Assicurazioni Generali S.p.A. (hereinafter also the “Company”, “we” or “us”), with registered office in Trieste, at Piazza Duca Degli Abruzzi no. 2, has developed a mobile phone and desktop application (the “App”) dedicated to the Generali Group employees who have subscribed to We SHARE, The Generali Ownership Plan (“We SHARE”). In this context, the Company processes your personal data through the App.
If you wish to receive more information about the features of the App, you can use the following e-mail address:
- app@weshare.generali.com
For any questions or if you wish to exercise a right with respect to the processing of your personal data, you can contact our Data Protection Officer:
- By email at: dpoag@generali.com
- By traditional mail at: Assicurazioni Generali, Piazza Tre Torri no. 1, 20145 Milan, to the attention of the Data Protection Officer.
We process your personal data to allow the downloading of the App and offer you the best user experience in the App.
In particular, processing of your personal data is necessary, but not limited to:
(i) Make sure you can create a personal account with all the required information and notification settings;
(ii) Manage the interactive section (also including training / gaming / quiz / contests about initiatives related to Generali Group, We SHARE and The Human Safety Net, and including the possibility of accessing special benefits on products and services offered by Generali Group);
(iii) Send push notifications also regarding updates, events or invitations based on the geographical area;
(iv) Manage a social interaction system within the App; and
(v) Ensure the proper running, security and protection of the App.
Processing of your personal data for the purposes indicated above in points (i) to (v) is based on your freely given and explicit consent.
In order to improve the services offered through the App and obtain greater yield by enhancing its functionality and simplifying its approach, we carry out evaluations on the results obtained from statistical analysis.
The processing for the achievement of this purpose is carried out exclusively using fully anonymized data and no user can be re-identified from the aggregated results and information obtained.
The anonymization of your personal data is based on the Company's legitimate interest, to the extent that this is strictly necessary to pursue service improvements mentioned above and is based on proper balancing with your fundamental rights and freedoms.
The registration to the App is on a voluntary basis and subject to your explicit consent. If you decide to register, communication of your personal data is required to offer you the best user experience in the App.
Therefore, failure in communication or partial or inaccurate communication may, as consequence, lead to the impossibility of being part of the We SHARE community and benefit from all the advantages that can be found in the App.
We process only the personal data that is strictly necessary to achieve the purposes indicated above, either directly provided by you or provided by other Generali Group Companies, as employers, or by third parties (such as, for example, Global Shares).
In particular, we mainly process the following data:
(i) Personal details and identification data;
(ii) Work and/or personal e-mail addresses, depending on the preferred e-mail address used for communication purposes of We SHARE;
(iii) Your subscription to We SHARE, including your individual contributions, your subscription status and your employment status,
in addition to any other personal data (including also photos, videos, texts, audios) provided by you, if any, by using the App.
Our staff processes your personal data using modalities and procedures, available also in electronic form and suitable to ensure an adequate level of security.
Your personal data can be shared only with third parties which have been assigned with the task to perform some activities concerning your relationship with the Company and/or We SHARE. In particular, the Company avails itself of Competence for most of the activities connected with the App and of other parties assigned with the task to perform activities strictly connected with the running of the App.
Depending on the activity performed, these third parties may act as Data Processors, Joint Controllers or autonomous Data Controller. Our staff and third parties which process your personal data for the purposes indicated above – exception for autonomous Data Controllers – receive proper instructions about the correct modalities of the processing.
Personal data can be also shared with other legal entities within the Generali Group other than the Company. By using the App, your personal data may be viewable to other users.
Your personal data are not disseminated.
As a general rule, we do not transfer your personal data to Countries outside the European Economic Area.
In exceptional cases, limited to the purposes indicated above, we may transfer your personal data to a third party described above or to a public body requesting it, also to Countries outside the European Economic Area.
In any case, the transfer of your personal data is performed in compliance with the applicable laws and international agreements in force, as well as on the basis of appropriate and suitable safeguards (e.g. transfer to a Country ensuring an adequate level of protection or adopting the standard contractual clauses approved by the EU Commission).
You can exercise the following rights in respect to your personal data:
- Access – you may request access to your personal data to receive information, for example, about the categories of personal data that the Company is currently processing;
- Rectify – you may ask the Company to correct personal data that is inaccurate or incomplete;
- Erase – you may ask the Company to erase personal data where one of the following grounds applies;
a. Where the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b. The personal data have been unlawfully processed;
c. You withdraw consent on which the processing is based and where there is no other legal ground for the processing;
d. The personal data have to be erased for compliance with legal obligation in Union or Member State law to which the Company is subject.
- Restrict – you may ask the Company to restrict how it processes your personal data, requesting only their storage, where one of the following applies:
a. You contest the accuracy of your personal data, for a period enabling the Company to verify the accuracy of your personal data;
b. The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
c. The Company no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims.
- Portability – you may ask the Company to transfer the personal data you have provided us to another organization or / and ask to receive your personal data in a structured, commonly used and machine-readable format.
In case you provided your consent to the processing of personal data, you may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
If your personal data are transferred outside the European Economic Area, you have the right to obtain copy of such data as well as indication of the Country/Countries where the data have been made available.
You can exercise your rights by contacting our Data Protection Officer at the contact details above indicated. The request of exercise of rights is free of charge, unless the request is manifestly unfounded or excessive.
You have the right to object to the processing of your personal data and request the termination of the processing operations when they are based on legitimate interest (refer to How we use your personal data and on what grounds), unless the Company has compelling legitimate grounds for continuing processing operations which override your interests, rights and freedoms.
In case you consider that the processing of your personal data infringes the applicable privacy laws, you have the right to lodge a complaint to the Italian Personal Data Protection Authority – Garante per la Protezione dei Dati Personali – with the modalities indicated on the Authority's website (www.garanteprivacy.it).
Your personal data can be retained for the period necessary to fulfill the purposes for which it was collected, pursuant to paragraph 2 above. In particular, personal data processed for:
- Contractual Purposes are retained up to 10 years from the closure of your account on the App or the termination of the Plan, whichever occurs first;
- Notification Purposes are processed until the withdrawal of the consent or the termination of the participation to the WE SHARE Plan, whichever occurs first;
- Additional Purposes are retained for the period necessary to pursue the purposes for which they were collected (or until you choose to exercise your right to object to the processing pursuant to paragraph 8 above) and, in case of disputes, for the statute of limitations set forth under the applicable laws, without prejudice to any longer storage periods provided for by specific laws.
Considering possible amendments of the applicable privacy laws, the Company may integrate and/or update, wholly or partially, this privacy notice. Any changes, integrations or updates will be communicated in compliance with applicable laws through the App.
To help you understand our privacy notice, please find below the meanings of key terms contained therein:
Processing means any operation or set of operations that are performed on personal data or on sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, whether or not by automated means.
Personal data means any information relating, directly or indirectly, to a person (e.g. name, identification number, location data, online identifier, one or more elements able to identify the physical, physiological, genetic, mental, economic, cultural or social identity, etc.).
Data subject is the person whose personal data are processed.
Data controller is the individual or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (for example, the employer is the data controller with respect to his/her employees' personal data since, with reference to the employment relationship, s/he can decide the purpose and means of such processing).
Joint controller is the individual or legal person, public authority, agency or other body which, jointly with other data controllers, determines the purposes and means of the processing of personal data.
Data Processor is the individual or legal person, public authority, agency or other body which processes personal data on behalf of the data controller (for example, the company which provides the service of employees' salaries calculation may be considered a data processor since it processes personal data on behalf of another company, the employer).
Data Protection Officer is a person in charge of performing support activities for company functions and control activities with respect to the processing of personal data. S/he is also in charge for cooperating with the Supervisory Authority and represents the contact point, for data subjects as well, for any matters connected with the processing of personal data.
The Garante per la Protezione dei Dati Personali is the Italian Supervisory Authority for the protection of personal data.