Privacy Policy
- Introduction
- Definitions
- Disclosure on the processing of your personal data
- Cookies
- Your rights as Data Subject
- How to exercise your rights and/or request information on the processing
INTRODUCTION
Dear User,
You are being given this Privacy Policy pursuant to Article 13 of Regulation 2016/679/EU - on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter, also, “the Regulation” or “GDPR”).
In this Privacy Policy, you will find information concerning the processing of your personal data resulting from browsing our web site and using the services made available to you.
In the event that non-browsing data are processed by us, you will be given specific and/or supplementary disclosures on the processing of your personal data whenever we collect such data during your interactions with the site or under contractual relationships established with our Company;
Attention: this Privacy Policy does not concern web services provided by third parties, possibly used by you or viewed and reached via a hypertext link (“link”). In this regard, please see the privacy policies and statements provided by such third parties on their sites.
DEFINITIONS
Privacy Legislation: The GDPR, the Privacy Code, the Measures of the Data Protection Authority and in general all non-corporate regulations on the protection of natural persons with regard to the processing of Personal Data.
GDPR or Regulation: European Union Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation).
Data subject: The identified or identifiable natural person to whom the Personal Data refer.
Personal data: Any information concerning an identified or identifiable natural person. In addition to the data provided by you in any forms completed in individual areas of the Web Services, this should also be understood as the relevant browsing data.
Browsing data: During their normal operation, the IT systems and software procedures used to operate Web Services acquire some data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected so as to be associated with an identified data subject, but by its very nature it could allow Users to be identified through processing and association with data held by third parties. However, if the browsing session takes place after accessing the Private Area (i.e. after logging in), the data collected will be associated with the User’s personal account.
Browsing data includes:
- the IP addresses or domain names of the computers used by Users who connect to the site;
- the URI (Uniform Resource Identifier) addresses of the resources being requested;
- the time of the request;
- the method used in submitting the request to the server;
- the size of the file obtained in response;
- the numerical code specifying the response status given by the server (successful, error, etc.);
- other parameters relating to the User’s operating system and IT environment.
Data provided by the User: These are data that the User voluntarily and knowingly discloses by sending communications (e.g., e-mail messages to addresses within the web domain) or by filling in the appropriate forms, if found within the spaces provided by the Services.
The Data provided voluntarily by the User will only be those strictly necessary for the purposes pursued by the Services from time to time (for detailed information regarding the categories of data collected from time to time, please refer to the individual privacy policies of reference). Such data may include:
- personal data;
- contact details (e.g. e-mail address);
- data referable to the User’s/Customer’s contractual position;
- geolocation data (if the User has given his/her consent to the collection of data relating to location);
- data concerning the use of individual Services made available to the User;
- data regarding facts and events reported by the User in their messages (in this regard, and for your greater protection, please do not provide information that is not strictly relevant to the subject of the request and nature of Services provided by the Company).
Data Processing Controller or Data Controller: The entity which takes decisions on personal data processing purposes and methods. With reference to the Web Services, this is the Unipol Group Company that owns this site. You can find its contact details at the bottom of each page, as well as at the beginning of the section “Disclosure on the processing of your personal data”.
Services or Web Services: services provided via the Internet, using the website and/or an APP, if any.
User: The data subject (natural person) who browses, views, gains access to or uses the Web Services.
DPO: Data Protection Officer. Any User in his/her capacity as data subject may request clarifications regarding the processing of their personal data or exercise their rights by contacting the DPO in the manner and form specified in the section “How to exercise your rights and/or request information on the processing”
Data Protection Authority: Garante per la protezione dei dati personali, i.e. the Italian national supervisory authority for the protection of personal data. Please refer to the Data Protection Authority’s website.
Cookies: Cookies are pieces of information stored on your device (e.g., in your browsing history) when you visit a web site or use a web application.
Each cookie may contain several data, such as, for example, the name of the server it comes from, a numeric identifier, etc.
Please see the cookie policy for more information.
DISCLOSURE ON THE PROCESSING OF YOUR PERSONAL DATA
Useful information on the processing of your personal data on our site is provided below.
In particular, such information includes:
- identification and contact details of the Data Controller;
- contact details of the Data Protection Officer (DPO);
- categories of personal data processed through the Web Services;
- purposes for which such personal data are processed from time to time;
- conditions legitimising the processing of the above data (referred to as legal basis);
- duration of their retention period, always strictly necessary for the pursuit of the declared purposes;
- categories of data communication recipients.
Data Controller |
Registered office |
UNIPOL GRUPPO S.P.A. |
Bologna, Via Stalingrado 45 |
Categories of personal data, processing purposes and legal basis and retention period
Category of personal data |
Purpose of the processing |
Legal basis |
Data retention period |
Browsing data |
Enable web browsing and the provision of the Services |
Need to perform a contract to which the data subject is a party or to provide a service at the request of the same |
Throughout the browsing period within the services |
Obtain anonymous statistical information on the use of the Web Services for the sole purpose of checking their correct operation |
Legitimate interest of the Company |
The collected data are aggregated and are no longer attributable to the individual user who has browsed the site |
|
Ensure the security and correct operation of the Web Services and ascertain responsibilities in the event of hypothetical crimes and, as a result, protect our rights |
Legitimate interest of the Company |
(15 days) and, thereafter, for the time strictly necessary to carry out any investigations, settle any disputes and, in general, protect our rights |
Providing your personal data is voluntary and optional. We remind you, however, that it is essential for the pursuit of certain purposes; if you do not provide your data, in some cases it may become impossible to proceed with the pursuit of such purposes (for example, browsing our website could be prevented).
Processing methods and data communication recipients
The above data will not be disclosed to third parties. Only our Company staff specifically authorised to process your data will be permitted to view them. Processing operations may be carried out by third parties to whom we entrust the performance of activities on our behalf and with whom we have entered into specific agreements for the purpose of regulating data processing. We may also disclose your data to public authorities or law enforcement agencies at their express request.
Your personal data will always be processed with the prior adoption of security measures suitable to ensuring the confidentiality, availability and integrity of your data.
COOKIES
Our Web Services may use technical, analytical and profiling cookies, either from first or third parties.
Cookies are essential for us to improve our Services and provide products that are always in line with your preferences.
The use of profiling and/or third-party cookies will always be subject to obtaining your prior consent.
To find out more, click here.
YOUR RIGHTS AS DATA SUBJECT
The privacy legislation (Articles 15-22 of the Regulation) warrants you, the User, in your capacity as data subject, the right to access data concerning you and rectify and/or add further data, erase them or obtain their portability. The privacy legislation also gives you the right to request the restriction of, and object to, the processing of your data, as well as the ability to withdraw any consent given (withdrawal will not affect the lawfulness of any processing carried out up until that time).
Right |
What is it about? |
Conditions for exercising your right |
Access to data |
You may request the Data Controller:
|
You may submit this request at any time |
Rectification of data or additions thereto |
You may request the Data Controller to:
your personal data that they have processed. |
If your data being processed are inaccurate or incomplete |
Erasure of data |
You may request the Data Controller to erase any personal data they are processing |
|
Restriction of the processing of personal data |
You may request the Data Controller not to carry out any processing operations on your personal data, with the sole exception of retention, except with your consent or for the purpose of protecting their rights. |
|
Objection to the processing of personal data |
You may object to any processing based on a legitimate interest (including the sending of promotional communications) or based on a public interest |
There must be reasons connected to your particular situation to do this, unless you have objected to the processing of your data for direct marketing purposes. |
Objection to an automated decision-making process |
You may object to automated decision-making processes. If this process is necessary for the conclusion of a contract, is based on express consent, is authorised by law or by a regulation of the (Italian) State or of the European Union, you will have the right to obtain human intervention on the part of the data controller, express your opinion and challenge the decision. |
You may act if a decision based solely on automated processing, including profiling, could produce legal effects concerning you or significantly affects you personally in a similar way. |
Portability of personal data |
You have the right to receive personal data concerning you in a structured, commonly used and machine-readable format. |
Provided that all of the following conditions have been met:
|
Withdrawal of consent |
You are permitted to withdraw your consent. Withdrawal will not affect the lawfulness of any processing carried out up until that time. |
At any time |
HOW TO EXERCISE YOUR RIGHTS AND/OR REQUEST INFORMATION ON THE PROCESSING
The “Data Protection Officer” is available for any doubt or clarification, to let you exercise your rights as data subject and provide you with the updated list of the categories of data recipients.
Data Protection Officer or DPO |
Your right to contact Autorità per la protezione dei dati personali (the Italian Data Protection Authority), including by filing a complaint if deemed necessary for the protection of your personal data and your rights over such matters, will remain unprejudiced.