Site name
Download Center Contact us Portal for clients

A A A

SR

Site name

Generali Basic

IU value on date 18.04.2024

3.476,73 RSD

Archive

Generali Index

IU value on date 18.04.2024

1.883,96 RSD

16,08 EUR

Archive

Privacy Notice for Customers and Other Interested Parties

Generali Osiguranje Srbija processes your personal data*

Generali Osiguranje Srbija a.d.o. (hereinafter: Company, with its registered office at Vladimira Popovića 8 processes your personal data as Data Controller*.

If you wish to receive more information, you can use the following mailing address: Generali Osiguranje Srbija a.d.o., Vladimira Popovića 8, 11070 Novi Beograd, Srbija.

For any questions or if you wish to exercise a right in respect of the processing of your personal data, you can contact our Data Protection Officer*:

By e-mail: dpo@generali.rs

By traditional mail:

Generali Osiguranje Srbija a.d.o., Vladimira Popovića 8, 11070 Novi Beograd, to the attention of the Data Protection Officer (Lice za zaštitu podataka)

 

Why the provision of your personal data is required

We process your personal data in order to provide you with the insurance services you have requested or expect us to provide, including:

  • assessment and determination of the insurance premium, proposal and conclusion of the insurance contract, implementation of the contract, i.e. the services under the insurance contract;
  • execution of all related legal obligations (e.g. obligations related to the prevention of money laundering and financing of terrorism and implementation of the FATCA regulations);
  • risk assessment regarding the prevention of money laundering and financing of terrorism;
  • legal actions for the purpose of exercising the Company's legal rights;
  • customer satisfaction survey throughout the insurance contract period and, if necessary, detection and/or prevention of insurance-related fraud;
  • answering questions sent on the e-form through the Company portal;
  • contacting, sending useful information, offers and notifications about insurance products and services to existing, new and prospective customers.

Processing of personal data for the purposes indicated under the point 1 is required in order to enter into an insurance contract and comply with contractual obligations. If this includes the processing of special categories of personal data* (e.g. about your health), then the processing of such data is based on your consent*.

Processing of personal data for the purposes indicated under points 2 and 4 is necessary to allow the Company to comply with the legal obligations to which it is subject.

The processing of personal data for the purposes indicated under the point 3 and 5 above is based on the Company’s legitimate interest to test customer satisfaction throughout the insurance contract period, to have a more efficient customer relationship management, to prevent and identify possible insurance fraud and to implement Generali Group program in order to identify and adequately prevent possible money laundering and terrorism financing through the Company’s insurance products.

The processing of personal data for the purposes indicated under point 6 is based on your request to take action for the purpose of concluding an insurance contract and for the purpose of filing a complaint. In the case of compliments and suggestions regarding the Company’s operations, data processing is based on the Company’s legitimate interest.

The processing of personal data for the purposes indicated under the point 7 is based on your consent if you are a new or prospective customer.

In order to provide you with insurance services, we use your personal data to:

(I) prepare an insurance application according to your needs,

(II) comply with our obligations under the insurance contract (e.g. loss assessment, claim settlement...),

(III) collect the premium and make additional payments under the contract,

(IV) provide settlement, handle claims or other services,

(V) execute reinsurance contracts,

(VI) negotiate co-insurance contracts,

(VII) exercise and protect the Company's rights,

(VIII) prepare insurance renewal,

(IX) perform internal control activities and,

(X) carry out statistical activities.

 

Why the provision of your personal data is required

The processing of your personal data is necessary for the execution of the insurance contract we have entered into with you and for the compliance with our legal obligations.

Failure to provide the requested personal data, or providing partially accurate or incomplete data, makes it impossible for us to comply with our contractual and legal obligations.

 

Which personal data we use

We process only the personal data* strictly necessary to achieve the purposes above indicated. Depending on the insurance service requested, we mainly process:

Biographical and identification data;

Contact details;

Insurance policy details;

Tax details (in case of life insurance products);

Bank account details

Special categories of personal data (e.g. your health information);

Data relating to criminal convictions and offenses;

In certain cases, we need data on the origin of the funds you use to pay insurance premiums and information on all assets.

You provide personal data directly, or we receive it through third parties (affiliates of the Generali Group, lawyers, your employer or another policyholder, insurance brokers and agents, Association of Serbian Insurers, leasing companies, insured persons, healthcare facilities, etc.).

 

With whom we share your personal data

Our staff processes your personal data in line with procedures that provide an adequate level of data security and privacy. In this respect, the Company implements the international standard for information security ISO27001 and a number of other technical protection measures.

We can only share your personal data with third parties authorized to process personal data for the above purposes. Depending on the type of data processing, these are Data Processors* or Joint Controllers*.

Our staff and third parties who process your personal data receive explicit instructions on how to conduct the processing.

Third parties belong to the so-called insurance chain. i.e. persons who, for various reasons, provide services connected with the insurance contract (for example, brokers, agents, banks, co-insurers and reinsurers, insurance company’s lawyers and experts, technical and expert consultants, Association of Serbian Insurers,  leasing companies, car repair shops, roadside assistance companies, healthcare facilities, debt collection agencies, Generali Group companies and any other external company performing, as outsourcers, IT, telecommunication services, financial, administrative, archiving, correspondence management, auditing and financial statements certification services as well as companies specialized in service quality surveys.

 

Where we transfer your personal data

As a general rule, we do not transfer your personal data outside the Republic of Serbia and the countries of the European Economic Area. In exceptional cases, only for the purposes indicated above and upon request, we may transfer your personal data to a third party or an authority outside the Republic of Serbia and the European Economic Area. In any case, the transfer of your personal data is performed in compliance with the applicable laws and international agreements, implementing suitable safeguards (such as standard contractual clauses, binding business rules, approved codes of conduct, issued certificates, contractual provisions between the Data Controller and Data Processor, approved by the Commissioner).

 

The rights you can exercise in respect of the processing of your personal data

 

Access

You may request access to your personal data to receive information, for example, about the categories of personal data that the Company is currently processing, but you must note that the request refers to the data of a customer or a person interested in a product.

 

Rectify or update

You may ask the Company to correct or update personal data that are inaccurate or incomplete;

 

Erase

You may ask the Company to erase personal data where one of the following applies:

The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

You withdraw consent on which the processing is based and where there is no other legal ground for the processing;

You object to automated decision-making and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing purposes;

The personal data have been unlawfully processed;

The personal data have to be erased in compliance with the Company’s legal obligations;

The personal data have been collected in relation to the information society services.

 

Restrict

You may ask the Company to restrict how it processes your personal data, where one of the following applies:

You contest the accuracy of your personal data, for a period enabling the Company to verify the accuracy of your personal data.

The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead.

The Company no longer needs the personal data, but they are required by you for the establishment, exercise or defense of legal claims.

You have objected to processing pursuant to the right to object and automated decision-making, pending the verification whether the legitimate grounds for the Company override those of you.

 

Portability

You can request that you receive the data processed by the Company under the contract or based on your consent in a structured, commonly used, machine-readable format and that you transfer this data to another organization, or that it be transferred by the Company, if technically feasible.

In case you provided your consent to the processing of personal data, you may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

If your personal data are transferred outside the European Economic Area, you have the right to obtain a copy of such data as well as an indication of the Country/Countries where the personal data have been made available.

You can exercise your personal data processing rights by sending a request by e-mail or traditional mail. Sending a request is free of charge, unless it turns out to be unfounded or excessive.

E-mail: dpo@generali.rs

Traditional mail: Generali Osiguranje Srbija a.d.o., Vladimira Popovića 8, 11070    Novi Beograd

 

Your right to object to the processing of your personal data

An objection to the processing of personal data will be automatically accepted only if we process your data based on consent.

In other cases, an assessment is made to decide whether the objection is accepted or not, and you will be informed in writing.

 

Your right to file a complaint with a competent authority

If you believe that the personal data processing was carried out against the Law on Personal Data Protection, you have the right to file a complaint to the Commissioner for Information of Public Importance and Personal Data Protection* to the address listed on the website https://www.poverenik.rs/sr

 

How long we retain your personal data

Your personal data can be retained for different periods of time, depending on the purposes of the processing, in compliance with the applicable privacy laws.

When data processing is performed based on a contract, we are required to retain your personal data for the entire duration of the contractual relationship and for 10 years after the termination of the insurance contract. In case of a loss event or an insured event, we store the data for 10 years from the moment the loss, i.e. the stipulated amount was determined.

We store the data collected based on consent for a period of 5 years, or until the withdrawal of consent - whichever comes first, while the data collected based on legitimate interest is stored until the purpose for which it was collected is fulfilled, i.e. 10 years after the termination of the insurance contract when it comes to processing for the purpose of money laundering and terrorism financing risk assessment.

 

Changes and updates of the Privacy Notice

The Company may update, wholly or partially, this Privacy Notice due to possible amendments to the applicable privacy laws. Any changes or updates will be posted on the Company’s website www.generali.rs

 

Glossary

Processing means any operation or set of operations which is performed on personal data or sets of personal data, such as collection, recording, classification, grouping or structuring, storage, adaptation or alteration, disclosure, access, use, disclosure by transmission, i.e. delivery, copying, dissemination or otherwise making available, comparison, restriction, erasure or destruction, whether or not by automated means.

Personal data mean any information relating to an individual identified or identifiable, directly or directly, especially based on an identifier, such as a name and an identification number, location data, an online identifier, or one or more characteristics of their physical, physiological, genetic, mental, economic, cultural or social identity.

Special categories of data mean the personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership as well as genetic data, biometric data where they uniquely identify a person, data concerning health, or data concerning a person’s sex life or sexual orientation.

Health data mean the personal data relating to the physical or mental health of an individual, including those about medical services, disclosing information about their health.

Data subject means the person whose personal data are processed.

Data controller means the individual or legal person, i.e. an authority which, alone or jointly with others, determines the purpose and means of processing. The law that determines the purpose and means of processing can also determine the data controller or set the terms of their assignment.

Joint controller means the individual or legal person, public authority, agency or other body which, jointly with other data controllers, determines the purposes and means of the processing of personal data.

Data processor means the individual or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.

Consent of the data subject is any data subject’s wish that is freely given, specific, informed and unequivocal, by which that person, via statement or by a clear affirmative action, agrees to the processing of personal data relating to him or her.

Personal data breach means a breach of personal data security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Data Protection Officer means a person in charge of performing support activities for the company functions and control activities in respect of the processing of personal data. It is also in charge of cooperating with the Supervisory Authority and it represents the contact point, also for the data subjects, for any matters connected with the processing of personal data.

The Commissioner for Information of Public Importance and Personal Data Protection is an independent and autonomous authority established under the law, responsible for supervising the implementation of the Law on Personal Data Protection and performing other tasks required under the law.