Introduction
Your privacy is important to us. That is why we are committed to protecting your personal information and treating it with the utmost care and attention. In this privacy notice, we will explain how we collect, use, share and protect your personal information. For these processing activities the Data Controller is:
Assicurazioni Generali S.p.A L-1311 Luxembourg Grand-Duché de Luxembourg |
Email: privacy@geb.com Website: www.geb.com
|
Our privacy page was last updated on 20/03/2026.
Definitions
For the purpose of our privacy page, the following definition apply:
| Generali Employee Benefits, “GEB” or “we” | Assicurazioni Generali S.p.A Luxembourg Branch (“GEB”), with registered office at Boulevard Marcel Cahen 52, L-1311 Luxembourg Grand-Duché de Luxembourg |
| GDPR | The General Data Protection Regulation meaning EU Regulation 2016/679 of the European Union and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. |
| Personal data | Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person |
| Sensitive personal data | Sensitive personal data is any information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation |
| Processing | Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction |
| Controller | Controller means the natural or legal person which alone or jointly with others determines the purposes and means of the processing of personal data |
| Processor | The processor is the natural or legal person, which processes data on behalf of the controller |
| Data subject or “you” | Data subject means a natural person whose personal data is being processed |
How does GEB collect your personal data?
When we have a contractual relationship with you or with your organisation it may occur that we receive and collect personal data via the systems we use to provide our services or by reference (e.g. emails, telephone calls, business cards etc.).
When you contact us via the dedicated sections on our website (www.geb.com) or via social media such as LinkedIn, we collect your personal data. Further information on the processing activities we carry out on our website can be found in the “I am … a user of this website”-section
Which personal data does GEB collect?
Depending on the services, the processing may involve, but is not limited to:
- identification data (such as name, surname, gender, date of birth);
- Professional contact details (such as email address, phone number, company name and job title);
- Login details and credentials for systems we use to provide our services
- Dietary restrictions
Additionally we may collect – also from publicly available sources - certain additional categories of information where necessary to carry out mandatory due diligence activities, including screening against applicable international sanctions and counter terrorist financing (CTF) lists:
- Date and place of birth;
- Nationality;
- ID Number/ passport number
- Country of residence
- Tax ID/Number
- Data relating to any criminal convictions and offences
For which purposes does GEB process your personal data and based on which Legal basis?
We process your personal data in the context of the pre-contractual or contractual relationship we establish with you or with your organisation, with the purpose of performing all necessary activities for the implementation of the contractual relationship that may be established, including, for example:
| Purpose | Legal |
Developing GEB business, offering of services and performance of agreements we have entered into | Performance of a contract – article 6 (1) (b) GDPR Legitimate Interest - article 6(1) (f) GDPR |
Take legal actions as well as exercise the Company’s right of defence. | Legitimate Interest - article 6(1) (f) GDPR |
Organisation and management of the work activities assigned to you for the implementation of the agreement in force; | Performance of a contract – article 6 (1) (b) GDPR |
Enabling the Company to carry out or take part in, manage or organise corporate transactions, including mergers, acquisitions and restructuring, | Legitimate Interest - article 6(1) (f) GDPR |
Fulfilment, of regulatory and legal obligations (national and supranational, such as, international sanctions screening, financial reporting and tax obligation). | Legal obligation – article 6(1) (c) GDPR |
How do we process your personal data?
We may process your personal data using different methods, including electronic means and both in manual and automated form, using the best solutions.
We may use statistical and artificial intelligence (AI) systems and analytical solutions.
These systems help us customize our products and services, optimise internal processes and pursue the above-mentioned purposes, ensuring a high level of quality experience and alignment with the Generali Group's overall strategy. We process your personal data only when strictly necessary, preferring the use of anonymized or aggregated datasets, whenever possible.
In our activities, we never use fully automated processes, and human intervention is always involved.
With which parties does GEB share your personal data and why?
Your personal data may be shared with business partners, third party service providers who support us in delivering our services, such as cloud service providers, event organisers or similar operational partners and with other companies belonging to the Generali Group. Depending on the activity performed, these third parties may act as independent Data Controllers, Joint Controllers, or Data Processors. The Data Processors involved in the purposes described above are given proper instructions on how to process your personal data correctly.
Where we transfer your personal data
As a rule, we do not transfer your personal data to countries outside the European Economic Area (EEA) however, if such a transfer is required, GEB will ensure that appropriate safeguards are in place that provide sufficient protection for your fundamental privacy rights and freedoms. Such safeguards include, but are not limited to, Standard Contractual Clauses, as approved by the European Commission.
Which rights do you have and how can you exercise them?
You can exercise the right of access, rectification, updating, integration, cancellation, limitation to processing, portability in respect to your personal data.
In case you provided your consent to the processing of personal data, you may withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
If your personal data are transferred outside the European Economic Area, you have the right to obtain copy of such data as well as indication of the Country/Countries where the data have been made available.
Insofar as applicable, you have the right to object to the processing of your personal data and request the stop of the processing operations when they are based on the legitimate interest.
In case you consider that the processing of your personal data infringes the applicable privacy laws, you have the right to lodge a complaint with the Luxembourg National Data Protection Commission (Commission Nationale pour la Protection des Données – CNPD) (https://cnpd.public.lu/en/commission-nationale.html) or the EU Data Protection Authority in your jurisdiction.
You can exercise you rights by sending an e-mail to privacy@geb.com.
How long will GEB retain your personal data?
Your personal data are retained for the period necessary to fulfil the purposes for which they were collected.
In relation to the conclusion, performance and management of the reinsurance and captive agreements, data is retained for a minimum of 10 years after the termination of the agreement.
With reference to legal obligations, data is retained for the period necessary to fulfil applicable obligations, without prejudice to any longer storage periods provided for by specific laws.
Changes and updates to the Privacy Notice
This Privacy Notice may be amended or updated, in whole or in part, including to reflect changes in privacy legislation.
Any updates will be made available on www.geb.com.