Privacy notice for our future owners program

  1. Assicurazioni Generali S.p.A. processes your personal data
    Assicurazioni Generali S.p.A. (hereinafter also the Company), with registered office in Trieste, at Piazza Duca Degli Abruzzi no. 2, processes your personal data as Data Controller.

    If you wish to receive more information, you can use the following postal address:

    • Assicurazioni Generali S.p.A., Piazza Duca degli Abruzzi no. 2, 34132 Trieste / P.O. Box 538.

      For any questions or if you wish to exercise a right in respect of the processing of your personal data, you can contact our Data Protection Officer:
      • By email at:
      • By traditional mail at: Assicurazioni Generali,
        Piazza Tre Torri no. 1,
        20145 Milano
        to the attention of the Data Protection Officer.
  2. How we use your personal data and on the basis of which ground
    We process your personal data in the context of the Future Owners Group Program with the purpose of performing all necessary activities for collecting, managing and evaluating your self-application (in compliance with shared eligibility requirements) to the program and providing you and the people interested in your development a clear picture of your strengths and development opportunities, based on the results obtained within each activity part of the selection journey. The Activities to be performed during the program are:
    1. Self – application Questionnaire;
    2. English Test;
    3. Letter of Reference (Managerial Sponsorship);
    4. Personality Test;
    5. Logical reasoning test;
    6. Online simulation;
    7. Online Business Game;
    8. Online Video interview (video recording).
    All the above-mentioned activities are mandatory requirements for participation. Processing of your personal data for the purposes indicated under the previous points is a processing necessary to conduct the group program activities and provide you with a rich and insightful feedback on your key characteristics and skills, strengths and opportunities for development. This processing refers to your Group Employment relationship.
  3. Why the provision of your personal data is required

    For managing our relationship, communication of your personal data, image\video included, is required since necessary to deliver the activities and tasks part of the overall selection Journey.

    Therefore, the failure in the communication or the partial or inaccurate communication may have, as consequence, the impossibility to participate to the Future Owners Program and related Activities.

  4. Which personal data we use

    We process only the personal data strictly necessary to achieve the purposes above indicated. We mainly process:

    1. Identification data (Name and last name, Local Employee Number, Business unit, legal entity, seniority in the business, professional family, organizational level / seniority, country of work)
    2. Professional background (Education, overall working seniority inside and/or outside Generali)

    3. Career aspiration and mobility availability (availability and willingness to have an international and/or other professional experience within next years)
    4. Contact data (Email)
    5. Image\video
    6. Letter of reference provided by a selected manager (i.e. sponsor) internal and/or external to Generali Group. The sponsor is selected and contacted by you through the platform; a dedicated template is available to support the Sponsor while providing input about your main strengths and career ambitions
    7. in addition to any other personal data provided by you while performing the program activities and gathered in the context of the selection journey itself (e.g. observed, derived, inferred).

    The processing of your identification and contact data as of your image\video are not part of the evaluation process itself.  

    Personal data can be provided directly by you or your HR department or Lline Manager.

  5. W​ith whom we share your personal data

    Our staff processes your personal data with modalities and procedures, also in electronic form, appropriate to ensure an adequate level of security.

    Your personal data can be shared only with third parties which have been assigned with the task to perform some activities concerning your relationship with the Company. Depending on the activity performed, such third parties may act as Data Processors, Joint Controllers or autonomous Data Controller. 

    Our staff and third parties which process your personal data for the purposes above indicated – exception for autonomous Data Controllers – receive proper instructions about the correct modalities of the processing.

    Your personal data are not disseminated.

    Third parties as The Business Game, Easyrecrue and SOVA support the design and delivery of the Future Owners Program and selection activities. They act as Data Processors. Third parties may also include other public and private entities, such as Group companies.

  6. Where we transfer your personal data

    As a general rule, we do not transfer your personal data in Countries outside the European Economic Area.

    In exceptional cases, limitedly for the purposes indicated above, we may transfer your personal data to a third party above described or to a public body requesting it, also in Countries outside the European Economic Area.

    In any case, the transfer of Your personal data is performed in compliance with the applicable laws and international agreements in force, as well as on the basis of appropriate and suitable safeguards (such as, for example, transfer to a Country ensuring an adequate level of protection or adopting the standard contractual clauses approved by the EU Commission).

  7. The rights you can exercise in respect of the processing of your personal data

    You can exercise the following rights in respect to your personal data:

    • Access – you may request access to your personal data to receive information, for example, about the categories of personal data that the Company is currently processing;
    • Rectify – you may ask the Company to correct personal data that is inaccurate or incomplete;
    • Erase – you may ask the Company to erase personal data where one of the following grounds applies;
      1. Where the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
      2. You withdraw consent on which the processing is based and where there is no other legal ground for the processing;
      3. You object to automated decision-making and there are no overriding legitimate grounds for the processing;
      4. The personal data have been unlawfully processed;
      5. The personal data have to be erased for compliance with legal obligation in Union or Member State law to which the Company is subject;
      6. The personal data have been collected in relation to the offer of information society services.
    • Restrict you may ask the Company to restrict how it processes your personal data, requesting only their storage, where one of the following applies;
      1. You contest the accuracy of your personal data, for a period enabling the Company to verify the accuracy of your personal data; 
      2. The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
      3. The Company no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims;
      4. You have objected to processing pursuant to the right to object and automated decision-making, pending the verification whether the legitimate grounds for the Company override those of you.
    • Portability – you may ask the Company to transfer the personal data you have provided us to another organisation or / and ask to receive your personal data in a structured, commonly used and machine-readable format.

    In case you provided your consent to the processing of personal data, you may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

    If your personal data are transferred outside the European Economic Area, you have the right to obtain copy of such data as well as indication of the Country/Countries where the data have been made available.

    You can exercise your rights by contacting our Data Protection Officer at the contact details above indicated. The request of exercise of rights is free of charge, unless the request is manifestly unfounded or excessive.

  8. Your right to object to the processing of your personal data
    You have the right to object to the processing of your personal data and request the stop of the processing operations when they are based on the legitimate interest  (refer to How we use your personal data and on the basis of which ground).
  9. Your right to lodge a complaint to the Supervisory Authority
    In case you consider that the processing of your personal data infringes the applicable privacy laws, you have the right to lodge a complaint to the Italian Personal Data Protection Authority – Garante per la Protezione dei Dati Personali with the modalities indicated on the Authority’s website (
  10. How long we retain your personal data

    Your personal data can be retained for the whole duration of our relationship and in compliance with the applicable privacy laws. With particular reference to your personal data collected in The Business Game’s systems those data will be anonymised in 24 months after the activity has been performed.

  11. Changes and updates of the privacy notice
    Also considering possible amendments of the applicable privacy laws, the Company may integrate and/or update, wholly or partially, this privacy notice. Any changes, integrations or updates will always be accessible through the Future owners Program platform.


To help you understanding our privacy notice, please find below the meaning of the main terms contained therein:

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, whether or not by automated means.

Personal data means any information relating, directly or indirectly, to a person (such as, for example, name, an identification number, location data, an online identifier, one or more elements able to identify the physical, physiological, genetic, mental, economic, cultural or social identity, etc.).

Special categories of data are the personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership as well as genetic data, biometric data where they uniquely identify a person, data concerning health or data concerning a person's sex life or sexual orientation.

Genetic data are the personal data relating to the inherited or acquired genetic characteristics of a person which give unique information about the physiology or the health of said person and which result, in particular, from the analysis of a biological sample from the person in question.

Biometric data are the personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a person, which allow or confirm the unique identification of that person, such as facial images or dactyloscopic data.

Data concerning health are the personal data related to the physical or mental health of a person, including the provision of health care services, which reveal information about his or her health status.

Judicial data are the personal data related to criminal convictions and offences or to the connected security measures afflicted to a person.

Data subject is the person whose personal data are processed.

Data controller is the individual or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (for example, the employer is the data controller in respect of its employees’ personal data since, with reference to the employment relationship, it decides the purposes and means of such processing).

Joint controller means the individual or legal person, public authority, agency or other body which, jointly with other data controllers, determines the purposes and means of the processing of personal data.

Data Processor means the individual or legal person, public authority, agency or other body which processes personal data on behalf of the data controller (for example, the company which provides the service of employees’ salaries calculation may be considered a data processor since it processes personal data on behalf of another company, the employer).

Consent means any data subject's wish, by a statement or by a clear affirmative action, which signifies agreement to the processing of personal data relating to him or her. For the consent to be valid, the data subject’s wish needs to be freely given, specific for each processing operation, collected upon the provision of a privacy notice and clearly distinguishable from any other declarations.

Personal data breach means a breach of security (physical or IT) leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Data Protection Officer means a person in charge for performing support activities for the company functions and control activities in respect of the processing of personal data. It is also in charge for cooperating with the Supervisory Authority and it represents the contact point, also for the data subjects, for any matters connected with the processing of personal data.

The Garante per la Protezione dei Dati Personali is the Italian Supervisory Authority for the protection of personal data.