Privacy policy


Dear User,

this Privacy Policy is provided to you pursuant to Article 13 of Regulation 2016/679/EU on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data (hereinafter also referred to as the “Regulation” or “GDPR”).
In this Privacy Policy you will find information on the processing of your Personal Data resulting from your browsing within the web spaces and use of the services made available to you through the website.
You will be provided with specific and/or supplementary information on the processing of your Personal Data whenever we collect them, in your interaction with the site or by virtue of contractual relationships established with our Company; you can consult all of them at any time by clicking on the links in the appropriate section “Information notes” at the bottom of this page.

Please note: this Privacy Policy does not apply to Web Services provided by third parties that you may use or consult and reach via hypertext links. In this respect, we encourage you to consult the privacy notices and privacy policies provided by the aforementioned third parties in the appropriate places.


Privacy Policy: The GDPR, the Privacy Code, the Authority’s Provisions and in general all legislation on the protection of individuals with regard to the processing of Personal Data.
GDPR or Regulation: European Union Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of Personal Data (General Data Protection Regulation)
Personal Data: Any information concerning an identified or identifiable natural person. In addition to the data provided by the User by means of any forms within the individual areas of the Web Services, this will also include data relating to his or her browsing 
Data Subject: The identified or identifiable natural person to whom the Personal Data refer.
Browsing Data: During their normal operation, the computer systems and software procedures used to operate the website services acquire some data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified Data Subjects, but, by its very nature, it could make it possible to identify Users by means of processing and cross-referencing with data held by third parties. However, if the browsing session takes place after accessing the Reserved Area (log in), the data collected are associated with the User’s personal account.

Browsing data include:

  • IP addresses or domain names of the computers used by Users connecting to the Website;
  • the addresses in URI (Uniform Resource Identifier) notation of the requested resources;
  • the time of the request;
  • the method used in submitting the request to the server;
  • the size of the file obtained in response;
  • the numeric code indicating the status of the response given by the server (successful, error, etc.);
  • other parameters relating to the User’s operating system and computer environment.

Data provided by the User: These are the data that the User voluntarily and knowingly transmits through the sending of communications (e.g. by e-mail, to the addresses within the web domain) or through the filling in of forms, if present within the spaces provided by the Services.
The Data provided by the User are only those strictly necessary for the purposes from time to time pursued by the Services (for precise indications regarding the categories of data collected from time to time, please refer to the individual privacy policies). By way of example, such data may be:

  • Personal Data;
  • concerning contact details (e.g. e-mail address);
  • the contractual position of the User-Customer;
  • geolocation (where the User has given consent to the collection of location data);
  • concerning the use of the individual Services made available to the User;
  • concerning facts and events detailed by the User in his/her messages (in this regard, and for his/her greater protection, the User is invited not to provide information that is not strictly pertinent to the subject of the request and the nature of the Services provided by the Company).

Data Controller or Controller: The person who decides on the purposes and methods of processing of Personal Data. With reference to the Web Services, it is the Unipol Group Company to which this website refers and whose references you will find at the bottom of each page.
Services or Web Services: The services provided via the Internet, used through the website and/or any Apps.
User: The Data Subject (natural person) browsing, consulting, accessing or using the Web Services.
DPO: The Data Protection Officer. The Data Subject User may request clarification on the processing of Personal Data or exercise his or her rights by contacting the DPO, in the manner and form indicated in the section “How to exercise rights and/or request information on processing”.
Data Protection Authority: The Italian national data protection supervisory authority. Consult the Data Protection Authority’s website.
Cookies: Cookies are pieces of information stored on your device (e.g. in your browser’s memory) when you visit a website or use a web application.
Each cookie may contain various data, such as the name of the server it comes from, a numeric identifier, etc. See the Cookie Policy for more information.


Below we provide you with useful information concerning the processing of Personal Data carried out through the Web Services.
In particular, we want to inform you on:

  • the identification and contact details of the data controller;
  • the contact details of the Data Protection Officer (DPO);
  • the categories of Personal Data processed through the Web Services;
  • the purposes for which such Personal Data are processed;
  • the legal bases legitimising the processing of such data;
  • the duration of their storage, always strictly necessary for the pursuit of the stated purposes;
  • the categories of recipients of data communication.
Data Controller Registered office
UnipolTech S.p.A. Via Stalingrado 37 – 40128 Bologna

Categories of Personal Data, purposes and legal bases for processing and retention periods

Categories of Personal data Purpose of the processing Legal bases Data retention periods
Browsing data Enabling web browsing and the provision of Services Need to perform a contract to which the Data Subject is party or to provide a service at the Data Subject’s request For the duration of browsing within the services
To obtain anonymous statistical information on the use of the Web Services, for the sole purpose of monitoring their proper functioning Legitimate interest of the Company Collected data are aggregated and made no longer traceable to the individual User who browsed
To ensure the security and proper functioning of the Web Services, as well as to ascertain liability, in the event of any offences, and to protect our rights accordingly Legitimate interest of the Company (1 month) and thereafter for the time strictly necessary for any investigations, the settlement of any disputes and, in general, the protection of our rights
Data provided by the User: provision of Web Services Reserved Area registration and functionalities related to the provision of related Web Services Need to perform a contract to which the Data Subject is a party For the account activation time and up to 2 (two) years from the last access for deactivation. In the case of Services linked to a contractual position of the User, Personal Data may be retained for additional periods for administrative-accounting purposes and on the basis of the provisions of the regulations applicable from time to time (generally, 10 years)
Request for information Need to execute requests made by the Data Subject (pre-contractual phase) or legitimate interest The time taken to provide feedback
Commercial and promotional communications (marketing purposes) Consent 2 (two) years or until revocation of consent
Analysis of tastes and preferences (profiling purposes) Consent 1 (one) year or until revocation of consent

The provision of your Personal Data is free and optional. Please note, however, that it is indispensable for the pursuit of certain purposes (to provide you with the appropriate feedback requested, for registration to the Reserved Area or for the provision of individual Services); if not provided, in such cases, it may not be possible to proceed with the aforementioned purposes.
Failure to provide data (and consent) for marketing or profiling purposes does not affect the other services requested.

We invite you, however, to consult the individual data processing notices for more details.

Method of processing and recipients of data communication

The above-mentioned data will not be subject to dissemination and may be seen by employees of our Company specifically authorised to process them. They may also be acquired and/or processed by other companies of the Unipol Group and/or companies. Processing operations may be carried out by external parties to whom we entrust the performance of activities on our behalf, and with whom we enter into special agreements governing the processing of data.
Finally, upon express request the data may be disclosed to public authorities or law enforcement agencies.
The processing of Personal Data is always subject to the adoption of appropriate security measures to guarantee the confidentiality, availability and integrity of the data.


The Web Services may use technical, analytical and profiling cookies, both first- and third-party ones.
Cookies are indispensable for the improvement of the Services and to provide products in line with Users’ preferences.
Any use of profiling and/or third-party cookies will always be subject to your prior consent.
To find out more, click here.


The Privacy Law (Articles 15-22 of the Regulation) guarantees the User, as the Data Subject, the right to access the data concerning him/her, as well as to have them rectified and/or supplemented, erased or transferred. The Privacy Policy also gives the User the right to request the restriction of data processing and to object to data processing, as well as the possibility to revoke any consent given (revocation does not affect the lawfulness of the processing carried out up to that point).

Rights What does it consist of? Prerequisites
Access to data The User may request the Data Controller:
  • confirmation that it is processing data concerning him/her;
  • copy of the data concerning him/her;
  • information regarding data processing (e.g., legal bases, retention periods, categories of data recipients, etc.)
The User may always submit such a request
Correcting or supplementing data The User may request the Data Controller to:
  • rectify
  • update
  • modify
the Personal Data processed
Should the data processed prove to be inaccurate or incomplete
Data erasure The User may request the Controller to delete the Personal Data it is processing
  • Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the User revokes the consent on which the processing is based, and if there is no other legal basis for the processing;
  • the User objects to the processing pursuant to Article 21 and there is no overriding legitimate reason to proceed with the processing;
  • Personal Data have been unlawfully processed;
  • the Personal Data must be deleted in order to comply with a legal obligation laid down by Union or Member State law to which the controller is subject.
Limitation of the processing of Personal Data The User may request the Controller not to carry out, with the exception of storage only, any processing operation on his/her Personal Data, except with the User’s consent or to protect his/her rights
  • the User disputes the accuracy of the Personal Data, for the period necessary for the controller to verify the accuracy of such Personal Data;
  • the processing is unlawful and the Data Subject objects to the deletion of the Personal Data and requests instead that their use be restricted;
  • although the data controller no longer needs it for the purposes of processing, the Personal Data are necessary for the establishment, exercise or defence of a legal claim;
  • the User has objected to the processing, pending verification of whether the data controller’s legitimate reasons prevail over those of the Data Subject.
Objecting to the processing of Personal Data The User may object to processing based on legitimate interest (including the sending of promotional communications) or public interest There must be grounds related to the specific situation of the User, unless the objection is to processing for direct marketing purposes
Objecting to automated decision-making The User may object to automated decision-making processes. If such a process is necessary for signing a contract, is based on explicit consent, is authorised by law or regulation of the State or the European Union, the User has the right to obtain human intervention by the controller, to express his/her opinion and to contest the decision There is a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects the User in a similar way
Portability of Personal Data The User has the right to receive in a structured, commonly used and machine-readable format the Personal Data concerning him/her Provided all the following conditions are met:
  • data have been provided by the User;
  • the processing is based on consent or on a contract;
  • the processing is carried out by automated means.
Withdrawal of consent The User may revoke the consent given. Revocation does not affect the lawfulness of the processing carried out up to that time Always


The “Data Protection Officer” is available for any doubts or clarifications, for the exercise of Data Subjects’ rights and to provide the updated list of the categories of data recipients.

Data Protection Officer or DPO

This is without prejudice to your right to appeal to the Data Protection Authority, also by means of a complaint, where deemed necessary for the protection of your Personal Data and your rights in this matter.


Below is a list of the information notes:

Back to index