Information on the processing of personal data - RIGA data collection

In accordance with the provisions of European and national privacy legislation, we inform you that IVASS processes personal data as part of the data collection activity carried out for purposes of public interest, linked to the reporting requirements set out in the regulations in force concerning the digitized transmission of personal information pursuant to Articles 190 and 190-bis of the Private Insurance Code (CAP) and of IVASS Regulation No. 55 of 11 April 2024.

Riga ensures the management of personal and corporate information, fed by IVASS or directly by companies - regarding insurance and reinsurance undertakings having their head office in the territory of the Italian Republic; branches in the territory of the Italian Republic of insurance and reinsurance undertakings whose head offices are in a third State; reinsurance undertakings having their head office in the territory of the Italian Republic; ultimate Italian parent undertakings; foreign undertakings; insurance undertakings in administrative compulsory winding up - as well as individuals who hold specific corporate or control positions.

IVASS processes the aforementioned data in accordance with the provisions of the law and consistent with the provisions of the Bank of Italy set forth in Circular No. 302 of 8 June 2018, as amended and supplemented, where compatible, which govern the operation of the Registry of Subjects, the Bank of Italy's database that, through the so-called census code, records the reports made by supervised companies, including with reference to personal data.

Personal data are processed by IVASS in its capacity as autonomous personal data controller, for the pursuit of its purposes of public interest, with reference to checking the formal regularity of the application for registration with IVASS when the entity to be included in the RIGA database is not recorded in the Registry of Subjects (Article 20, paragraph 1, last part, of the aforementioned Regulation No. 55 of 11 April 2024).

IVASS stores the data collected through RIGA for the time strictly necessary to fulfil: the institutional purposes of supervision for which they are collected and when registration in the RIGA also has an instrumental character (art. 190 of the CAP, art. 1 of Regulation 55/24) and statistical purposes (art. 190-bis of the CAP and l Regulation (EU) 1374/2014 of the European Central Bank of 28 November 2014).

Data are processed through the IT infrastructure set up by the Bank of Italy for the collection, control and exchange of statistical and supervisory information, used by IVASS in implementation of the regulatory framework of reference, with the use of appropriate security measures to ensure the confidentiality of personal data as well as to prevent undue access to the data by third parties or unauthorized personnel.
The collected data may be disclosed - on the basis of obligations arising from legal provisions - to other entities, including public administration entities; foreign public administrations; Bank of Italy and independent administrative authorities; other Italian and foreign entities and authorities with supervisory functions; insurance undertakings; Judicial Authorities.
Data may be disclosed, as per service requirements, to the staff of the Studies and Data Management Directorate, to the other Supervisory Directorates as well as to the employees authorised to process data within the competences assigned to them.
In accordance with the European and national laws, data subjects may exercise, with respect to the Data Controller - (IVASS - Data Protection Officer, Via del Quirinale 21, 00187 Rome - Italy, e-mail address: DPO.IVASS@ivass.it) - the right of access to personal data and the right to rectify or integrate the data, as well as the other rights recognized by the GDPR, without prejudice to the provisions of Article 2 undecies of the Code for the protection of personal data, when the exercise of such rights may cause real and actual prejudice to the activities carried out for purposes relating to the sound and prudent management of insurance companies as well as the stability of the system and financial markets. Where the conditions are met, the data subjects shall also have the right to lodge a complaint with the Authority for the protection of personal data, in its capacity as supervisory authority in accordance with the established procedures.