Privacy & GDPR
Data protection regulations
Status: July 2024
1. General
These data protection provisions regulations apply to the use of the website artegenerali.com provided by ARTE Generali GmbH, hereinafter referred to as "Website" or "Site". We kindly ask you to carefully read the following information.
These privacy policies for the website inform you about the purposes for which we collect your data, how we use it, to whom we may disclose it, and how you can exercise your rights. Providing data in connection with the website is voluntary. Protecting your personal data is of particular concern to us. We always ensure careful handling of your data in accordance with data protection regulations. We process personal data in accordance with applicable legal provisions, in particular the European General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other sector-specific data protection regulations. We require our employees to maintain confidentiality in accordance with applicable legal requirements.
2. Data Processing Controller
The controller for the processing of personal data in connection with the website is:
ARTE Generali GmbH
represented by the management
Adenauerring 7
81737 Munich
Fax: +49 (0)89 5121-1000
Email: arte@generali.de ("ARTE Generali", "we" or "us").
You can contact our data protection officer by mail at the above address with the addition - Data Protection Officer - or by email at: datenschutzbeauftragter.de@generali.com
3. Why do we collect personal data and how do we use it?
3.1. What is personal data?
3.1.1. According to Art. 4 No. 1 GDPR, "personal data" means any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more elements able to identify the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
3.1.2. Personal data also includes information about your use of our website. In this context, we collect data about your visits to our website, such as the extent of data transfer, the location from which you access data from our website, as well as other connection data and sources that you access. This is usually done by using log files, cookies, or third-party tools.
Access data about each page access and each file retrieval is stored in a log file on our server. Essentially, the page from which the file was requested, the location of the page, the name of the file, your current IP address, date and time of the request, access status (file transferred, file not found, etc.), amount of data transferred, browser type and language of the browser (referrer and user agent) are recorded.
3.2. Purposes and legal bases of data processing
ARTE Generali GmbH uses your personal data for the following purposes:
- To provide information about our products and services and those of our partners
- To improve our internet offering
- For the prevention of abuse/fraud on this website
- To provide the services you requested and to contact you if you desire or to communicate with you
- To ensure that our website is presented to you in the most effective and interesting way possible, e.g., storing display preferences, analyzing, further development our platform, and advertising our partners
- To enable you to participate in interactive offers, if you wish
- To inform you about changes to our services and those of our partners.
The legal basis for the processing of personal data for the above purposes is Art. 6 para. 1 f) GDPR, to safeguard the legitimate interests of us or third parties. This may be necessary to ensure IT security and IT operations.
In addition, ARTE Generali GmbH processes your personal data for analysis purposes and for presentation purposes. If ARTE Generali GmbH intends to process your personal data for a purpose not mentioned above, ARTE Generali GmbH will inform you in accordance with legal requirements beforehand.
3.3 Duration of data storage
We delete your personal data as soon as they are no longer required for the purposes mentioned above. It may happen that personal data is stored for the time during which claims can be asserted against ARTE Generali GmbH (statutory limitation period of three or up to thirty years). Furthermore, we store your personal data to the extent required by law; the storage periods thereafter are up to ten years. The storage of the log file information listed in section 3.4 is for a maximum of thirty days.
3.4 Automatically collected usage data
Each time you use of the website, so-called usage data is logged in server log files, as is common on the Internet. This usage data is automatically transmitted by your internet browser. It includes the following information:
- pseudonymized IP address (Internet Protocol address) of the computer from which the website is accessed
- Internet address of the website from which the website was accessed (so-called origin or referrer URL); name of the service provider through which access to the website is made
- name of the accessed files or information
- date and time as well as duration of the access
- amount of data transferred
- HTTP status code (e.g., "request successful" or "requested file not found").
Log file information of the aforementioned type is stored by ARTE Generali GmbH for security reasons (e.g., for the identification of attempted attacks) for a maximum of thirty days and then deleted. Data whose further storage is necessary for evidentiary purposes are excluded from deletion until the final clarification of the respective incident. Log file information may be disclosed to law enforcement authorities in individual cases. Otherwise, log file information is stored exclusively in anonymized form and statistically evaluated to continuously improve this website, to adapt to the interests of users, and identify and fix errors more quickly. (see also: Cookies Policy | Arte Generali).
4. Your data protection rights
You have the right to request information on the data stored about you, its origin and recipients, and the purpose of the storage. Furthermore, you can request the correction of your data if it is incorrect or incomplete. Claims for deletion or blocking of your data may exist if their collection, processing, or use is unlawful or no longer necessary. You may also have the right to restrict the processing of your data and the right to receive the data you provided in a structured, commonly used, and machine-readable format.
You have the right to object to the processing of your personal data for the purposes of direct marketing and/or market and opinion research. If we process your data to safeguard legitimate interests, you may object to this processing if there are reasons arising from your particular situation that speak against data processing.
You can exercise your rights with the controller for data processing. You have the right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority responsible for us is:
Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 27
91522 Ansbach
Phone: +49 (0) 981 53 1300
Fax: +49 (0) 981
Email: poststelle@lda.bayern.de
5. Disclosure of Your Personal Data to Third Parties
To fulfill our contractual obligations with you, we are entitled to share your data to our service providers.
Furthermore, we may share your personal data to third parties, if promotional activities, contests, contract conclusions, or similar services are offered by us jointly with partners. You can obtain further information on this by providing your personal data or in the description of the respective offer.
We do not share your personal data to third parties, unless you have consented to the transfer of data, or we are authorized or obligated to do so by law and/or official or court orders. This may include, in particular, providing information for law enforcement purposes, for averting danger or for enforcing intellectual property rights.
Our service providers and partners are located within the EU or the EEA, or in countries that have been classified by the European Commission as having an adequate level of data protection, or that ensure the appropriate level of data protection at the service provider in another way (e.g., by using the standard contractual clauses of the European Union).
We only provide our service providers and partners with the personal data they need for the specific activity. The commissioned service providers and partners act within the framework of contractual obligations, that ensure compliance with all applicable data protection regulations, including the necessary technical security measures.
6. Data Security
ARTE Generali GmbH is part of the Generali Deutschland Group. The group makes significant technical and organizational efforts to protect your personal data from loss, falsification, or unauthorized access. In the event that you would like to contact us by email, we would like to point out that the confidentiality of the transmitted information cannot be guaranteed, as the contents of unencrypted emails may generally be subject to eavesdropping by unauthorized third parties during transmission. Most email providers already use automatic transport encryption procedures to ensure the confidentiality of the email traffic. Please check with your email provider to see if it also uses TLS encryption. Otherwise, you should consider switching to an email provider with TLS support to ensure adequate encryption.
In addition to the transport encryption procedure TLS, we also offer you end-to-end encryption via the PGP procedure to ensure the confidentiality of your sensitive data. With PGP, your emails are encrypted in such a way that only the intended recipient can read them. Further information on data security can be found in the "Data Security" section on the page https://www.generali.de/datenschutz
7. Changes to Privacy Policy
ARTE Generali GmbH reserves the right to change these privacy policies at any time without prior notice. You can always find the current version on our website. Please inform yourself about the applicable privacy policies each time you use the contact page. Additionally, we will inform you about this in text form.
8. Questions about Data Protection & General Questions and our Contact Details
For questions regarding the processing of your personal data, please contact the data protection officer at: datenschutzbeauftragter.de@generali.com or at the following address with the addition "Data Protection Officer."
9. Data processing in the context of our social media presence
An up-to-date and professionally maintained social media presence is an important part of our existing communication policy. Our social media presences are used to facilitate direct communication and interaction with you. They also serve to provide you information about our products and services in an accessible and up-to-date manner.
9.1 Legal basis of the processing
The possibility of contacting you via social media and providing a corresponding website for this purpose constitutes a legitimate interest (legal basis) for us in accordance with Art. 6 para. 1 letter f EU GDPR. Any further processing operations, such as a detailed analysis of behavior on social media sites, including in connection with personal registration, are the responsibility of the providers of the social media portals themselves. Please obtain information about the types of data processed, the legal basis of these processing operations and their purposes from the providers.
9.2 Joint responsibility and exercising your rights
Together with the providers of the social media portals, we are responsible for data processing on our social media presences. You have the right to request information, rectification, erasure, restriction of processing and data portability from us or from the provider of the social media portal. Furthermore, you have the right to submit a complaint to a supervisory authority. Please be aware that we have limited influence over the data processing procedures and the period of data storage within our social media presences.
9.3 Data processing by us
We process the personal data you enter on our social media sites. This includes your username and the data you publish (e.g. posts, forwards). Our processing is limited to replying to your posts or writing posts in which we refer to your username or your images (for example, when you submit images to competitions). In this way, we integrate your published data more closely into our social media presence and make your personal data available to other users in this extended form.
9.4 Contact for questions / Data protection officer
If you have any questions about our social media presences, please use the contact options provided in the imprint/info page on the respective sites. You can contact our data protection officer either by post at the address provided in the legal notice/info page with the addition "Data Protection Officer" or by email at konzerndatenschutz.de@generali.com.
9.5 Alternative contacts
We use our social media presence to supplement the existing alternative contact options. Please note that you may contact us at any time via the contact details listed on our website under Contact.
9.6 Details on social media pages
9.6.1 Facebook Page
We use the technical portal and services of Facebook Ireland Limited, 4 Grand Canal Square, Dublin, Ireland, to operate a Facebook fan page. We have concluded a Page Insights Addendum with Facebook Ireland Limited regarding the controller. This regulates the joint responsibility for the processing of personal data in the relationship between our company and Meta Platforms Ireland Limited in accordance with Art. 26 GDPR. The responsibility for compliance with legal requirements, e.g. the information obligations under Art. 13 GDPR and the safeguarding of other data subject rights such as your right to erasure of personal data, are also defined there.
9.6.2 Instagram
We use the technical portal and services of Instagram. The provider is Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA. The data processing of individuals residing outside the United States is the responsibility of Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Further details on the processing of personal data by Instagram Inc. can be found in Instagram's privacy policy: https://privacycenter.instagram.com/policy
You can make privacy settings in your Instagram profile: https://privacycenter.instagram.com/controls
9.6.3 LinkedIn
We use the technical portal and services of LinkedIn. The provider is LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA. The data processing of individuals residing outside the United States is the responsibility of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Further details on the processing of personal data by LinkedIn Ireland can be found in LinkedIn's privacy policy:
https://de.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com%7Cli-other
9.6.4 Youtube
We use the technical portal and services of YouTube. The provider and party responsible for data processing is YouTube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. Further details on the processing of personal data by YouTube LLC can be found in YouTube's privacy policy:
https://www.youtube.com/intl/de_be/howyoutubeworks/user-settings/privacy/
ARTE Generali GmbH
Adenauerring 7
81737 Munich
Germany