Confidentiality and privacy

This Privacy Policy forms an integral part of the Terms of Engagement of ABIL. All capitalized terms used but not defined
herein shall have the meanings set forth in the Terms of Engagement.

As an insurer broker it is essential for ABIL Luxembourg and ABIL Belgium (further “ABIL”) to have enough requisite
information to be able to evaluate your risk and seek the best insurance offer in the market. Some of this information may be
of private nature. The way in which the information will be treated (collecting, retention, use, modification…) is the subject
of the present policy.


We may collect data in various instances, such as:

  • When we perform services for our clients, including insurance broking, claims management, risk management consulting or other forms of insurance related services. In these cases, your personal information will normally be provided to us by our clients (or advisors or service providers acting on behalf of our clients), or sometimes our clients may ask us to contact you directly. We may also need to obtain information from third parties such as insurance companies, insurance brokers or agents and publicly available sources.
  • When you request a service from us. For example, if you ask us to obtain insurance quotes on your behalf, or if you
    contact us as a representative of your employer to enquire about our professional services.
  • When you register with or use any of our websites or applications.
  • When you attend an ABIL site or event. You may provide this information directly, or it may be provided by your employer or colleagues.
  • When you apply for a position at ABIL. You may provide this information directly or it may be provided via an agency.
  • If you contact us with a complaint or query.
  • When you engage with us over social media.


In view of our main activities, the majority of the information we collect is as follows:

  • Individual details: incl. name, address, other contact details (e.g., email and telephone details), gender, marital status, family details, date and place of birth, employer, job title and employment history, relationship to the policyholder, insured, beneficiary or claimant.
  • Identification details: incl. identification numbers issued by government bodies or agencies (e.g., depending on the country you are in, social security or national insurance number, passport number, ID number, tax identification number).
  • Financial information: incl. bank account number and account details, income and other financial information.
  • Insured risk: any information relating to the risk for which you need an insurance.
  • Credit data: credit history and credit score.
  • Previous claims: information about previous claims made to insurance companies.
  • Current claims: information about current claims.

We may also collect (in each case as strictly relevant to the services we provide) sensitive information about you, such as criminal convictions or health information in relation to life, health, professional liability and workers compensation insurance or employee benefit programs sponsored by your employer.

Sensitive information includes a number of types of data relating to: race or ethnic origin; political opinions; religious or other similar beliefs; trade union membership; physical or mental health; sexual life or criminal record. We suggest that you do not provide sensitive information of this nature unless we specifically request this information.

If you provide us with sensitive personal information, you understand and give your explicit consent that we may collect, use and disclose this information to appropriate third parties for the purposes described in this Policy. If you provide personal information about other individuals such as employees or dependents, you must obtain their consent prior to your disclosure to us.


  • Performing services for our clients. We process personal information which our clients provide to us in order to perform our professional consultancy and risk based advisory services. This may impact you, for example, where you are the employee of our client, or the member of a client’s pension scheme. It is the obligation of our client to ensure that you understand that your personal information will be disclosed to us.
  • Administering our client engagements. We process personal information about our clients and the individual representatives of our corporate clients in order to carry out “Know Your Client” checks and screening prior to starting a new engagement; carry out client communication, service, billing and administration; deal with client complaints; administer claims.
  • Contacting our clients and prospective clients. Contact our clients and prospective clients in relation to current, future and proposed engagements; send them newsletters, promotional material and other marketing communications; invite them to events (and arrange and administer those events).
  • Conducting data analytics. We are an innovative business, which relies on developing sophisticated products and services by drawing on our experience from prior engagements. We are not concerned with an analysis of identifiable individuals.
  • Other uses, such as: provide information and services as requested by you or by our clients; determine eligibility and process applications for products and services; understand and assess clients’ ongoing needs;

If we wish to use your personal information for a purpose which is not compatible with the purpose for which it was collected for, we will request your consent. In all cases, we balance our legal use of your personal information with your interests, rights, and freedoms in accordance with applicable laws and regulations to make sure that your personal information is not subject to unnecessary risk.


The processing of personal date is justified on the basis that:

  • the processing is necessary for the performance of a contract which you are a party, or to take steps (at your
    request) to enter into a contract; or
  • the processing is necessary for us to comply with a relevant legal obligation; or
  • the processing is in our legitimate commercial interests, subject to your interests and fundamental rights (e.g. where we use personal information provided to us by our clients to deliver our services, and that processing is not necessary in relation to a contract to which you are a party).
  • In limited circumstances, we will use your consent as the basis for processing your personal information (e.g. with
    respect to sensitive personal information).


It depends on the purpose for which it was obtained and its nature. We will keep your personal information for the period necessary to fulfil the purposes described in this Policy unless a longer retention period is permitted by law.

In specific circumstances we may store your personal information for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to your personal information or dealings.


We disclose personal information on a need to know basis to:

  • Associated Companies, to serve you, including for the activities listed above;
  • Business partners or service providers (other than Associated Companies) who provide certain specialized services to us, or who co-operate with us on projects. These business partners are responsible for their own compliance with data protection laws. You should refer to their privacy notices for more information about their practices. Examples include: insurers, reinsurers, other insurance intermediaries, insurance reference bureaus, medical service providers, fraud detection agencies, our advisers such as loss adjusters, lawyers and accountants and others involved in the claims handling process. It also includes providers we have retained to perform services on our behalf such as: IT service providers who manage our IT and back-office systems and telecommunications networks; marketing automation providers; contact center providers.
  • Legal requirements and business transfers. We may disclose personal information (i) if we are required to do so by law, statute, rule, regulation, or professional standard, or to respond to a subpoena, search warrant, or other legal request, (ii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, (iii) for company audits or to investigate a complaint or security threat, or (iv) in the event that ABIL is subject to a merger or acquisition.

In each instance, we use a variety of mechanisms to help ensure your rights and protections travel with your data:

  • where we transfer your personal information to Associated Companies or other third parties who help provide our products and services, we obtain contractual commitments from them to protect your personal information; or
  • where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any personal information are disclosed.

We do not rent or sell personal information with third parties.


The two ABIL group entities are located in Luxembourg and Belgium and data is transferred across those two jurisdictions.

We may transfer certain personal information to service providers or business partners overseas (in particular IT providers),
some of which have not been determined by the European Commission to have an adequate level of data protection, in
accordance with applicable law.


ABIL has implemented reasonable physical, technical, and administrative security standards to protect personal information from loss, misuse, alteration or destruction. We protect your personal information against unauthorized access, use or disclosure, using security technologies and procedures, such as encryption and limited access. Only authorized individuals access your personal information, and they receive training about the importance of protecting personal information.

Our service providers are contractually bound to maintain the confidentiality of personal information and may not use the information for any unauthorized purpose.


You can update your communication preferences by contacting us by e-mail or postal address as noted below. Please include your current contact information, the information you are interested in accessing and your requested changes.


Subject to certain exemptions, and in some cases dependent upon the processing activity we are undertaking, you have certain rights in relation to your personal information. We may ask you for additional information to confirm your identity and for security purposes, before disclosing the personal information requested to you. You can exercise your rights by contacting us. Subject to legal and other permissible considerations, we will make every reasonable effort to honour your request promptly or inform you if we require further information in order to fulfil your request. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.

  • Right to Access. You have right to access personal information which we hold about you.
  • Right to Rectification. You have a right to request us to correct your personal information.
  • Right to be Forgotten (Right to Erasure). You have the right under certain circumstances to have your personal information erased.
  • Right to Data Portability. You have the right to data portability, which requires us to provide personal information to you or another controller in a commonly used, machine readable format, but only where the processing of that information is based on (i) consent; or (ii) the performance of a contract to which you are a party.
  • Right to Object to Processing. You have the right to object the processing of your personal information where that processing has our legitimate interests as legal basis. If you raise an objection, we have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms.
  • International Transfers. You can ask to obtain a copy of, or reference to, the safeguards under which your personal information is transferred outside of the European Union.
  • Marketing. You may choose not to receive marketing communications from us.


If you have any question, or would like to make a complaint, please contact Philippe Goutière at (Luxembourg) or Alessandro Guarrata at (Belgium).


We may update this Policy from time to time. We encourage you to periodically review this Policy so that you will be aware
of our privacy practices.

Updated on October 12th 2023.