Privacy Policy | Compagnia Tirrena LCA

Information regarding the processing of personal data
(pursuant to Articles 13 and 14 of EU Regulation 2016/679)

1. Introduction 

EU Regulation 2016/679 on the “protection of natural persons with regard to the processing of personal data and on the free movement of such data” (hereinafter “EU Regulation 2016/679” or “GDPR”) contains a series of rules aimed at ensuring that the processing of personal data is carried out in compliance with the fundamental rights and freedoms of individuals. Following consultation of this website “http://compagniatirrenalca.it/it/” (hereinafter the “Site”), data relating to identified or identifiable persons may be processed.

2. Data controller and data protection officer. 

Pursuant to Articles 13 and 14 of the GDPR, the following information is provided regarding the processing of personal data of data subjects. The Data Controller is Compagnia Tirrena di assicurazioni S.p.A. (VAT number 00885201004 and tax code 00409030582), with registered office in Via Massimi, no. 158, 00136 – Rome (RM), (hereinafter “Tirrena” or simply the “Data Controller”). The contact details are as follows: Telephone: +39.06.3018.3409 Email: privacy@compagniatirrenalca.it The Data Controller has appointed a Data Protection Officer (DPO) who can be contacted at the following email address: dpo@novastudia.it

3. Categories of personal data and source of data

Personal data may be freely provided by the User or, in the case of navigation data, collected automatically while browsing the Site.

Browsing data provided by the User’s computer When connecting to the Site, the computer systems and software procedures used to operate them automatically and indirectly administer and/or acquire certain information (such as, by way of example only, “cookies” as specified in the “Cookie Policy”). The processing of this data is necessary for the Data Controller to ensure the best possible browsing experience for the User and to provide them with all the functions and services made available on the Website. However, it is possible to limit the processing of such personal data by using certain features made available by the Website (with reference, in particular, to the transmission of cookies or similar tools, please refer to the Website’s “Cookie Policy”) or by the device or browser/navigation application. In this case, navigation on the Website may be limited and some of its functions/services may be inaccessible.

Data provided voluntarily by visitors Requests for information and site visits submitted by interested parties via the telephone numbers listed on the Website, as well as through the “Contact” section made available by the Data Controller, will result in the collection and subsequent processing of the personal data of the requesting parties (for example, name, surname, email address, telephone number, and other personal data contained in the body of the message or freely provided by telephone). The personal data processed by Tirrena is normally collected directly from the Data Subject and freely provided by them. The processing of personal data will be carried out for the purposes indicated below and will be based on principles of correctness, lawfulness, transparency, and protection of the confidentiality and rights of the Data Subject.

4. Purposes of processing and legal basis The data collected will be processed for the following purposes: a) to respond to requests for information and requests for site visits from the data subject by filling in the appropriate form on the home page and, more generally, through the contact channels indicated on the Website and through the dedicated “Contacts” section; b) to comply with obligations under laws and regulations to which the Data Controller is subject and/or to carry out orders from legitimate authorities; c) to ascertain, exercise, or defend a right in court.

The legal basis for processing is constituted:

• for the purposes referred to in subparagraph a), by the legitimate interest of the Data Controller in responding to requests for information and requests for site visits received (Article 6, paragraph 1, letter (f) of EU Regulation 2016/679);

• for the purposes referred to in subparagraphs b) and c), the fulfillment of a legal obligation (Art. 6, para. 1, letter c) of EU Reg. 2016/679). The provision of data and their communication to the categories of subjects indicated in paragraph 7 is not mandatory, but any refusal by the Data Subject to provide their data will make it objectively impossible for Tirrena to respond to requests for contact and/or information received.

5. Methods of processing Personal data is processed using manual, computerized, and telematic tools with logic strictly related to the purposes stated in this document and, in any case, in such a way as to guarantee the security and confidentiality of the data in accordance with current regulations. In the case of processing carried out by electronic and non-electronic means, as well as through management and storage systems, including state-of-the-art hardware and software, Tirrena may use third-party service companies that will be made aware of their responsibilities by being appointed as Data Processors pursuant to Article 28 of the GDPR.

6. Data retention period The data collected will be retained for a period of time not exceeding the achievement of the purposes for which it is processed (“storage limitation principle,” Art. 5 GDPR), without prejudice to cases of compliance with a legal obligation or order from an authority. The obsolescence of the data stored in relation to the purposes for which it was collected is checked periodically. At the end of the retention period, personal data will be deleted, destroyed, or anonymized, without prejudice to any retention periods required by law. Therefore, upon expiry of this period, the right of access, deletion, rectification, and the right to data portability can no longer be exercised.

7. Categories of subjects to whom the data may be communicated In certain cases, the performance of all activities related and/or instrumental to the management of requests requires Tirrena to communicate the personal data of the Data Subjects: • to employees and/or collaborators of the Data Controller in their capacity as persons authorized to process data and/or system administrators; • to subjects whose right to access such data is recognized by law; • to companies or third parties that perform activities for the Data Controller that are strictly connected or instrumental to the operation of the Website, such as the company that manages users’ personal data and the IT systems on which it is stored. The personal data provided by users who submit requests are used for the sole purpose of performing the service or provision requested and are disclosed to third parties only if this is necessary for that purpose. Outside of these cases, personal data will not be disclosed except as required by law. In this sense, personal data may be transmitted to third parties, but only and exclusively if this is necessary to comply with requests from judicial or public security authorities. The subjects belonging to the categories to which the data may be communicated will process the data and use it, as appropriate, as persons authorized to process it, Data Processors expressly appointed by the Data Controller in accordance with the law, or rather as independent data controllers. The Data Controller designates as persons authorized to process data all employees, including temporary employees, and collaborators, including occasional collaborators, who perform tasks involving the processing of personal data. The updated list of Data Processors is kept at the Data Controller’s registered office.

8. Place of processing The data will be processed by the Data Controller at its registered office.

9. Transfer of personal data outside the EU For technical and/or operational reasons, the personal data of Data Subjects may be transferred by Tirrena to countries outside the EU, such as in the case of cloud storage with servers located outside the European Union. In this case, the Data Controller hereby guarantees that the transfer of data outside the EU will be regulated in accordance with the provisions of Chapter V of the Regulation and authorized on the basis of specific decisions of the European Union. All necessary precautions will therefore be taken to ensure the total protection of personal data, basing such transfer on: a) adequacy decisions of the recipient third countries expressed by the European Commission; b) adequate safeguards provided by the recipient third party pursuant to Article 46 of the Regulation; c) the adoption of binding corporate rules.

10. Rights of data subjects The data subject has the right to request from the Data Controller: • access to data; • data portability; • object to the processing; • rectification of data, restriction of data processing, erasure (right to be forgotten) of data; as well as: • withdraw consent to the processing of personal data; • lodge a complaint with the Supervisory Authority (Privacy Guarantor).

11. How to exercise your rights The Data Subject may exercise their rights at any time by sending a registered letter with return receipt to Compagnia Tirrena di Assicurazioni S.p.A., at its registered office in 00136 – Rome (RM), Via Massimi, n. 158, or by email to: privacy@compagniatirrenalca.it Alternatively, the Data Subject may contact the Data Protection Officer at the following email address: dpo@novastudia.it

12. Minors Minors under the age of 18 must not provide information or Personal Data to Tirrena without the consent of their parents or legal guardians. Without such consent, it will not be possible to respond to requests from minors. The Data Controller invites all those who exercise parental responsibility over minors to inform them about the safe and responsible use of the Internet and the Web.

13. Changes The Data Controller reserves the right to make changes to this policy at any time by informing the Data Subjects on the Website. We therefore ask you to consult this “Section” periodically, referring to the date of the last modification indicated. Date of last modification: July 2020

The undersigned declares that he/she has read the policy pursuant to Articles 13 and 14 of EU Regulation 2016/679.