Introduction

Dear User,

You are being given this Privacy Policy pursuant to Article 13 of Regulation 2016/679/EU – on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, also, “the Regulation” or “GDPR”).

In this Privacy Policy, you will find information concerning the processing of your personal data resulting from browsing our web site and using the services made available to you.

In the event that non-browsing data are processed by us, you will be given specific and/or supplementary disclosures on the processing of your personal data whenever we collect such data during your interactions with the site or under contractual relationships established with our Company;

Attention: this Privacy Policy does not concern web services provided by third parties, possibly used by you or viewed and reached via a hypertext link (“link”). In this regard, please see the privacy policies and statements provided by such third parties on their sites.

Definitions

Privacy Legislation: The GDPR, the Privacy Code, the Measures of the Privacy Authority and in general all non-corporate regulations on the protection of natural persons with regard to the processing of Personal Data.

GDPR or Regulation: European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation).

Data subject: The identified or identifiable natural person to whom the Personal Data refer.

Personal data: Any information concerning an identified or identifiable natural person. In addition to the data provided by you in any forms completed in individual areas of the Web Services, this should also be understood as the relevant browsing data.

Browsing data: During their normal operation, the IT systems and software procedures used to operate Web Services acquire some data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected so as to be associated with an identified data subject, but by its very nature it could allow Users to be identified through processing and association with data held by third parties. However, if the browsing session takes place after accessing the Private Area (i.e. after logging in), the data collected will be associated with the User’s personal account.

Browsing data includes:

  • the IP addresses or domain names of the computers used by Users who connect to the site; 
  • the URI (Uniform Resource Identifier) addresses of the resources being requested;
  • the time of the request; 
  • the method used in submitting the request to the server; 
  • the size of the file obtained in response; 
  • the numerical code specifying the response status given by the server (successful, error, etc.); 
  • other parameters relating to the User’s operating system and IT environment.

Data provided by the User: These are data that the User voluntarily and knowingly discloses by sending communications (e.g., e-mail messages to addresses within the web domain) or by filling in the appropriate forms, if found within the spaces provided by the Services.

The Data provided voluntarily by the User will only be those strictly necessary for the purposes pursued by the Services from time to time (for detailed information regarding the categories of data collected from time to time, please refer to the individual privacy policies of reference). Such data may include:

  • personal data;
  • contact details (e.g. e-mail address);
  • data referable to the User’s/Customer’s contractual position;
  • geolocation data (if the User has given his/her consent to the collection of data relating to location);
  • data concerning the use of individual Services made available to the User;
  • data regarding facts and events reported by the User in their messages (in this regard, and for your greater protection, please do not provide information that is not strictly relevant to the subject of the request and nature of Services provided by the Company).

Data Processing Controller or Data Controller: The entity which takes decisions on personal data processing purposes and methods. With reference to the Web Services, this is the Unipol Group Company that owns this site. You can find its contact details at the bottom of each page, as well as at the beginning of the section “Disclosure on the processing of your personal data”.

Services or Web Services: services provided via the Internet, using the website and/or an APP, if any.

User: The data subject (natural person) who browses, views, gains access to or uses the Web Services.

DPO: Data Protection Officer. Any User in his/her capacity as data subject may request clarifications regarding the processing of their personal data or exercise their rights by contacting the DPO in the manner and form specified in the section “How to exercise your rights and/or request information on the processing”.

Data Protection Authority: Garante per la protezione dei dati personali, i.e. the Italian national supervisory authority for the protection of personal data. Please refer to the Data Protection Authority’s website.

Cookies: Cookies are pieces of information stored on your device (e.g., in your browsing history) when you visit a web site or use a web application.

Each cookie may contain several data, such as, for example, the name of the server it comes from, a numeric identifier, etc.

Please see the cookie policy for more information.

Disclosure on the processing of your personal data

Useful information on the processing of your personal data on our site is provided below.

In particular, such information includes:

  • identification and contact details of the Data Controller;
  • contact details of the Data Protection Officer (DPO);
  • categories of personal data processed through the Web Services;
  • purposes for which such personal data are processed from time to time;
  • conditions legitimising the processing of the above data (referred to as legal basis); 
  • duration of their retention period, always strictly necessary for the pursuit of the declared purposes;
  • categories of data communication recipients

Data Controller

UNIPOLSAI ASSICURAZIONI S.P.A.

Registered office

Bologna, Via Stalingrado 45

Categories of personal data, processing purposes and legal basis and retention period:

Category of personal data

Browsing data

Purpose of the processing

Enable web browsing and the provision of the Services

Legal basis

Need to perform a contract to which the data subject is a party or to provide a service at the request of the same

Data retention period

Throughout the browsing period within the services

Category of personal data

Browsing data

Purpose of the processing

Obtain anonymous statistical information on the use of the Web Services for the sole purpose of checking their correct operation

Legal basis

Legitimate interest of the Company

Data retention period

The collected data are aggregated and are no longer attributable to the individual user who has browsed the site

Category of personal data

Browsing data

Purpose of the processing

Ensure the security and correct operation of the Web Services and ascertain responsibilities in the event of hypothetical crimes and, as a result, protect our rights

Legal basis

Legitimate interest of the Company

Data retention period

(15 days) and, thereafter, for the time strictly necessary to carry out any investigations, settle any disputes and, in general, protect our rights

Category of personal data

Data provided by the User: provision of Web Services

Purpose of the processing

Request for information

Legal basis

Need to fulfil requests made by the Data Subject (pre-contractual stage) or legitimate interest

Data retention period

Time needed to reply

Category of personal data

Purpose of the processing

Legal basis

Data retention period

Enable web browsing and the provision of the Services

Need to perform a contract to which the data subject is a party or to provide a service at the request of the same

Throughout the browsing period within the services

Browsing data

Obtain anonymous statistical information on the use of the Web Services for the sole purpose of checking their correct operation

Legitimate interest of the Company

The collected data are aggregated and are no longer attributable to the individual user who has browsed the site

Ensure the security and correct operation of the Web Services and ascertain responsibilities in the event of hypothetical crimes and, as a result, protect our rights

Legitimate interest of the Company

(15 days) and, thereafter, for the time strictly necessary to carry out any investigations, settle any disputes and, in general, protect our rights

Data provided by the User: provision of Web Services

Request for information

Need to fulfil requests made by the Data Subject (pre-contractual stage) or legitimate interest

Time needed to reply

Providing your personal data is voluntary and optional. We remind you, however, that it is essential for the pursuit of certain purposes; if you do not provide your data, in some cases it may become impossible to proceed with the pursuit of such purposes (for example, browsing our website could be prevented).

However, for more details, we invite you to consult the individual information on data processing here at the bottom of the page, including those provided by UnipolSai as Data Processor on behalf of other Data Controllers who are partners in the project.

Processing methods and data communication recipients

The above data will not be disclosed to third parties. Only our Company staff specifically authorised to process your data will be permitted to view them. Processing operations may be carried out by third parties to whom we entrust the performance of activities on our behalf and with whom we have entered into specific agreements for the purpose of regulating data processing. We may also disclose your data to public authorities or law enforcement agencies at their express request.

Your personal data will always be processed with the prior adoption of security measures suitable to ensuring the confidentiality, availability and integrity of your data.

Cookies

Our Web Services may use technical, analytical and profiling cookies, either from first or third parties. Cookies are essential for us to improve our Services and provide products that are always in line with your preferences. The use of profiling and/or third-party cookies will always be subject to obtaining your prior consent. To find out more, click here.

Your rights as Data Subject

The privacy legislation (Articles 15-22 of the Regulation) warrants you, the User, in your capacity as data subject, the right to access data concerning you and rectify, and/or add further data, erase them or obtain their portability. The privacy legislation also gives you the right to request the restriction of, and object to, the processing of your data, as well as the ability to withdraw any consent given (withdrawal will not affect the lawfulness of any processing carried out up until that time).

What is it about?

You may request the Data Controller:

  • confirmation that they are processing data concerning you;
  • copies of your personal data;
  • information regarding the processing of your personal data (e.g., legal basis, retention period, categories of data recipients, etc.)

Conditions for exercising your right

You may submit this request at any time.

What is it about?

You may request the Data Controller to:

  • rectify
  • update
  • modify 

your personal data that they have processed.

Conditions for exercising your right

If your data being processed are inaccurate or incomplete

What is it about?

You may request the Data Controller to erase any personal data they are processing

Conditions for exercising your right

  • your personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
  • you have withdrawn your consent on which the processing is based, and there is no other legal basis for the processing;
  • you object to the processing pursuant to the law and there is no legitimate overriding reason to proceed with the processing;
  • your personal data have been processed unlawfully; 
  • your personal data should be erased to fulfil a legal obligation under European Union law or the law of the Member State to which the data controller is subject

What is it about?

You may request the Data Controller not to carry out any processing operations on your personal data, with the sole exception of retention, except with your consent or for the purpose of protecting their rights.

Conditions for exercising your right

  • you dispute the accuracy of your personal data for the period necessary for the data controller to verify the accuracy of such personal data; 
  • the processing is unlawful and you, in your capacity as data subject, object to the erasure of your personal data and request instead that their use be restricted;
  • although the data controller no longer needs your data for processing purposes, they are needed by a data subject to ascertain, exercise or defend a right in court; 
  • you have objected to the processing, pending verification of a possible overriding legitimate reason of the data controller with respect to the data subject’s reasons

What is it about?

You may object to any processing based on a legitimate interest (including the sending of promotional communications) or based on a public interest

Conditions for exercising your right

There must be reasons connected to your particular situation to do this, unless you have objected to the processing of your data for direct marketing purposes.

What is it about?

You may object to automated decision-making processes. If this process is necessary for the conclusion of a contract, is based on express consent, is authorised by law or by a regulation of the (Italian) State or of the European Union, you will have the right to obtain human intervention on the part of the data controller, express your opinion and challenge the decision.

Conditions for exercising your right

You may act if a decision based solely on automated processing, including profiling, could produce legal effects concerning you or significantly affects you personally in a similar way.

What is it about?

You have the right to receive personal data concerning you in a structured, commonly used and machine-readable format.

Conditions for exercising your right

Provided that all of the following conditions have been met:

  • the data have been provided by the User;
  • the processing is based on consent or on a contract; 
  • the processing is carried out by automated means.

What is it about?

You are permitted to withdraw your consent. Withdrawal will not affect the lawfulness of any processing carried out up until that time.

Conditions for exercising your right

At any time

Right

What is it about?

Conditions for exercising your right

Access to data

You may request the Data Controller:

  • confirmation that they are processing data concerning you;
  • copies of your personal data;
  • information regarding the processing of your personal data (e.g., legal basis, retention period, categories of data recipients, etc.)

You may submit this request at any time

Rectification of data or additions thereto

You may request the Data Controller to:

  • rectify
  • update
  • modify 

your personal data that they have processed.

If your data being processed are inaccurate or incomplete

Erasure of data

You may request the Data Controller to erase any personal data they are processing

  • your personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
  • you have withdrawn your consent on which the processing is based, and there is no other legal basis for the processing;
  • you object to the processing pursuant to the law and there is no legitimate overriding reason to proceed with the processing;
  • your personal data have been processed unlawfully; 
  • your personal data should be erased to fulfil a legal obligation under European Union law or the law of the Member State to which the data controller is subject

Restriction of the processing of personal data

You may request the Data Controller not to carry out any processing operations on your personal data, with the sole exception of retention, except with your consent or for the purpose of protecting their rights

  • you dispute the accuracy of your personal data for the period necessary for the data controller to verify the accuracy of such personal data; 
  • the processing is unlawful and you, in your capacity as data subject, object to the erasure of your personal data and request instead that their use be restricted;
  • although the data controller no longer needs your data for processing purposes, they are needed by a data subject to ascertain, exercise or defend a right in court; 
  • you have objected to the processing, pending verification of a possible overriding legitimate reason of the data controller with respect to the data subject’s reasons

Objection to the processing of personal data

You may object to any processing based on a legitimate interest (including the sending of promotional communications) or based on a public interest

There must be reasons connected to your particular situation to do this, unless you have objected to the processing of your data for direct marketing purposes.

Objection to an automated decision-making process

You may object to automated decision-making processes. If this process is necessary for the conclusion of a contract, is based on express consent, is authorised by law or by a regulation of the (Italian) State or of the European Union, you will have the right to obtain human intervention on the part of the data controller, express your opinion and challenge the decision.

You may act if a decision based solely on automated processing, including profiling, could produce legal effects concerning you or significantly affects you personally in a similar way.

Portability of personal data

You have the right to receive personal data concerning you in a structured, commonly used and machine-readable format.

Provided that all of the following conditions have been met:

  • the data have been provided by the User;
  • the processing is based on consent or on a contract; 
  • the processing is carried out by automated means.

Withdrawal of consent

You are permitted to withdraw your consent. Withdrawal will not affect the lawfulness of any processing carried out up until that time.

At any time

How to exercise your rights and/or request information on the processing

The “Data Protection Officer” is available for any doubt or clarification, to let you exercise your rights as data subject and provide you with the updated list of the categories of data recipients.

Data Protection Officer or DPO

privacy@unipolsai.it

Your right to contact Autorità per la protezione dei dati personali (the Italian Data Protection Authority), including by filing a complaint if deemed necessary for the protection of your personal data and your rights over such matters, will remain unprejudiced.