Information on the processing of personal data relating to insurance and reinsurance intermediaries

In accordance with the provisions of European and national privacy legislation, we inform you that IVASS processes personal data – including data relating to criminal convictions and offences and special categories of personal data – relating to insurance and reinsurance intermediaries collected in the performance of its supervisory activities pursuant to Legislative Decree 209/2005 - Private Insurance Code (CAP) and its relevant implementing provisions.

The processing may also involve personal data referring to the supervisory activity conducted on unauthorised insurance mediation websites (CPC – Consumer Protection Cooperation and Article 144(2), Consumer Code).

The personal data processed are acquired and received from supervised entities; they can also be acquired from data subjects, public sources, national and European public entities, including the Judicial Authority and Police Offices, and from consumers.

Data processing is necessary for the pursuit of supervisory purposes, including:

• supervision of the market conduct of distributors (intermediaries);
• the management of the identifying data of supervised entities for the purpose of updating the Single Register of insurance, reinsurance and ancillary insurance intermediaries (RUI);
• the issue of certificates;
• supervisory activities for the combat of the illegal pursuit of insurance mediation.

The personal data collected will be stored only for the time necessary to pursue the supervisory purposes.

Data are processed mainly by electronic means, with the use of appropriate security measures to ensure the confidentiality of personal data as well as to prevent undue access to the data by third parties or unauthorized personnel.

The collected data may be disclosed to other entities - on the basis of obligations arising from legal provisions, as well as for the purposes stipulated therein – and in particular to:

• public administration entities;
• Bank of Italy and other independent administrative authorities;
• EIOPA and the authorities supervising insurance undertakings with head office in another EEA Member State licensed to carry on business in Italy;
• Judicial Authorities and Police and Justice Offices;
• Insurance undertakings and insurance and reinsurance intermediaries;
• telephony and UC providers (for the shut-down of unauthorised sites).
• Data relating to insurance and reinsurance intermediaries are also contained in the RUI and are published on the IVASS website, as provided for in the CAP.

Data may be disclosed to the managers and employees of IVASS Directorate authorised to process data within the competences assigned to them.

In accordance with the European and national laws, data subjects may exercise, with respect to the Data Controller - (IVASS - Data Protection Officer, Via del Quirinale 21, 00187 Rome - Italy, e-mail address: DPO.IVASS@ivass.it - the right of access to personal data, as well as the other rights recognized by the law, including the right to obtain rectification or integration of data, as well as the cancellation, transformation into anonymous form or blocking of data processed unlawfully, and the right to object the processing in whole or in part, for legitimate reasons.

Where the conditions are met, the data subjects shall also have the right to lodge a complaint with the Authority for the protection of personal data, in its capacity as supervisory authority in accordance with the established procedures.