Site Privacy Policy

This Website is owned, operated and maintained by Inter Partner Assistance SA - General Representation for Italy (the ‘Company’ or ‘we’), the domain owner.

Pursuant to the legislation on the protection of personal data - Reg. (EU) 2016/679 (General Data Protection Regulation - ‘GDPR’) and Legislative Decree 196/2003 (Personal Data Protection Code) and subsequent amendments and additions, the Company, as data controller, is required to provide information regarding the use of personal data. This information is addressed to the ‘Users’ of the website www.axapartners.it (hereinafter, the ‘Site or Website’).

It is specified that this Privacy Policy relates to the personal data of Users collected through this Site:

• Users who are clients of the AXA Partners companies (in their capacity as proposers, policyholders or insured parties or other relevant subjects of the insurance contract, e.g.: beneficiaries) will be able to find all the information relating to the processing carried out by each company in the specific information notice issued at the time of signing the policies, also published in the Privacy Section of this Website (Privacy Policy for Insurance Products)
• Users who are Suppliers or Commercial Partners of AXA Partners companies (such as, for identification purposes, agents, brokers, banks, other insurance intermediaries, insurance and reinsurance companies, other commercial partners) may find all the information relating to the processing carried out by each company in the specific notice issued at the time of the establishment of the supply or commercial contractual relationship, also published in the Privacy Section of this Website (Suppliers and Commercial Partners Notice);

We are in no way responsible for the content, security or data and information collection procedures of third party websites, including those to which you may be directed through our Website. You should carefully review the privacy statements of each Web Site you visit to understand how personal information is collected, used and disclosed.

1) How we collect your personal information on the website

Browsing the website

The personal data processed are acquired directly from Users through the information generated when browsing the Web Sites (e.g. IP address). Cookies may also be used to collect and process Users' data. For more information, please consult the specific Cookie Policy on the Site, which can be reached by clicking on ‘Cookie Policy’ in the Site footer.

When you access the Site, our servers collect the domain name you used to access the Internet, the Web Site you came from and the next Web Site you visit.

We may use outside companies that provide certain services on our behalf and use the above information to measure the number of visits to the Site, the average time spent on the Site, page views and other statistics of visitors to our Web Site in general.

We may also use this data to monitor the performance of the Site and make our Site easier and more convenient to use.

We may aggregate the statistics we collect about our customers, sales, internet traffic patterns and services, and provide these statistics to third parties. When we provide these statistics to third parties, however, they will not include any personally identifiable information about our customers.

Registered Users

We may need customers to register on the Website in order to gain access and use other features. Once you become a registered member, we may collect additional personal data when you use the services on our Website

Non-registered users filling in the Contact Form

There are ‘Contact Forms’ on the Site that Users may fill in in order to request information from us. The personal data provided via the Contact Form will be used exclusively to respond to the request for information.

Cookies

Cookies are small amounts of data stored by your Internet browser on your computer's hard drive. You can set your browser to notify you when you receive a cookie or to prevent cookies from being sent to your computer. Please note, however, that by not accepting cookies the functionality we can provide when our customers visit our Website may be limited.

2) Types of personal data collected through the site

The personal data we collect through the Site may include:

• data that can be used to track the User's browsing behaviour on the Site, such as the IP address of the device used, the time of access to the Site and the pages visited, browsing preferences, parameters relating to the operating system used by the User, also by means of specific logs;
• Identification data in general and contact information such as name, surname, email address, profession and personal data in general;
• any other personal data made known to the Company through the User's requests; it is understood that - except for compliance with legal obligations or with specific consent or for other specific cases made known in advance to the interested party - the Company does not process special or judicial data, therefore, if they are communicated they will be promptly deleted or anonymised

3) Purpose and legal basis of the processing of personal data collected through the Site

The User's personal data collected through the Site are processed as part of the Company's normal activity for the following purposes and related legal basis for processing:

a) response to specific User requests, including informational ones; the basis for processing is Art. 6.1.b GDPR (i.e. comparable to contractual performance); responding to User requests inherently implies the need for data processing;

b) fulfilment of legal obligations (e.g. in the field of cybersecurity); the basis for processing is Art. 6.1.c GDPR; since this is an obligation, failure to comply with the law will result in failure to fulfil the obligation and will result in legal sanctions

(c) overriding legitimate interest of the Company or a third party (basis for processing is Art. 6.1.f GDPR), e.g. in the following cases:

(i) protection (establishment, exercise or defence) of a right of the Company or a third party, in or out of court, which is deemed to be an overriding interest pursuant to Recital 47 GDPR;

(ii) to ensure the security of networks and information against unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of personal data, deemed to be an overriding interest under Recital 49 GDPR

(iii) disclosure to other group companies for internal administrative purposes, deemed to be overriding interest under Recital 48 GDPR.

4) Communication of Personal Data collected through the Site to other parties

Users' data may be subject to communication and transfer for the purposes set out in paragraph 3. In particular, they may be communicated to the following recipients or categories of recipients

a) other AXA Group companies or parent, subsidiary or associated companies under the current Binding Corporate Rules (BCR);

b) professionals or service companies for company administration and management who work on behalf of the Company;

c) Judicial Authorities and Police Forces, supervisory and control bodies and, in general, public or private entities with functions of public relevance, from which the data may be known (e.g.: IVASS))

d) firms or companies in the context of assistance and consultancy relationships, including legal and tax consultancy;

e) parties that provide services for the management of the Company's computer system and telecommunications networks;

f) other categories of suppliers

The User may obtain a list of the names of the subjects to whom personal data are communicated, and who act as autonomous data controller or processor, when exercising the right of access pursuant to Art. 15 GDPR, by contacting us at the addresses indicated in paragraph 12 below (‘Contacts’).

5) Transfer of personal data to third countries

For some activities, we make use of subjects we trust - sometimes also operating outside the European Union - who perform tasks of a technical, organisational or managerial nature on our behalf; the same is also done by the subjects already indicated in this notice to whom the data are communicated. In any case, the transfer of data outside the European Union will take place on the basis of the assumptions set out in the regulations in force, including the use of binding corporate rules (known as BCRs - Binding Corporate Rules, which can be consulted on the website www.axapartners.it, Privacy section) for transfers within the AXA Group, the application of standard contractual clauses defined by the European Commission for transfers to companies outside the AXA Group, or the verification of the presence of an adequacy decision regarding the personal data protection system of the importing country.

6) Retention of personal data

The Company retains Users' data only for the time necessary to achieve the purposes indicated in this information notice in compliance with the principle of proportionality and necessity provided for by the legislation on the protection of personal data, in accordance with both the laws applicable to the Company) and the indications provided by the Garante per la protezione dei dati personali through the measures

The timelines for the various purposes indicated in paragraph 3 above are as follows:

a) par. 4.a (data subject's requests) and 4.c.iii (legitimate interest - intragroup administrative purposes): for as long as necessary to satisfy the Users' requests, in particular, as long as necessary to allow the navigation of the Site;

b) par. 4.b (legal obligation): for as long as required by the applicable rules;

c) par. 4.c.i (legitimate interest - protection of rights): for as long as the applicable law prescribes. In any event, personal data shall be retained until the relevant judgment or final judgment becomes final and, where necessary, for the subsequent enforcement phase;

d) par. 4.c.ii (legitimate interest - security of networks and information systems): up to 6 months after data collection;

Once the aforementioned retention periods have elapsed, the Company will delete or transform the data into anonymous form.

7)     Security measures applied to your data

We use appropriate technical and organisational measures designed to protect your personal data. The measures we provide are designed to ensure a level of security sufficient and appropriate to the risk of the processing of your personal data, in line with AXA standards.

8) Optional or mandatory nature of providing data

Whether the provision of your Personal Data to us is mandatory or not will be indicated to you at the time of collection of such data (e.g. by means of an asterisk on the contact form). If you do not provide the Personal Data identified as mandatory, we may not be able to properly interact with you.

9) Source of your personal data

We collect your personal data directly from you, who access the Site and/or fill in the contact forms on the Site.

10) Automated processing

We do not carry out automated processing with regard to personal data collected through this Site.

11) Rights of the data subject

The User (Data Subject) has the right to request from the Data Controller, in the cases provided for by law and as compatible with the legal basis of the processing

a) access to the personal data concerning him/her (right of access);

b) rectification of the personal data concerning him/her (right of rectification)

(c) erasure of personal data concerning him/her (right to erasure);

d) the restriction of the processing of personal data concerning him/her (right to restriction of processing).

The Data Subject also has the following rights vis-à-vis the Data Controller:

(e) right to object to the processing of personal data concerning him/her (right to object);

f) the right to the portability of data concerning him/her. The ‘right to portability’ shall mean the right to receive in a structured, commonly used and machine-readable format the personal data provided to the Data Controller, as well as the right to transmit such data to another data controller without hindrance from the Data Controller to whom he/she has provided it (pursuant to Art. 20 of the Regulation);

(g) the right to withdraw consent at any time without prejudice to the lawfulness of the processing based on consent before the revocation (if the processing is based on consent).

Finally, the Data Subject has the following right

(h) the right to lodge a complaint with the Garante per la Protezione dei dati Personali, in order to complain about a violation of the rules on the protection of personal data. The complainant may submit the complaint to the Garante using the method he/she deems most appropriate, either by hand delivery to the Garante's offices (at the address indicated below) or by forwarding it by (i) registered mail with return receipt addressed to: Garante per la protezione dei dati personali - Piazza Venezia 11 - 00187 Roma; (ii) e-mail to: garante@gpdp.it, or (iii) protocollo@pec.gpdp.it; (iv) fax to: 06/696773785.

12) Contacts

You may exercise the rights described above at any time by writing to IPA or to the Data Protection Officer (DPO)

• by mail: Via Carlo Pesenti 121 - 00156 Rome
• by e-mail: privacy@axa-assistance.com

Changes to the Privacy Policy

Please check this privacy policy periodically for any changes to it. However, we reserve the right to amend or supplement this privacy policy, and in such cases a specific notice (for at least 30 days after the change is made) will be provided on this Website in relation to any important changes.

Date of last update: 15 October 2024