This website is owned, managed and maintained by Inter Partner Assistance SA - General Representation for Italy (the "Company"), the domain owner.
In accordance with the legislation on the protection of personal data - Reg. (EU) 2016/679 (General Data Protection Regulation - "GDPR") and Legislative Decree 196/2003 (Personal Data Protection Code) and subsequent amendments and additions, the Company, as data controller, is required to provide information regarding the use of personal data. This information is addressed to "Users", in their capacity as Interested Parties, of the website www.axapartners.it or of other domains owned by the same through which they will be redirected to this document (such as, for example, the Tripy site dedicated to Travel Agents and the Trade site dedicated to other insurance intermediaries) (hereinafter, "Site or Website").
It is specified that:
- Users who are clients of the AXA Partners companies (as proposers, policyholders or insured or other relevant subjects of the insurance contract, e.g.: beneficiaries) will be able to find all the information related to the treatments carried out by each company in the special information notice issued at the time of subscription of the policies, also published on the Site (Insurance Product Information);
- Users who are Suppliers or Commercial Partners of AXA Partners companies (such as, by way of identification, agents, brokers, banks, other insurance intermediaries, insurance and reinsurance companies, other commercial partners) will be able to find all the information relating to the processing carried out by each company in the appropriate information notice issued during the establishment of the supply or commercial contractual relationship (Suppliers and Commercial Partners Information Notice);
We are not responsible for the content, security or data and information collection procedures of third party websites, including those to which you may be directed through our Website. You should carefully review the privacy statements of each website you visit to understand how personal information is collected, used and disclosed.
1) How we collect your personal information on the website
Browsing the website
The personal data processed is acquired directly through Users through information generated when browsing the Site (e.g. IP address). Cookies may also be used to collect and process data from Users. Please refer to the specific Cookie policy on the Internet Sites for more information.
When you access the Site, our servers collect the domain name you used to access the Internet, the website you came from, and the next website you will visit.
We may use outside companies that provide certain services on our behalf and use the above information to measure the number of visits to the site, average time spent on the site, page views, and other statistics of visitors to our website, in general.
We may also use this data to monitor site performance and make our site easier and more convenient to use.
We may aggregate the statistics we collect about our customers, sales, Internet traffic patterns and services, and provide these statistics to third parties. When we provide these statistics to third parties, however, they will not include any personally identifiable information about our customers.
Registered Users
We may need customers to register on the Site in order to gain access and use other features. Once you become a registered member, we may collect additional personal information when you use the services on our website.
Non-registered users filling in the Contact Form
There are "Contact Forms" on the Site that Users can fill out in order to request information from us. The personal data that will be provided through the Contact Form will be used only to respond to the request for information.
Cookies
Cookies are small amounts of data stored by your Internet browser on your computer's hard drive. You can set your browser to notify you when you receive a cookie or to prevent cookies from being sent to your computer. Please note, however, that by not accepting cookies the functionality we can provide when our customers visit our website may be limited.
2) Types of personal data collected through the site
The personal data we collect through the Site may include:
- data suitable for tracking the behavior when browsing the Site, such as the IP address of the device used, the time of access to the Site and the pages visited, browsing preferences, parameters related to the operating system used by the user, including through special logs
- identifying data in general and contact information such as first name, last name, email address, profession and personal data in general;
- any other personal data made known to the Company through the requests of Users; it is understood that - except for compliance with legal obligations or upon specific consent or for other specific cases made known in advance to the interested party - the Company does not process special or judicial data, so if they are communicated they will be promptly deleted or anonymized.
3) Purpose and legal basis of the processing of personal data collected through the Site
The User's personal data collected through the Site are processed in the normal course of the Company's business for the following purposes and related legal basis of processing:
(a) response to specific User requests, including informational ones; the basis for processing is Art. 6.1.b GDPR (i.e., comparable to contractual performance); responding to User requests inherently implies the need for data processing;
b) fulfillment of legal obligations (e.g., in the area of cybersecurity); the basis for processing is . 6.1.c GDPR ; since it is an obligation, failure to do so will result in non-compliance and legal sanctions;
(c) overriding legitimate interest of the Company or third parties (basis of processing is Art. 6.1.f GDPR), such as in the following cases:
(i) protection (establishment, exercise or defense) of a right of the Company or a third party, in or out of court, which is deemed to be an overriding interest under Recital 47 GDPR;
(ii) to ensure the security of networks and information against unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of personal data, deemed overriding interest under Recital 49 GDPR;
(iii) disclosure to other group companies for internal administrative purposes, deemed overriding interest under Recital 48 GDPR.
4) Communication of Personal Data collected through the Site to other parties
The Company discloses Personal Data collected through the Site only to identified and authorized recipients.
The categories of recipients are as follows:
- AXA Partners Group entities that will best be able to fulfill the User's requests;
- where applicable, other AXA Group Entities to which AXA Partners Group belongs, if the Company believes that such requests were addressed to them;
- other entities with respect to which the communication of data is obligatory by law such as, but not limited to: IVASS, Bank of Italy - UIF (Financial Intelligence Unit), Internal Revenue Service, Judiciary, Law Enforcement.
5) Transfer abroad of personal data, including countries outside the EU
As a general rule, the recipients to which the Company discloses Users' Personal Data are located within the European Union (EU) or in countries outside the EU that provide an adequate level of protection (which means that Users' Personal Data are guaranteed the same level of security as in the EU).
Personal Data may also be transferred to AXA Group entities located in countries that do not provide an adequate level of protection; in such cases, the Company provides safeguards to ensure the security and confidentiality of the User's Personal Data, ensuring that such transfers are governed by Binding Corporate Rules (BCRs) .
6) Retention of personal data
The Company retains Users' data only for as long as necessary to achieve the purposes set forth in this notice in compliance with the principle of proportionality and necessity provided for in the data protection regulations, in accordance with both the laws applicable to the Company) and the guidance provided by the Data Protection Authority through the measures
The timelines for the various purposes indicated in Paragraph 4 above are as follows:
(a) paras 4.a (data subject requests) and 4.c.iii (legitimate interest - intra-group administrative purposes): for as long as necessary to fulfill Users' requests, in particular, as long as necessary to enable the navigation of the Site;
b) par. 4.b (legal obligation): for as long as required by applicable regulations;
c) par. 4.c.i (legitimate interest - protection of rights): for as long as the applicable law prescribes. In any case, personal data shall be retained until the term of res judicata of the relevant judgment or final judgment and, where necessary, for the subsequent enforcement phase;
(d) para 4.c.ii (legitimate interest - network and information system security): up to 6 months after data collection;
Once the above retention periods have elapsed, the Company will delete or transform the data into anonymous form
7) Rights of the Data Subject
The User (Data Subject) has the right to request from the Data Controller Company, in the cases provided for by law and as compatible with the legal basis of the processing:
(a) access to personal data concerning him/her (right of access);
b) rectification of personal data concerning him/her (right of rectification);
(c) the erasure of personal data concerning him/her (right to erasure);
(d) the restriction of the processing of personal data concerning him/her (right to restriction of processing).
The Data Subject also has the following rights vis-à-vis the Controllers:
(e) right to object to the processing of personal data concerning him/her (right to object);
(f) right to portability of data concerning him/her. "Right to portability" means the right to receive, in a structured, commonly used and machine-readable format, the personal data provided to the Data Controllers, as well as the right to transmit such data to another data controller without hindrance from the Data Controllers to whom you have provided it (pursuant to Art. 20 of the Regulations);
(g) the right to withdraw consent at any time without affecting the lawfulness of the processing based on the consent before the withdrawal.
Finally, the Data Subject has the following right:
h) The right to file a complaint with the Guarantor for the Protection of Personal Data, to complain about a violation of the regulations on the protection of personal data. The complainant may submit the complaint to the Guarantor using the method he or she deems most appropriate, either by hand delivery to the offices of the Guarantor (at the address below) or by forwarding: (i) registered mail with return receipt addressed to: Garante per la protezione dei dati personali - Piazza Venezia 11 - 00187 Roma; (ii) e-mail to: garante@gpdp.it, or (iii) protocollo@pec.gpdp.it; (iv) fax to: 06/696773785.
8) Contact
At any time you may exercise the rights described above by writing to IPA or the Data Protection Officer (DPO):
by mail: Via Carlo Pesenti 121 - 00156 Rome
o
by e-mail: privacy@axa-assistance.com
Changes to the Privacy Policy
Please check this privacy policy periodically for any changes to it. However, we reserve the right to amend or supplement this privacy policy, and in such cases a specific notice (for at least 30 days after the change itself) will be provided on this website in connection with any major change.
Date of last update: November 2023