Privacy Information EEA

Privacy Note

The purpose of this privacy notice is to explain how, and for what purposes, we use the information we collect about you. Please read this notice carefully.

This notice may be updated from time to time: this version is dated 01 January 2021.

In this notice:

  • weus or our refers to Assicurazioni Generali S.p.A; and
  • you or your refers to the individual whose personal data is being processed by us (you may be the policyholderbeneficiaryclaimant or other person involved in a claim or relevant to an insurance policy).

We may not be your insurer or the party which initially collected your personal data – please see SECTION 4 below for more information about how you can identify the initial data controller of your personal data.

The other terms in bold have specific meanings. Those meanings can be found in the glossary at SECTION 12 below.

This notice sets out the following :

Assicurazioni Generali S.p.A, (hereinafter also Generali), with registered office in Trieste, at Piazza Duca Degli Abruzzi no. 2, will use your personal data acting as data controller.

We have appointed a data protection officer to oversee our handling of personal data.

If you have any questions concerning the processing of your personal data, or if you want to exercise a right in respect of your personal data, you can contact our office in the following ways:

  • by post:      

           Assicurazioni Generali S.p.A - UK Branch
           4 Thomas More Square
           London E1W 1YW 

  • by email:    ​

           privacy@generali.co.uk

In order for us to provide insurance quotes, insurance policies and/or deal with any claims or complaints, we need to collect and process personal data about you. The personal data we collect and process will depend on our relationship with you. The types of personal data that may be processed include:

 

Types of personal data

Details

Individual details

Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and employment history, and family details, including their relationship to you.

Identification details

Identification numbers issued by government bodies or agencies, including your national insurance number, passport number, tax identification number and driving licence number.

Financial information

Bank account or payment card details, income or other financial information.

Risk details

Information about you which we need to collect in order to assess the risk to be insured and provide a quote. This may include data relating to your health, criminal convictions, or other special categories of personal data.

Insurance policy information

Information about the quotes you receive and policies you take out.

Credit and anti-fraud data

Credit history, credit score, sanctions and criminal offences, and information received from various anti-fraud databases relating to you.

Previous and current claims

Information about previous and current claims, (including other unrelated insurances),which may include data relating to your health, criminal convictions, or other special categories of personal data and in some cases, surveillance reports..

Special categories of personal data

Certain categories of personal data which have additional protection under data protection law. The categories are health, criminal convictions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric, or data concerning sex life or sexual orientation.

3. From whom do we collect your personal data

We might collect your personal data from various sources, including:

  • you;
  • your family members or employer;
  • other insurance market participants;
  • in the event of a claim, third parties including the other party to the claim (claimant/defendant), witnesses, experts (including medical experts), medical services providers, loss adjustors, solicitors, and claims handlers;
  • credit reference agencies;
  • anti-fraud databases, sanctions lists, court judgments and other databases;
  • government agencies such as HMRC; or
  • open electoral register.

Which of the above sources apply will depend on our relationship with you.

ou can find out the identity of the initial data controller of your personal data within the insurance market in the following ways:

  • where your employer or another organisation took out the insurance policy for your benefityou should contact your employer or the organisation that took out the insurance policy who should provide you with details of the insurer or intermediary to whom they provided your personal data and you should contact their data protection contact who can advise you on the identities of other organisations to whom they have passed your personal data
  • ​​​​where you took out the insurance policy yourself: the insurer and, if purchased through an intermediary, the intermediary will be the initial data controller and their data protection contact can advise you on the identities of other organisations to whom they have passed your personal data. 
  • where you are not a policyholderyou should contact the organisation that collected your personal data who should provide you with details of the relevant organisation’s data protection contact. 

In this section we set out each use we make of your personal data, and the corresponding legal grounds which apply for that particular use. We may process your personal data for a number of different purposes. For each purpose, we must have a legal ground for such processing.

We set out in the table below:

  • the purposes for which we might use your personal data;
  • the categories of personal data processed for that purpose;
  • the legal grounds for processing that personal data (the meaning of each legal ground can be found in the glossary at SECTION 12 below);
  • to which third parties your personal data may be disclosed. 

Purpose

Categories of data

Legal grounds

Disclosures

Quotation/inception

 

Setting you and/or your employer up as a client, including possible fraud, sanctions, credit and anti-money laundering checks.

 

Personal data

 

  • Individual details
  • Identification details
  • Financial information

Personal data

 

  • Legitimate interests (to ensure the client is within our acceptable risk profile)
  • Performance of a contract with you
  • Compliance with a legal obligation

 

  • Insurance market participants
  • Group companies providing administration
  • Credit reference agencies
  • Anti-fraud databases

Special categories of data

 

  • Credit and anti-fraud data

 

 

Special categories of data

 

  • Consent
  • In the substantial public interest

 

Quotation/inception

 

Evaluating the risks to be covered and matching to appropriate insurance policy/ premium.

 

 

Personal data

 

  • Individual details
  • Identification details
  • Insurance policy information

Personal data

 

  • Legitimate interests (to determine the likely risk profile and appropriate insurance product and premium)
  • Performance of a contract with you

 

  • Insurance market participants
  • Group companies providing administration
  • Your employer, where you are covered by insurance taken out by your employer

 

Special categories of data

 

  • Risk details
  • Previous claims
  • Credit and anti-fraud data

 

 

Special categories of data

 

  • Consent
  • In the substantial public interest

 

Quotation/inception;

Insurance policy administration

 

Collection or refunding of premium.

 

 

 

Personal data

 

  • Individual details
  • Financial information

Personal data

 

  • Legitimate interests (to recover debts due to us)
  • Performance of a contract with you

 

  • Insurance market participants
  • Banks
  • Your employer, where you are covered by insurance taken out by your employer

Insurance policy administration

 

General client care, including communicating with you regarding administration and requested changes and sending you updates.

Personal data

 

  • Individual details
  • Insurance policy information

Personal data

 

  • Legitimate interests (to correspond with clients, beneficiaries and claimants in order to facilitate the placing of and claims under insurance policies)
  • Performance of a contract with you

 

  • Insurance market participants
  • Group companies providing administration
  • Your employer, where you are covered by insurance taken out by your employer

 

Special categories of data

 

  • Risk details
  • Previous claims
  • Current claims

 

 

Special categories of data

 

  • Consent
  • In the substantial public interest

 

Claims processing

 

Managing insurance claims, including fraud, credit and anti-money laundering and sanctions checks

Personal data

 

  • Individual details
  • Identification details
  • Financial information
  • Insurance policy information

Personal data

 

  • Legitimate interests (to assess the veracity and quantum of claims)
  • Performance of a contract with you

 

  • Insurance market participants
  • Claims handlers
  • Solicitors
  • Loss adjusters
  • Experts
  • Third parties involved in the claim, including medical services providers
  • Group companies providing administration
  • Your employer, where you are covered by insurance taken out by your employer

 

Special categories of data

 

  • Risk details
  • Previous claims
  • Current claims
  • Credit and anti-fraud data

 

Special categories of data

 

  • Consent
  • In the substantial public interest
  • Legal claims

 

Claims processing

 

Defending or prosecuting legal claims

Personal data

 

  • Individual details
  • Identification details
  • Financial information
  • Insurance policy information

 

Personal data

 

  • Legitimate interests (to defend or make claims)
  • Performance of a contract with you

 

  • Insurance market participants
  • Claims handlers
  • Solicitors
  • Loss adjusters
  • Experts
  • Third parties involved in the claim, including medical services providers
  • Group companies
  • Your employer, where you are covered by insurance taken out by your employer

 

Special categories of data

 

  • Risk details
  • Previous claims
  • Current claims
  • Credit and anti-fraud data

 

Special categories of data

 

  • Consent
  • In the substantial public interest
  • Legal claims

 

Claims processing

 

Investigating and prosecuting fraud

Personal data

 

  • Individual details
  • Identification details
  • Financial information
  • Insurance policy information

 

Personal data

 

  • Legitimate interests (to assist with the detection and prevention of fraud)
  • Performance of a contract with you

 

  • Insurance market participants
  • Solicitors
  • Private investigators
  • Police
  • Experts
  • Third parties involved in the investigation or prosecution
  • Anti-fraud databases
  • Group companies
  • Your employer, where you are covered by insurance taken out by your employer

 

Special categories of data

  • Health data
  • Criminal records data
  • Risk details
  • Previous claims
  • Current claims
  • Credit and anti-fraud data

 

Special categories of data

  • Consent
  • In the substantial public interest
  • Legal claims

 

Renewals

 

Communication regarding renewal of the insurance policy

 

Personal data

 

  • Individual details
  • Insurance policy information

 

Personal data

 

  • Legitimate interests (to correspond with clients and beneficiaries in order to facilitate the placing of insurance)
  • Performance of a contract with you

 

  • Insurance market participants
  • Group companies providing administration
  • Your employer, where you are covered by insurance taken out by your employer

 

Special categories of data

 

  • Risk details
  • Previous claims
  • Current claims

 

Special categories of data

 

  • Consent
  • In the substantial public interest

 

Throughout the insurance lifecycle

 

Transferring books of business, company sales and reorganisations

 

Personal data

 

  • Individual details
  • Identification details
  • Financial information
  • Insurance policy information

 

Personal data

 

  • Legitimate interests (to structure our business appropriately)
  • Compliance with a legal obligation
  • Courts
  • Purchaser/transferee
  • Group companies providing administration
  • Your employer, where you are covered by insurance taken out by your employer

 

Special categories of data

 

  • Risk details
  • Previous claims
  • Current claims
  • Credit and anti-fraud data

 

Special categories of data

 

  • Consent
  • In the substantial public interest

 

Throughout the insurance lifecycle

 

General risk modelling and underwriting; provision of added value services

 

Personal data

 

  • Individual details
  • Identification details
  • Financial information
  • Insurance policy information

 

Personal data

 

  • Legitimate interests (to build risk models that allow accepting of risk with appropriate premiums)

 

  • Group companies providing administration
  • Third parties involved in the provision of added value services
  • Your employer, where you are covered by insurance taken out by your employer

 

Special categories of data

 

  • Risk details
  • Previous claims
  • Current claims
  • Credit and anti-fraud data

 

Special categories of data

 

  • Consent
  • In the substantial public interest

 

Throughout the insurance lifecycle

 

Complying with our legal and regulatory obligations

 

Personal data

 

  • Individual details
  • Identification details
  • Financial information
  • Insurance policy information

 

Personal data

 

  • Compliance with a legal obligation
  • IVASS, Garante and other regulators
  • Police
  • Other insurers (under court order)
  • Group companies
  • Your employer, where you are covered by insurance taken out by your employer

 

Special categories of data

 

  • Risk details
  • Previous claims
  • Current claims
  • Credit and anti-fraud data

 

Special categories of data

 

  • Consent
  • In the substantial public interest

 

Maintaining records

 

Keeping records for accounting purposes and analysis of financial results

 

 

 

Personal data

 

  • Individual details
  • Identification details
  • Financial information
  • Insurance policy information

 

Personal data

 

  • Legitimate interests (to build risk models that allow accepting of risk with appropriate premiums)

 

  • Group companies providing administration

 

Special categories of data

 

  • Risk details
  • Previous claims
  • Current claims
  • Credit and anti-fraud data

 

Special categories of data

 

  • Consent
  • In the substantial public interest

 

Managing feedback

 

Obtaining, managing and acting on feedback on the provision of services to you. 

 

 

 

Personal data

 

  • Individual details
  • Identification details
  • Financial information
  • Insurance policy information

 

Personal data

 

  • Legitimate interests (to build risk models that allow accepting of risk with appropriate premiums)

 

  • Insurance market participants
  • Group companies

 

Special categories of data

 

  • Risk details
  • Previous claims
  • Current claims
  • Credit and anti-fraud data

 

Special categories of data

 

  • Consent
  • In the substantial public interest

 

 

In order to provide insurance cover and deal with insurance claims, in certain circumstances we may need to process your special categories of personal data, such as medical and criminal convictions records.

Your consent to this processing may be necessary for us to achieve this. You may withdraw your consent to such processing at any time. However, if you withdraw your consent this will impact our ability to provide insurance or pay claims.

We will keep your personal data only for so long as is necessary and for the purpose for which it was originally collected. In particular, for so long as there is any possibility that either you or we may wish to bring a legal claim in relation to the insurance we provide, or where we are required to keep your personal data due to legal or regulatory reasons.

We may need to transfer your personal data to third parties acting on our behalf or to insurance market participants which are located outside of the United Kingdom and the European Economic Area (EEA) in countries which may have lower standards of data protection. Those transfers would always be made in compliance with applicable data protection law.

We have put in place technical and organisational security measures to prevent the loss or unauthorised access of your personal data. These include putting in place contractual protections which have the purpose of ensuring the security of any personal data transferred.

If you would like further details of how your personal data would be protected if transferred outside the EEA, please contact us.

When calculating the insurance premium we may compare your personal data to industry averages. Your personal data may also be used to create the industry averages going forwards.

This is known as profiling and is used to ensure premiums reflect risk.

Profiling may also be used by us to assess your personal data to understand fraud patterns.

Where special categories of personal data are relevant, such as medical history for life insurance, your special categories of personal data may also be used for profiling.

For the purposes set out in SECTION 5, above, we may also make decisions about you without human intervention (known as automatic decision making). Our automatic decision making may include decisions made about you based on profiling.

You can request from us a manual review of an automatic decision if you are unhappy with it.

If you have any questions in relation to our use of your personal datayou should first contact the data protection contact of the relevant insurance market participant. Under certain conditions, you may have the right to require us to:

  • provide you with further details on the use we make of your personal data/special category of data;
  • provide you with a copy of the personal data that you have provided to us;
  • update any inaccuracies in the personal data we hold;
  • delete any special category of data/personal data that we no longer have a lawful ground to use;
  • where processing is based on consent, to withdraw your consent so that we stop that particular processing;
  • object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights; and
  • restrict how we use your personal data whilst a complaint is being investigated.

In certain circumstances, we may need to restrict the above rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).

There will not normally be a charge by us for dealing with the exercise of your rights above. 

If you are not satisfied with our use of your personal data or our response to any request by you to exercise any of your rights in SECTION 10 above, or if you think that we have breached data protection law, then you have the right to complain to the Supervisory Authority in your jurisdiction.

The Lead Supervisory Authority within the European Union is Garante per la Protezione dei Dati Personali, (www.garanteprivacy.it).

Beneficiary is an individual or a company that an insurance policy states may receive a payment under the insurance policy if an insured event occurs. A beneficiary does not have to be the policyholder and there may be more than one beneficiary under an insurance policy.

Claimant is either a beneficiary who is making a claim under an insurance policy or an individual or a company who is making a claim against a beneficiary where that claim is covered by the insurance policy.

Compliance with a legal obligation - this legal ground applies when processing is necessary for compliance with a legal obligation to which we are subject.

Consent is your explicit consent to the processing of your personal data for one or more specified purposes. You are free to withdraw your consent by contacting us. However withdrawal of this consent will impact our ability to provide insurance or pay claims. For more detail see SECTION 6.

Data controller is the entity which determines the purposes for which, and the manner in which, personal data is processed. The data controllers of your personal data include us and the other insurance market participants who share or receive your personal data.

Data protection law means the EU General Data Protection Regulation (GDPR).

Health services – this legal ground applies where processing is necessary for the purposes of preventive or occupational medicine, for medical diagnosis, the provision of health or social care or treatment on the basis of EU law or pursuant to contract with a health professional who is under legal or professional obligations of secrecy.

Insurance market participant or participants means an intermediaryinsurer or reinsurer and their affiliates and subcontractors.

Insurer (sometimes also called underwriters) provide insurance cover to policyholders in return for premium. An insurer may also be a reinsurer.

Intermediaries help policyholders and insurers arrange insurance cover. They may offer advice and handle claims. Many insurance and reinsurance policies are obtained through intermediaries.

In the substantial public interest - this legal ground applies when processing is necessary for the performance of a task carried out in the public interest.

Legal claims – this legal ground applies when processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity. For example, this may relate to a claim under an insurance policy or relate to the investigation or prosecution of fraud.

Legitimate interests - this legal ground applies when processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms. For example, if our use of personal data does not impact your legal rights or cause you financial loss. These legitimate interests are set out next to each purpose in SECTION 5 above.

Performance of a contract with you - this legal ground applies when processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract.

Personal data means the data described in SECTION 2 above.

Policyholder is the individual or company in whose name the insurance policy is issued. A potential policyholder may approach an intermediary to purchase an insurance policy or they may approach an insurer directly.

Reinsurers provide insurance cover to another insurer or reinsurer. That insurance is known as reinsurance.

Special categories of personal data means those categories of data described in SECTION 2 above as special categories of data which have additional protection under data protection law, such as health data.