Privacy policy

Generali Jeniot S.p.A. (the “Controller” or the “Company”) will process the personal data of its stakeholders (customers, employees, suppliers, web browsers etc., hereinafter collectively the “Data Subjects”) in its role as independent controller of the data processing and in the context of the ordinary management of its relations, obtaining consent where necessary. The Company will only process data for commercial purposes if it has been expressly authorised by the Data Subjects.

Generali Jeniot, in application of current data protection laws, is structured as follows:
  • in order to perform the support and control functions pertaining to the application of Regulation EU No. 679/2016 (“GDPR”), it has appointed a Data Protection Officer “DPO”);
  • the staff who process personal data have been appointed as Authorised Persons; they have been provided with specific instructions and receive ongoing training and guidance;
  • • for specific technical or organisational purposes, the Company uses third parties to whom it outsources part of its own process. These persons may take on the role of “Authorised Person” or “Data Processor” for the Company’s data processing operations; alternatively they may act in full autonomy, as independent “Data Controllers” in subsequent processing operations having the same purposes as those pursued by the Company.
  • Only the personal data that is strictly necessary to achieve the above purposes will be processed, either on paper or using electronic instruments.

    The Company will only acquire the personal data that are strictly necessary to provide the requested services or to fulfil the purposes for which the data consent was obtained; particular attention will be paid to sensitive personal data, which will only be processed if absolutely essential. The Company will process all personal data by adopting the necessary security measures – both physical and digital – in accordance with the requirements of Regulation EU 679/2016 and other current legislation. At the end of the processing operation, the Company is obligated to retain the processed data; if such obligation no longer exists or after the obligatory conservation period has expired, the Company will erase or anonymize the data.

    Certain data may be indispensable, and its absence may render impossible the management of existing relations. Such data will be processed by our contractors as Data Processor or Authorised Person; for such services we also use outsourcers who perform technical, organisational and operational tasks on our behalf. The personal data will not be disseminated in any way, except where required on the basis of a specific legal obligation.

    Your personal data may be kept for different periods of time depending on the purpose for which they were processed by the Company in accordance with the privacy legislation applicable from time to time, and in particular: (i) for contractual purposes, for a period of 10 years from the cessation of the contract or, in the event of a dispute, for the term prescribed by law for the protection of the related rights, subject in any case to any longer conservation period that may be provided for in sector-specific regulations; (ii) for commercial and profiling purposes, for the period necessary to fulfil the aims for which the data were processed or collected and in any case for no longer than 24 months from the cessation of the contract for any reason.

    The Data Subject may receive knowledge of which data are being processed by the Company and, where the conditions are met, exercise their various rights on the use of such data (right of access, rectification, updating, integration, erasure, limitation of processing, portability or revocation of consent to the data processing, obtain a copy of the data if they are being kept in countries outside of the European Union, or obtain details of the location to which the data have been transferred or are being stored), or, for legitimate reasons, object to a specific type of processing or use of the data for commercial purposes in full or in part, also with regard to the use of automated means, by contacting: Generali Italia S.p.A., Piazza Tre Torri 1, 20145 Milano (MI),, or the Data Protection Officer (DPO), who can be contacted via e-mail at "" and/or by ordinary post at "RPD Generali Italia - Mogliano Veneto, Via Marocchesa 14 31021”. From the addresses given above, it is also possible to obtain details of the parties or categories of parties to whom the personal data may be communicated, or who may acquire knowledge of the data in their capacity as data processors.

    If you believe that the processing of your personal data infringes the applicable privacy laws, you have the right to lodge a complaint with the Garante per la Protezione dei Dati Personali [Italian Data Protection Authority] as indicated on the Authority’s website.

    In consideration of possible future amendments to the applicable privacy laws, the Company may amend and/or update this privacy notice in whole or in part. In accordance with current laws, any updates, changes or amendments will also be published on the Company’s website.