4. How do we use your personal information?

We mainly use your personal information to provide you with a travel protection plan and other services that you or other family members obtain from us and to provide you with the right services based on your situation. So, for example, if you have a problem, we make sure the right network of providers and specialists are assigned to you and we can also update you quickly on the progress and cost of your claim and keep you safe from fraud. However, there are a number of other reasons why we use your personal information; please see below for a more detailed list. 

We may process your personal information for a number of different purposes, and these are set out in more detail below covering a full range of products and services. Under data protection laws we can only process your information where we have one or more valid legal reasons for doing so. We have set out below the main reasons/purposes we process your personal information for, the types of personal data involved and the applicable legal basis when we do so.

When the personal information we process about you is considered to be sensitive personal information (“Special Category Personal Data” such as health, disability or religious beliefs data), we will ask for your consent.

• Processing of personal and sensitive personal information is necessary in order for us to provide you with travel protection plans, benefits, or other services, such as administering and managing your insurance policy or benefits, providing all related online and offline services including various types of assistance, providing a quote, receiving, handling and paying claims and communicating with you. In these circumstances, if you do not provide such information, we may not be able to offer you a policy, service or process a claim.  
• We may use cloud (technology) storage solutions within the United States and Europe which are chosen to ensure efficiency and improved performance through up-to-date technology.
• Where we have a legal or regulatory obligation to use personal information.
• Where we need to use your personal information to establish, exercise or defend our legal rights, for example when we are faced with a legal claim or where we want to pursue any legal claims ourselves.
• Where we need to use personal and sensitive information for reasons of public interest, such as investigating fraudulent policyholder applications or claims.
• Where you have provided your consent to our use of your personal information. We will usually only ask for your consent in relation to processing your sensitive personal information (such as biometric, health data or medical data). We do not always need your consent to process your sensitive personal information, but where we do, we will make this clear when you provide your personal information. Without your consent, in some circumstances, we may not be able to provide you with benefits under a policy or handle a claim, or you may not be able to benefit from some of our services. If consent is provided and then withdrawn, this will not affect the processing carried out before the withdrawal.
• Where we need to enforce compliance with policy terms, website terms or other terms relevant to our relationship and the provision of products and services.
• Where we have business interests/needs to use your personal information such as maintaining our business records, developing and improving our products and services, managing and protecting our services and computer systems and ensuring our network, information security and business continuity, all while ensuring that such processing does not interfere with your rights and freedoms and does not cause you harm.
• When required, we anonymise or pseudonymise (mask) personal information so that individuals cannot be identified, before we use it for management information and analysis of our products and services. Analysis of this information provides us with insights about our business, and with opportunities to improve our products and services and the health and wellbeing of the people who use them. This analysis also allows us to demonstrate the value of the services we provide to our clients and business partners. The way that we anonymise personal information aligns with regulatory guidance and is achieved using different techniques, for example removing identifying data or overwriting it with randomised non-identifiable data. Anonymisation still constitutes use of your personal information and to do so lawfully, we rely on the legal ground that was used when your data was originally collected.
• Where we need to use your sensitive personal information such as health data because it is necessary for your vital interests, this being an urgent medical or ‘life or death’ matter.

You will find details of why we need your personal data, the types of personal data involved, and the reasons for processing, below. You may also refer to the “What personal information do we collect?” section for additional information.

4.1 Detail Section 1 - How we use other AXA entities and third parties to provide travel assistance services 

We share your personal data with other companies to settle claims and provide a service, including the provision of emergency assistance or recovery services, under your insurance policy.

Travel assistance cases are overseen by a specialist team within AXA Partners, who utilise other AXA teams and entities, as well as selected third parties to provide the required assistance services in the US or worldwide. See section below on “Who do we share your personal data with” for more information.

Depending on the product or service you have, we will share details such as your name, address or location, number of passengers, travel information, and other details and circumstances of the relevant incident. These details may include sensitive personal data relevant to the service they are providing, such as the health, vulnerabilities or religious beliefs of the individuals involved in the incident.

4.2 Detail Section 2 - How we use details about your vulnerable characteristics when providing a service 

We will request information on vulnerabilities that you, your dependants or other individuals receiving services or involved in the assistance case have. This information will be collected and processed based on yours and their consent. If you provide us with details relating to other individuals, please ensure such individuals are aware that we will use their details for the purposes of the claim or service request, that they provide consent to you for this and direct them to this Privacy Policy for more information.

Information relating to potential vulnerabilities will be shared with third parties only where required to effectively manage an assistance case and will not be used beyond that. We have strict controls in place around who can access this data, where it is held and when it is deleted.

4.3 Detail Section 3 - How we use and share personal data with our business partners, clients, and distributors

Where you purchase insurance products and services from one of our business partners, they will share certain personal information with us to enable us to manage policy validation, claims handling, and other services on their behalf, including but not limited to name, address, email address, policy number, and for travel products, medical conditions.

As part of the business relationship, information about claims and complaints is shared by us to the business partner on a regular basis. Where possible some or all of this data is aggregated, pseudonymised or anonymised beforehand.

4.4 Detail Section 4 - How AXA uses your information to prevent, detect and investigate fraud 

AXA has a range of processes that are conducted to help detect, investigate, and prevent fraudulent activity, by our customers, suppliers, and business partners. These are managed by specialist teams within AXA Partners entities and across the AXA Group. They include checking databases and registers, sharing information with and receiving from third parties (including private investigators). See the “Who do we share your personal data with” section for more information.

We also make use of AI capabilities to enhance our fraud detection, for example in helping us determine document validity. See the section below on AI for additional information.

4.5 Detail Section 5 - How we use personal data to meet sanction screening and anti-money laundering obligations 

AXA has a range of processes that are conducted to help meet our obligations relating to sanctions screening obligations. This will involve processing identification information and documentation, relating to our customers, suppliers, and business partners. These are managed by specialist teams within AXA Partners entities and across the AXA Group. They include screening personal information against formal sanctions lists via a system called NetReveal, with alerts of potential matches being handled by AXA Global Business Services located in India. We take appropriate measures to ensure the data remains protected to an adequate level. See the “Who do we share your personal data with” section for more information.

Artificial Intelligence is an umbrella term for a range of technologies that replace manual processes and solve complex tasks by carrying out functions that previously required human action. Tasks that we have traditionally done by thinking and reasoning are increasingly being done by, or with the help of, AI.

We use AI to support our existing activities. This means that how we collect your personal information and the types of personal information we use do not change.  To use AI, we combine information you have provided to us directly, information we derive about you from your use of our services or your interactions with us, and information from other people and organizations.  We use AI for different purposes, some of which we explain in more detail below.

Supporting processes to provide customer service:

We provide virtual assistants and chat bots, so you have a choice of methods to communicate with us, especially out of office hours. The virtual assistants and chat bots may use elements of AI, for example by understanding your questions and guiding you to or presenting you with appropriate help content and information or transferring you to an adviser.

Administration and detection:

We may use AI for wider processes that support claims management services, such as indexing the documents that support your claim to your customer record and reviewing documents as part of our fraud detection process.

Customer feedback and surveys:

We may use AI to analyse information from customer surveys, feedback forms, calls, and complaints to understand how satisfied our customers are with our products, service, and communications. For instance, we use AI to classify whether a comment or review is positive or negative and what the comment or review is focussed on (e.g. customer service, coverage, claims, etc). This helps us to optimise customer journeys and improve products and services.