insurer and as a health management services provider, Alan is required to process sensitive personal data. We attach the utmost importance to the security and confidentiality of the data of Alan's services’ users, whether on the alan.com website or on the mobile application made available to them.

The purpose of this privacy policy is to help you understand how we treat the personal data you provide us with, in accordance with the GDPR and with the "insurance compliance package" (awaiting publication of the new repository by the CNIL).

This privacy policy may be updated regularly, to enrich it, according to Alan's needs, circumstances or if required by law. We therefore invite you to check for updates on a regular basis, although we will always notify you of any significant changes affecting the way your data is processed.

Version dated December 30, 2022

 Key principles

Above all, we have set ourselves two key principles which are also included in our contracts:

  • Alan will never sell the data collected about its members in connection with the services offered. We make our living by building and managing insurance products and services around health, not by reselling our users' data. Users remain in control of their data.

  • As a health insurer, Alan will never use health data to apply differentiated rates based on a member's situation or history. We strongly believe in the strength of solidarity and risk sharing between insured members.

Furthermore, in accordance with the regulations and particularly the GDPR, we undertake to collect and process only the data that is strictly necessary for their purpose. Similarly, we undertake to ensure that the data collected is kept in a form that allows your identification for a period that does not exceed the time required for the purposes for which the data is collected and processed.

 Who is responsible for collecting your personal data ?

Alan is a health insurer and does not mainly act as a data processor for our clients but as a data controller in the sense of article 4 of the GDPR on all operations relating to its insurance and health services described in this policy :

  • Alan determines the means and purposes of data processing necessary for the implementation of the complementary health protection of employees. In practice, only employees' professional email addresses are transmitted by the company to Alan. Other information is directly communicated by the employee or his beneficiary;

  • The operations carried out on the data by Alan are necessary for its own activity as a health insurer and not for that of the companies that choose Alan as insurer for their employees. The criteria mentioned in the data processor’s guide issued in September 2017 by the CNIL exclude Alan's qualification as a subcontractor. If your insurance contract is with a third party insurer who gives you access to Alan's applications, Alan may also act as a management agent.

  • In this case, the insurance operations carried out on the data by Alan are carried out on behalf of and for the account of the insurer, which retains a right of supervision, Alan acting as a management service provider and subcontractor. The data processed is the same as described in this policy.

  • Alan still manages access to the application and non-insurance services under its own responsibility.

 I have a question or request or I want to exercise my rights

If you have any questions regarding security and personal data, or to exercise your rights of access, correction, deletion, withdrawal of consent, limitation of processing, opposition to processing or portability, you may contact us and our Data Protection Officer (DPO) at [email protected]. Alan will ensure that you receive a response promptly.

For any complaint concerning your personal data, you can either contact our DPO or contact the Data Protection Authority.

 Personal data

Management of company contracts

Administrators

When registering for a company contract, we collect the following personal data for each administrator:

  • Name and surname

  • Professional email address

  • Messages to our customer service department

On what legal basis?
  • Pre-contractual measures and performance of the insurance contract

What do you do with it?

This data is used for the electronic signature of the contract, any communication with the company's representatives, and for access to the account used to manage the contract. In the case of delegated contracts, this data is also received from the contract insurer.

How long do you keep this data?
  • 5 years after the end of the contract for health insurance contracts

  • 10 years after the end of the contract for prévoyance contracts

  • 2 years after the last connection if the contract has not been signed

How can I consult or modify this data?

From the Alan dashboard.

Can I ask to have my data deleted?

Only if the contract has not been signed. Otherwise we are required to keep the data.

Employees

The company contract administrators are led to send us data concerning their employees, including those who have left the company for less than a year ( as part of the portability of health insurance rights):

  • Name, surname and social security number

  • Employees' professional email address

  • Personal e-mail address of former employees

  • Dates of arrival and departure from the company

  • Reason for leaving if applicable (for maintaining or not maintaining rights)

This is a legal obligation of the employer from which employees cannot escape, even when they do not wish to benefit from health coverage (exemption mechanism).

On what legal basis?

Alan processes this data on the basis of pre-contractual measures and the execution of the insurance contract between Alan and its members.

What do you do with it?

This data is used in order to invite (by email) employees to register on alan.com or on our mobile application and choose to be insured or exempted.

How long do you keep this data?
  • 5 years after the end of the contract for health insurance contracts

  • 10 years after the end of the contract for prévoyance contracts

  • 2 years after the last connection if the contract has not been signed

How can I consult or modify this data?

Contract administrators can do this directly from their Alan dashboard. In some cases, an intervention of our customer service is necessary (for example for certain retroactive modifications).

Can I ask to have my data deleted?

No, Alan has to keep it for 5 years after the end of the cover.

Management of individual contracts

When registering for an individual contract, we collect the following personal data for the signatory:

  • Name, surname and social security number

  • Email address

  • Bank details

  • Messages to our customer service department

On what legal basis?

Pre-contractual measures and execution of the contract binding them to Alan, as well as, in the absence of a signature, Alan's legitimate interest in following his prospects.

What do you do with it?

This data is used for the electronic signature of the contract, any communication with the contract holder, and for access to the account allowing to manage the contract. The list of individual members is also shared with the subscribing association to which the individual members automatically adhere by virtue of their contract.

How long do you keep this data?
  • 5 years after the end of the contract for health insurance contracts

  • 10 years after the end of the contract for prévoyance contracts

  • 2 years after the last connection if the contract has not been signed

How can I consult or modify this data?

From the Alan Dashboard.

Can I ask to have my data deleted?

Only if the contract has not been signed. Otherwise we are obliged to keep the data.

Health insurance and prévoyance

Personal data is transmitted to us directly by or on behalf of the insured members with their explicit consent (e.g. to automate the retrieval of receipts from a third party site), in particular :

  • Name and surname

  • Personal email address

  • Social security number

  • Carte vitale certificate

  • Postal address

  • Name, surname and social security number of the spouse and/or children where applicable

  • Bank details (for payments and reimbursements)

  • Documents required for reimbursement of care acts

  • Messages to our customer service department

  • Professional situation, Pôle Emploi certificate and last pay slip if applicable

  • Beneficiary clause

  • Proof of exemption where applicable

Certain data are transmitted to us directly by the Social Security and its partners within the framework of télétransmission, in particular :

  • Date of care acts

  • Data required for reimbursement (date of care acts, code acte, amount paid, droits ouverts, etc.)

On what legal basis?

This data is required for the execution of the contract concluded with Alan (or with your insurer that delegates your contract to Alan), either by your employer or by you as an insured member. They are therefore not subject to prior consent.

In addition, we use it for some of the secondary purposes listed below on the basis of our legitimate interest in managing our insurance activities.

What do you do with it?

We use this data mainly to process requests for reimbursement of expenses according to the guarantees of the contract (health and/or prévoyance) which covers the insured members and any declared beneficiaries. In particular, this involves receiving and processing the health documents and information provided to justify the care received, determine coverage, generate payments and manage the recovery of undue payments.

They are also used for :

  • the execution of legal, regulatory and administrative provisions

  • the prevention of fraud, in particular the analysis and detection of anomalous acts or the management of alerts and procedures following a case of fraud

  • management of complaints and disputes

  • the prevention of money laundering and the financing of terrorism

  • the drawing of statistics and actuarial studies, the development and management of insurance products

  • management of financial aspects, performance and risk

  • management of Alan's websites and applications (including bug and error management) customer relationship management and service improvement

  • user research and surveys

How long do you keep this data?
  • 5 years after the end of the contract for health insurance contracts

  • 10 years after the end of the contract for prévoyance contracts

Can I ask to have my data deleted?

No, because we are obliged to keep this data. However, you have the possibility to ask us not to use them for purposes based on our legitimate interest, by sending an email to [email protected].

Beneficiary data

I have been added as a beneficiary

When the possibility is offered to him/her and an insured member declares a beneficiary (spouse or child) to his/her contract, he/she vouches that the beneficiary agrees to become a party to its insurance contract (or gives consent as a parent of a minor). Alan treats the personal data of the beneficiaries in the same way as those of any other user insured member in this capacity.

Account sharing

Our insured members and their beneficiaries share a single Alan account. Both the insured members and the beneficiaries (if they are of legal age and choose to access Alan's online insurance or management services themselves) will be able to view all account information related to the insurance services, without separation. Information about health services (such as private chat as part of Alan Clinic) is not shared.

To speak to a doctor by video

In the scope of a consultation made by an insured member with a doctor by video, on top of your personal data that we process in relation to your contract, we collect the following data:

  • National registry number, national ID number

  • Date and duration of the consultation

  • Whether a prescription was issued (but not its content)

On what legal basis?

On the basis of the contract between us and the insured (you ask us to provide a service, which we pay for), and your consent as well as on the basis of our legitimate interest in measuring the use of this service

What do you do with it?

This data is used to enable the doctor securely identify you prior to the video consultation so that they can start a therapeutic relationship to access and update your medical file or contact your doctor if relevant. They are also used to to enable the processing of reimbursements related to the consultation made with a doctor by video, as well as to improve the service.

How long do you keep this data?

Your conversations in a therapeutic relationship are retained for 72 hours following their production. Identification data obtained via Itsme is kept for one week. Your personal data can be retained by the health professional as long as their professional liability continues.

Can I ask to have my data deleted?

Absolutely, on the part based on legitimate interest. You just have to send a request to [email protected].

To speak to the Alan health team by private message within the Alan Clinic

When you exchange messages with Alan health team members for a question relating to your health (excluding video consultation), we use the following data:

  • first name, surname, date of birth, and gender (that we deduce from your insurance profile);

  • messages and attachments exchanged with the health team member.

Health team members will not have your full name or access to your history as an insured member without your consent.

On what legal basis?

Your consent is collected before the access to the service from the Alan mobile app.

What do you do with it?
  • Secure message exchange between you and the health team members

  • Access to archived messages

Alan respects medical secrecy: apart from consultation by Alan health team members (who may be health professionals and Alan's employees, in accordance with the recommendations of the French Medical Council and other applicable codes of ethics), the content of the exchanges cannot be consulted or used by Alan. On the health team members's side, access is via a dedicated access, separate from the usual access of Alan's employees to our tools. This enables us to guarantee medical secrecy when applicable and that Alan will never re-use this information, in particular for its health insurance services.

How long do you keep this data?

During the duration of the limitation period for medical responsibility of health professionals.

Can I ask to have my data deleted?

You can request the erasure of messages from your interface, simply send a request to [email protected]. This will erase the messages for your messaging space. However, we will keep a secure archive of them on our side, in accordance with the recommendations of the French Medical Council (Conseil de l'Ordre des Médecins).

Your health reminders

Alan allows you to benefit from preventive reminders concerning your health (such as an annual reminder to make a dental appointment). When you consent, Alan uses information about your health care to issue its prevention recommendations.

On what legal basis?

Alan provides you with prevention recommendations only upon your explicit consent. To withdraw it, simply go to your application or request it at [email protected].

For your personalised health and well-being plan

Alan allows you to evaluate your health and well-being with a survey composed by our team of health professionals. Based on your answers, we compose a health and wellbeing score, provide you with customised advice, and put you in contact with the most relevant health professionals to accompany you.

On what legal basis?

Alan provides you with a personalised health and wellbeing plan only upon your explicit consent. To withdraw it, request it at [email protected].

What do you do with it?

This data is used to provide a personalized experience for each user by calculating a wellness score, displaying personalized messages and proposing a contact with a health professional whose specialty depends on the result of the survey.

How long do you keep this data?

As long as the service is useful to our members or until they withdraw their consent. We update them regularly.

Can I ask to have my data deleted?

Yes, you just have to send a request to [email protected]

Finding a health professional

Alan processes the data of health professionals to provide its members with the ability to find a doctor's contact details, estimate their health expenses and the reimbursement to which they will be entitled, and book an appointment. Alan also allows its members to build up an address book of their doctors to make it easier to find them.

On what legal basis? Alan processes doctors' contact data on the basis of its legitimate interests in facilitating access to the health care system and predictability of its members' expenses.

What do you do with it?

The identification and contact data, the rates charged per act, and the level of conventionnement of health professionals are obtained from the health directory provided by Ameli.fr. Contact details and online appointment booking are enriched directly through a classic search engine (Bing).

How long do you keep this data?

As long as the service is useful to our members. We update them regularly.

Can I ask to have my data deleted?

Yes, health professionals can request this at [email protected].

Measuring our members’ satisfaction

Because it is important for us to build a tailored service for our members, we measure their satisfaction over time through a rating system that our members can choose to enter in the application. This is the "Net Promoter Score" or "NPS".

On what legal basis?

It is in Alan's legitimate interest to improve its services based on member satisfaction.

What do you do with it?

We use the NPS to monitor our performance with our members, through the Metabase tool. In concrete terms, this allows us to identify factors of dissatisfaction that may allow us to improve our services or, conversely, things that need to be reinforced because they are highly appreciated.

How long do you keep this data?

We keep them for the time needed to carry out analyses and measure their evolution over several development cycles. We then anonymise or delete them.

Can I ask to have my data deleted?

Yes, simply send a request to [email protected].

Audience measurement (analytics) and technical data

Certain data is collected automatically when you visit alan.com (including other websites published by Alan such as blog.alan.com and map.alan.com) and when you use our mobile app. The data collected includes :

  • IP address and service provider;

  • user ID;

  • information about your equipment, for example: type of internet connection, type of device used, browser used and version, etc;

  • time stamp information and length of visit;

  • pages visited;

  • clicks and other interactions on individual pages;

  • possible errors (on the browser, the mobile application or our servers).

On what legal basis?

Where applicable, the collection is subject to the explicit consent of the user (cookie banner). This consent is valid for 13 months from the date of registration. Otherwise, it is in our legitimate interest to analyse the use of our site in order to improve it.

What do you do with it?

This data is used for the following purposes:

  • to comply with legal, regulatory and administrative provisions (connection logs, etc.);

  • customer knowledge and customer relationship management;

  • operations relating to canvassing and the compilation of commercial statistics;

  • identification of customers or prospects to improve service by offering products or services to reduce the number of claims, or to offer a complementary contract or a service;

  • analysing the use made of the product and improving the product;

  • management of people's opinions on products, services or content.

How long do you keep this data?
  • 2 years

  • 3 years for data relating to prospects

Can I ask to have my data deleted?

Absolutely (with the exception of data collected in the framework of a legal obligation), simply make a request to [email protected].

To purchase glasses on the Alan app

Alan offers a service which allow you to easily order glasses. Alan processes the following data:

  • Last name, first name, address, phone number, email, date of birth, gender

  • Social security number

  • Vision correction data (correction, prescribing doctor, date of prescription) as well as the prescription itself

On what legal basis?

We only collect your vision correction data with your consent. Then, the data is processed to enable you to obtain the contractual service you have requested, and in accordance with our legal obligations as an insurer in this respect. In addition, we use it for some of the secondary purposes listed in this policy, based on our legitimate interest in running our insurance business.

What do you do with it?

This data is used for :

  • preparing the order: this allows us to prepare glasses in accordance with the information on your prescription document;

  • shipping: this allows us to deliver your glasses to your home and allows you to track the package

  • insurance: this allows us to pay the treatment directly to the optician

How long do you keep this data?

For the same length of time as your other insurance data, i.e., 5 years after the end of your health insurance contract, except for the shipping details (address, phone numer and email, which are retained from 3 months since the last order.

Can I ask to have my data deleted?

Absolutely, simply send a request to [email protected]

Alan Shop

When you purchase a goodie on the Alan online shop, we process the following data:

  • Name and surname

  • Personal email address

  • Postal address

  • Payment information

On what legal basis?

This data is required for the execution of the sale contract concluded with Alan.

What do you do with it?

We use this data to process your order, ship the purchase and process the payment.

How long do you keep this data?

We keep them according to durations provided for by the law.

Can I ask to have my data deleted?

We are required to keep the data.

 How is my data protected?

Data security is an extremely important issue for Alan: we do our utmost to be worthy of the trust you place in us. Here are a few examples of the measures we have taken. If you have any questions on a specific point, we will be happy to answer them at [email protected].

Application security

We use Datadog App Security (previously Sqreen. com) to detect and block in real time attacks such as XSS, SQL injection, account theft, etc.

We also use Cloudflare.com to protect us from Distributed Denial of Service (DDoS) attacks.

Encryption of data in transit

All HTTP traffic to and from alan.com and api.alan.com is encrypted (HTTPS / TLS). You can evaluate our configuration here.

The first time a user logs on, we tell their browser (via the HSTS mechanism) that all subsequent connections must be encrypted (HTTPS), including when a link to alan.com starts with http:// instead of https://.

End to end data encryption

Your health conversations to our doctors, the answers and the attached documents are encrypted end-to-end: no one at Alan other than the doctors answering you has technically the possibility to see these discussions.

Hosting and database

For hosting and data processing, Alan uses AWS. All of our infrastructure is located in the Frankfurt region of Germany and is HDS (Health Data Hosting) certified. In order to fulfill all the purposes for which we collect your data, we may transfer some of your data to third parties, who host it in data centers located within and outside the European Union. When data is hosted outside the European Union, we make sure that hosting is subject to European data protection standards (for example, by including standard contractual clauses in our contracts with such third parties). You can find more information on data privacy with AWS security here, and our blog post on the subject here.

Encryption of data at rest

We use PostgreSQL databases. The data is encrypted using the AES-256 standard and the encryption keys are managed by AWS.

The backup archives are also encrypted.

Password policy and storage

We use the open-source zxcvbn library to let users know the strength of the password they choose. The minimum size is 9 characters, and the minimum score is 3.

We do not store these passwords: we only store a non-reversible hash calculated by the open-source bcrypt library, with the following parameters :

  • a cost of 12 (i.e. 4096 iterations) to limit brute force type attacks

  • one random salt per user to protect against rainbow tables

Organisational measures

All Alan employees receive mandatory training in security (including social engineering) and data privacy. They use complex and unique passwords and strong authentication (2FA) whenever possible. The use of a password manager such as 1Password is also mandatory.

Our computers are automatically updated and have their hard disk encrypted (in case of theft). Our screens lock automatically.

Access to our internal administration tools requires individual access from an authorised IP address and all data modifications (by an Alan employee or by a user himself) are audited.

We organise intrusion tests by independent companies.

All Alan services and applications are developed in-house. Our code is validated by automated tools (static analysis, security, etc.) and manually by a second pair of eyes.

 What can I do on my side?

In order to protect your data on your computer or mobile phone, you can take a few simple measures:

  • apply regular system updates to benefit from security patches;

  • use antivirus software to detect the presence of malware or spyware, or to disable security features;

  • protect your passwords well (your Alan account password, your mailbox password...);

You can also consult the official recommendations on good IT security practices.

 Who else besides Alan has access to my data?

The data collected may be communicated as required to Alan's partners, reinsurers, subcontractors, legal and financial advisors, and service providers. These data transfers are carried out solely within the framework of the operations mentioned above and to the extent necessary for the performance of the tasks we entrust to third parties. These third parties are fully informed by Alan of the confidentiality of the data communicated to them in this context, and these partners have an obligation to ensure the protection of this data. They are also bound by their own confidentiality and privacy policies, which can be consulted on their websites. When the nature of the operation carried out allows it, the data is subject to prior anonymisation before being communicated to third parties.

The main persons and tools that receive the data in the context of our processing operations include:

Insurance and prévoyance data

Owliance (delegated management company) Swiss Re (reinsurance) Alan and affiliated doctors (your health conversations) Amazon Web Services (hosting and storage) Stripe.com (payment) Revolut.com (refunds) Intercom.com (online chat and customer service) Google Vision (document recognition) Sendgrid.com (emails) Rollbar.com (monitoring) Trello.com (ticket management) Customer.Io (emails) Hubspot (CRM) Outreach (CRM) Salesforce (CRM) Snowflake Datadog Institut national d'assurance maladie et invalidité (government agency) Marmot BE (insurance intermediary) AssurCard (tiers payant) AssurPharma (tiers payant) EuropAssistance (insurance assistance abroad) Oxygen (conseil) Itsme (ID verification for video consultation)

Audience and usage measurement data

Segment.com (audience analysis) Amplitude.com (audience analysis) Google Ads (targeted advertising) Google Maps (Alan Map) Facebook Pixel (audience analysis and targeted advertising) Twitter Ads (targeted advertising) LinkedIn Insights (targeted advertising) Customer.io (e-mails) PixelMe.me (audience analysis) Bing (audience analysis and targeted advertising) Datadog App Security (sécurité) Cloudflare.com (network, security and audience analysis) Piwik (audience analysis)

Furthermore, in order to meet legal and regulatory obligations, we may be required to communicate personal information to administrative or judicial authorities at their request. In this case, we ensure that only the data strictly required by the authorities is transmitted.

 What about cookies ?

What's a cookie?

In addition to being a delicious biscuit, a cookie is a file on your device that contains data. You can delete or limit the storage of these files at any time in the settings of your internet browser (see below).

What's it for?
  • First of all to identify yourself once you are connected to the application.

  • Some cookies also allow us to reply to you in the online chat, in the window that opens at the bottom of your screen when you visit our website.

  • Audience measurement cookies enable us to know the use and performance of our website, to establish statistics, traffic volumes and use of the various elements of our website (content visited, paths) enabling us to improve the interest and ergonomics of our services. The data collected is analysed solely by Alan and its subcontractors, and used solely by Alan.

  • Cookies linked to targeted advertising operations enable us to measure the effectiveness of our advertising campaigns and to limit the number of times an advertisement for Alan is offered to you. None of these advertising cookies are used by Alan when members are authenticated.

Can I refuse?

Of course you can! During your first visit (or if you use your browser's private or incognito browsing), a banner (called a cookie banner) will be displayed asking you for permission to use cookies. Simply refuse and no cookies (other than those we need to operate the site and allow you to use our online chat) will be set. If you accept, your consent will be valid for 13 months from the date of registration.

 Are you going to bother me with e-mails and other notifications?

Simply put, no.

You will receive emails from us, but in the vast majority of cases it will be in the context of the execution of our contract, for example to invite you to register, to ask you for additional information to enable a refund or to inform you of contractual modifications or changes related to your account. There is no escaping this, but it is for your own good.

A small minority of emails are not directly related to our contract with you or your employer, but are still for a legitimate interest (e.g. to offer to sponsor a relative with a financial reward, to send you a quote, or to announce new services similar to those you currently enjoy).

If you are an administrator, you may also receive commercial offers from us. In these cases, you always have the possibility of unsubscribing from this type of message by following the link in each of our emails (opt-out).

You can also choose to subscribe to our newsletter or to our waiting lists to be notified of the availability of our new services (opt-in).

As for push notifications, we will ask for your permission directly in the mobile application and you will be able to deactivate or reactivate them from your phone.

Travel Assistance (EuropAssistance)

In order to provide travel assistance and allow you to be covered in case of problems while traveling abroad, we transmit the following information to our partner EuropAssistance:

  • First name, last name

  • E-mail address, date of birth,

  • Policy start date with Alan and membership card number

On what legal basis?

On the basis of a contract between the insured and us (you ask us to provide a service that we pay for) as well as on the basis of our legitimate interest in measuring the use of this service.

What do you do with this data?

This data is used to authenticate members in order to provide them with travel assistance abroad.

How long do you keep this data?

5 years after the end of the contract.

Can I ask to have my data deleted?

No, Alan must keep it for 5 years after the end of the coverage.