PRIVACY IN UNIPOL GRUPPO S.p.A.
Introduction
Definitions
Privacy Policy for the User
Cookies
Rights of the Data Subject
How to exercise rights and/or request information on processing
List of privacy policies
Dear User,
This privacy policy is provided to you in accordance with Art. 13 of Regulation 2016/679/EU - on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter, also, “the Regulation” or “GDPR”).Here you will find information on the processing of your personal data, consequent to browsing on the web spaces and using the services made available to you via the internet website.
You will be provided with specific and/or supplementary information on the processing of your personal data on every occasion when we collect them, in your interaction with the website or by virtue of contractual relationships established with our Company; you can consult them at any time by clicking on the links present in the specific section “List of Privacy Policies” at the bottom of this page.
Attention: this Privacy Policy does not relate to web services provided by third parties used or consulted by you or reached via hypertext links. In that regard, we invite you to consult the privacy policies and notices provided by the aforementioned third parties in the appropriate places.
Privacy Rules: The GDPR, the Privacy Code, the Measures of the Data Protection Authority and in general all external rules on the protection of natural persons with regard to the processing of Personal Data.
GDPR or Regulation: European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation).
Personal Data: Any information relating to an identified or identifiable natural person. This also means, as well as any data provided by the User through any forms within the individual areas of the Web Services, also data relating to browsing.
Data Subject: The identified or identifiable natural person to whom the Personal Data refer.
Browsing Data: The IT systems and software procedures that operate the Web Services acquire, during their normal functioning, some data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with identified data subjects but that, by its very nature, may allow, through processing and association with data held by third parties, for users to be identified. However, if the browsing session occurs subject to accessing the Reserved Area (known as log in), the data collected are associated with the personal account of the User.
The browsing data include:
- IP addresses or domain names of the computers used by users who connect to the website;
- addresses in URI (Uniform Resource Identifier) notation of the requested resources;
- time of the request;
- method used to submit the request to the server;
- size of the file obtained in response;
- numerical code indicating the status of the response given by the server (successful, error, etc.);
- other parameters relating to the operating system and IT environment of the User.
Data provided by the User: These are data sent voluntarily and knowingly by the User by sending communications (e.g. by email to the addresses present in the web domain) or by completing specific forms, if present within the spaces provided by the Services.
The Data provided voluntarily by the User are only those strictly necessary for the purposes pursued each time by the Services (for precise indications regarding the categories of data collected from time to time, see the relevant individual privacy policies). By way of example, they may be the following data:
- personal details;
- contact details (e.g. email address);
- contractual position of the User-Customer;
- geolocation (if the User has expressed consent to the collection of location data);
- use of the individual Services made available to the User;
- events and circumstances illustrated by the User in his or her messages (in that regard, for his or her best protection, the User is asked not to provide information that does not strictly relate to the subject of the request and the nature of the Services provided by the Company).
Data Controller or Controller: The entity that determines the means and purposes of personal data processing. In reference to the Web Services, it is the Company of the Unipol Group to which this website refers and whose references are shown at the foot of each page, as well as at the start of the “Privacy Policy for the User”.
Services or Web Services: The services provided via the internet, used by way of the website and/or any Apps
User: The person (natural person) who browses, consults, accesses or uses the Web Services
DPO: The Data Protection Officer. The User may request clarifications in relation to the processing of personal data or exercise his or her rights by contacting the DPO, by the procedures and in the forms indicated in the section “How to exercise rights and/or request information on processing”
Data Protection Authority: In Italy, the Garante per la protezione dei dati personali, namely, the Italian national data protection authority. For further information, see the website of the Data Protection Authority.
Cookies: Cookies are information recorded on your device (e.g. on your browser memory) when you visit a website or use a web application.
Each cookie may contain different data, such as, for example, the name of the server from which it originates, a numerical identifier, etc.
Consult the cookie policy for further information.
We provide below some useful information regarding personal data processing carried out by way of the Web Services.
In particular, we wish to inform you:
• of the identification and contact details of the Controller;
• of the contact details of the Data Protection Officer (DPO);
• of the categories of personal data processed via Web Services;
• of the purposes for which the personal data are processed from time to time;
• of the grounds that legitimate the processing of the aforementioned data (so-called legal bases);
• of the duration of their storage, always strictly necessary to pursue the declared purposes;
• of the categories of recipients of the communication of data.
Data Controller | Registered office |
Unipol Gruppo S.p.A. | Via Stalingrado 45, Bologna – 40128 |
Categories of personal data, purposes and legal bases of processing and storage periods
Categories of personal data | Processing purpose | Legal bases | Data storage periods |
---|---|---|---|
Browsing data | To facilitate web browsing and provision of the Services | Necessary for the performance of a contract to which the data subject is party or to provide a service at the request of the same | For the duration of browsing within the services |
To obtain anonymous statistical information on use of the Web Services, for the sole purpose of checking their correct functioning | Legitimate interest of the Company | The data collected are aggregated and made no longer attributable to the individual user who carried out the browsing | |
Data provided by the User: provision of Web Services | Governance Section – Participation in Shareholders' Meeting | Necessary for the performance of a contract to which the data subject is party | For the duration of the Shareholders' Meeting. The personal data, subsequently collected in minutes relating to the Shareholders' Meeting, may be stored for further periods for administrative-accounting requirements and based upon the provisions of the regulations applicable each time (in general, 10 years) |
To send questions for the Shareholders' Meeting | Legitimate interest in the correct and fruitful conduct of the Shareholders' Meeting | For the duration of the Shareholders' Meeting. The questions will be subsequently stored, contained in the specific minutes, without reference to individual names | |
Information request | Necessary to execute requests made by the data subject (also prior to entering into a contract) | The time necessary to provide the response | |
Reinsurance Portal: for the assignment and management of user authentication details for accessing the Portal, the application used for sharing documentation with Reinsurers and Brokers (e.g. treaties and documentation attached to the same) issued by UnipolSai in relation to reinsurance | Legitimate interest in the correct management of relationships with reinsurers | For the account activation period. Subsequently, they may be stored for further periods for administrative-accounting requirements and based upon the provisions of the regulations applicable each time (in general, 10 years) | |
Investor Teams Portal, for sending clarification requests in that regard | Legitimate interest | The time necessary to provide the response |
The provision of your personal data is free and optional. We remind you, however, that, for the pursuit of some purposes (to provide you with the appropriate responses requested, for registration to the Reserved Area or for the provision of individual services) they are essential; if you do not provide them, in those cases, it may not be possible to proceed with the pursuit of the aforementioned purposes.
We invite you, in any case, to consult the individual privacy policies for further details.
Methods of processing and recipients of data communications
The data indicated above will not be disseminated and may only be known by collaborators of our Company specifically authorised to process them. They may also be acquired and/or processed by other companies of the Unipol Group and/or by other companies. Processing operations may be carried out by external entities to which we entrust the conduct of activities on our behalf, and with which we enter into agreements aimed at regulating the data processing.
The data may, finally, be communicated subject to express request to public authorities or forces of order.
Personal data are always processed subject to adopting suitable security measures to guarantee the confidentiality, availability and integrity of the data themselves.
The Web Services may use technical, analytical, and profiling cookies, both of first and third parties.
Cookies are essential for improving the Services and providing products always in line with the preferences of Users.
Any use of profiling cookies and/or third party cookies will always be subject to the issuance of your prior consent.
To find out more, click here.
The privacy regulation (Articles 15-22 of the Regulation) guarantees to the User, in the capacity of data subject, the right to access data relating to him or her, as well as to obtain its rectification and/or supplementation, erasure or portability. The privacy regulation also attributes to the User the right to request the restriction of data processing and to object to the processing, as well as the possibility of withdrawing any consent provided (the withdrawal does not affect the lawfulness of processing carried out up until that time).
Rights | Of what does it consist? | Grounds for its exercise |
---|---|---|
Access to data | The User may request from the Data Controller:
| The User may always submit that request |
Rectification or supplementation of data | The User may ask the Data Controller to:
the personal data processed | If the processed data are inaccurate or incomplete |
Erasure of data | The User may ask the Data Controller to erase the personal data being processed |
|
Restriction of processing of personal data | The User may ask the Controller not to carry out, except for storage alone, any processing operation on his or her personal data, except with the consent of the User or to protect its rights |
|
Objection to personal data processing | The User may object to processing based upon legitimate interest (including the sending of promotional communication) or a public interest | There must be reasons connected to the particular situation of the User, except if the objection is to processing for purposes of direct marketing |
Objection to an automated decision-making process | The User may object to automated decision-making processes. If that process is necessary to perform a contract, is based upon explicit consent, is authorised by law or a regulation of the State or European Union, the User has the right to obtain the human intervention by the Controller, to express his or her opinion and to dispute the decision | There is a decision based solely on automated processing, including profiling, which produces legal effects relating to him or her or that similarly significantly affects the User |
Portability of personal data | The User has the right to receive in a structured, commonly-used and machine readable format the personal data relating to him or her | Provided that all of the following presuppositions are in place:
|
Withdrawal of consent | The User may withdraw the consent provided. The withdrawal does not affect the lawfulness of the processing carried out up until that time | Always |
HOW TO EXERCISE RIGHTS AND/OR REQUEST INFORMATION ON PROCESSING
The “Data Protection Officer” is available for any doubt or clarification, to exercise the rights of the Data Subjects and to provide the updated list of categories of data recipients.
Data Protection Officer or DPO privacy@unipol.it
This is subject to your right to contact the Data Protection (Data Protection Authority), also by lodging a complaint, where considered necessary to protect your personal data and your rights in that regard.
We set out below the list of privacy policies:
Privacy policy for suppliers (Italian version only)
Privacy policy for submitting applications on the Job Posting portal (Italian version only)
Privacy policy for participants at the Ordinary Shareholders' Meeting (Italian version only)
Privacy policy for Directors, Auditors and Corporate Bodies (Italian version only)