Assicurazioni Generali processes your personal data

Assicurazioni Generali S.p.A. (hereinafter also the Company), with registered office in Trieste, at Piazza Duca Degli Abruzzi no. 2, processes your personal data as Data Controller. If you wish to receive more information, you can use the following postal address: Assicurazioni Generali S.p.A., Piazza Duca degli Abruzzi no. 2, 34132 Trieste / P.O. Box 538. For any questions or if you wish to exercise a right in respect of the processing of your personal data, you can contact our Data Protection Officer:

By email at: dpoag@generali.com

By traditional mail at: Assicurazioni Generali, Piazza Tre Torri n. 1, 20145 Milan to the attention of the Data Protection Officer.

How we use your personal data and on the basis of which ground

If collected (refer to Which personal data we use), we process your personal data in order to allow you to surf on our website www.generali.com, use all its features, ensure its proper functioning (including system administration activities) and improve your browsing experience.

Why the provision of your personal data is required

In order to allow you to surf our website, we may need some of your personal data; however, the relevant communication is optional. Therefore, the failure in the communication or the partial or inaccurate communication may have, as consequence, only the impossibility to ensure the best browsing experience.

Which personal data we use

In case you browse on our website only for consultation purposes, processing of your personal data is not required. However, we use technologies that may involve the storage of some data related to the tools used, somehow referable to you, even in absence of your explicit registration as well as your active role. In particular, this WEBSITE:

  • Does not process IP addresses (Internet Protocol Addresses) to collect information, but it stores such IP addresses as surfing data;
  • Uses surfing data as aggregate data for statistical purposes only;
  • Uses its own and third parties’ cookies and other session identifiers (technical and profiling). Technical cookies are used in order to make surfing possible or to the extent this necessary to provide a requested service. Profiling cookies are of third parties and are used only for statistical purposes, on an anonymous basis, and are not aimed at providing you with a service in line with your preferences. It is possible to disable the use of cookies, depending on the browser used. In this case, your surfing experience could result not as easy as before. Such deactivation can be performed by referring to third-party sites, through links within our cookie policy or through the modification of the settings of the browser used (Google Chrome, Mozilla Firefox, Internet Explorer, Opera or Safari).

Without prejudice to the foregoing, there may be residual cases in which we actively collect your personal data. In particular:

  • E-Mail: personal data received by the e-mail contact available on the website are used only to reply to your requests; such data are stored for statistical purposes only and to check whether there are any previous
  • Specific mailing lists: specific individual names may be added to specific mailing lists only on the basis of your explicit consent to regularly receive certain documents (e.g., news, funds quotation, commercial information, etc.);
  • Registration: to access certain services, the website could provide for the acquisition of data through a specific form. This information is used only to reply to the sender’s requests or to provide the requested services and not for other purposes;
  • Discussion rooms (forums): in case “discussion rooms” are activated on this website, certain personal data could be collected, if you participate to the discussion. Such data will not be used for any different purposes.

With whom we share your personal data

If collected, our staff processes your personal data with modalities and procedures, also in electronic form, appropriate to ensure an adequate level of security.

Your personal data can be shared only with third parties* which have been assigned with the task to perform some activities concerning our employment relationship. Depending on the activity performed, third parties act as Data Processors, Joint Controllers or autonomous Data Controller. Our staff and third parties which process your personal data for the purposes above indicated – exception for Data Controllers – receive proper instructions about the correct modalities of the processing. Your personal data are not disseminated.

* Third parties cooperating with us can perform computer, telematics, financial, administrative activities. Third parties also include companies belonging to Generali Group.

Where we transfer your personal data

As a general rule, we do not transfer your personal data in Countries outside the European Economic Area. In exceptional cases, limitedly for the purposes indicated above, we may transfer your personal data to a third party above described or to a public body requesting it, also in Countries outside the European Economic Area. In any case, the transfer of Your personal data is performed in compliance with the applicable laws and international agreements in force, as well as on the basis of appropriate and suitable safeguards (such as, for example, transfer to a Country ensuring an adequate level of protection or adopting the standard contractual clauses approved by the EU Commission).

The rights you can exercise in respect of the processing of your personal data

You can exercise the following rights in respect to your personal data:

Access
You may request access to your personal data to receive information, for example, about the categories of personal data that the Company is currently processing;

Rectify
You may ask the Company to correct personal data that is inaccurate or incomplete;

Erase
you may ask the Company to erase personal data where one of the following grounds applies:

  • Where the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • You withdraw consent on which the processing is based and where there is no other legal ground for the processing;
  • You object to automated decision-making and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing;
  • The personal data have been unlawfully processed;
  • The personal data have to be erased for compliance with legal obligation in Union or Member State law to which the Company is subject;
  • The personal data have been collected in relation to the offer of information society services.

 Restrict
You may ask the Company to restrict how it processes your personal data, requesting only their storage, where one of the following applies:

  • You contest the accuracy of your personal data, for a period enabling the Company to verify the accuracy of your personal data;
  • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  • The Company no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims;
  • You have objected to processing pursuant to the right to object and automated decision-making, pending the verification whether the legitimate grounds for the Company override those of you.

Portability
You may ask the Company to transfer the personal data you have provided us to another organisation or / and ask to receive your personal data in a structured, commonly used and machine readable format.
In case you provided your consent to the processing of personal data, you may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. If your personal data are transferred outside the European Economic Area, you have the right to obtain copy of such data as well as indication of the Country/Countries where the personal data have been made available. You can exercise your rights by contacting our Data Protection Officer at the contact details above indicated. The request of exercise of rights is free of charge, unless the request is manifestly unfounded or excessive.

Your right to object to the processing of your personal data

You have the right to object to the processing of your personal data and request the stop of the processing operations when they are based on the legitimate interest (refer to How we use your personal data and on the basis of which ground).

Your right to lodge a complaint to the Supervisory Authority

In case you consider that the processing of your personal data infringes the applicable privacy laws, you have the right to lodge a complaint to the Italian Personal Data Protection Authority – Garante per la Protezione dei Dati Personali* with the modalities indicated on the Authority’s website (www.garanteprivacy.it).

How long we retain your personal data

Your personal data can be retained for the time strictly necessary to perform the above indicated activities.

Changes and updates of the privacy notice
Also considering possible amendments of the applicable privacy laws, the Company may integrate and/or update, wholly or partially, this privacy notice. Any changes, integrations or updates will be communicated in compliance with applicable laws through publication on the Company’s website www.generali.com.

Glossary

To help you understanding our privacy notice, please find below the meaning of the main terms contained therein:

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, whether or not by automated means.

Personal data mean any information relating, directly or indirectly, to a person (such as, for example, name, an identification number, location data, an online identifier, one or more elements able to identify the physical, physiological, genetic, mental, economic, cultural or social identity, etc.).

Special categories of data mean the personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership as well as genetic data, biometric data where they uniquely identify a person, data concerning health or data concerning a person’s sex life or sexual orientation.

Genetic data mean the personal data relating to the inherited or acquired genetic characteristics of a person which give unique information about the physiology or the health of said person and which result, in particular, from the analysis of a biological sample from the person in question.

Biometric data mean the personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a person, which allow or confirm the unique identification of that person, such as facial images or dactyloscopic data.

Data concerning health mean the personal data related to the physical or mental health of a person, including the provision of health care services, which reveal information about his or her health status.

Judicial data mean the personal data related to criminal convictions and offences or to the connected security measures afflicted to a person.

Data subject means the person whose personal data are processed.

Data controller means the individual or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (for example, the employer is the data controller in respect of its employees’ personal data since, with reference to the employment relationship, it decides the purposes and means of such processing).

Joint controller means the individual or legal person, public authority, agency or other body which, jointly with other data controllers, determines the purposes and means of the processing of personal data.

Data Processor means the individual or legal person, public authority, agency or other body which processes personal data on behalf of the data controller (for example, the company which provides the service of employees’ salaries calculation may be considered a data processor since it processes personal data on behalf of another company, the employer).

Consent means any data subject’s wish, by a statement or by a clear affirmative action, which signifies agreement to the processing of personal data relating to him or her. For the consent to be valid, the data subject’s wish needs to be freely given, specific for each processing operation, collected upon the provision of a privacy notice and clearly distinguishable from any other declarations.

Personal data breach means a breach of security (physical or IT) leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Data Protection Officer means a person in charge for performing support activities for the company functions and control activities in respect of the processing of personal data. It is also in charge for cooperating with the Supervisory Authority and it represents the contact point, also for the data subjects, for any matters connected with the processing of personal data.

Garante per la Protezione dei Dati Personali is the Italian Supervisory Authority for the protection of personal data.