Common use of Data Collection Clause in Contracts

Data Collection. The Insured acknowledges being informed that the Insurer processes his personal data in accordance with regulations relative to the protection of personal data in effect and that, moreover: - the answers to the questions asked are mandatory and that in the event of false statements or omissions, the consequences for him may be invalidity of the policy taken out (Article L 113-8 of the French Insurance Code) or the reduction of indemnities (Article L 113-9 of the French Insurance Code), • The processing of personal data is necessary for acceptance and execution of his policy and covers, the management of commercial and contractual relationships and the performance of legal, regulatory or administrative provisions in effect. • The data collected and processed are kept for the period necessary for execution of the policy or the legal obligation. This data are then archived in accordance with the durations specified by the provisions relative to time limits. • The recipients of his personal data are, within the limits of their powers, the services of the Insurer in charge of signature, management and execution of the Insurance Policy and covers, its delegates, agents, partners, sub-contractors and reinsurers, within the framework of their duties. They can also be sent, if necessary, to professional bodies as well as to all persons involved in the policy such as lawyers, experts, court officials and ministerial officers, trustees, guardians or investigators. Information concerning him may also be transmitted to the Underwriter, as well as to all persons accredited as Authorised Third Parties (courts, arbitrators, mediators, relevant ministries, supervisory and regulatory authorities and all public bodies authorised to receive it as well as departments in charge of control such as statutory auditors, auditors and departments in charge of internal control). • In its capacity as a financial organisation, the Insurer is subject to the legal obligations resulting mainly from the French Monetary and Financial Code with regard to money laundering and against the financing of terrorism and, as such, it monitors policies, which may culminate in the drafting of a statement of suspicion or a measure of freezing of assets. The data and documents concerning the Insured are kept for a period of five (5) years from the end of the policy or termination of the relationship. • His personal information may also be used within the framework of processing to fight against insurance fraud, which may lead, if applicable, to registration on a list of persons presenting a risk of fraud. This registration may have the effect of extending examination of his file, or even the reduction or refusal of the benefit of a right, benefit, policy or service offered. In this context, personal data concerning him (or concerning persons or parties who are interested in the policy) may be processed by any authorised persons working within the entities of the Insurer Group in the context of the fight against fraud. These data may also be intended for the authorised personnel of organisations directly concerned by fraud (other insurance organisations or intermediaries; judicial authorities, mediators, arbitrators, court officials, ministerial officers; third- party organisations authorised by a legal provision and, if applicable, victims of acts of fraud or their representatives). In the event of a fraud alert, the data are kept for a maximum of six (6) months to qualify the alert and then deleted, unless the alert is relevant. In the event of a relevant alert, the data are kept for up to five (5) years following closure of the fraud case, or until the end of the legal proceedings and the applicable limitation periods. Data of people registered on a list of suspected fraudsters are deleted after five years from being registered on this list. • In its capacity as insurer, it is entitled to process data relative to violations, condemnations and measures of security, either when taking out the insurance policy, or during the period of execution, or within the framework of handling litigation. • Personal data may be used by the Insurer for his processing operations with the purpose of research and development to improve the quality or relevance of its future insurance or assistance products and service offers. • His personal data may be accessible to some of the Insurer's employees or service providers established in countries outside the European Union. • By proving his identity, the Insured has a right of access, rectification, deletion and opposition concerning the data processed. He also has the right to ask to limit the use of his data when they are no longer necessary, or to recover, in a structured format, the data that he has provided when it was necessary for the policy or when he consented to the use of these data. He has the right to provide instructions on what becomes of his personal data after his death. These instructions, general or specific, concern the storage, removal and communication of his data after his death. These rights can be exercised with the Insurer's Data Protection Representative: - by e-mail: at ▇▇▇▇@▇▇▇▇▇▇▇▇.▇▇ or - by post: by writing to the following address: Data Protection Representative - MUTUAIDE ASSISTANCE - ▇▇▇ ▇▇▇ ▇▇ ▇▇ ▇▇▇▇▇▇ - F-93196 Noisy le Grand. Having made a request to the Data Protection Representative without receiving satisfaction, he can contact the CNIL (French Data Protection Agency).

Data Collection. The Insured acknowledges being informed that the Insurer processes his personal data in accordance with regulations relative to the protection of personal data in effect and that, moreover: - the answers to the questions asked are mandatory and that in the event of false statements or omissions, the consequences for him may be invalidity of the policy taken out (Article L 113-8 of the French Insurance Code) or the reduction of indemnities (Article L 113-9 of the French Insurance Code), • The processing of personal data is necessary for acceptance and execution of his policy and covers, the management of commercial and contractual relationships and the performance of legal, regulatory or administrative provisions in effect. • The data collected and processed are kept for the period necessary for execution of the policy or the legal obligation. This data are then archived in accordance with the durations specified by the provisions relative to time limits. • The recipients of his personal data are, within the limits of their powers, the services of the Insurer in charge of signature, management and execution of the Insurance Policy and covers, its delegates, agents, partners, sub-contractors and reinsurers, within the framework of their duties. They can also be sent, if necessary, to professional bodies as well as to all persons involved in the policy such as lawyers, experts, court officials and ministerial officers, trustees, guardians or investigators. Information concerning him may also be transmitted to the Underwriter, as well as to all persons accredited as Authorised Third Parties (courts, arbitrators, mediators, relevant ministries, supervisory and regulatory authorities and all public bodies authorised to receive it as well as departments in charge of control such as statutory auditors, auditors and departments in charge of internal control). • In its capacity as a financial organisation, the Insurer is subject to the legal obligations resulting mainly from the French Monetary and Financial Code with regard to money laundering and against the financing of terrorism and, as such, it monitors policies, which may culminate in the drafting of a statement of suspicion or a measure of freezing of assets. The data and documents concerning the Insured are kept for a period of five (5) years from the end of the policy or termination of the relationship. • His personal information may also be used within the framework of processing to fight against insurance fraud, which may lead, if applicable, to registration on a list of persons presenting a risk of fraud. This registration may have the effect of extending examination of his file, or even the reduction or refusal of the benefit of a right, benefit, policy or service offered. In this context, personal data concerning him (or concerning persons or parties who are interested in the policy) may be processed by any authorised persons working within the entities of the Insurer Group in the context of the fight against fraud. These data may also be intended for the authorised personnel of organisations directly concerned by fraud (other insurance organisations or intermediaries; judicial authorities, mediators, arbitrators, court officials, ministerial officers; third- party organisations authorised by a legal provision and, if applicable, victims of acts of fraud or their representatives). In the event of a fraud alert, the data are kept for a maximum of six (6) months to qualify the alert and then deleted, unless the alert is relevant. In the event of a relevant alert, the data are kept for up to five (5) years following closure of the fraud case, or until the end of the legal proceedings and the applicable limitation periods. Data of people registered on a list of suspected fraudsters are deleted after five years from being registered on this list. • In its capacity as insurer, it is entitled to process data relative to violations, condemnations and measures of security, either when taking out the insurance policy, or during the period of execution, or within the framework of handling litigation. • Personal data may be used by the Insurer for his processing operations with the purpose of research and development to improve the quality or relevance of its future insurance or assistance products and service offers. • His personal data may be accessible to some of the Insurer's employees or service providers established in countries outside the European Union. • By proving his identity, the Insured has a right of access, rectification, deletion and opposition concerning the data processed. He also has the right to ask to limit the use of his data when they are no longer necessary, or to recover, in a structured format, the data that he has provided when it was necessary for the policy or when he consented to the use of these data. He has the right to provide instructions on what becomes of his personal data after his death. These instructions, general or specific, concern the storage, removal and communication of his data after his death. These rights can be exercised with the Insurer's Data Protection Representative: - by e-mail: at ▇▇▇▇@▇▇▇▇▇▇▇▇.▇▇ or - by post: by writing to the following address: Data Protection Representative - MUTUAIDE ASSISTANCE - ▇▇▇ ▇▇▇ ▇▇ ▇▇ ▇▇▇▇▇▇ Piazza - F-93196 Noisy le Grand. Having made a request to the Data Protection Representative without receiving satisfaction, he can contact the CNIL (French Data Protection Agency).

Data Collection. The Insured acknowledges being informed that the Insurer processes his personal data in accordance with regulations relative to the protection of personal data in effect and that, moreover: - the answers to the questions asked are mandatory and that in the event of false statements or omissions, the consequences for him may be invalidity of the policy taken out (Article L 113-8 of the French Insurance Code) or the reduction of indemnities (Article L 113-9 of the French Insurance Code), • The processing of personal data is necessary for acceptance and execution of his policy and covers, the management of commercial and contractual relationships and the performance of legal, regulatory or administrative provisions in effect. • The data collected and processed are kept for the period necessary for execution of the policy or the legal obligation. This data are then archived in accordance with the durations specified by the provisions relative to time limits. • The recipients of his personal data are, within the limits of their powers, the services of the Insurer in charge of signature, management and execution of the Insurance Policy and covers, its delegates, agents, partners, sub-contractors and reinsurers, within the framework of their duties. They can also be sent, if necessary, to professional bodies as well as to all persons involved in the policy such as lawyers, experts, court officials and ministerial officers, trustees, guardians or investigators. Information concerning him may also be transmitted to the Underwriter, as well as to all persons accredited as Authorised Third Parties (courts, arbitrators, mediators, relevant ministries, supervisory and regulatory authorities and all public bodies authorised to receive it as well as departments in charge of control such as statutory auditors, auditors and departments in charge of internal control). • In its capacity as a financial organisation, the Insurer is subject to the legal obligations resulting mainly from the French Monetary and Financial Code with regard to money laundering and against the financing of terrorism and, as such, it monitors policies, which may culminate in the drafting of a statement of suspicion or a measure of freezing of assets. The data and documents concerning the Insured are kept for a period of five (5) years from the end of the policy or termination of the relationship. • His personal information may also be used within the framework of processing to fight against insurance fraud, which may lead, if applicable, to registration on a list of persons presenting a risk of fraud. This registration may have the effect of extending examination of his file, or even the reduction or refusal 19 / 21 Gritchen Affinity - SAS au capital de 10.260 euros immatriculée au RCS de Bourges sous le n° 529 150 542 dont le siège social est sis au ▇▇, ▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ - CS70139 - 18021 Bourges Cedex - N° TVA : FR78529150542 Société de Courtage d'Assurances sans obligation d'exclusiv ité (liste des compagnies d’assurances partenaires disponible sur simple demande) soumise au contrôle de l'ACPR, Autorité de Contrôle Prudentiel et de Résolution, ▇ ▇▇▇▇▇ ▇▇ ▇▇▇▇▇▇▇▇ - ▇▇ ▇▇▇▇▇ - ▇▇▇▇▇ ▇▇▇▇▇ Cedex 09 et immatriculée à l'ORIAS dans la catégorie Courtier d'assurance sous le n° 110 613 17 (www.orias.f r) - www.gritchenr.ferfusal of the benefit of a right, benefit, policy or service offered. In this context, personal data concerning him (or concerning persons or parties who are interested in the policy) may be processed by any authorised persons working within the entities of the Insurer Group in the context of the fight against fraud. These data may also be intended for the authorised personnel of organisations directly concerned by fraud (other insurance organisations or intermediaries; judicial authorities, mediators, arbitrators, court officials, ministerial officers; third- party organisations authorised by a legal provision and, if applicable, victims of acts of fraud or their representatives). In the event of a fraud alert, the data are kept for a maximum of six (6) months to qualify the alert and then deleted, unless the alert is relevant. In the event of a relevant alert, the data are kept for up to five (5) years following closure of the fraud case, or until the end of the legal proceedings and the applicable limitation periods. Data of people registered on a list of suspected fraudsters are deleted after five years from being registered on this list. • In its capacity as insurer, it is entitled to process data relative to violations, condemnations and measures of security, either when taking out the insurance policy, or during the period of execution, or within the framework of handling litigation. • Personal data may be used by the Insurer for his processing operations with the purpose of research and development to improve the quality or relevance of its future insurance or assistance products and service offers. • His personal data may be accessible to some of the Insurer's employees or service providers established in countries outside the European Union. • By proving his identity, the Insured has a right of access, rectification, deletion and opposition concerning the data processed. He also has the right to ask to limit the use of his data when they are no longer necessary, or to recover, in a structured format, the data that he has provided when it was necessary for the policy or when he consented to the use of these data. He has the right to provide instructions on what becomes of his personal data after his death. These instructions, general or specific, concern the storage, removal and communication of his data after his death. These rights can be exercised with the Insurer's Data Protection Representative: - by e-mail: at ▇▇▇▇@▇▇▇▇▇▇▇▇.▇▇ or - by post: by writing to the following address: Data Protection Representative - MUTUAIDE ASSISTANCE - ▇▇▇ ▇▇▇ ▇▇ ▇▇ ▇▇▇▇▇▇ Piazza - F-93196 Noisy le Grand. Having made a request to the Data Protection Representative without receiving satisfaction, he can contact the CNIL (French Data Protection Agency).

Data Collection. The Insured acknowledges being informed that the Insurer processes his personal data in accordance with regulations relative to the protection of personal data in effect and that, moreover: - the answers to the questions asked are mandatory and that in the event of false statements or omissions, the consequences for him may be invalidity of the policy taken out (Article L 113-8 of the French Insurance Code) or the reduction of indemnities (Article L 113-9 of the French Insurance Code), • The processing of personal data is necessary for acceptance and execution of his policy and covers, the management of commercial and contractual relationships and the performance of legal, regulatory or administrative provisions in effect. • The data collected and processed are kept for the period necessary for execution of the policy or the legal obligation. This data are then archived in accordance with the durations specified by the provisions relative to time limits. • The recipients of his personal data are, within the limits of their powers, the services of the Insurer in charge of signature, management and execution of the Insurance Policy and covers, its delegates, agents, partners, sub-contractors and reinsurers, within the framework of their duties. They can also be sent, if necessary, to professional bodies as well as to all persons involved in the policy such as lawyers, experts, court officials and ministerial officers, trustees, guardians or investigators. Information concerning him may also be transmitted to the Underwriter, as well as to all persons accredited as Authorised Third Parties (courts, arbitrators, mediators, relevant ministries, supervisory and regulatory authorities and all public bodies authorised to receive it as well as departments in charge of control such as statutory auditors, auditors and departments in charge of internal control). • In its capacity as a financial organisation, the Insurer is subject to the legal obligations resulting mainly from the French Monetary and Financial Code with regard to money laundering and against the financing of terrorism and, as such, it monitors policies, which may culminate in the drafting of a statement of suspicion or a measure of freezing of assets. The data and documents concerning the Insured are kept for a period of five (5) years from the end of the policy or termination of the relationship. • His personal information may also be used within the framework of processing to fight against insurance fraud, which may lead, if applicable, to registration on a list of persons presenting a risk of fraud. This registration may have the effect of extending examination of his file, or even the reduction or refusal www.gritchenr.ferfusal of the benefit of a right, benefit, policy or service offered. In this context, personal data concerning him (or concerning persons or parties who are interested in the policy) may be processed by any authorised persons working within the entities of the Insurer Group in the context of the fight against fraud. These data may also be intended for the authorised personnel of organisations directly concerned by fraud (other insurance organisations or intermediaries; judicial authorities, mediators, arbitrators, court officials, ministerial officers; third- party organisations authorised by a legal provision and, if applicable, victims of acts of fraud or their representatives). In the event of a fraud alert, the data are kept for a maximum of six (6) months to qualify the alert and then deleted, unless the alert is relevant. In the event of a relevant alert, the data are kept for up to five (5) years following closure of the fraud case, or until the end of the legal proceedings and the applicable limitation periods. Data of people registered on a list of suspected fraudsters are deleted after five years from being registered on this list. • In its capacity as insurer, it is entitled to process data relative to violations, condemnations and measures of security, either when taking out the insurance policy, or during the period of execution, or within the framework of handling litigation. • Personal data may be used by the Insurer for his processing operations with the purpose of research and development to improve the quality or relevance of its future insurance or assistance products and service offers. • His personal data may be accessible to some of the Insurer's employees or service providers established in countries outside the European Union. • By proving his identity, the Insured has a right of access, rectification, deletion and opposition concerning the data processed. He also has the right to ask to limit the use of his data when they are no longer necessary, or to recover, in a structured format, the data that he has provided when it was necessary for the policy or when he consented to the use of these data. He has the right to provide instructions on what becomes of his personal data after his death. These instructions, general or specific, concern the storage, removal and communication of his data after his death. These rights can be exercised with the Insurer's Data Protection Representative: - by e-mail: at ▇▇▇▇@▇▇▇▇▇▇▇▇.▇▇ or - by post: by writing to the following address: Data Protection Representative - MUTUAIDE ASSISTANCE - ▇▇▇ ▇▇▇ ▇▇ ▇▇ ▇▇▇▇▇▇ Piazza - F-93196 Noisy le Grand. Having made a request to the Data Protection Representative without receiving satisfaction, he can contact the CNIL (French Data Protection Agency).

Data Collection. The Insured acknowledges being informed that the Insurer processes his personal data in accordance with regulations relative to the protection of personal data in effect and that, moreover: - the answers to the questions asked are mandatory and that in the event of false statements or omissions, the consequences for him may be invalidity of the policy taken out (Article L 113-8 of the French Insurance Code) or the reduction of indemnities (Article L 113-9 of the French Insurance Code), • The processing of personal data is necessary for acceptance and execution of his policy and covers, the management of commercial and contractual relationships and the performance of legal, regulatory or administrative provisions in effect. • The data collected and processed are kept for the period necessary for execution of the policy or the legal obligation. This data are then archived in accordance with the durations specified by the provisions relative to time limits. • The recipients of his personal data are, within the limits of their powers, the services of the Insurer in charge of signature, management and execution of the Insurance Policy and covers, its delegates, agents, partners, sub-contractors and reinsurers, within the framework of their duties. They can also be sent, if necessary, to professional bodies as well as to all persons involved in the policy such as lawyers, experts, court officials and ministerial officers, trustees, guardians or investigators. Information concerning him may also be transmitted to the Underwriter, as well as to all persons accredited as Authorised Third Parties (courts, arbitrators, mediators, relevant ministries, supervisory and regulatory authorities and all public bodies authorised to receive it as well as departments in charge of control such as statutory auditors, auditors and departments in charge of internal control). • In its capacity as a financial organisation, the Insurer is subject to the legal obligations resulting mainly from the French Monetary and Financial Code with regard to money laundering and against the financing of terrorism and, as such, it monitors policies, which may culminate in the drafting of a statement of suspicion or a measure of freezing of assets. The data and documents concerning the Insured are kept for a period of five (5) years from the end of the policy or termination of the relationship. • His personal information may also be used within the framework of processing to fight against insurance fraud, which may lead, if applicable, to registration on a list of persons presenting a risk of fraud. This registration may have the effect of extending examination of his file, or even the reduction or refusal 19 / 21 Gritchen Affinity - SAS au capital de 10.260 euros immatriculée au RCS de Bourges sous le n° 529 150 542 dont le siège social est sis au ▇▇, ▇▇▇ ▇▇▇▇▇▇▇ ▇▇▇▇▇▇ - CS70139 - 18021 Bourges Cedex - N° TVA : FR78529150542 Société de Courtage d'Assurances sans obligation d'exclusiv ité (liste des compagnies d’assurances partenaires disponible sur simple demande) soumise au contrôle de l'ACPR, Autorité de Contrôle Prudentiel et de Résolution, 4 place de Budapest - CS 92459 - 75436 Paris Cedex 09 et immatriculée à l'ORIAS dans la catégorie Courtier d'assurance sous le n° 110 613 17 (www.orias.f r) - www.gritchenr.ferfusal of the benefit of a right, benefit, policy or service offered. In this context, personal data concerning him (or concerning persons or parties who are interested in the policy) may be processed by any authorised persons working within the entities of the Insurer Group in the context of the fight against fraud. These data may also be intended for the authorised personnel of organisations directly concerned by fraud (other insurance organisations or intermediaries; judicial authorities, mediators, arbitrators, court officials, ministerial officers; third- party organisations authorised by a legal provision and, if applicable, victims of acts of fraud or their representatives). In the event of a fraud alert, the data are kept for a maximum of six (6) months to qualify the alert and then deleted, unless the alert is relevant. In the event of a relevant alert, the data are kept for up to five (5) years following closure of the fraud case, or until the end of the legal proceedings and the applicable limitation periods. Data of people registered on a list of suspected fraudsters are deleted after five years from being registered on this list. • In its capacity as insurer, it is entitled to process data relative to violations, condemnations and measures of security, either when taking out the insurance policy, or during the period of execution, or within the framework of handling litigation. • Personal data may be used by the Insurer for his processing operations with the purpose of research and development to improve the quality or relevance of its future insurance or assistance products and service offers. • His personal data may be accessible to some of the Insurer's employees or service providers established in countries outside the European Union. • By proving his identity, the Insured has a right of access, rectification, deletion and opposition concerning the data processed. He also has the right to ask to limit the use of his data when they are no longer necessary, or to recover, in a structured format, the data that he has provided when it was necessary for the policy or when he consented to the use of these data. He has the right to provide instructions on what becomes of his personal data after his death. These instructions, general or specific, concern the storage, removal and communication of his data after his death. These rights can be exercised with the Insurer's Data Protection Representative: - by e-mail: at ▇▇▇▇@▇▇▇▇▇▇▇▇.▇▇ or - by post: by writing to the following address: Data Protection Representative - MUTUAIDE ASSISTANCE - ▇▇▇ ▇▇▇ ▇▇ ▇▇ ▇▇▇▇▇▇ - F-93196 Noisy le Grand. Having made a request to the Data Protection Representative without receiving satisfaction, he can contact the CNIL (French Data Protection Agency).

Data Collection. The Insured acknowledges being informed that the Insurer processes his personal data in accordance with regulations relative to the protection of personal data in effect and that, moreover: - the answers to the questions asked are mandatory and that in the event of false statements or omissions, the consequences for him may be invalidity of the policy taken out (Article L 113-8 of the French Insurance Code) or the reduction of indemnities (Article L 113-9 of the French Insurance Code), • The processing of personal data is necessary for acceptance and execution of his policy and covers, the management of commercial and contractual relationships and the performance of legal, regulatory or administrative provisions in effect. • The data collected and processed are kept for the period necessary for execution of the policy or the legal obligation. This data are then archived in accordance with the durations specified by the provisions relative to time limits. • The recipients of his personal data are, within the limits of their powers, the services of the Insurer in charge of signature, management and execution of the Insurance Policy and covers, its delegates, agents, partners, sub-contractors and reinsurers, within the framework of their duties. They can also be sent, if necessary, to professional bodies as well as to all persons involved in the policy such as lawyers, experts, court officials and ministerial officers, trustees, guardians or investigators. Information concerning him may also be transmitted to the Underwriter, as well as to all persons accredited as Authorised Third Parties (courts, arbitrators, mediators, relevant ministries, supervisory and regulatory authorities and all public bodies authorised to receive it as well as departments in charge of control such as statutory auditors, auditors and departments in charge of internal control). • In its capacity as a financial organisation, the Insurer is subject to the legal obligations resulting mainly from the French Monetary and Financial Code with regard to money laundering and against the financing of terrorism and, as such, it monitors policies, which may culminate in the drafting of a statement of suspicion or a measure of freezing of assets. The data and documents concerning the Insured are kept for a period of five (5) years from the end of the policy or termination of the relationship. • His personal information may also be used within the framework of processing to fight against insurance fraud, which may lead, if applicable, to registration on a list of persons presenting a risk of fraud. This registration may have the effect of extending examination of his file, or even the reduction or refusal of the benefit of a right, benefit, policy or service offered. In this context, personal data concerning him (or concerning persons or parties who are interested in the policy) may be processed by any authorised persons working within the entities of the Insurer Group in the context of the fight against fraud. These data may also be intended for the authorised personnel of organisations directly concerned by fraud (other insurance organisations or intermediaries; judicial authorities, mediators, arbitrators, court officials, ministerial officers; third- party organisations authorised by a legal provision and, if applicable, victims of acts of fraud or their representatives). In the event of a fraud alert, the data are kept for a maximum of six (6) months to qualify the alert and then deleted, unless the alert is relevant. In the event of a relevant alert, the data are kept for up to five (5) years following closure of the fraud case, or until the end of the legal proceedings and the applicable limitation periods. Data of people registered on a list of suspected fraudsters are deleted after five years from being registered on this list. • In its capacity as insurer, it is entitled to process data relative to violations, condemnations and measures of security, either when taking out the insurance policy, or during the period of execution, or within the framework of handling litigation. • Personal data may be used by the Insurer for his processing operations with the purpose of research and development to improve the quality or relevance of its future insurance or assistance products and service offers. • His personal data may be accessible to some of the Insurer's employees or service providers established in countries outside the European Union. • By proving his identity, the Insured has a right of access, rectification, deletion and opposition concerning the data processed. He also has the right to ask to limit the use of his data when they are no longer necessary, or to recover, in a structured format, the data that he has provided when it was necessary for the policy or when he consented to the use of these data. He has the right to provide instructions on what becomes of his personal data after his death. These instructions, general or specific, concern the storage, removal and communication of his data after his death. These rights can be exercised with the Insurer's Data Protection Representative: - by e-mail: at ▇▇▇▇@▇▇▇▇▇▇▇▇.▇▇ or - by post: by writing to the following address: Data Protection Representative - MUTUAIDE ASSISTANCE - ▇▇▇ ▇▇▇ ▇▇ ▇▇ ▇▇▇▇▇▇ - F-93196 Noisy le Grand. Having made a request to the Data Protection Representative without receiving satisfaction, he can contact the CNIL (French Data Protection Agency).or

Data Collection. The Insured acknowledges being informed that the Insurer processes his personal data in accordance with regulations relative to the protection of personal data in effect and that, moreover: - the answers to the questions asked are mandatory and that in the event of false statements or omissions, the consequences for him may be invalidity of the policy taken out (Article L 113-8 of the French Insurance Code) or the reduction of indemnities (Article L 113-9 of the French Insurance Code), • www.gritchen•.fr The processing of personal data is necessary for acceptance and execution of his policy and covers, the management of commercial and contractual relationships and the performance of legal, regulatory or administrative provisions in effect. • The data collected and processed are kept for the period necessary for execution of the policy or the legal obligation. This data are then archived in accordance with the durations specified by the provisions relative to time limits. • The recipients of his personal data are, within the limits of their powers, the services of the Insurer in charge of signature, management and execution of the Insurance Policy and covers, its delegates, agents, partners, sub-contractors and reinsurers, within the framework of their duties. They can also be sent, if necessary, to professional bodies as well as to all persons involved in the policy such as lawyers, experts, court officials and ministerial officers, trustees, guardians or investigators. Information concerning him may also be transmitted to the Underwriter, as well as to all persons accredited as Authorised Third Parties (courts, arbitrators, mediators, relevant ministries, supervisory and regulatory authorities and all public bodies authorised to receive it as well as departments in charge of control such as statutory auditors, auditors and departments in charge of internal control). • In its capacity as a financial organisation, the Insurer is subject to the legal obligations resulting mainly from the French Monetary and Financial Code with regard to money laundering and against the financing of terrorism and, as such, it monitors policies, which may culminate in the drafting of a statement of suspicion or a measure of freezing of assets. The data and documents concerning the Insured are kept for a period of five (5) years from the end of the policy or termination of the relationship. • His personal information may also be used within the framework of processing to fight against insurance fraud, which may lead, if applicable, to registration on a list of persons presenting a risk of fraud. This registration may have the effect of extending examination of his file, or even the reduction or refusal of the benefit of a right, benefit, policy or service offered. In this context, personal data concerning him (or concerning persons or parties who are interested in the policy) may be processed by any authorised persons working within the entities of the Insurer Group in the context of the fight against fraud. These data may also be intended for the authorised personnel of organisations directly concerned by fraud (other insurance organisations or intermediaries; judicial authorities, mediators, arbitrators, court officials, ministerial officers; third- party organisations authorised by a legal provision and, if applicable, victims of acts of fraud or their representatives). In the event of a fraud alert, the data are kept for a maximum of six (6) months to qualify the alert and then deleted, unless the alert is relevant. In the event of a relevant alert, the data are kept for up to five (5) years following closure of the fraud case, or until the end of the legal proceedings and the applicable limitation periods. Data of people registered on a list of suspected fraudsters are deleted after five years from being registered on this list. • In its capacity as insurer, it is entitled to process data relative to violations, condemnations and measures of security, either when taking out the insurance policy, or during the period of execution, or within the framework of handling litigation. • Personal data may be used by the Insurer for his processing operations with the purpose of research and development to improve the quality or relevance of its future insurance or assistance products and service offers. • His personal data may be accessible to some of the Insurer's employees or service providers established in countries outside the European Union. • By proving his identity, the Insured has a right of access, rectification, deletion and opposition concerning the data processed. He also has the right to ask to limit the use of his data when they are no longer necessary, or to recover, in a structured format, the data that he has provided when it was necessary for the policy or when he consented to the use of these data. He has the right to provide instructions on what becomes of his personal data after his death. These instructions, general or specific, concern the storage, removal and communication of his data after his death. These rights can be exercised with the Insurer's Data Protection Representative: - by e-mail: at ▇▇▇▇@▇▇▇▇▇▇▇▇.▇▇ or ▇▇▇.▇▇▇▇▇▇▇▇.▇▇ - by post: by writing to the following address: Data Protection Representative - – MUTUAIDE ASSISTANCE - – ▇▇▇ ▇, ▇▇▇ ▇▇ ▇▇ ▇▇▇▇▇▇ - Piazza – F-93196 Noisy le Grand. the French Civil Code).The interruption is void if the requester withdraws his request or allows the procedure to expire, or if his request is definitively rejected (Article 2243 of the French Civil Code); Having made a request to the Data Protection Representative without receiving satisfaction, he can contact the CNIL (French Data Protection Agency).