Privacy

IVASS processes personal data in the discharge of its supervisory functions, in accordance with EU Regulation 2016/679 on the protection of personal data (GDPR) and with Legislative Decree 196/2003 (“Privacy Code”), as amended by law 205/2021.

IVASS is a body endowed with legal personality under public law whose goal is to ensure adequate protection of policyholders through the sound and prudent management of insurance and reinsurance undertakings and their transparency and fairness of conduct of undertakings and intermediaries towards customers. IVASS also pursues the stability of the financial system and markets.

Data processing is necessary for the pursuit of the above-mentioned supervisory purposes and is done for the performance of a task of public interest or related to the exercise of public powers.

To protect the interests of those concerned, IVASS has adopted appropriate technical and organisational measures to ensure the confidentiality of personal data as well as to prevent undue access to the data by third parties or unauthorized personnel.

IVASS, through specific notices published on its website, communicates information to data subjects regarding the methods and purposes of data processing, in line with the provisions of Article 14 of the GDPR.

The notices published on the website provide information on: Data Controller and Data Protection Officer; the regulatory provisions that authorise IVASS to process data and the related collection methods; categories of personal data acquired; retention periods and subjects to whom they are communicated; methods of exercising data protection rights; contact details of the Data Controller and the Data Protection Officer.

Any updates to the notices will be disclosed in a timely manner and through the use of appropriate means.