Information on the processing of personal data - Consumer protection

In accordance with the provisions of European and national privacy legislation, we inform you that IVASS, via del Quirinale 121, ROME, processes personal data relating to consumer protection activities carried out by the Institute pursuant to the Private Insurance Code, Legislative Decree no. 209 of 7 September 2005 and subsequent amendments.

Data processing is necessary to pursue the institutional purposes of consumer protection: this regards in particular the activities relating to the management of insurance complaints and the contact centre.

The personal data processed - acquired or collected as part of the consumer protection activity - refer to consumers (e.g. insured person, injured party, beneficiary, policyholder) involved in the complaint or to individuals who contact IVASS through the contact centre.

The personal data collected will be stored only for the time strictly necessary to achieve the above-mentioned supervisory purposes (10 years for the activities relating to the management of insurance complaints).

Data are processed mainly by electronic means, with the use of appropriate security measures to ensure the confidentiality of personal data as well as to prevent undue access to the data by third parties or unauthorized personnel.

Pursuant to Article 7 of the Private Insurance Code and ISVAP Regulation No. 24 of 19 May 2008, the handling of the complaint may provide for its transmission to the company/intermediary concerned.

The data collected in connection with the complaint may also be communicated, where the law so provides, to State Administrations, Independent Administrative Authorities, Police and Justice Offices and national and foreign guarantee systems.

Data may be disclosed to the Heads of the Departments forming part of the Consumer Protection Directorate and other Directorates/Offices: Market Conduct Supervision, Sanctions and Winding up, Research and Data Management, Prudential supervision and Inspection Directorate, Legal Services Office, as well as the employees authorised to process data within the competences assigned to them.

In accordance with the European and national laws, data subjects may exercise, with respect to the Data Controller - (IVASS - Data Protection Officer, Via del Quirinale 21, 00187 Rome - Italy, e-mail address: - the right of access to personal data, as well as the other rights recognized by the law, including the right to obtain rectification or integration of data, as well as the cancellation, transformation into anonymous form or blocking of data processed unlawfully, and the right to object the processing in whole or in part, for legitimate reasons.

Where the conditions are met, the data subjects shall also have the right to lodge a complaint with the Authority for the protection of personal data, in its capacity as supervisory authority in accordance with the established procedures.

Last update

29 March 2023