For Generali the protection of your personal data is a priority. For this reason, we ensure that data which are collected and processed whenever you interact with us are protected.
Implementing the legal framework for the protection of personal data, namely the General Data Protection Regulation (EU 2016/679) and L. 4624/2019 as in force, Generali has updated its forms and procedures in order to fully comply with the regulatory requirements.
Below you can find information and details regarding the way Generali processes your personal data.
1. Who will process your Personal Data
Generali Hellas Insurance Company S.A. will process your personal data, acting as Data Controller. If you want to contact us, please use the following details:
Syggrou Ave. & 40 Lagoumitzi str. 117 45 Athens Telephone: +30 2108096100 e-mail: firstname.lastname@example.org
If you have any questions regarding the processing of your Personal Data, if you wish to exercise any of your rights, or file a complaint in respect of your Personal Data, you may contact our Data Protection Officer by post to Generali’s address to the attention of the Data Protection Officer or via e-mail at email@example.com.
2. How we process your Personal Data
2.1. Ιf you are a policyholder or insured, Generali will collect and process your personal data:
A. i) to assess (underwrite), reinsure and manage the insurance risks and to determine the premium; ii) to conclude, issue and manage the insurance policy; iii) to provide the insurance coverage under the policy, including the assessment, review and settlement of any insurance claims/compensation, if the risk occurs; and iv) to process payments from or to you and to complete financial transactions via our website. Legal basis for the processing is the conclusion/ performance of an insurance policy (art. 6 par. 1 (b) of the GDPR)
B. i) to conduct more in-depth investigation prior to issuing an insurance policy (i.e. financial background check); ii) to perform controls in order to combat insurance fraud in the context of claims settlement/ payment of insurance compensations. Legal basis for this further processing is the legitimate interest pursued by Generali (art. 6 par. 1 (f) of the GDPR) either to assess with the utmost precision the insurance risk and decide whether it will undertake it or to safeguard respect for contractual rights and to defend its interests.
C. i) to inform you (by way of post, email, telephone or SMS) about policy-related issues and other insurance products, and ii) to request information regarding your level of satisfaction from Generali’s services; Legal basis for this processing is the legitimate interest pursued by Generali either to inform you about its products or services or to meet the obligation to perform its contractual obligations (art. 6 par. 1 (f) of the GDPR)
D. i) for handling complaints and allegations; ii) for the fulfillment of the obligation to establish internal channels for reporting violations of Union law and to take the necessary measures for their monitoring; iii) for the prevention and suppression of money laundering and financing of terrorism; iv) for the imposition of financial sanctions; v) for checking politically exposed persons; vi) for the mandatory exchange of information in the field of taxation, possibly with the use of automated tools; vii) for complying with court decisions and for responding to requests from public authorities. Legal basis for this processing is the compliance with obligations foreseen in the legal or regulatory framework to which Generali is subject (art. 6 par. 1 (c) of the GDPR)
E. i) for market research; ii) for marketing purposes and in order to provide you with information or insurance quotes tailored to you; iii) for analysis of our customer base and for optimization of the services provided by Generali; iv) to improve the online experience of our website’s visitors, and to enhance its functionality and performance; v) for the security and proof of our electronic communications, subject to your prior consent. Legal basis for this processing is your explicit consent (art. 6 par. 1 (a) of the GDPR)
F. i) to protect the legitimate interests of Generali and of Generali Group companies; ii) for the security of Generali’s premises; iii) for the management of its business functions; iv) for the operation of its IT systems and the hosting of data and applications, v) for compling with Generali and its parent company’s internal policies and procedures and (vi) for internal auditing. Legal basis for this processing is the legitimate interests pursued by Generali (art. 6 par. 1 (f) of the GDPR)
In case of Life and Health Insurance Policies, as well as in cases of traffic accidents with bodily injuries, special categories personal data (health data) are collected and processed only on the basis of the following legal bases:
- with your explicit consent, after you have been informed thereof
- in order to comply with Generali’s legal obligations in the field of employment and social security law
- in order to establish, exercise or defend legal claims
- in order to ensure that you will be offered preventive or occupational medical services.
2.2. Ιf you are a supplier or a professional/independent service provider, Generali will collect and process your personal data:
A. i) for the execution of all the necessary pre-contractual actions in the context of procurement processes, ii) for the implementation of the contract that may be concluded and the performance of its necessary administrative, accounting and fiscal activities. Legal basis for the processing is the conclusion/ performance of the contract (art. 6 par. 1 (b) of the GDPR)
B. i) to defend the legitimate interests of Generali and its Group companies, ii) to comply with the corporate policies and procedures of Generali and its parent company and (iii) to carry out internal audits. Legal basis for this processing is the legitimate interest pursued by Generali (art. 6 par. 1 (f) of the GDPR)
C. i) for handling complaints and allegations; ii) for the fulfillment of the obligation to establish internal channels for reporting violations of Union law and to take the necessary measures for their monitoring; iii) for fighting economic crime; iv) for the imposition of financial sanctions; v) for checking politically exposed persons; vi) for the mandatory exchange of information in the field of taxation, possibly with the use of automated tools; vii) for complying with court decisions and for responding to requests from public authorities. Legal basis for this processing is the compliance with obligations foreseen in the legal or regulatory framework to which Generali is subject (art. 6 par. 1 (c) of the GDPR)
3. Which Personal Data we collect and process
We will process only the personal data which is strictly necessary for the aforementioned purposes. We will collect basic identity and contact details. If you are insured, depending on the insured object we will ask you for your additional details relating to your vehicle or your medical history. Finally, if the insured risk occurs Generali may request additional data and supporting documents relating to the incident, e.g. accident, hospitalization, etc.
If you visit our website, our servers may automatically log information related to your visit (such as IP address, the date, time and duration of your visit, etc.). In addition, we collect data about our website traffic for statistical purposes, but which are kept anonymous and do not identify any user. If you use the contact or complaints form, we will also collect your full name, your e-mail, your phone number and your city of residence, as well as your Taxpayer’s Identification Number (ΑΦΜ).
In addition, cookies will be saved on your device during the visit to our website. For more information on cookies, you can click here.
If you use our online-payment system (fastpay.generali.gr), you will be transferred to Alpha Bank’s “Alpha e-commerce” electronic payment platform. This means that we will not collect your credit/debit card details.
If you contact our call center the call will be recorded and the phone number from which you called us will be logged.
If you visit the offices of Generali, upon entering the building we will collect your name, your identity card number, the purpose and duration of the visit, while the closed-circuit TV system (CCTV), will record your image.
4. With whom we share your Personal Data
For the purposes listed above, we may share your data with third parties, such as:
- the parent company Assicurazioni Generali S.p.A.
- your insurance intermediary
- other insurance companies and reinsurers (including other companies of the Generali Group)
- third parties entrusted with carrying out certain activities relating to your relationship with us, if you are a supplier or professional/independent service provider
- our external providers who provide services necessary for the management of the insurance policy and the provision of our services and coverage, such as road assistance and accident care companies, call centers, IT companies, technical vehicle service providers, damage assessment and repair estimation companies, consulting and auditing companies in the field of health services
- third companies and professionals, such as the company DIAS Interbanking Systems SA, banks and financial institutions, payment service providers and NSPs, hospital and private clinics, diagnostic centers and labs, doctors and other health professionals, lawyers, bailiffs, experts, accident investigators and certified auditors.
- the Statistics Database (ΥΣΑΕ) of the Hellenic Association of Insurance Companies and the Electronic Service of the Immediate Payment System (Σ.Α.Π.)
- public or judicial authorities (such as courts, public prosecutors, police, independent regulatory and tax authorities), if required in order to comply with Generali’s legal obligations or to establish, exercise or defend legal claims
- the Bank of Greece, being the Supervisory Authority of the insurance companies
Generali, at each time, takes all necessary measures in order to ensure that only the strictly necessary data are transferred and that all processing activities are legitimate.
If you use our online-payment system (fastpay.generali.gr) we will transfer the necessary data, in order to successfully charge your card and process your payment through Alpha Bank’s “Alpha e-commerce” electronic payment platform.
Generali will not disclose in any way your personal data to any third party not related to the group policy and the provision of the coverage and services provided for therein, unless required by law or upon a lawful request or order by a public authority. Generali will not disclose your personal data to third parties to be used in commercial promotional activities, without your prior explicit consent.
In the event of the transfer of your personal data outside the European Economic Area (EEA), Generali ensures that such transfer will take place only after the implementation of at least one of the guarantees provided for in the applicable legal framework and of additional measures that are appropriate to ensure that the personal data transferred to the third country have a level of protection substantially equivalent to that guaranteed within the European Union.
5. Automated decision-making, including profiling
In order to assess your insurance application, Generali may process your Personal Data in an automated way, including profiling. The automated process will examine evaluate the insurance application based on the Generali’s underwriting rules and will issue a specific insurance quote. This specific automated process, which includes the use of algorithms, is based on mathematical/statistical analyses of the critical parameters, from the technical insurance perspective, which aim to the proper evaluation of the risk exposure and the determination of a suitable and proportional premium amount.
More specifically, the logic involved in the automated processing enables: i) the objective risk assessment, ii) its integration in a homogeneous risk group, on the basis, mainly, of the frequency, and iii) the scale of the damage that it may cause, as well as its appropriate pricing. The automated processing concerns data that you have provided via your insurance application, as well as data that may be collected from third sources. Based on this automated processing, a variation in the premium may occur.
As regards this Processing, you have the right not to be subject to any decision if such decision is based exclusively on automated processing and produces legal effects concerning you or affects you significantly. You have also the right to express your point of view regarding this decision, to be informed of its justification and contest its content. To exercise all your aforementioned rights, you may contact the competent Department or the Data Protection Officer (by sending a relevant request via email at: firstname.lastname@example.org )
Lastly, Generali may use automated processing during the validity period of the insurance policy, in order to carry out controls for the avoidance of insurance fraud and for compliance with the obligations arising from the anti-money laundering and automatic exchange of financial account information legislation.
6. Your rights with respect to Personal Data
You may exercise the following rights with respect to your Personal Data: Access, Rectification, Portability, and, provided that the legal requirements are met, Erasure, Restriction of Processing, and Objection.
You may also revoke any consent you might have given to us for the processing of your personal data, without affecting the legality of any processing based on your consent before its revocation.
For more information on the way and the conditions for the exercise of your rights, you can click here.
7. How to file a complaint
If you believe that the protection of your personal data is being compromised in any way, you may file a complaint before the l Hellenic Data Protection Authority: (address:1-3, Kifissias Ave., 115 23 Athens), www.dpa.gr.
8. How long we retain your Personal Data
We will retain and process your Personal Data for the purposes listed above for as long as your policy is in effect, and for a period up to twenty years after the expiry or termination, for any reason, of your policy, unless a different retention period is provided for by law. In addition, Generali will retain and process your personal data for a period up to five (5) years in case your insurance application was rejected and the insurance policy was finally not issued.
Recorded calls are stored for 12 months and then deleted, while closed-circuit TV (CCTV) recordings are stored for 15 days. In the event of an incident against Generali, its employees or third-party visitors, the images on which this incident has been recorded may be kept in a separate archive for a longer period in compliance with applicable legislation.
For more details concerning the collection and processing of your personal data, depending on your insurance policy, please see below:
Privacy Notice – Retail Motor Insurance
Privacy Notice – Retail Motor Insurance through Alpha Bank
Privacy Notice – Retail Life Insurance
Privacy Notice – Alpha Global Medical Care
Privacy Notice – Retail Non Life Non Motor
Privacy Notice – Corporate Insurance
Privacy Notice – Group Life Insurance
Privacy Notice – Group Life Insurance for credit card holders
Privacy Notice – CCTV
Data Privacy Notice for the Reporters & other Persons involved in the Reports