You are provided with this privacy notice because you wish to attend the GEB Network Academy virtual event (the “Event”) organised by Assicurazioni Generali S.p.A. – Luxembourg Branch. The Event is going to be recorded and some personal data is going to be collected. The aim of this notice is to inform you about our practices regarding collection, use and disclosure of personal data in relation to this event.
1. Assicurazioni Generali S.p.A. – Luxembourg Branch processes your personal data
Assicurazioni Generali S.p.A. – Luxembourg Branch (hereinafter also the Company), with registered office in Boulevard Marcel Cahen 52, L-1311 Luxembourg, Grand-Duché de Luxembourg, processes your personal data as Data Controller.
For any questions or if you wish to exercise a right in respect of the processing of your personal data, you can send an email at: privacy@geb.com; by traditional mail at: Assicurazioni Generali S.p.A. – Luxembourg Branch with registered office in Boulevard Marcel Cahen 52, L-1311 Luxembourg, Grand-Duché de Luxembourg
2. How we use your personal data and on the basis of which ground
We process your personal data in order to fulfil your request to take part to the Event for the following purposes:
(1) organization and management of your participation to the initiative;
(2) photo, audio and video recording in the context of the initiative;
(3) use, reproduce and publish without territorial or time limits your personal data on the Company’s and on Generali Group Companies’ internal and external communication channels and media (e.g. LinkedIn, Facebook, Twitter, YouTube and Instagram) for internal and external training and\or communication purposes and employer branding purposes;
Based on our legitimate interest in developing our business, offering our services and performing the agreements we have entered into, we collect and process your personal data for the purposes indicated under points (1),(2).
Processing for the purposes indicated under point (3) is based on your consent.
3. Which personal data we use
We process only the personal data necessary to achieve the purposes above. We mainly process:
- Biographical and identification data;
- Contact data;
- Photo, audio and video recording and related data;
- in addition to any other personal data provided by you, if any.
4. With whom we share your personal data
Our staff processes your personal data with modalities and procedures, also in electronic form, appropriate to ensure an adequate level of security. Your personal data can be shared only with who has been assigned with the task to perform some activities concerning the management of the relationship with the Company. Depending on the activity performed, such third parties may act as Data Processors, Joint Controllers or autonomous Data Controllers. Both our staff and third parties which process your personal data for the purposes above indicated – exception for autonomous Data Controllers – receive proper instructions about the correct modalities of the processing.
5. Where we transfer your personal data
We may transfer your personal data to a third party above described or to a public body requesting it, also in Countries outside the European Economic Area. In any case, the transfer of your personal data is performed in compliance with the applicable laws and international agreements in force, as well as on the basis of appropriate and suitable safeguards (such as, for example, transfer to a Country ensuring an adequate level of protection or adopting the standard contractual clauses approved by the EU Commission).
6. The rights you can exercise in respect of the processing of your personal data
You can exercise the following rights in respect to your personal data:
(i) Access – you may request access to your personal data to receive information, for example, about the categories of personal data that the Company is currently processing;
(ii) Rectify – you may ask the Company to correct personal data that is inaccurate or incomplete;
(iii) Erase – you may ask the Company to erase personal data where one of the following grounds applies;
- Where the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- You withdraw consent on which the processing is based and where there is no other legal ground for the processing;
- The personal data have been unlawfully processed;
- The personal data have to be erased for compliance with legal obligation in Union or Member State law to which the Company is subject;
- The personal data have been collected in relation to the offer of information society services.
(iv) Restrict – you may ask the Company to restrict how it processes your personal data where one of the following applies:
- You contest the accuracy of your personal data, for a period enabling the Company to verify the accuracy of your personal data;
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
- The Company no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims;
- You have objected to processing pursuant to the right to object and automated decision making, pending the verification whether the legitimate grounds for the Company override those of you.
(v) Portability – you may ask the Company to transfer the personal data you have provided us to another organization and/or ask to receive your personal data in a structured, commonly used and machine readable format.
In case you provided your consent to the processing of personal data, you may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
If your personal data are transferred outside the European Economic Area, you have the right to obtain copy of such data as well as indication of the Country/Countries where the data have been made available.
You can exercise your rights by contacting the Data Protection Officer at the contact details above indicated. The request of exercise of rights is free of charge, unless the request is manifestly unfounded or excessive.
7. Your right to object to the processing of your personal data
You have the right to object to the processing of your personal data and request to stop the processing operations when they are based on the legitimate interest (refer to How we use your personal data and on the basis of which ground).
8. Your right to lodge a complaint to the Supervisory Authority
In case you consider that the processing of your personal data infringes the applicable privacy laws, you have the right to lodge a complaint with the Data Protection Authority in your jurisdiction, namely for Luxembourg the National Data Protection Commission (Commission Nationale pour la Protection des Données – CNPD) (https://cnpd.public.lu/en/commission-nationale)
9. How long we retain your personal data
We will only retain your personal data for as long as is necessary to fulfil the purpose for which we collected it.
Changes and updates of the privacy notice Also considering possible amendments of the applicable privacy laws, the Company may integrate and/or update, wholly or partially, this privacy notice. Any changes, integrations or updates will be communicated through publication on the Company’s website (www.geb.com).
Glossary
To help you understand our privacy notice, please find below the meaning of the main terms contained therein:
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, whether or not by automated means.
Personal data mean any information relating, directly or indirectly, to a person (such as, for example, name, an identification number, location data, an online identifier, one or more elements able to identify the physical, physiological, genetic, mental, economic, cultural or social identity, etc.).
Special categories of data mean the personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership as well as genetic data, biometric data where they uniquely identify a person, data concerning health or data concerning a person’s sex life or sexual orientation.
Data subject means the person whose personal data are processed.
Data controller means the individual or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (for example, the employer is the data controller in respect of its employees’ personal data since, with reference to the employment relationship, it decides the purposes and means of such processing).
Joint controller means the individual or legal person, public authority, agency or other body which, jointly with other data controllers, determines the purposes and means of the processing of personal data.
Data Processor means the individual or legal person, public authority, agency or other body which processes personal data on behalf of the data controller (for example, the company which provides the service of employees’ salaries calculation may be considered a data processor since it processes personal data on behalf of another company, the employer).
Data Protection Officer means a person in charge for performing support activities for the company functions and control activities in respect of the processing of personal data. It is also in charge for cooperating with the Supervisory Authority and it represents the contact point also for the data subjects, for any matters connected with the processing of personal data.