Information on the processing of personal data

In accordance with the provisions of European and national privacy legislation, we inform you that IVASS processes personal data as part of the data collection activity carried out for supervisory and statistical purposes, pursuant to the Private Insurance Code, Legislative Decree no. 209 of 7 September 2005.

The processing of personal data concerns:

• the forms to be filled in to comply with IVASS' supervisory and statistical reporting requirements either on an ongoing basis or upon request, including access to data collection platforms related to the reports in which data processing is necessary to correctly identify the representatives of insurance companies;
• processing carried out for the purpose of combating fraud;
• the management of the Integrated Anti-Fraud Database (AIA);
• the management of information in the Claims data bank (see Guide on accessing the Claims data bank), the registry of injured parties and the registry of witnesses;
• receipt and transmission of identifying data between Authorities in the framework of the interlocking ban.

Data will be stored for the time necessary to achieve the purposes for which they were collected.

Data are processed mainly by electronic means, with the use of appropriate security measures to ensure the confidentiality of personal data as well as to prevent undue access to the data by third parties or unauthorized personnel.

The collected data may be disclosed to other entities on the basis of obligations arising from legal provisions, as well as for the purposes stipulated therein, in particular to:

• public administration entities;
• foreign public administrations;
• Bank of Italy and independent administrative authorities;
• other Italian and foreign entities and authorities with supervisory functions;
• insurance undertakings;
• parties authorised to consult the claims data bank;
• Judicial Authorities.

Data may be disclosed, as per service requirements, to the staff of the Studies and Data Management Directorate as well as to the employees authorised to process data within the competences assigned to them.

In accordance with the European and national laws, data subjects may exercise, with respect to the Data Controller - (IVASS - Data Protection Officer, Via del Quirinale 21, 00187 Rome - Italy, e-mail address: DPO.IVASS@ivass.it) - the right of access to personal data, as well as the other rights recognized by the law, including the right to obtain rectification or integration of data, as well as the cancellation, transformation into anonymous form or blocking of data processed unlawfully, and the right to object the processing in whole or in part, for legitimate reasons.

Where the conditions are met, the data subjects shall also have the right to lodge a complaint with the Authority for the protection of personal data, in its capacity as supervisory authority in accordance with the established procedures.