Privacy notice for our development center candidates

  1. Assicurazioni Generali S.p.A. processes your personal data
    Assicurazioni Generali S.p.A. (hereinafter also the Company), with registered office in Trieste, at Piazza Duca Degli Abruzzi no. 2, processes your personal data as Data Controller.

    If you wish to receive more information, you can use the following postal address:

    • Assicurazioni Generali S.p.A., Piazza Duca degli Abruzzi no. 2, 34132 Trieste / P.O. Box 538.

      For any questions or if you wish to exercise a right in respect of the processing of your personal data, you can contact our Data Protection Officer:
      • By email at: dpoag@generali.com
      • By traditional mail at: Assicurazioni Generali, Piazza Tre Torri no. 1, 20145 Milano to the attention of the Data Protection Officer.
         
  2. How we use your personal data and on the basis of which ground
    We process your personal data in the context of the development centre with the purpose of performing all necessary activities for providing you and the people interested in your development a clear picture of your strengths and development opportunities, including, for example:
    1. Work preferences questionnaire;
    2. Logical reasoning test;
    3. Online simulation;
    4. Interview;
    5. Business case and role play.
    Processing of your personal data for the purposes indicated under the previous points is a processing necessary to conduct the development centre’s activity and provide you with a rich and insightful feedback on your leadership strengths and opportunities for development. This processing refers to your Group Employment relationship.
     
  3. Why the provision of your personal data is required
    For managing our relationship, communication of your personal data is required since necessary to deliver the development centre.
    Therefore, the failure in the communication or the partial or inaccurate communication may have, as consequence, the impossibility to participate to the development centre.
     

  4. Which personal data we use

    We process only the personal data strictly necessary to achieve the purposes above indicated.
    We mainly process:

    in addition to any other personal data provided by you while performing the assessment, if any, and  gathered in the context of the assessment itself (e.g. observed, derived, inferred).
    1. Identification data (Name and last name, Business unit, legal entity, seniority in the business

    2. Contact data (Email),

    Personal data can be provided directly by you or your HR department or Lline Manager.
     

  5. W​ith whom we share your personal data

    Our staff processes your personal data with modalities and procedures, also in electronic form, appropriate to ensure an adequate level of security.

    Your personal data can be shared only with third parties which have been assigned with the task to perform some activities concerning your relationship with the Company. Depending on the activity performed, such third parties may act as Data Processors, Joint Controllers or autonomous Data Controller.

    Our staff and third parties which process your personal data for the purposes above indicated – exception for autonomous Data Controllers – receive proper instructions about the correct modalities of the processing.

    Your personal data are not disseminated.

    Third parties as Mercer and SOVA support the design and delivery of the development centre. Third parties may also include other public and private entities, such as the Group companies.
     

  6. Where we transfer your personal data

    As a general rule, we do not transfer your personal data in Countries outside the European Economic Area.

    In exceptional cases, limitedly for the purposes indicated above, we may transfer your personal data to a third party above described or to a public body requesting it, also in Countries outside the European Economic Area.

    In any case, the transfer of Your personal data is performed in compliance with the applicable laws and international agreements in force, as well as on the basis of appropriate and suitable safeguards (such as, for example, transfer to a Country ensuring an adequate level of protection or adopting the standard contractual clauses approved by the EU Commission).
     

  7. The rights you can exercise in respect of the processing of your personal data

    You can exercise the following rights in respect to your personal data:

     
    • Access you may request access to your personal data to receive information, for example, about the categories of personal data that the Company is currently processing;
    • Rectify you may ask the Company to correct personal data that is inaccurate or incomplete;
    • Erase you may ask the Company to erase personal data where one of the following grounds applies;
      1. Where the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
      2. The personal data have been unlawfully processed;
      3. The personal data have to be erased for compliance with legal obligation in Union or Member State law to which the Company is subject;
      4. The personal data have been collected in relation to the offer of information society services.
    • Restrict you may ask the Company to restrict how it processes your personal data, requesting only their storage, where one of the following applies;
      1. You contest the accuracy of your personal data, for a period enabling the Company to verify the accuracy of your personal data;
      2. The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
      3. The Company no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims;
      4. You have objected to processing pursuant to the right to object and automated decision-making, pending the verification whether the legitimate grounds for the Company override those of you.
    • Portability – you may ask the Company to transfer the personal data you have provided us to another organisation or / and ask to receive your personal data in a structured, commonly used and machine readable format.
       
    If your personal data are transferred outside the European Economic Area, you have the right to obtain copy of such data as well as indication of the Country/Countries where the data have been made available. You can exercise your rights by contacting our Data Protection Officer at the contact details above indicated. The request of exercise of rights is free of charge, unless the request is manifestly unfounded or excessive.
     
  8. Your right to object to the processing of your personal data
    You have the right to object to the processing of your personal data and request the stop of the processing operations when they are based on the legitimate interest (refer to How we use your personal data and on the basis of which ground).
     
  9. Your right to lodge a complaint to the Supervisory Authority
    In case you consider that the processing of your personal data infringes the applicable privacy laws, you have the right to lodge a complaint to the Italian Personal Data Protection Authority – Garante per la Protezione dei Dati Personali with the modalities indicated on the Authority’s website (www.garanteprivacy.it).
     
  10. How long we retain your personal data

    Your personal data can be retained for the whole duration of our relationship and in compliance with the applicable privacy laws. With particular reference to your personal data collected in Sova’s systems those data will be anonymised in 24 months after your assessment. Once anonymised, the information will be used in order to improve the Company assessment system.

    The anonymization process is based on the legitimate interest of the Company to continuously increase validity and robustness of our methodology to assessment.
     

  11. Changes and updates of the privacy notice
    Also considering possible amendments of the applicable privacy laws, the Company may integrate and/or update, wholly or partially, this privacy notice. Any changes, integrations or updates will always be accessible through the development centre platform.
     

GLOSSARY

To help you understanding our privacy notice, please find below the meaning of the main terms contained therein:

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, whether or not by automated means.

Personal data means any information relating, directly or indirectly, to a person (such as, for example, name, an identification number, location data, an online identifier, one or more elements able to identify the physical, physiological, genetic, mental, economic, cultural or social identity, etc.).

Special categories of data are the personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership as well as genetic data, biometric data where they uniquely identify a person, data concerning health or data concerning a person's sex life or sexual orientation.

Genetic data are the personal data relating to the inherited or acquired genetic characteristics of a person which give unique information about the physiology or the health of said person and which result, in particular, from the analysis of a biological sample from the person in question.

Biometric data are the personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a person, which allow or confirm the unique identification of that person, such as facial images or dactyloscopic data.

Data concerning health are the personal data related to the physical or mental health of a person, including the provision of health care services, which reveal information about his or her health status.

Judicial data are the personal data related to criminal convictions and offences or to the connected security measures afflicted to a person.

Data subject is the person whose personal data are processed.

Data controller is the individual or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (for example, the employer is the data controller in respect of its employees’ personal data since, with reference to the employment relationship, it decides the purposes and means of such processing).

Joint controller means the individual or legal person, public authority, agency or other body which, jointly with other data controllers, determines the purposes and means of the processing of personal data.

Data Processor means the individual or legal person, public authority, agency or other body which processes personal data on behalf of the data controller (for example, the company which provides the service of employees’ salaries calculation may be considered a data processor since it processes personal data on behalf of another company, the employer).

Consent means any data subject's wish, by a statement or by a clear affirmative action, which signifies agreement to the processing of personal data relating to him or her. For the consent to be valid, the data subject’s wish needs to be freely given, specific for each processing operation, collected upon the provision of a privacy notice and clearly distinguishable from any other declarations.

Personal data breach means a breach of security (physical or IT) leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Data Protection Officer means a person in charge for performing support activities for the company functions and control activities in respect of the processing of personal data. It is also in charge for cooperating with the Supervisory Authority and it represents the contact point, also for the data subjects, for any matters connected with the processing of personal data.

The Garante per la Protezione dei Dati Personali is the Italian Supervisory Authority for the protection of personal data.