Data Protection
PRIVACY POLICY AND NOTICE
Generali Asset Management or Generali AM prioritizes protecting the personal data of its clients, employees and, in general, of the various parties with whom it enters in contact, to protect the fundamental rights and freedoms of the data subjects.
For this purpose, Generali AM has adopted a Personal Data Protection Policy to establish the key principles and requirements to be followed when personal data are processed, considering applicable industry regulations.
Generali AM requires that personal data be handled fairly and that the right to personal data protection be respected at every stage of processing. Personal data must be processed on the grounds of necessity, collected, processed, and shared only for specified, legitimate and required purposes and to the degree strictly necessary.
Generali Asset Management S.p.A. SGR - Abstract Personal Data Protection Policy
PRIVACY NOTICE
The applicable data protection regulations require companies acting as data controllers to provide data subjects with information on the processing of personal data, to make them aware of the purposes and means of processing of information relating to them.
To fulfill these information obligations and with the aim of ensuring complete transparency regarding the processing of personal data carried out during the browsing experience, Generali AM has prepared specific privacy policy and cookie policy documents containing details on how personal data are processed.
We therefore invite you to review these documents to learn in detail how Generali Asset Management may process your personal data while you are browsing.
Generali AM processes the information related to you as the Data Controller under Regulation (EU) 2016/679 (hereinafter "GDPR"). If you wish to contact Generali AM or exercise a right related to the processing of such information, you can use the following contact details:
By traditional mail: Generali Asset Management S.p.A. Società di gestione del risparmio
Via Machiavelli 4, 34132 TriesteBy email: Privacy.Genam@generali.com
If you wish to send questions about the processing of the information related to you to our Data Protection Officer (DPO) or exercise a right, you can use the following contact details:
By traditional mail: Generali Asset Management S.p.A. Società di gestione del risparmio
Via Machiavelli 4, 34132 Trieste, to the attention of the Data Protection Officer.By email: DPO.Genam@generali.com
TECHNICAL
To help you understand the meaning of some commonly used technical terms, below are some definitions:
1. IP Address
An identifier for the user's computer assigned by the Internet service provider;
the IP address alone is not considered personal data because it is often assigned at random, i.e. it changes every time according to the connection;
it may be used for diagnostic and optimizing purposes by the service provider.
2. Cookies
strings of information, sent by the service provider server to the user's computer. They contain the user name, so that the administrator may identify the user's computer and track his/her favorite sites on the Web.
Cookies may be:
o transient, also called session or "per-session" cookies , if they are erased when the user ends the connection. They are used to optimize navigation;
o persistent, if they are stored on a user's hard drive, unless the user himself/herself deletes the cookies; they are used to collect a large variety of information, which can be tracked by the supplier of the service for different purposes.
It is possible to check the use of cookies through specific browser set-ups: e.g. Internet Explorer permits, both for non-stored (per-session) cookies and stored cookies, to opt for full activation, activation after receiving a warning message and confirmation or deactivation.
3. Internet Tags
Computer functions made up by smaller cookie strings, mainly used to record technical information such as user IP and browser type. They are also called invisible GIFs, clear GIFs, 1-by-1 GIFs or single-pixel GIFs.
4. Browsing data
They are files residing on the provider servers, also called log files, clickstream data, server logs; they may automatically register data relating to a connection for different purposes:
accounting-administrative functions
tracking of type of user access (e.g.: system administration, type of browser, date and time of visit, images or texts selected, purchases (if any), file download, screen set-up, etc.) also to improve the contents of the site.
5. E-Mail
Electronic mail service managed by a provider through the Internet.
6. Mailing list
A list used for sending e-mails and/or newsletters.
A list of addresses which automatically receive forwarded messages.
7. Registration
The process of making a person’s identity known to a system, associating a unique identifier with that identity, and collecting and recording the person’s relevant attributes into the system.
The user is required to provide some data, either on an mandatory or a voluntary basis, to improve the relation, with possible contractual implications inherent to the type of services provided. Specific information and, if appropriate, the relevant consent are required.
LEGISLATIVE
To assist you in understanding the privacy policy we have provided, we list the meaning of the main terms therein:
The Processing is any operation or set of operations on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction, even if carried out with the aid of automated processes.
Personal data is any information relating, directly or indirectly, to an individual (e.g., name, an identification number, location data, an online identifier, one or more characteristic elements of his or her physical, physiological, genetic, mental, economic, cultural or social identity, etc.).
The data subject is the individual whose personal data are being processed.
The data controller is the natural or legal person, public authority, service or other body which, individually or jointly with others, determines for what purposes and in what form personal data are to be processed.
The data processor is the natural or legal person, public authority, department or other body that processes personal data on behalf of the controller (e.g., companies that provide services for and process personal data on behalf of other companies).
A personal data breach is a security breach (physical or cyber) that accidentally or unlawfully results in the destruction, loss, modification, unauthorized disclosure of, or access to, the personal data processed.
The Data Protection Officer is the person whose task is to perform support functions for corporate functions and control with respect to the processing of personal data. He or she is also responsible for cooperating with the Supervisory Authority and is the point of contact, including with respect to data subjects, for matters relating to the processing of personal data.
The Garante per la Protezione dei Dati Personali is Italy's supervisory authority for personal data protection.
What is a personal data breach?
Personal data breach means a breach of security that accidentally or unlawfully results in the destruction, loss, modification, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed. Such disclosure may occur, for example, following:
accidental loss: e.g. a personal data breach caused by the loss of your smartphone;
theft: e.g. a personal data breach caused by the theft of a notebook containing personal data;
corporate infidelity: e.g. a violation of personal data caused by an internal person who, having authorization to access personal data, produces a copy to be distributed in a public environment;
abusive access: e.g. a violation of personal data caused by unauthorized access to IT systems with subsequent disclosure of the information acquired.
Under certain circumstances, the European legislation on the protection of personal data (GDPR) provides the obligation to notify the violation of personal data to the competent Supervisory Authority within 72 hours from when Generali AM becomes aware of it as well as, in more serious cases, to communicate this violation to the interested parties.
To fulfill the regulatory obligations described above and to protect the personal data of the people we come into contact with, a specific section has been created to allow you to notify us of the detection of a possible violation of personal data.
If you have a relationship with Generali AM and deem it necessary to report a personal data breach, please click on the following link, “Personal Data Breach” section: https://www.generali.com/it/info/privacy/form.
