Data Protection/Privacy Statement
This data protection/privacy statement describes how Inter Partner Assistance SA - Branch in Italy, member of the AXA group (hereinafter also referred to as "IPA"), processes personal data relating to its customers, contractors, policyholders, beneficiaries, as well as users of its website. Pursuant to the definitions contained in the European Union Regulation 2016/679, IPA is the Data Controller. We are therefore responsible for any use of personal data that is made directly by us or otherwise carried out on our behalf. This statement will be constantly updated, by publishing the latest version on the website. It comprises 10 paragraphs:
- Who we are
- Type of data processed, source of personal data and means of processing
- Sharing information with third parties
- Legal basis for the use of personal data
- Transfer of personal data to non-EU countries
- Data retention period
- Information security
- Your rights
- Other provisions
1. Who we are
Inter Partner Assistance S.A. – Rappresentanza Generale per l’Italia, Compagnia Assicurativa e Riassicurativa, con sede in Roma Via Carlo Pesenti 121, è parte del gruppo AXA. IPA, per i prodotti da quest’ultima commercializzati, riveste il ruolo di Titolare del trattamento dei dati, ciò significa che è IPA stessa a determinare, nel rispetto della normativa, le modalità di trattamento del dato stesso (come descritto nella presente informativa).
IPA ha nominato un Responsabile della Protezione Dati (RPD), che ha il compito di supervisionare l’utilizzo ed il trattamento dei dati effettuato da IPA.
È possibile contattare il RPD per le richieste inerenti il trattamento dei propri dati, nonché per esercitare i diritti che il Regolamento Europeo vi accorda.
I contatti di riferimento del Titolare del Trattamento e del RPD (anche indicato con la sigla inglese “DPO”) sono indicati nel successivo paragrafo 9.
2. Type of data processed, source of this personal data and means of processing
2.1 Insurance policies or service contracts purchased directly from our company It is possible to obtain a quote and purchase our products through the web portals used to market these products or through our sales network. In this regard, we collect information that is relevant to products that are purchased. It should be noted that we only collect information that is absolutely necessary for this purpose.
In detail, by way of example:
- Name (of the policyholder or user of the service and any other individual who may benefit from the service or insurance coverage).
- Username and password for access to a reserved web account.
- Address and contact details, including email address.
- Other details required by the type of product being purchased such as, by way of example, vehicle registration, make and model, duration of a trip.
- Payment details, which may include credit card or bank details.
For each product that is purchased
an identification number will be assigned by us and recorded along with other personal data. If you provide us with data relating to other persons (for example, someone with a right and / or an interest in the purchased product), you must ensure these persons are aware that we will use their data for the purpose of the performance of the purchased product, and you must refer them to this data protection/privacy statement. Some data are necessary for the performance of the contractual relationship and to allow IPA to fulfill the provisions of the purchased contract; if the requested data are not provided, IPA may not be able to fulfill its contractual obligations.
2.2 Insurance products purchased from our business partners
Our product may have been purchased from one of our business partners (for example as an add-on to another insurance policy or a product you bought from them). In these cases, our business partners will collect and share some personal data with IPA to allow the signing and management of the contract and the performance of the related services.
In detail, by way of example:
- Name (of the policyholder and any persons insured under the policy)
- Address and contact details
- Details of the asset or the insured person, such as vehicle details for breakdown insurance policies or home details for assistance policies
- Banking information for claims and refunds.
Our business partners will assign an identification number which we will record along with other personal data.
2.3 Reporting a claim or requesting a service
You may contact IPA in the manner provided for in the purchased contract, in order to:
- Report a claim relating to your insurance policy
- Request a service related to your service contract.
Using the same procedures you may also receive information on a request for a service and on the notification of a claim. Once a request has been submitted, and in consideration of the customer’s requirements, further information may be required for the verification and management of the request. In any case, the data collected shall include:
- The name and the detailed data of the policy and contract
- Information relating to the claim or the service requested, including the circumstances and any data that are useful for the performance of our duties, including special category data. For example, we may need to know information about your health, your employees, or related persons who receive services or are involved in the assistance we provide, or other sensitive information about the circumstances of a claim or request. These data will be collected for the exclusive purpose of allowing us to manage the claim and provide the requested and necessary services.
A number will be assigned to the claim or the requested service, which will be part of the personal data recorded by us. If you provide details relating to other people, make sure they are aware that we will use their data for the purposes of handling a claim or service request and refer them to this data protection/privacy statement for further information.
Phone calls to our call centers may be recorded and we may keep records of our correspondence with you to manage claims and provide requested services.
2.4 Other Uses of Our Website
2.5 Direct marketing
If explicit and specific consent has been given, IPA will be authorized to send communications (including by email and text message) on products offered by the latter and by third parties, which may be of interest to recipients (for example because they are related to other products and services that were previously purchased and/or in which an interest was shown).
Moreover, if explicit and specific consent has been given, IPA will be authorized to share personal data with other parties for marketing purposes. This could include – but would not be limited to - the sharing of names, telephone numbers and email addresses. As of this date, this may also be done through AXA Group start-ups.
These marketing activities (by IPA or third parties) could involve the overlapping of a user's personal data with information that is available from public sources, in order to send relevant communications that are tailored to a customer’s needs.
If consent has not been given for the aforementioned marketing activities, it will still be possible for you to receive requests for feedback, surveys and other customer service communications from IPA.
You can withdraw your consent to these marketing activities at any time using the contact details in section 9.
2.6 Other uses of personal data
By way of example and without limitation we may also use your data as follows:
- to record telephone calls for training and quality control purposes;
- to conduct surveys or ask for feedback on our products and services with an invitation to take part in focus groups. Your answers will be used for quality control purposes and to improve our products and services;
- to carry out checks within the scope of the prevention of fraud and money laundering, and in compliance with Italian insurance sector regulations;
- to handle complaints relating to our businesses and to assess and manage any potential or actual legal action arising from such complaints;
- to help us improve our processes, products and services, e.g. by analyzing the reasons for complaints. In this context, as far as possible, anonymized data will be used;
- to comply with laws and regulations or to protect and safeguard rights both in court and out of court, , including the rights of third parties.
2.7. Data of minors
Insurance policies and service contracts are stipulated only with individuals over the age of 18.
However, some information on minors may be collected and used in connection with an insurance coverage or the provision of a service, for example where this is relevant to the circumstances of a claim or the performance of a service or in relation to the latter.
3. Sharing Information with Third Parties
3.1 Provision of services
Personal data may be shared with service providers to manage claims and provide the requested and/ or necessary services (services offered by the latter include, by way of example but without limitation , roadside assistance services, medical care at home, etc.). With the aforementioned service providers we may share data such as names, addresses or positions, car registration numbers, number of passengers and other details and circumstances relating to a claim. These details may include special category data that are relevant to the service provided, such as the health of the people involved in a claim.
3.2 Other AXA Group companies
Some of your personal data may be shared with other AXA group companies in order to provide specific services provided for in the contract, including, for example, the management of claims relating to a trip. These AXA group entities will act on behalf of IPA which will always be responsible for the use of personal data processed for these purposes. Where it is necessary to make a data transfer outside the European Union, we will ensure appropriate measures are in place to safeguard data protection. Data may also be shared outside the European Union for the purposes of managing claims and preventing and identifying fraud.
Finally, personal data may also be shared outside the European Union for the purpose of managing claims and preventing and identifying fraud. Personal data may be used for statistical purposes, but in such cases data will be provided in a form that prevents individuals from being identified. Transfers within the AXA Group will be covered by the BCR (Binding Corporate Rules) of the AXA Group.
3.3 Other information
We may also disclose your personal data to the following third parties:
- Regulatory authorities or bodies
- Parties involved in current or future legal proceedings, or who help us establish, exercise or defend our rights. For example, we may share information with our legal advisors or other professionals
- Parties you have authorized us to share your data with regarding products you have purchased or claims
- Providers of products and services for the sending of marketing communications, to the extent that you have consented to this
- Other service providers, such as those providing backup or technology services
- Other Parties you have authorized or where otherwise required or permitted by the law
4. Legal basis for the use of personal data
We collect, use and disclose your personal data, by way of example, for the following reasons:
- for the execution of a contract, the management of services and the issuing of guarantees
- to comply with a legal obligation, for example towards government authorities or the Supervisory Authority
- for marketing communications
Where special category personal data - such as information on your health - is collected, we will seek your explicit consent separately. This will generally occur when you report a claim or request a service, unless the use of such data is necessary for safeguarding. your vital interests or those of another individual or for establishing, exercising or defending legal claims.
5. Transfer of personal data to non-EU countries
In addition to the provisions of paragraph 3.2 above, in cases where the transfer of data outside the European Union is necessary, these data will be guaranteed a level of protection that us equal to that required by the Italian and EU data protection law.
Your special category personal data shall not be transferred outside the European Union without you receiving express information prior to the transfer.
6. Data retention period
Personal data will be kept for as long as necessary in relation to the processing purposes and aims. Some personal data may also be kept for a period after the expiry of a contractual relationship, in particular in order to resolve any disputes andongoing or future judicial procedures, to keep records of our services, and to comply with obligations established by the law or to exercise the right of defense in any jurisdiction.
It is a specific obligation of IPA to keep personal data safe, confidential, accurate and efficient for the duration of the authorized use.
At the end of the retention period, personal data will be anonymized or destroyed.
7. Information security
We regularly review the technical and organizational security measures we have in place on our information and communication systems in order to prevent the loss, misuse or unauthorized alteration of your personal data. IPA has implemented an adequate procedure to identify and report any data breach within 72 hours and is committed to resolving breaches within a reasonable amount of time.
8. Your rights
In accordance with data protection laws, you have the right to request:
- the limitation of processing.
You also have the following rights:
- right to object to the processing of personal data;
- right to the portability of data concerning you. By “right to portability” we mean the right to receive the personal data you have provided to IPA in a structured, commonly used format that is readable by an automatic device, as well as the right to transfer such data to another person;
- right to withdraw consent at any time without prejudice to the lawfulness of processing based on consent before the withdrawal.
- right to lodge a complaint with the Supervisory Authority for the Protection of Personal Data to complain about an infringement of the rules on the protection of personal data. The complaint may be sent to the Supervisory Authority using the method deemed most appropriate, i.e. by delivering it by hand to the Supervisory Authority's offices (at the address shown below) or by forwarding it:
- by registered letter with return receipt addressed to: Garante Privacy - Piazza Venezia, 11 - 00187 Rome;
- to the e-mail address: firstname.lastname@example.org, or Certified Mail:email@example.com;
- by fax to the number: 06/696773785
You can exercise the rights described above at any time by writing to IPA or the Data Protection Officer (DPO):
· by post: Via Carlo Pesenti 121 - 00156 Rome
· by e-mail: firstname.lastname@example.org
10. Other provisions