Privacy

The following describes the management methods of the website www.intesasanpaoloassicurazioni.com and the Digital Channels made available (Home Insurance and other digital tools such as the App) with respect to the processing of users' personal data.

 

This is a Privacy Policy also provided pursuant to Articles 13 and 14 of EU Regulation 679/2016 on "Insurance of natural persons with regard to the processing of personal data, as well as the free circulation of such data" (hereinafter the "Regulation") to those who interact with the web services provided by Intesa Sanpaolo Assicurazioni S.p.A.

 

The Data Controller is Intesa Sanpaolo Assicurazioni S.p.A., with registered office at Via San Francesco d'Assisi 10 – 10122 Turin.

Intesa Sanpaolo Assicurazioni has appointed a Data Protection Officer (DPO) as required by the Regulation . For all matters relating to the processing of your Personal Data and/or to exercise the rights provided for by the Regulation itself listed in this Policy, you can contact the DPO at the following email address: dpo@intesasanpaoloassicurazioni.com

The Company will process the personal data concerning you and provided by you, in particular personal and identification data and contact details. Through the Digital Channels “Home Insurance” and the “App”, it is also possible to upload data relating to images and photos. This data will be processed by the Company: (i) for the provision of web services; ii) for the provision of insurance services (iii) for internal management and control needs within the Company; (iv) for data analysis and processing activities for statistical purposes; (v) for the possible exercise and defence of rights in court; (vi) to comply with legal obligations.

In relation to purposes (i) and (ii), the legal basis that legitimises the processing is constituted by the execution of a contract/service of which the data subject is a party or beneficiary. With reference to purposes (iii), (iv) and (v) the legal basis is represented by the legitimate interest of the Data Controller. With reference to purpose (vi), the legal basis is represented by the fulfilment of regulatory obligations.

The computer systems and software procedures used to operate the Website acquire, during their normal operation and only for the duration of the connection, some personal data whose transmission is implicit in the use of Internet communication protocols.

 

This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

 

In this category of data are included the IP addresses or domain names of the computers used by users connecting to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment.

 

This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Website: Except for this eventuality, browsing data is recorded in log files that are kept in company backups for ten years.

The optional, explicit, and voluntary sending of emails to the addresses indicated on the Website entails the subsequent acquisition of the sender's address, necessary to respond to requests, as well as any other personal data included in the message.

Cookies are small text files that are downloaded to the user's computer when they visit a website. They are used for various purposes, for example: allow you to navigate efficiently between pages, remember your favourite websites, and generally improve your browsing experience.

 

This Website uses the following cookies:

 

 

Technical cookies that do not require consent:

 

Used to save the user's session and to perform other activities strictly necessary for its functioning. The Website may also use Cookies to save browsing preferences and optimise the browsing experience. These Cookies include, for example, those used to set the language or for the management of aggregate and anonymous statistics by the Website owner. Technical Cookies also include the so-called "Web Analytics", used to collect aggregate and anonymous statistics on visitors' use of the Website. In particular, the IP address collected through these cookies is appropriately anonymised, so as to exclude its traceability to an individual user.

 

These cookies do not require user consent, as they are necessary for the use of the Website and the provision of services.

 

Please note that technical cookies also include Google Inc’s (Google) ‘reCaptcha’ service for SPAM protection and Google Maps” ‘Geolocation API’ service if the user activates the feature to locate a place on a map.

 

However, you can prevent cookies from being set on your computer via your browser's configuration tools. If you completely disable cookies, you may disable some features of the Website or prevent it from functioning correctly altogether. Even with all cookies disabled, your browser will continue to store a small amount of information, necessary for the basic functionality of the Website.

 

For information on how to change the cookie settings, please visit the website of the browser manufacturer you are using.

 

 

Managing cookies from your browser settings

 

This Website works best if cookies are enabled. You can, however, decide not to allow cookies to be set on your computer.

 

For information on how to change your cookie settings, select the browser you are using:

 

Chrome
Microsoft Internet Explorer
Safari
Mozilla Firefox

The data collected on browsing (both via the Website and Digital Channels) remains on the servers for a period of 12 months. Personal Data may also be processed for a longer period if there is an act interrupting and/or suspending the limitation period that justifies the extension of the data retention period.

 

Specific security measures are applied to prevent the destruction or loss of data, unauthorised access or unlawful use, and in any case, the necessary security measures are adopted, whether physical or IT-related, in accordance with the provisions of the Regulation.

Pursuant to art. 3 of the Provision of the Guarantor for the protection of personal data of 26 April 2007, we provide the list of subjects to whom customer data has been communicated in their capacity as independent data controllers or who have become aware of it in their capacity as data processors or persons in charge of processing.

Your Personal Data is processed by the Company within the territory of the European Union and is not disclosed. If necessary, for technical or operational reasons, the Company reserves the right to transfer your Personal Data to countries outside the European Union for which there are "adequacy" decisions by the European Commission, or on the basis of adequate guarantees or specific derogations provided for by the Regulation.

As a Data Subject, you may exercise, at any time, the rights set forth in the Regulation listed below against the Data Controller by sending a specific written request to the email address dpo@intesasanpaoloassicurazioni.com. You can revoke the consents expressed at any time using the same methods. Any communications and actions undertaken by the Company in response to the exercise of the rights listed below will be carried out free of charge. However, if your requests are manifestly unfounded or excessive, in particular because of their repetitive nature, the Company may charge a fee, taking into account the administrative costs incurred, or refuse to comply with your requests.

 

1. Right of access
You may obtain confirmation from the Company as to whether or not your Personal Data is being processed and, if so, obtain access to the Personal Data and the information provided for in Article 15 of the Regulation, including, for example: the purposes of the processing, the categories of Personal Data processed, etc. If Personal Data is transferred to a third country or to an international organisation, you have the right to be informed of the existence of appropriate safeguards relating to the transfer. Upon request, the Company may provide a copy of the Personal Data being processed. For any additional copies the Company may charge a reasonable fee based on administrative costs. If the request in question is submitted by electronic means, and unless otherwise indicated, the information will be provided by the Company in a commonly used electronic format.

 

2. Right to rectification
You may obtain from the Company the rectification of your Personal Data that is inaccurate, as well as, taking into account the purposes of the processing, the integration of the same, if incomplete, by providing a supplementary statement.

 

3. Right to erasure
You may obtain from the Data Controller the erasure of your Personal Data if one of the reasons set forth in Article 17 of the Regulation applies, including, for example, if the Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed, or if the consent on which the processing of your Personal Data is based has been withdrawn and there is no other legal basis for the processing. We inform you that the Company will not be able to erasure your Personal Data if processing is necessary, for example, to fulfil a legal obligation, for reasons of public interest, or to ascertain, exercise, or defend a right in judicial proceedings.

 

4. Right to restriction of processing
You may obtain restriction of the processing of your Personal Data if one of the conditions set forth in Article 18 of the Regulation applies, including, for example: in the event of a dispute regarding the accuracy of your Personal Data being processed or if the same are necessary for the establishment, exercise or defence of a right in court, even if the Company no longer needs them for the purposes of the processing.

 

5. Right to data portability
If the processing of your Personal Data is based on consent or is necessary for the performance of a contract or pre-contractual measures and the processing is carried out by automated means, you may:

• request to receive the Personal Data provided in a structured, commonly used and machine-readable format (example: computer and/or tablet);
• transmit the Personal Data received to another Data Controller without hindrance from the Company, if this is technically feasible for the Company. In this case, you will be responsible for providing us with all the exact details of the new data controller to whom you intend to transfer your Personal Data, providing us with specific written authorisation.

 

6. Right to object
You may object at any time to the processing of your Personal Data if the processing is carried out for the performance of a task in the public interest or for the pursuit of a legitimate interest of the Data Controller (including profiling). If you decide to exercise the right to object described here, the Company will refrain from further processing your Personal Data, unless there are legitimate grounds for the processing (reasons that prevail over the interests, rights, and freedoms of the data subject), or the processing is necessary for the establishment, exercise, or defence of a right in court.

 

7. Right to lodge a complaint with the Italian Data Protection Authority
Without prejudice to your right to appeal to any other administrative or judicial body, if you believe that the processing of your Personal Data by the Data Controller violates the Regulation and/or applicable law, you may lodge a complaint with the competent Italian Data Protection Authority.