Pursuant to Article 13 of Regulation (EU) 2016/679 (“Regulation” or “GDPR“), Prima Assicurazioni S.p.A., with registered office at Piazzale Loreto 17, 20131 Milano (MI) (“Prima“, “Company” or “Data Controller“), provides the following information about the processing of your personal data carried out through this website and any domain related to it (“Website“). The information and data provided by you or otherwise acquired during the use of Prima’s Website will be processed in compliance with the provisions of the Regulation and with the confidentiality obligations that inspire Prima’s activity.
In accordance with the provisions of the Regulation, the processing of personal data carried out by Prima is based on the principles of lawfulness, accuracy, transparency, purpose limitation and defined retention period, data minimization, precision, integrity and confidentiality.
1. Data Controller and Data Protection Officer
Prima is the Data Controller of the personal data processing carried out through the Website. To request any information regarding the processing you may contact the Data Controller at email@example.com. The Data Protection Officer (“DPO“) can be reached by sending an e-mail at firstname.lastname@example.org.
2. Categories and types of Personal Data
As a consequence of browsing the Website, Prima processes your personal data that can make you identified or identifiable (“Data“).
The Data processed through the Website include the following:
a. Browsing Data
The computer systems and software procedures used to operate the Website acquire, during their normal operation, some Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be matched with identified data subjects, but by its very nature it could, through processing and association with data held by third parties, allow for users to be identified. This category of data includes IP addresses or the domain names of the computers used by users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. This data will be used for the sole purpose of obtaining statistical anonymous information on the use of the Website and to check its correct operation, as well as to identify anomalies and/or abuses, and will be deleted immediately after processing. The Data could also be used to ascertain responsibility in the event of hypothetical computer crimes against the Website or third parties.
3. Purposes and legal basis of processing
The data processing has the scope to gather anonymous statistical information on the use of the Website and to check its correct functioning, as well as improving the services offered and the Website.
The legal basis for this purpose is Article 6, paragraph 1, letter f) GDPR.
4. Recipients of Data
Data may be communicated to third parties acting as data controllers, such as authorities and/or public institutions where this is required by law or to other parties, appointed as data processors, by specific data processing agreement, pursuant to Article 28 GDPR.
The Data may be processed by Company’s employees who have been expressly authorised to do so and who have received appropriate operating instructions.
Other group companies for the evaluation of the application as shown in the Candidates’ Privacy Notice.
5. Transfers of personal data to third countries or international organizations
Personal data may be transferred to countries outside the European Economic Area or to international organizations.
The transfer shall always be based, alternatively:
- on an adequacy decision, pursuant to Article 45 GDPR;
- or on Standard Contractual Clauses, pursuant to Article 46, paragraph 1, letter d), GDPR, considering the case law of the Court of Justice of the European Union and the decisions n. 1/20 and 2/20 issued by the European Data Protection Board.
6. Data Retention
The Data processed will be stored for the time strictly necessary to achieve the abovementioned purposes, in compliance with the principle of minimisation referred to in Article 5, paragraph 1, letter c), GDPR.
7. Data subject rights – Complaint to the Supervisory Authority
Where applicable, in accordance with the provisions of artt. 15 et seq. GDPR, the data subject may contact the Data Controller by sending an e-mail to email@example.com or the DPO by sending an e-mail to firstname.lastname@example.org at any time, in order to:
- request access to the Data concerning him/her, their erasure, the rectification of inaccurate Data, the integration of incomplete Data, as well as the restriction of processing;
- receive, where applicable, in a structured, commonly used and machine-readable format the Data, as well as, if technically workable, to transmit them to another Data Controller without hindrance (“right to data portability”);
- oppose the processing in cases of legitimate interest of the Data Controller for reasons related to the particular situation;
- withdraw at any time the optional and freely given consent.
The data subject also has the right to lodge a complaint with the competent Supervisory Authority.
Last update: v.1 published on 02/03/2023.