- Information on the processing of your Personal Data
- Rights of the Data Subject
- How to exercise rights and/or request information on processing
- information notes
You will be provided with specific and/or supplementary information on the processing of your Personal Data whenever we collect them, in your interaction with the site or by virtue of contractual relationships established with our Company; you can consult all of them at any time by clicking on the links in the appropriate section “Information notes” at the bottom of this page.
GDPR or Regulation: European Union Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data (General Data Protection Regulation)
Personal Data: Any information concerning an identified or identifiable natural person. In addition to the data provided by the User by means of any forms within the individual areas of the Web Services, this will also include data relating to his or her browsing
Data Subject: The identified or identifiable natural person to whom the Personal Data refer.
Browsing Data: During their normal operation, the computer systems and software procedures used to operate the website services acquire some data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified Data Subjects, but, by its very nature, it could make it possible to identify Users by means of processing and cross-referencing with data held by third parties. However, if the browsing session takes place after accessing the Reserved Area (log in), the data collected are associated with the User’s personal account.
Browsing data include:
- IP addresses or domain names of the computers used by Users connecting to the Website;
- the addresses in URI (Uniform Resource Identifier) notation of the requested resources;
- the time of the request;
- the method used in submitting the request to the server;
- the size of the file obtained in response;
- the numeric code indicating the status of the response given by the server (successful, error, etc.);
- other parameters relating to the User’s operating system and computer environment.
Data provided by the User: These are the data that the User voluntarily and knowingly transmits through the sending of communications (e.g. by e-mail, to the addresses within the web domain) or through the filling in of forms, if present within the spaces provided by the Services.
The Data provided by the User are only those strictly necessary for the purposes from time to time pursued by the Services (for precise indications regarding the categories of data collected from time to time, please refer to the individual privacy policies). By way of example, such data may be:
- Personal Data;
- concerning contact details (e.g. e-mail address);
- the contractual position of the User-Customer;
- geolocation (where the User has given consent to the collection of location data);
- concerning the use of the individual Services made available to the User;
- concerning facts and events detailed by the User in his/her messages (in this regard, and for his/her greater protection, the User is invited not to provide information that is not strictly pertinent to the subject of the request and the nature of the Services provided by the Company).
Data Controller or Controller: The person who decides on the purposes and methods of processing of Personal Data. With reference to the Web Services, it is the Unipol Group Company to which this website refers and whose references you will find at the bottom of each page.
Services or Web Services: The services provided via the Internet, used through the website and/or any Apps.
User: The Data Subject (natural person) browsing, consulting, accessing or using the Web Services.
DPO: The Data Protection Officer. The Data Subject User may request clarification on the processing of Personal Data or exercise his or her rights by contacting the DPO, in the manner and form indicated in the section “How to exercise rights and/or request information on processing”.
Data Protection Authority: The Italian national data protection supervisory authority. Consult the Data Protection Authority’s website.
Cookies: Cookies are pieces of information stored on your device (e.g. in your browser’s memory) when you visit a website or use a web application.
INFORMATION ON THE PROCESSING OF YOUR PERSONAL DATA
Below we provide you with useful information concerning the processing of Personal Data carried out through the Web Services.
In particular, we want to inform you on:
- the identification and contact details of the data controller;
- the contact details of the Data Protection Officer (DPO);
- the categories of Personal Data processed through the Web Services;
- the purposes for which such Personal Data are processed;
- the legal bases legitimising the processing of such data;
- the duration of their storage, always strictly necessary for the pursuit of the stated purposes;
- the categories of recipients of data communication.
|Data Controller||Registered office|
|UnipolTech S.p.A.||Via Stalingrado 37 – 40128 Bologna|
Categories of Personal Data, purposes and legal bases for processing and retention periods
|Categories of Personal data||Purpose of the processing||Legal bases||Data retention periods|
|Browsing data||Enabling web browsing and the provision of Services||Need to perform a contract to which the Data Subject is party or to provide a service at the Data Subject’s request||For the duration of browsing within the services|
|To obtain anonymous statistical information on the use of the Web Services, for the sole purpose of monitoring their proper functioning||Legitimate interest of the Company||Collected data are aggregated and made no longer traceable to the individual User who browsed|
|To ensure the security and proper functioning of the Web Services, as well as to ascertain liability, in the event of any offences, and to protect our rights accordingly||Legitimate interest of the Company||(1 month) and thereafter for the time strictly necessary for any investigations, the settlement of any disputes and, in general, the protection of our rights|
|Data provided by the User: provision of Web Services||Reserved Area registration and functionalities related to the provision of related Web Services||Need to perform a contract to which the Data Subject is a party||For the account activation time and up to 2 (two) years from the last access for deactivation. In the case of Services linked to a contractual position of the User, Personal Data may be retained for additional periods for administrative-accounting purposes and on the basis of the provisions of the regulations applicable from time to time (generally, 10 years)|
|Request for information||Need to execute requests made by the Data Subject (pre-contractual phase) or legitimate interest||The time taken to provide feedback|
|Commercial and promotional communications (marketing purposes)||Consent||2 (two) years or until revocation of consent|
|Analysis of tastes and preferences (profiling purposes)||Consent||1 (one) year or until revocation of consent|
The provision of your Personal Data is free and optional. Please note, however, that it is indispensable for the pursuit of certain purposes (to provide you with the appropriate feedback requested, for registration to the Reserved Area or for the provision of individual Services); if not provided, in such cases, it may not be possible to proceed with the aforementioned purposes.
Failure to provide data (and consent) for marketing or profiling purposes does not affect the other services requested.
We invite you, however, to consult the individual data processing notices for more details.
Method of processing and recipients of data communication
The above-mentioned data will not be subject to dissemination and may be seen by employees of our Company specifically authorised to process them. They may also be acquired and/or processed by other companies of the Unipol Group and/or companies. Processing operations may be carried out by external parties to whom we entrust the performance of activities on our behalf, and with whom we enter into special agreements governing the processing of data.
Finally, upon express request the data may be disclosed to public authorities or law enforcement agencies.
The processing of Personal Data is always subject to the adoption of appropriate security measures to guarantee the confidentiality, availability and integrity of the data.
The Web Services may use technical, analytical and profiling cookies, both first- and third-party ones.
Cookies are indispensable for the improvement of the Services and to provide products in line with Users’ preferences.
Any use of profiling and/or third-party cookies will always be subject to your prior consent.
To find out more, click here.
RIGHTS OF THE USER (AS DATA SUBJECT)
|Rights||What does it consist of?||Prerequisites|
|Access to data||The User may request the Data Controller:
||The User may always submit such a request|
|Correcting or supplementing data||The User may request the Data Controller to:
||Should the data processed prove to be inaccurate or incomplete|
|Data erasure||The User may request the Controller to delete the Personal Data it is processing||
|Limitation of the processing of Personal Data||The User may request the Controller not to carry out, with the exception of storage only, any processing operation on his/her Personal Data, except with the User’s consent or to protect his/her rights||
|Objecting to the processing of Personal Data||The User may object to processing based on legitimate interest (including the sending of promotional communications) or public interest||There must be grounds related to the specific situation of the User, unless the objection is to processing for direct marketing purposes|
|Objecting to automated decision-making||The User may object to automated decision-making processes. If such a process is necessary for signing a contract, is based on explicit consent, is authorised by law or regulation of the State or the European Union, the User has the right to obtain human intervention by the controller, to express his/her opinion and to contest the decision||There is a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects the User in a similar way|
|Portability of Personal Data||The User has the right to receive in a structured, commonly used and machine-readable format the Personal Data concerning him/her||Provided all the following conditions are met:
|Withdrawal of consent||The User may revoke the consent given. Revocation does not affect the lawfulness of the processing carried out up to that time||Always|
HOW TO EXERCISE RIGHTS AND/OR REQUEST INFORMATION ON PROCESSING
The “Data Protection Officer” is available for any doubts or clarifications, for the exercise of Data Subjects’ rights and to provide the updated list of the categories of data recipients.
|Data Protection Officer or DPOfirstname.lastname@example.org|
This is without prejudice to your right to appeal to the Data Protection Authority, also by means of a complaint, where deemed necessary for the protection of your Personal Data and your rights in this matter.
Below is a list of the information notes: