Information on the processing of personal data relating to corporate officers of insurance and reinsurance undertakings

In accordance with the provisions of European and national privacy legislation, we inform you that IVASS processes personal data – including data relating to criminal convictions and offences and special categories of personal data – relating to corporate officers of insurance and reinsurance undertakings or collected in the performance of its supervisory activities pursuant to the Private Insurance Code and its relevant implementing provisions.

IVASS acquires the personal data processed: from corporate officers and persons performing key functions of insurance/reinsurance companies, parent companies and branch offices in Italy; from the general representative in the case of EU branches of Italian undertakings; from the Commissioner(s) or members of the Supervisory Committee appointed by IVASS. These data may also be acquired from public sources or directly from the data subjects themselves.

Data processing is necessary for the pursuit of supervisory purposes and, in particular, to:

• verify compliance and maintenance over time of the eligibility requirements for corporate officers and persons performing key functions of insurance/reinsurance companies, as well as of parent companies and branch offices in Italy of companies having their head office in third countries (so-called fit and proper assessment);
• verify compliance and maintenance over time of the eligibility requirements for the general representative in the case of EU branches of Italian undertakings;
• analyse corporate situations carried out as part of supervisory activities and proceedings concerning supervised entities;
• analyse the remuneration received by corporate officers, persons performing key functions in insurance/reinsurance companies, parent companies and branch offices in Italy of companies with head office in third countries, acquired as part of the Regular Supervisory Report;
• check the independence, good repute and professional requirements of the Commissioner(s) or members of the Supervisory Committee appointed by IVASS for the performance of reorganisation measures;
• update the supervisory records.

The personal data collected will be stored only for the time necessary to pursue the supervisory purposes.

Data are processed mainly by electronic means, with the use of appropriate security measures to ensure confidentiality and to prevent undue access by third parties or unauthorized personnel.

The collected data may be disclosed to other entities - on the basis of obligations arising from legal provisions, as well as for the purposes stipulated therein – and in particular to:

public administration entities;

• the Bank of Italy and other independent administrative authorities (including CONSOB; AGCM; COVIP);
• other Italian and foreign entities and authorities with supervisory functions;
• foreign public administrations;
• EIOPA;
• BCE;
• Judicial Authorities.

Data may be disclosed to the managers and employees of IVASS Directorate authorised to process data within the competences assigned to them.

In accordance with the European and national laws, data subjects may exercise, with respect to the Data Controller - (IVASS - Data Protection Officer, Via del Quirinale 21, 00187 Rome - Italy, e-mail address: DPO.IVASS@ivass.it - the right of access to personal data, as well as the other rights recognized by the law, including the right to obtain rectification or integration of data, as well as the cancellation, transformation into anonymous form or blocking of data processed unlawfully, and the right to object the processing in whole or in part, for legitimate reasons.

Where the conditions are met, the data subjects shall also have the right to lodge a complaint with the Authority for the protection of personal data, in its capacity as supervisory authority in accordance with the established procedures.