The way we manage our website is explained in the section entitled Website Security Policy, which follows the guidelines of the Notice to Data Subjects pursuant to Art. 13 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (hereinafter “the Regulation”) for all users of our website services, except for any links to other websites.
Website Security Policies and Notice to Users
This page outlines how the website is managed with regard to the processing of personal data of users who consult it.
Personal data disclosed by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site involves the subsequent acquisition of the sender's address, which is needed to reply to requests, as well as any other personal data included in the message.
Our Company, as the Data Controller, will process this personal data solely for the purpose of answering users' questions, doubts, enquiries or to collect users’ feedback.
It will not be disclosed to third parties, except contractors duly authorized to handle them in their capacity of Data Controllers or Processors.
According to the privacy legislation as set out in Art. 15-22 of the Regulation, Data Subjects will have the right of access to data concerning them at any time, as well as the right to data rectification and/or completeness (in case of inaccuracies or incompleteness), erasure or restriction to processing, should specific conditions to object be satisfied. Furthermore, the Data Subject will have the right to data portability, where the data processing is carried out by automated means and is based on consent or for the execution of a contract, within the limits envisaged in the Regulation (Art. 20).
The Data Controller is SIAT Società Italiana Assicurazioni e Riassicurazioni p.A., www.siat-assicurazioni.it with registered office in Via V Dicembre 3, Genoa, Italy.
The “Data Protection Officer” will be available to answer any queries or doubts and may be contacted at the offices of SIAT Società Italiana Assicurazioni e Riassicurazioni by email: email@example.com. The Data Protection Officer may be contacted for the purpose of exercising Data Subjects' rights as well as to obtain an up-to-date list of the recipients of their data. This without prejudice to the right to file a complaint with the Italian Data Protection Authority (Garante della Privacy), if this is considered necessary to protect their personal data and rights over them.
Specific summary notices will be displayed or published on pages of our website dedicated to particular services on request.
Users are free to provide their personal data in the request forms or when contacting our Company to ask for information or other communications to be sent to them. Failure to do so might result in our inability to deal with the request.
The IT systems and software procedures used for the functioning of this website, during the course of their normal activity, acquire certain personal data implicitly transmitted through the use of Internet communication protocols. This information is not collected to be associated with the interested parties identified but due to its nature could, through processing and association with data held by third parties, allow for the identification of users. This data category includes IP addresses or domain names of computers utilized by users connecting to the website, URI (Uniform Resource Identifier) addresses of requested resources, request times, methods used to perform server requests, the size of files received in response, numeric codes indicating the status of the response from the server (successful, error, etc.) and other parameters related to the user’s operating system and IT environment. This data is only used for the purpose of gathering anonymous statistical information on website use, to control the correct functioning thereof, and is regularly deleted. Data may be used to ascertain responsibility in the event of any computer-related crimes.
Click here for more info
Personal Data Processing
Personal data are processed with automated means only for the time strictly needed to achieve the objectives for which they were collected in the first place.
Special security measures have been adopted to avoid data loss, illicit or inappropriate use and unauthorized access.
Our Company processes third-party personal data (actual and potential customers and contractors) using every security measure needed to ensure data confidentiality and protection.
In order to comply with the personal data protection legislation in force (the Legislation), the Company has taken the following steps:
- The Data Controller is SIAT Società Italiana Assicurazioni e Riassicurazioni p.A. with registered office in Via V Dicembre n. 3 - 16121 Genoa (GE), Italy, which has appointed Federico Corradini (CEO) as its Data Protection Officer (DPO), the person responsible for applying the privacy legislation within the Company;
- In order to ensure compliance with the privacy legislation, we have identified specific Process Owners for different data processing within the organisation;
- The Company outsources some of its production processes to external providers;
- Those directly involved in the processing of personal data have received specific instructions and undergo regular training and continuing professional development;
- The Agency Network is also a Data Processor for insurance purposes;
- The Company acquires only the personal data strictly necessary for the performance of the services requested or for the purposes for which they were collected, providing specific notice of this to the user;
- In order to ensure the exercise of the rights as set out in Art. 15-22 of the Regulation (data access and other rights) and to provide any further information in relation to personal data protection, any data subject can contact the DPO by letter: SIAT Società Italiana Assicurazioni e Riassicurazioni p.A., Via V Dicembre, 3 - 16121 Genova (GE) or by email: firstname.lastname@example.org to verify the existence of personal data that concerns them, including data still to be recorded, and the communication of such date in an intelligible form.
By contacting the DPO, the data subject can also:
- obtain information on the source, purposes and methods of processing data that concerns them;
- request the cancellation, transformation into anonymous form, restriction on processing, updating, rectification and/or integration of their data;
- object for legitimate reasons to the processing of their data for sale, advertising or market research purposes;
- obtain information on the recipients or categories of recipients of personal data in their capacity as Data Controllers or Processors (see List of Categories of Persons to whom we can communicate personal data);
- obtain information on the persons who may come to know about personal data in their role as Data Controllers or Processors, also as a result of activities carried on by other Group companies on the basis of service contracts;
- request the portability of personal data provided by the Data Subject where the data processing is carried out by automated means and is based on consent or for the execution of a contract, within the limits envisaged in the Regulation (Art. 20).
List of Categories of Personal Data Recipients
- Insurers, Co-insurers, and Reinsurers; Agents, Subagents, Insurance and Reinsurance Brokers & Intermediaries, producers and other channels by which insurance policies can be acquired; pension funds; banks, asset management companies, securities brokerage firms; lawyers; technical experts; doctors of medicine; garages; vehicle demolition centres; accident & claim settlement companies;
- service companies entrusted with the management, settlement and payment of claims, including assistance service centres, consultancies for judicial protection, clinics operating under a convention with the national health service; IT, telematics, financial, administrative or data storage service companies; postal service companies (for inbound and outbound data communication, envelopment, transfer and sorting); consultants; training companies; auditing firms; consultancies; financial risk service companies; fraud control service companies; authorized investigators and inspectors; credit collection agencies; marketing promoters, market research companies, customer satisfaction and service quality companies (if prior consent given for commercial purposes);
- Companies, including banks, belonging to the same Group as our Company (parent, subsidiary or associated companies, whether direct or indirect, under current legislation);
ANIA: (National Association of Insurance Companies) (Via di San Nicola da Tolentino, 72 - Roma) for the collection and processing of information, news and data for the purpose and protection of the insurance sector; and to handle the Direct Compensation Agreement among Insurers (known as CARD);
CONSORTIUM BODIES BELONGING TO THE SECTOR operating in mutual exchange with all insurance companies that are members of the consortium, to which the data can be communicated, such as:
- Life Insurers: Italian Pool for the Social Security of the Disabled (life risk assessment for subjects with disabilities);
- Aeronautical Insurers: CIAA (Italian Consortium of Aeronautical Insurers), which ceased operations on 31 December 1997 and now only handles previous commitments for the assessment of aeronautical risk and/or subsequent reinsurance with other members of the consortium;
- Theft Insurers: ULAV (Unione Latina Assicurazione Valori), which ceased operations on 31 December 1996 and now only handles previous commitments for the reinsurance of the risk involved in transporting valuables;
- Fire Insurers: Pool Italiano per l'Assicurazione dei Rischi Atomici (Italian Pool for Atomic Risk Insurance), which ceased operations on 31 December 2001 and now only handles previous commitments for the reinsurance and/or retrocession of atomic risks;
- General Third-Party Liability Insurers: Pool for Third-Party Environmental Insurance for the assessment of pollution risk and/or the assumption and subsequent reinsurance of such risk with other members of the consortium;
- Third-Party Motor and Boat Insurance: UCI S.c. a r.l., which manages and settles claims for damages caused in Italy by motor vehicles registered in foreign countries as set out in Art. 126 of the Code of Private Insurance, insures the "green cards" issued by its members, guarantees compensation for damages caused by uninsured Italian-registered motor vehicles in foreign countries, or insured by insurance companies under administration;
- Transport Insurers: Committee of the Maritime Insurance Companies in Genoa, for the management and settlement of claims, damage and recoveries on behalf and in the interests of associated insurance companies and for tasks instrumental to these activities; Committee of the Maritime Insurance Companies in Rome, for the management and settlement of claims, damage and recoveries on behalf and in the interests of associated insurance companies and for tasks instrumental to these activities; Committee of the Maritime Insurance Companies in Trieste, for the management and settlement of claims, damage and recoveries on behalf and in the interests of associated insurance companies and for tasks instrumental to these activities; ANADI – Pleasure Boats and Ships Agreement, which ceased operations on 31 December 1996 and now only handles previous commitments for the reinsurance of pleasure boats and ships; SIC – Italian Hulls Syndicate, for the assessment of hull risks and other ship-owners interests for reinsurance purposes;
- Credit and Surety Insurance: Credit and Surety Agreement 1994 for research and assessment of credit and surety risks;
CONSAP: Public Insurance Services Concessionaire, for the management of the liquidation of the motor vehicle third-party consortium account, the guarantee fund for victims of road accidents, the guarantee fund for victims of hunting accidents, the administration of the solidarity fund for victims of extortion and other consortiums already incorporated or to be incorporated, the reinsurance of agricultural risks, the legal assignment of life insurance policies, the Clearing House as part of the CARD Agreement; the liquidators of insurance companies under administrative compulsory liquidation (as published in the Gazzetta Ufficiale) for the management of previous commitments and the settlement of claims; IVASS: Institute for the Supervision of Insurance Companies, under the provisions of Art. 13 of Decree Law 95, 6 July 2012 as converted into Law 135/2012;
Other recipients, such as: UIF – Financial Information Unit for Italy, under the anti-money laundering provisions in Legislative Decree 231/2007; Casellario Centrale Infortuni (central accident database) pursuant to Legislative Decree 38, 23 February 2000; the Ministry of Economic Development, the Ministry of Transport & Infrastructures - Department of Private and Public Transport (Driver and Vehicle Licensing Agency) for the management of the national vehicles and drivers database by virtue of art. 226 of the Highway Code; CONSOB (National Commission for Companies and the Stock Exchange) under the provisions of Law 216, 7 June 1974; COVIP – Pension Fund Supervisory Commission, by virtue of art. 17 of Legislative Decree 124, 21 April 1993; the Ministry of Labour & Social Policies, by virtue of art. 17 of Legislative Decree 124, 21 April 1993; Social Security bodies such as INPS (Pensions), INAIL (Work Accident & Occupational Disease Insurance); the Ministry of Economy & Finance – Tax Register of the Inland Revenue Agency, by virtue of art. 7 of Presidential Decree 605, 29 September 1973 and art. 32 of Presidential Decree 600, 29 September 1973; Agricultural Consortia for protection against hale and other natural elements that, under the provisions of laws on agricultural risks, can act as delegates of associated insurance companies for insurance against damage caused by hale and frost (the consortium of which the insured is a member); the Judiciary; Public Security Forces (Police, Carabinieri, Financial Police, Fire Brigade; Municipal Police); other recipients or databases for which data collection and communication is mandatory.
Notice of Consent
Please find below the list of notices:
Website of the Italian Data Protection Authority