Picture

PRIVACY POLICY

WEBSITE PRIVACY POLICY

IN ACCORDANCE WITH ARTICLES 13 AND 14 OF REGULATION (EU) 2016/679

1.  Which company of the Generali Group will process Your personal data*?

 

Generali Real Estate S.p.A. Società di gestione del risparmio (hereinafter the “Company”, “We”, “Us” or “Our”), with registered office in Trieste, Via Machiavelli n. 4, will process* Your personal data as Data Controller* in accordance with Regulation (EU) 2016/679 (hereinafter the “GDPR”).

If You wish to contact Us, You can use the following contact details:

  • Generali Real Estate S.p.A. Società di gestione del risparmio, Via Machiavelli 4, 34132 Trieste and Piazza Tre Torri 1, 20145 Milan

  • privacy.gresgr@generali.com

If You wish to submit any questions or exercise a right regarding the processing of Your personal data, You can contact the Company’s Data Protection Officer*, by using the following contact details:

By mail:

  • Generali Real Estate S.p.A. Società di gestione del risparmio, Via Machiavelli 4, 34132 Trieste, to the attention of the Data Protection Officer

 

 By e-mail:

  • dpo.gresgr@generali.com

 

Effective as from 01/02/2021 

 

This Privacy Policy provides users (hereinafter “You” or “Your”) of the website [www.generalirealestate.com] (hereinafter the “Website”) with the information on the processing of their personal data, collected by the Company by means of the Website, in the context of Your use of the Website and the services available on the Website, under Articles 13 and 14 of the GDPR.

 

Unless otherwise specified herein, this Privacy Policy does not apply to any other data referred to You, collected by the Company by or through any other means, such as information collected offline and on other websites of the entities of the Generali group that You might access via any link found on the Website.

 

The Company may provide You with further specific information on the processing of Your personal data, along with the relevant request of consent, if needed. This information may also be provided within other webpages of the Website, in case You should make specific requests to the Company, by providing the latter with Your personal data. Those privacy information notices and consents will be respectively provided and obtained prior to the processing of these further categories of personal data.

 

The Company cares about the confidentiality, protection and safety of Your personal data. In order to help You in understanding this Privacy Policy, You can find a glossary on the last page of this Privacy Policy, which includes the definitions of the main terms used herein.

 

We strongly recommend You to carefully read this Privacy Policy before browsing through the pages of the Website.

 

We may amend this Privacy Policy, from time to time, also as a consequence of any legal or regulatory changes. However, the updated version of this Privacy Policy will always be available on the Website, to be consulted by You.

 

2. How do We process Your personal data and what is the legal basis for the processing of this data?

 

The Company will process Your personal data in compliance with the obligations to which the Company is subject to under the GDPR.

 

The Company will process Your personal data (as better identified in Section 4 below) to pursue the following purposes:

 

a)     Providing the services offered through the Website, including the possibility of obtaining answers to the requests for information or assistance that You should submit to us (hereinafter "Contractual Purposes");

 

b)     Complying with the obligations set forth by applicable laws, including responding to possible requests submitted to us by governmental authorities and supervisory bodies (hereinafter "Law Purposes");

 

c)     Carrying out activities functional to the sale of companies or business units, acquisitions, mergers, spin-offs or other operations that may affect the Company, as well as executing such operations;

 

d)     Developing and improving the services offered through the Website, by carrying out statistics on the use of the Website (e.g. analyzing the most visited pages, etc.) and checking its functioning; and

 

e)     Establishing, exercising or defending of legal claims;

 

(the purposes of the processing listed under letters from c) to e) above are hereinafter jointly referred to as “Legitimate Business Interest Purposes”).

 

In case the Company wishes to process Your personal data for purposes other than the ones listed above, the Company will prior provide You with any required information under the GDPR, and collect Your consent, where needed.

 

The Company does not process Your personal data only based on automated decision-making processes.

 

3. Why do We ask You to provide Your personal data?

 

a)     The processing of Your personal data for Contractual Purposes (please see Section 2, let. a), above) is carried out pursuant to Article 6.1, let. b) of the GDPR and is mandatory, given that otherwise We would not be able to allow You to browse the Website or assist You in relation to Your requests. If you don’t want Us to process Your Identification Data (as defined under Section 4, letter a), below), you will not have to send us a request of information.

 

b)     The processing of Your personal data for Law Purposes is mandatory, as it is necessary to enable Us to comply with applicable laws.

 

c)     The processing of Your personal data for Legitimate Business Interest Purposes (please see Section 2, letters from c) to e) above) is based on Our legitimate interests, pursuant to Article 6.1, let. f) of the GDPR, which have been adequately balanced with Your interests and rights, as the processing of Your personal data is carried out only to the extent it is strictly necessary to pursue such purposes. However, You may object to the processing of Your personal data, by following the instructions specified under Section 6 below, unless We have an overriding interest on further processing Your personal data or in case the processing of Your data is necessary to establish, exercise or defend of legal claims.

 

 

4. Categories of personal data processed

 

We will process Your personal data only to the extent necessary to achieve the above-mentioned purposes. In particular, We will process the following categories of personal data referred to You:

 

a)     Data voluntarily provided by You, by submitting to Us any requests for information or assistance by means of the Website or using Our contact details available on the Website. This data might include Your  name, surname, address, occupation, job title, employer/associated company, phone number and email address, as well as any other information referred to You that You should provide to Us by requesting information or assistance; (hereinafter jointly referred to as “Identification Data”);

 

b)     Browsing data relating to the use of the services on the Website made by You, such as Your IP addresses or domain names of Your devices, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server and other parameters relating to Your operating system and computer environment (hereinafter jointly referred to as "Browsing Data"). This data is automatically collected by means of the cookies* installed on the Website, in accordance with Our cookie policy, which is available at the following link. The collection of the Browsing Data does not aim at matching this data with You and We process this data in aggregate form. However, we may be able to identify You by means of Your Browsing Data.

 

 

5. With whom do We share Your personal data?

 

The Company will process Your personal data only to the extent that it is adequate, relevant and limited to what is necessary in relation to the purposes indicated under Section 2 above, by means of electronical and telematic tools as well as hard copies, in such a way as to ensure the security, protection and confidentiality of Your personal data.

 

In pursuing the purposes referred to in Section 2 above, We may disclose Your personal data to the following categories of recipients:

 

a)     Third party suppliers and companies of the Generali group, to the extent that such entities provide assistance or consultancy services to the Company, including but not limited to technological, accounting, administrative, legal and insurance services;

 

b)     Governmental authorities and supervisory bodies whose right to access to Your personal data is set forth by applicable laws; and

 

c)     To possible purchasers of the Company and other entities resulting from mergers or any other operations affecting the Company.

 

Your personal data will not be disseminated.

 

 

6. Where do We transfer Your personal data?

 

In pursuing the purposes referred to in Section 2 above, We may transfer Your personal data to countries outside the European Economic Area (EEA), by implementing appropriate safeguards, according to Articles 44 et seq. of the GDPR.

 

If You wish to have further information on the Countries where Your personal data may be transferred to as well as the relevant safeguards in place, You can contact Our Data Protection Officer, by using the contact details above.

 

 

7. The rights You can exercise regarding the processing of Your personal data

 

According to Articles 15 et seq. of the GDPR, You have the following rights that You can exercise by contacting Our Data Protection Officer:

 

-        Right of access

 

You may ask the Company to access Your personal data in order to know, for example, which personal data referred to You the Company is currently processing.

 

-        Right to rectification 

 

You may ask the Company to rectify any personal data referred to You which should be inaccurate or incomplete.

 

-        Right to erasure

 

You may ask the Company to erase Your personal data when one of the following circumstances occurs:

 

  • Personal data is no longer necessary with respect to the purposes for which it was collected or otherwise processed;

  • You withdrew Your consent on the processing of Your personal data and the Company cannot rely on other legal grounds to process Your data;

  • You have objected to automated decision-making and there are no overriding legitimate grounds for the processing of Your data, or You have objected to the processing of Your data for direct marketing purposes;

  • Personal data has been unlawfully processed by the Company;

  • Personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the Company is subject; and

  • Personal data has been collected in connection with the provision of information society services, referred to in Article 8, paragraph 1, of the GDPR.

 

-        Right to restriction

 

You may ask the Company to restrict how it processes Your personal data, and requesting only its storage, where one of the following applies:

 

a)     You contest the accuracy of Your personal data, for a period enabling the Company to verify the accuracy of Your personal data;

 

b)     The processing is unlawful and You oppose the erasure of Your personal data and request the restriction of its use instead;

 

c)     The Company no longer needs Your personal data for the purposes of the processing, but this data is required by You for the establishment, exercise or defense of legal claims;

 

d)     You have objected to processing pursuant to the right to object and automated decision-making, pending the verification whether the legitimate grounds of the Company override Yours.

 

-        Right to data portability

 

You may ask the Company to transfer Your personal data to another company or organization and/or to receive Your personal data in a structured, commonly used and machine-readable format.

 

If You have granted your consent to the processing of Your data, You may withdraw such consent at any time, without prejudice to the validity of the processing carried out before the withdrawal of Your consent.

 

If Your personal data has been transferred outside the European Economic Area, You have also the right to obtain a copy of such data or the indication of where it has been made available.

 

Your rights can be exercised by contacting Our Data Protection Officer, by using the contact details indicated above. We will not charge You any cost for the tasks resulting from Your request, unless this request is manifestly unfounded or excessive, in which case We might charge you the related costs.

 

When You exercise Your rights, we might request personal information referred to You, in order to verify Your identity.

 

 

8. The right to object to the processing of Your personal data

 

You have the right to object to the processing of Your personal data and request the stop of the processing operations in relation to the processing of Your personal data that is based on the Company’s legitimate interests (please see Section 2, letters from c) to e), above).

 

 

9. The possibility to lodge a complaint with the competent Supervisory Authority

 

In case you noticed any irregularities in the processing of Your personal data, You have the right to lodge a complaint with the supervisory authority, of the Member State of Your habitual residence, place of work or place of the alleged infringements.

 

You can find Your national supervisory authority at the following website:*

 https://edpb.europa.eu/about-edpb/board/members_en

 

 

10. How long do we retain Your personal data?

 

Your personal data will be retained only for the time necessary to pursue the specific purposes for which it was collected, as indicated within this Privacy Policy. In particular:

 

a)     Your Browsing Data will be retained for no longer than seven days and will be erased immediately after being aggregated, except where governmental authorities and/or supervisory bodies should need such data to perform their duties;

 

b)    Your Identification Data will be retained for no more than 5 years, unless its retention for a longer period is required under applicable laws or to establish, exercise or defend legal claims.  

GLOSSARY

 

To help You in understanding our Privacy Policy, please find below the meaning of the main terms contained therein:

 

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, whether or not by automated means.

 

Personal data means any information relating, directly or indirectly, to a person (such as, for example, name, an identification number, location data, an online identifier, one or more elements able to identify the physical, physiological, genetic, mental, economic, cultural or social identity, etc.).

 

Special categories of data means the personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership as well as genetic data, biometric data where they uniquely identify a person, data concerning health or data concerning a person’s sex life or sexual orientation.

 

Data subject means the person whose personal data are processed.

 

Data controller means the individual or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (for example, the employer is the data controller in respect of its employees’ personal data since, with reference to the employment relationship, it decides the purposes and means of such processing).

 

Data Processor means the individual or legal person, public authority, agency or other body which processes personal data on behalf of the data controller (for example, the company which provides the service of employees’ salaries calculation may be considered a data processor since it processes personal data on behalf of another company, the employer).

 

Data Protection Officer means a person in charge for performing support activities for the company functions and control activities in respect of the processing of personal data. It is also in charge for cooperating with the Supervisory Authority and it represents the contact point, also for the data subjects, for any matters connected with the processing of personal data

 

Garante per la Protezione dei Dati Personali is the Italian data protection supervisory authority.

 

Cookies are small text files that are sent to Your device (e.g. computer, smartphone, tablet), when You visit a website, where they are stored to be re-transmitted to the same website at Your next visit. If You wish to have more information about cookies, You can consult Our cookies policy.

A GENERALI GROUP COMPANY

VAT number 01333550323

Picture
Picture