Privacy

PRIVACY IN Unipol Assicurazioni S.p.A.

Introduction
Definitions
Privacy Policy for the User
Cookies
Rights of the Data Subject
How to exercise rights and/or request information on processing
List of privacy policies 

INTRODUCTION

Dear User,

This Privacy Policy is provided in accordance with Article 13 of Regulation 2016/679/EU - on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, also, “the Regulation” or “GDPR”).
Here you will find information on the processing of your personal data, as a result of browsing the website and using the services made available through the same.
You will be given specific and/or additional information on the processing of your personal data each time we collect them, during your interaction with the website or by virtue of contractual relationships established with our Company; you may view this information at any time by clicking on the links present in the section “List of Privacy Policies” at the bottom of this page.

Attention: This Privacy Policy does not relate to web services provided by third parties used or consulted or reached via hypertext links.  In this regard, we invite you to read the privacy policies and notices provided by these third parties in the relevant places. 

DEFINITIONS

Privacy Regulations: The GDPR, the Privacy Code, the Measures of the Data Protection Authority and, in general, all external rules on the protection of natural persons with regard to the processing of Personal Data.  

GDPR or Regulation: European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation).

Personal Data: Any information relating to an identified or identifiable natural person. This includes browsing data, as well as any data provided by the User through forms within the individual areas of the Web Services.

Data Subject: The identified or identifiable natural person to whom the Personal Data refer. 

Browsing Data: The IT systems and software procedures used to operate the Web Services acquire, during their normal functioning, certain data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects but, given its nature, it could allow users to be identified through processing and association with data held by third parties. In any case, data collected during the browsing session after logging in to the website are associated with the personal account of the User.

Browsing data include:

  • IP addresses or domain names of the computers used by Users who connect to the website; 
  • URI (Uniform Resource Identifier) addresses of the requested resources; 
  • time of the request; 
  • method used to submit the request to the server; 
  • size of the file obtained in response;  
  • numerical code indicating the status of the response given by the server (successful, error, etc.);
  • other parameters relating to the operating system and IT environment of the User.
     

Data provided by the User: These data are voluntarily and knowingly provided by the User by sending communications (e.g. emails to the addresses present on the web domain) or by completing specific forms, if present on the pages providing the Services.

The data voluntarily provided by the User are limited to those strictly necessary for the purposes pursued from time to time by the Services (for specific information regarding the categories of data collected from time to time, please refer to the relevant privacy policies). By way of example, they may include the following data:

  • personal details;
  • contact details (e.g. email address);
  • contractual position of the User-Customer;
  • geolocation (if the User has expressed consent to the collection of location data);
  • use of the individual Services made available to the User;
  • events and circumstances indicated by the User in his or her messages (in this regard, for the sake of their own protection, Users are asked not to provide information that does not strictly relate to the subject of the request and the nature of the Services provided by the Company).
     

Data Controller or Controller: The entity that determines the means and purposes of the personal data processing. With reference to the Web Services, it is the Company of the Unipol Group to which this website refers and whose details are shown at the bottom of each page, as well as at the start of the “User Privacy Policy”.

Services or Web Services: Services provided via the Internet, accessed through the website and/or any Apps 

User: The data subject (natural person) who browses, consults, accesses or uses the Web Services.

DPO: The Data Protection Officer. The User may request clarifications regarding the processing of personal data or exercise his or her rights by contacting the DPO, according to the procedures indicated in the section “How to exercise rights and/or request information on processing

Data Protection Authority: In Italy, the Italian National Data Protection Authority. For further information, please see the website of the Data Protection Authority.

Cookies: Cookies are information recorded on your device (e.g. in your browser memory) when you visit a website or use a web application. 

Each cookie may contain different data, such as, for example, the name of the server from which it originates, a numerical identifier, etc.

Please see the cookie policy for further information.

USER PRIVACY POLICY

Please find below some useful information regarding the personal data processing carried out via the Web Services.
In particular, we wish to inform you of:

  • the identification and contact details of the Data Controller;
  • the contact details of the Data Protection Officer (DPO);
  • the categories of personal data processed via the Web Services;
  • the purposes for which the personal data are processed from time to time;
  • the conditions that legitimise the processing of the aforementioned data (so-called legal bases);
  • the duration of their storage, always strictly necessary to pursue the declared purposes;
  • the categories of recipients to which the data are disclosed.
     
Data ControllerRegistered office
Unipol Assicurazioni S.p.A.Via Stalingrado 45, Bologna – 40128

Categories of personal data, purposes and legal bases of processing and data retention

Categories of personal dataProcessing purposeLegal basesData storage periods
Browsing dataTo enable web browsing and the provision of the ServicesNecessary for the performance of a contract to which the data subject is party or to provide a service at the request of the same For the duration of browsing on the site providing the Services
To obtain anonymous statistical information on use of the Web Services, for the sole purpose of checking their proper functioning.Legitimate interest of the CompanyThe browsing data collected are aggregated and may not be traced back to the individual user
Data provided by the User: provision of Web Services Job Posting Portal for submitting applications Necessary to carry out requests made by the data subject (also during the pre-contractual phase)2 years (unless the applicant is subsequently hired)
Supplier Portal: Registration in the Unipol Group Supplier RegisterNecessary for the performance of a contract or pre-contractual measuresFor the time the account is activated. Subsequently, they may be retained further for administrative and accounting purposes (generally, 10 years)
Governance Section – Participation in the Shareholders' Meeting Necessary for the performance of a contract to which the data subject is partyFor the duration of the Shareholders' Meeting. The personal data, subsequently collected in the minutes of the Shareholders' Meeting, may be retained further for administrative and accounting purposes based on the provisions of the regulations applicable from time to time (in general, 10 years)
To submit questions for the Shareholders' MeetingLegitimate interest in the proper and productive conduct of the Shareholders' MeetingFor the duration of the Shareholders' Meeting. The questions will be subsequently retained in the specific minutes, without reference to individual names
Information requestNecessary to carry out requests made by the data subject (also during the pre-contractual phase) For the time necessary to provide feedback
Reinsurance Portal: For the assignment and management of user authentication to access the Portal,
an application used to share documentation with Reinsurers and Brokers (e.g. treaties and annexes) issued by Unipol in the field of
reinsurance		Legitimate interest in the proper management of relationships with reinsurersFor the time the account is activated. Subsequently, they may be retained further for administrative and accounting purposes based on the provisions of the regulations applicable from time to time (in general, 10 years)
Investor Teams Portal, for sending requests for clarification in this regardLegitimate interest Il tempo necessario al fornire il riscontro
Governance Section – Participation in Shareholders' Meeting Necessary for the performance of a contract to which the data subject is partyFor the duration of the Shareholders' Meeting. The personal data, subsequently collected in the minutes of the Shareholders' Meeting, may be retained further for administrative and accounting purposes based on the provisions of the regulations applicable from time to time (in general, 10 years)

The provision of your personal data is free and optional. Please note, however, that it is essential for the pursuit of certain purposes (to provide you with the feedback requested, to register for access to the Reserved Area or for the provision of individual services); if you do not provide your data in these cases, it may not be possible to proceed with the pursuit of the aforementioned purposes.

We invite you, in any case, to consult the individual privacy policies for further details
 

Methods of processing and recipients of data disclosed

The above data will not be disseminated and may only be disclosed to collaborators of our Company specifically authorised to process the same. They may also be acquired and/or processed by other companies of the Unipol Group. Processing operations may be carried out by external entities entrusted with the performance activities on our behalf, with whom we enter into specific agreements aimed at regulating data processing.
Finally, your data may be communicated to public authorities or law enforcement upon express request.

Personal data are always processed with the adoption of suitable security measures to guarantee the confidentiality, availability and integrity of such data.
 

COOKIES

The Web Services may use technical, analytical, and profiling cookies, both first and third party.
Cookies are essential for improving the Services and providing products always in line with User preferences.
Any use of profiling cookies and/or third party cookies will always require your prior consent.
To find out more, click here.

USER RIGHTS

The Privacy Regulation (Articles 15-22 of the GDPR) guarantees the User, in the capacity of data subject, the right to access data concerning him or her, as well as to obtain the rectification and/or supplementation, erasure or portability of the same. The privacy regulation also grants Users the right to request the restriction of data processing and to object to the processing, as well as the possibility to withdraw any prior consent given (withdrawal of consent does not affect the lawfulness of the processing carried out up until that time).

RightsWhat does it involve?Requirements
Access to data

The User may request from the Data Controller:

  1. confirmation as to whether or not personal data concerning him or her are being processed;
  2. a copy of the personal data concerning him or her;
  3. information on the processing of personal data (e.g. lawful bases, retention period, categories of data recipients, etc.).
The User can always make such request.
Rectification of data or updating

The User may ask the Data Controller to: 

  1. rectify;
  2. update;
  3. or modify

the personal data processed.

The processed data are inaccurate or incomplete.
Erasure of dataThe User may ask the Data Controller to erase the personal data being processed.
  1. The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. The User withdraws consent on which the processing is based, and where there is no other legal ground for the processing;
  3. The User objects to the processing pursuant to Article 21 and there are no overriding legitimate grounds for the processing;
  4. The personal data have been unlawfully processed; 
  5. The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
Restriction of processingThe User may ask the Controller not to carry out, with the exception of storage, any processing of his or her personal data unless with the consent of the User or to protect his or her rights.
  1. The accuracy of the personal data is contested by the User, for a period enabling the controller to verify the accuracy of the personal data;
  2. The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  3. The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; 
  4. The User has objected to processing, pending the verification whether the legitimate grounds of the controller override those of the data subject.
Objection to processingThe User may object to processing based on legitimate interest (including the sending of promotional communications) or on a public interest.There must be grounds relating to the particular situation of the User, unless the objection is to processing for direct marketing purposes.
Objection to automated decision-makingThe User may object to decisions based on automated processing. If the decision is necessary for the performance of a contract, is based upon explicit consent, is authorised by Union or Member State law, the User has the right to obtain the human intervention on the part of the controller, to express his or her point of view and to contest the decision. In case of a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects the User.
Data portabilityThe User has the right to receive the personal data concerning him or her in a structured, commonly used and machine-readable format.

Where all of the following conditions apply:

  1. the data were provided by the User;
  2. the processing is based on consent or on a contract;
  3. the processing is carried out by automated means.
Withdrawal of consentThe User may withdraw prior consent provided. Withdrawal of consent does not affect the lawfulness of the processing carried out up until that time.Always

HOW TO EXERCISE RIGHTS AND/OR REQUEST INFORMATION ON PROCESSING

The Data Protection Officer is available for any doubts or clarification, to exercise the rights of data subjects and to provide an updated list of the categories of data recipients.

Data Protection Officer or DPO privacy@unipol.it

This is subject to your right to contact the Data Protection (Data Protection Authority), also by lodging a complaint, where considered necessary to protect your personal data and your rights in that regard.

LIST OF PRIVACY POLICIES

below the list of privacy policies: 

General Privacy Policy to be submitted to Members and Shareholders upon purchase of the stock and to be made available online (Italian version only)
Privacy information for participation in the Shareholders' Meeting (both in physical presence and remotely via streaming) (Italian version only)
Privacy Policy for Directors, General Managers, Auditors and members of the Supervisory Body (Italian version only)
Privacy Policy for Related Party Procedures ("Internal Dealing") (Italian version only)
Privacy information for the assignment of the position of CEO + (promise) (Italian version only)
Privacy information to be attached or inserted in the Proxy Form for Shareholders' Meeting (Italian version only)
Privacy information supplementary to that of employees for key function holders, for regulatory compliance with suitability for the role (post IVASS Provision no. 142/2024) (Italian version only)
Information on the processing of personal data of Suppliers (Italian version only)
 

Back to Menu

Last updated: