Introduction
Your privacy is important to us. That is why we are committed to protecting your personal information and treating it with the utmost care and attention. In this privacy notice, we will explain how we collect, use, share and protect your personal information. For these processing activities the Data Controller is:
Assicurazioni Generali S.p.A L-1311 Luxembourg Grand-Duché de Luxembourg |
Email: privacy@geb.com Website: www.geb.com Tel: +352 24 84 46 |
Our privacy page was last updated on 20/03/2026.
Definitions
For the purpose of our privacy page, the following definition apply:
| Generali Employee Benefits, “GEB” or “we” | Assicurazioni Generali S.p.A Luxembourg Branch (“GEB”), with registered office at Boulevard Marcel Cahen 52, L-1311 Luxembourg Grand-Duché de Luxembourg
|
| GDPR | The General Data Protection Regulation meaning EU Regulation 2016/679 of the European Union and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data |
| Personal data | Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person |
| Sensitive personal data | Sensitive personal data is any information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation |
| Processing | Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction |
| Controller | Controller means the natural or legal person which alone or jointly with others determines the purposes and means of the processing of personal data |
| Processor | Processor is the natural or legal person, which processes data on behalf of the controller |
| Data subject or “you” | Data subject means a natural person whose personal data is being processed |
How does GEB collect your personal data?
GEB does not collect your personal data directly from you. We receive it through external sources such as local insurers within our network (hereinafter “Network Partners”), brokers and consultants.
When your employer subscribes to an employee benefits insurance policy with one of our Network Partners, you may be covered under such policy as an insured person or as a beneficiary. In such case we may obtain from the Network Partner your personal data. The same goes for the situation where a claim is submitted.
Which personal data does GEB collect?
To provide our services to our clients and fulfil our obligations as a reinsurer, we only collect and process personal data strictly necessary to achieve the purposes below described. Only to the extent necessary for the fulfilment of the reinsurance agreement, it may occur that we collect personal data of a relative (e.g. spouse, children, etc.).
Whenever possible, we collect anonymised data or pseudonymised data (using indirect identifiers instead of your name) to fulfil our purposes. In case pseudonymised data is collected, only the Network Partner can connect such identifier to your person.
As a rule, we also further pseudonymise personal data upon collection to enhance security.
Depending on the services, the processing may involve, but is not limited to:
- identification data (such as name, surname, gender, date of birth);
- indirect identifiers (such as insured/claimant unique code);
- health data (such as diagnosis code (ICD code);
- any other personal data provided by your Insurer or third party involved (e.g. employer. broker, etc.), if any.
For which purposes does GEB process your personal data and based on which Legal basis?
We process your personal data for the following purposes:
| Purpose | Legal Bases |
| Concluding, performing and managing the reinsurance and captive agreements, including claims handling and validation; | Legitimate Interest - article 6(1) (f) GDPR Substantial public interest – article 9(2) (g) GDPR as provided for in Luxembourg insurance law when the processing of health data is required Legal claims – article 9(2)(f) GDPR when personal data is necessary to establish, exercise or defend legal claims |
| Statistical reporting and data analytics | Legitimate Interest - article 6(1) (f) GDPR Statistical purposes- article 9(2)(j) GDPR |
| Claiming and defending the rights of the Company, its officers, representatives and shareholders in a potential dispute | Legitimate Interest - article 6(1) (f) GDPR |
| Managing IT and IT security activities (such as asset management, business continuity) | Legitimate Interest - article 6(1) (f) GDPR |
| Enabling the Company to carry out or take part in, manage or organise corporate transactions, including mergers, acquisitions and restructuring, | Legitimate Interest - article 6(1) (f) GDPR |
How do we process your personal data?
We may process your personal data using different methods, including electronic means and both in manual and automated form, using the best solutions.
We may use statistical and artificial intelligence (AI) systems and analytical solutions.
These systems help us customize our products and services, optimise internal processes and pursue the above-mentioned purposes, ensuring a high level of quality experience and alignment with the Generali Group's overall strategy. We process your personal data only when strictly necessary, preferring the use of anonymized or aggregated datasets, whenever possible.
In our activities, we never use fully automated processes, and human intervention is always involved.
With which parties does GEB share your personal data and why?
Your personal data may be shared with captive and third reinsurers, with third parties which have been assigned with specific tasks (such as, for example, lawyers, consultants, experts, etc), with other companies belonging to the Generali Group. Depending on the activity performed, these third parties may act as independent Data Controllers, Joint Controllers, or Data Processors. The Data Processors involved in the purposes described above are given proper instructions on how to process your personal data correctly.
Where we transfer your personal data
As a rule, we do not transfer your personal data to countries outside the European Economic Area (EEA) however, if such a transfer is required, GEB will ensure that appropriate safeguards are in place that provide sufficient protection for your fundamental privacy rights and freedoms. Such safeguards include, but are not limited to, Standard Contractual Clauses, as approved by the European Commission.
Which rights do you have and how can you exercise them?
You can exercise the right of access, rectification, updating, integration, cancellation, limitation to processing, portability in respect to your personal data.
In case you provided your consent to the processing of personal data, you may withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
If your personal data are transferred outside the European Economic Area, you have the right to obtain copy of such data as well as indication of the Country/Countries where the data have been made available.
Insofar as applicable, you have the right to object to the processing of your personal data and request the stop of the processing operations when they are based on the legitimate interest.
In case you consider that the processing of your personal data infringes the applicable privacy laws, you have the right to lodge a complaint with the Luxembourg National Data Protection Commission (Commission Nationale pour la Protection des Données – CNPD) (https://cnpd.public.lu/en/commission-nationale.html) or the EU Data Protection Authority in your jurisdiction.
You can exercise you rights by sending an e-mail to privacy@geb.com.
How long will GEB retain your personal data?
Your personal data are retained for the period necessary to fulfil the purposes for which they were collected.
In relation to the conclusion, performance and management of the reinsurance and captive agreements, data is retained for a minimum of 10 years after the termination of the agreement.
With reference to legal obligations, data is retained for the period necessary to fulfil applicable obligations, without prejudice to any longer storage periods provided for by specific laws.
Changes and updates to the Privacy Notice
This Privacy Notice may be amended or updated, in whole or in part, including to reflect changes in privacy legislation.
Any updates will be made available on www.geb.com.