Security & Privacy

Information on the processing of personal data from insurance policies

For more information about the processing of personal data from insurance policies download this document in the following link.
 

Web users’ Privacy Policy

1. Identification and contact details of the Data Controller

2. General information: description of the information contained in the privacy policy

3. Necessary and up-to-date information

4. Exercising your rights

5. Detailed information on the processing carried out

6. Confidentiality

7. Safe environment

8. Recommendations against fraud

9. Update of the Privacy Policy

10. Code of Conduct Regulating the processing of personal data in the common information systems of the insurance sector

 

1. Identification and contact details of the Data Controller

Generali Seguros y Reaseguros, S.A.U., a company with registered offices at C/ Paseo de las Doce Estrellas, 4, C.P. 28042 Madrid, with Tax ID Code A-48037642, and phone number 932144031 (hereinafter, "Generali" or the "Insurer") is the data controller of the personal data of users who access the websites www.generalion.es, www.generaliexpatriates.es, www.genesis.es, and www.regal.es. This policy provides information on the use that the Insurer will make of your personal data and the rights that users of these websites have under the General Data Protection Regulation ("GDPR").

Generali has a Data Protection Officer appointed before the Spanish Supervisory Authority (Agencia Española de Protección de Datos), who can be contacted at the following address dpo@generalion.es. If you have any questions regarding the processing of your personal data, please contact the Data Protection Officer at the aforementioned address.

2. General information: description of the information contained in the Privacy Policy

In this privacy policy you will find a table identifying each of the different processing operations carried out by Generali.

These informative tables will detail:

  • The purposes of the processing of your personal data, i.e. the reason why Generali processes your personal data.
  • The legal basis that allows the processing of data by the Insurer for each of the purposes indicated.
  • The possible communication of your data to third parties, as well as the reason for such communication. For these purposes, we do not transfer your personal data to third parties except when there is a legal obligation to do so (Tax Authorities, Judges and Courts, Security Forces and Bodies...), or when we expressly indicate it in the table that appears below. On the other hand, Generali’s data processors may have access to your personal data, i.e. service providers that have access to your personal data for the performance of their services. The service providers that access your personal data are generally in the information systems, technology, telecommunications, cloud computing and network security, anti-fraud or customer services sectors. The table below will indicate those other areas where Generali’s service providers may have access to your data from time to time. You can request more detailed information about the recipients of your data by sending an e-mail to the address dpo@generalion.es, indicating the specific processing activity about whose recipients you would like information.
  • The existence of potential international data transfers. For these purposes, many of our processing activities require the transfer of data internationally to technological service providers or entities of the group to which Generali belongs, located in the United States, United Kingdom and India, for which the pertinent Standard Contractual Clauses apply. You can request more detailed information regarding the international transfers of your data, or the guarantees applied by sending an e-mail to dpo@generalion.es, indicating the specific processing activity about which you would like to receive information about the guarantees applying.
  • The retention period of the data you provide us with. For this purpose, we keep your personal data for the duration of the contractual relationship, or for a longer period if you have given us your consent. Subsequently, your data will remain blocked to deal with judicial, administrative or tax claims, during the statute of limitations period determined by the applicable regulations.

3. Necessary, up-to-date and accurate information

You are required to provide us with the data we request through various means of collection, including the digital portals of Generali, email, webchat, telephone or paper. If you do not provide us with all information requested, we may not be able to send you communications or provide you with the insurance related services you have requested. Likewise, by fulfilling and sending the required information, you declare that the information and data you have provided is accurate and true.

So that the information provided is always up to date and contains no errors, you must inform Generali, as soon as possible, about the changes to and rectifications of your personal data, using the form you will find at the following link.

4. Exercising your rights

You can exercise the following rights:

  1. Right of access to your personal data to find out if it is being processed, and if so, what exactly is being processed and the specific processing activity that is being carried out, including the purposes, categories of data processed and recipients, among other information.
  2. Right of rectification of any inaccurate personal data.
  3. Right of erasure of your personal data when, among other reasons, it is no longer necessary for the purposes for which it was collected, and provided that the legitimate basis that enables us to process it, from among those indicated in the second column of the table included in section 5, is not a legal obligation.
  4. Right to object to the processing of your personal data, provided that the legitimate basis that enables us to process it, from among those indicated in the second column of the table included in section 5, is the legitimate interest of Generali or a third party. Generali will stop processing your data unless a compelling or higher legitimate interest for the processing is proven, or in case we may retain the data in blocked form for the exercise or defence of claims.
  5. The right to request the restriction of the processing of your personal data where the accuracy, lawfulness or necessity of the data processing is in question, in which case we may retain the blocked data for the exercise or defence of claims.
  6. The right to portability of your data, i.e. to receive your personal data in a structured, commonly used and machine-readable format, in order to transmit it to you or to another data controller, provided that the legitimate basis that enables us to process it, from among those indicated in the second column of the table in section 5, is the existence of a contractual relationship or your consent.
  7. The right not to be subject to automated decisions that may affect your legal rights, or that significantly affect you and when such decisions are being made.
  8. Right to revoke your consent given to Generali for the processing of your data, provided that the legitimate basis that enables us to process your data, from among those indicated in the second column of the table included in in section 5, is your consent.

You can exercise your rights at any time and free of charge through the form you will find at the following link.

In addition, we will include a link for unsubscribing to commercial communications at the foot of all communications sent to you so that, by accessing it, you can unsubscribe from the specific category of commercial communication you have received.

In addition, you have the right to lodge a complaint with Generali or the Spanish Supervisory Authority (Agencia Española de Protección de Datos) if you believe that there has been a breach of data protection legislation in relation to the processing of your personal data.

5. Detailed information of the processing carried out by service

PURPOSE OF THE PROCESSING  LEGITIMATE BASIS  RECIPIENTS  INTERNATIONAL TRANSFERS 
To detect and resolve possible incidents and failures in the webs and digital channels that affect web users, preventing them, among others, from completing online transactions, as well as monitoring and hosting web traffic in order to limit the transmission of documents, links or malicious access. Legitimate interest of Generali in ensuring the safe and efficient operation of its websites and in improving the user experience

Your data may be communicated within the framework of this processing to the parent company of the group to which Generali belongs.

The categories of service providers that may have access to your information are those listed in section 2.

To the US and India by means of the respective Standard Contractual Clauses approved by the European Commission.
Management of published content and interactions with customers and users through Generali social networks. Generali legitimate interest in interacting with its customers and users through social networks.

Your personal data will not be transferred on the basis of this processing.

The categories of service providers that may have access to your information are those listed in section 2.

To the US by means of the respective Standard Contractual Clauses approved by the European Commission, as well as to the United Kingdom by virtue of the applicable Adequacy Decision.
To assist and reply to the requests received through the different contact channels. Performance of a contract or pre-contract.    

 

6. Confidentiality

The personal data that we may collect through our websites, portals, forms, contact mailboxes, as well as through the various electronic or telephone communications that we maintain with you or your representative will be processed confidentially by Generali, with Generali pledging to keep these confidential in accordance with the provisions of applicable law.

7. Safe environment

In order to comply with the legal requirements on the protection of personal data, access to some of the areas of Generali websites is done in a secure environment (i.e. SSL, Secure Socket Layer, TLS- Transport Layer Security or similar), which implies that all operations and transactions are carried out on a secure server whose access is restricted to certain users, and that all information exchanged is encrypted, which ensures the authenticity of Generali’s websites from where personal data is collected, as well as the integrity and confidentiality of personal data during its transmission.

Users can verify that they are in a secure environment when a symbol of a closed padlock is visible at the bottom of the browser and internet protocol changes from http:// to https://. Additionally, certain configurations of some browsers provide the user with a message on screen when you enter and leave a secure server.

The website is designed to provide our customers and prospects information about our company, as well as our products and services. Generali does not sell or provide third parties with any information for mailing lists or direct marketing companies, nor does it send communications that have not been previously requested or accepted by users.

It is understood that the user who submits a request by email wants it to be addressed and answered by Generali in the same way, including, where appropriate, the sending of promotional information requested by the user.

8. Recommendations against fraud

In accordance with its Privacy Policy, Generali wants the users of its websites www.generalion.es, www.generaliexpatriates.es, www.genesis.es, and www.regal.es to have control of their personal information. To this end, Generali does not ask the user for their password or access code or PIN (personal identification number) by email. Only in the event that a user decides to contact Generali by email would Generali receive such data, which will include, in any case, their email address and, additionally, that data that the user enters in the text of the sent email.

If you have been the victim of an attack, fraud or attempted fraud, and have provided information, report it to the Police.

The regulations on Telecommunications and Information Society Services attribute to the Spanish Supervisory Authority (Agencia Española de Protección de Datos) the protection of the rights and guarantees of users in the field of electronic communications. Among them, the defence of the privacy of Internet users against Spam.

9. Update of the Privacy Policy

This Privacy Policy may need to be updated. It is therefore necessary that you review this policy periodically and, if possible, every time you access Generali’s websites (www.generalion.es, www.generaliexpatriates.es, www.genesis.es, and www.regal.es), in order to be properly informed about the type of information collected and its processing.

10. Code of Conduct Regulating the processing of personal data in the common information systems of the insurance sector

Generali adheres to the Code of Conduct for the processing of personal data promoted by UNESPA and approved by the AEPD. For more information, you can access the following link:

UNESPA: https://www.unespa.es/main-files/uploads/2022/07/Codigo-de-Conducta-UNESPA_v12-04-2022_Def-26-07-2022-indice-revisado.pdf

 

This Privacy Policy is effective as of 21st February 2022.