In its capacity as Data Controller, Assicurazioni Generali S.p.A. is entitled to process the personal data of its stakeholders (customers, employees, shareholders, suppliers, trustees, internet users etc.) in the ordinary management of existing relations and to acquire consent if necessary. Data processing for commercial purposes is carried out only if specifically authorised by Data Subjects.
Only personal data that are strictly necessary are processed both on paper and with the help of electronic instruments; some data may be essential and their lack may prevent the management of existing relations. Such data are processed by our collaborators in their capacity as Data Processors or Persons in charge of the processing; for some kinds of services we also avail ourselves of outsourcers which carry out technical, organisational and operational tasks on our behalf in Italy or abroad. Personal data are not subject to dissemination unless specifically provided for by the law.
All Data Subjects can exercise their rights of access and know what personal data are held by us, their origins and how they are used. They shall also be entitled to call for the data to be updated, rectified, supplemented or deleted, ask for them to be blocked or object to their processing, and require further information on the processing of personal data by contacting the Data Processor under Section 7: Privacy, Via Marocchesa, 14 31021 Mogliano Veneto (TV) Italy, firstname.lastname@example.org.
Further information on the purposes, origin and type of processed data, scope of communication and their dissemination is provided in the following items, divided by purpose and category of Data Subjects.
Policies and security
Assicurazioni Generali S.p.A., acting as Data Controller, attaches utmost importance to confidentiality, protection and safety of information, particularly personal data concerning their customers and people who get in touch with the Company.
This section outlines the methods used to administer this site with regard to the processing of users' personal data. Pursuant to Art. 13 of Legislative Decree 196/2003 (Personal Data Protection Code), this information is also provided to subjects interacting with the services provided over the Internet by Assicurazioni Generali (Data Controller).
For this reason, Net surfers are invited to preliminarily visit the other sections hereto attached, which give an overview of Company guidelines on protection of personal data. Please consult the information note clicking on the present LINK to achieve all the information required by article 13 of Legislative Decree no. 196/2003 (Personal Data Protection Code) concerning the processing of the internet users' personal data.
Information is provided for and applies to Assicurazioni Generali Web sites only. It is not applicable to any other Web site linked to the Generali site.
Surfers are required to provide personal data only if they want to get in contact with us or ask for advice. In such cases - totally voluntary - Surfers are required to read the Information as established by the Law and to provide only data strictly necessary to handle their requests.
Surfers browsing our Web site are not required to provide any personal data. However, as the technology used by our Company stores data concerning tools employed by users, which help track the latter.
We are pleased to provide useful information on the methods of active and passive collection of information concerning subjects/means interacting with this Web site, as well as on the security measures taken by the Company.
While surfing a web site, it is technically possible to collect data even without a user's explicit registration to the service or without his active role. This type of collection is called “passive data collection”.
The use of IP addresses, cookies and other session identifiers, Internet tags, and surfing data, including the possibility to exclude them and their implications, are shown below.
As regards the passive data collection:
- the web site does not use IP address (Internet Protocol Addresses) to collect information. However, IP addresses are stored as surfing data;
- it uses surfing data as aggregate data for statistical purposes only;
- it does not use Internet tags.
As regards the active data collection - if previewed - it is worth the following policy:
- E-Mail: Data received by e-mails sent to the Web site are used to reply tequests only. This data are stored for statistical purposes only and to check whether there are any precedents.
Names may be included in specific Mailing List only if expressly requested by Surfers wishing to receive certain documents (press releases, financial statements, etc.) on a periodical basis.
- Registration: To access a number of services, Surfers are required to fill in a specific form. This information is used to reply to the sender's request and to provide requested services only.
- Forums: specific conduct rules will be set out. Data will not be used for any other purpose.
Assicurazioni Generali process personal data concerning third parties - insured people, injured parties, real and potential customers, collaborators, etc. Assicurazioni Generali have always taken all necessary steps to guarantee data confidentiality and security, in line with new technological developments, particularly in the field of computer technology.
- The Data Controller is the Company, which has appointed Maurizio Basso as the person in charge of the implementation of privacy legislation at corporate level;
- Privacy Department has been appointed "Department responsible for replying to data subjects in the event they exercise the rights under Art. 7" , with privacy interface functions from and to outside. Data subjects may apply to the Privacy Department to exercise their rights of access and obtain any further information on privacy;
- Privacy Data Processors have been appointed to guarantee compliance with privacy legislation and the instructions given to the whole legislation;
- Those who process personal data are referred to as "Persons in charge of the processing". They have been provided with specific instructions and benefit from an ongoing training programme;
- Due to specific technical and organisational requirements, the Company avails itself of third parties who are responsible for parts of the process. They may act in their capacity as "Persons in charge of the processing", or "Data Processors" of the Company, or operate autonomously as "Data Controllers" of subsequent processing having the same purposes as the Company.
The Company can only access personal information as is strictly necessary to perform specific services or for the purposes for which such information has been collected by providing the specific Information (i.e.: on contracts for Non-life business and for Life business). Particular importance is attached to sensitive data, which are processed only after having ascertained that processing of such data in anonymous form on a case by case basis is not possible.
The Company shall process all personal information by taking all necessary physical and IT security measures, in accordance with the arrangements laid down in the Privacy Code and in the technical specifications thereto attached.
At the end of the processing, the Company shall store processed data and, if such obligation does not exist or if such term has elapsed, shall erase or anonymize the data.
Data subjects may apply to the structure Privacy for any information on personal data, namely:
- to obtain confirmation as to whether or not personal data concerning him/her exist and communication of such data in intelligible form;
- to be informed of the source of the personal data, of the purposes and methods of the processing and of the logic applied to the processing if the latter is carried out thanks to electronic means;
- to obtain a list of the entities or categories of entity to whom or which the personal data may be communicated and who may get to know said data in their capacity as data processor(s) or person(s) in charge of the processing (see for example the list of the entities to whom or which the personal data may be communicated for purposes related to the provision of insurance services);
- to require the updating or rectification of the processed data, and erasure, anonymization or blocking of data that has been processed unlawfully;
- to object, in whole or in part, to the processing of personal data concerning him/her on legitimate grounds or for commercial purposes.