Site name
Site name

Privacy Notice for Suppliers and Business Partners

Generali Osiguranje Srbija processes your personal data*

Generali Osiguranje Srbija a.d.o. (hereinafter: Company, with its registered office at Vladimira Popovića 8 processes your personal data as Data Controller*.

If you wish to receive more information, you can use the following mailing address: Generali Osiguranje Srbija a.d.o., Vladimira Popovića 8, 11070 Novi Beograd, Srbija.

For any questions or if you wish to exercise a right in respect of the processing of your personal data, you can contact our Data Protection Officer*:

By e-mail: dpo@generali.rs

By traditional mail:
Generali Osiguranje Srbija a.d.o., Vladimira Popovića 8,
11070 Novi Beograd, to the attention of the Data Protection Officer (Lice za zaštitu podataka)

 

Why the provision of your personal data is required

We process your personal data in order to be able to comply with our pre-contractual and contractual obligations including:

  • Implementation of the contracts in force and performance of the Company’s administrative, accounting and fiscal activities;
  • Organization and management of the work activities assigned to you for the implementation of the agreement in force;
  • Compliance with obligations set forth by the laws and regulations of the Republic of Serbia and decisions and acts issued by supervisory and control authorities;
  • Filing lawsuits and taking other legal actions to exercise the Company’s rights;
  • Allow the Company to carry out or take part, manage as well as plan corporate transactions, such as merger, acquisitions and restructuring.

Processing of personal data for the purposes indicated under points 1 and 2 is necessary for the execution of the contract we have entered into with you.

The processing of personal data for the purposes indicated under the point 3 is necessary to allow the Company to comply with the obligations to which it is subject.

Processing of personal data for the purposes indicated under points 4 and 5 is based on the Company’s legitimate interests.

 

Why the provision of your personal data is required

The processing of your personal data is necessary for the execution of the insurance contract we have entered into with you and for the compliance with our legal obligations.

Failure to provide the requested personal data, or providing partially accurate or incomplete data, makes it impossible for us to comply with our contractual and legal obligations.

 

Which personal data we use

We process only the personal data* strictly necessary to achieve the purposes above indicated. Depending on the type of our business relationship, we mainly process:

  • biographical and identification data of legal representatives, proxies and other persons who are the subject of the contractual relationship;
  • Contact details;
  • Tax and bank account details;

Personal data can be provided by you, directly or indirectly from public sources (records, lists, public registries, public documents) or from third parties (Generali Group related parties, employer, etc.)

 

With whom we share your personal data

Our staff processes your personal data in line with procedures that provide an adequate level of data security and privacy. In this respect, the Company implements the international standard for information security ISO27001 and a number of other technical protection measures.

We can only share your personal data with third parties authorized to process personal data for the above purposes. Depending on the type of data processing, these are Data Processors* or Joint Controllers*.

Our staff and third parties who process your personal data receive explicit instructions on how to conduct the processing.

Third parties perform computer-based, telecommunication, administrative, archiving activities, printing and mailing services, debt collection services, services related to the implementation of insurance contracts, loss assessment and claim settlement, and financial audit activities. Third parties include other public and private entities, such as the National Bank of Serbia, the Tax Administration and other authorities, and the Generali Group related parties.

 

Where we transfer your personal data

As a general rule, we do not transfer your personal data outside the Republic of Serbia and the countries of the European Economic Area.

In exceptional cases, only for the purposes indicated above and upon request, we may transfer your personal data to a third party or an authority outside the Republic of Serbia and the European Economic Area.

In any case, the transfer of your personal data is performed in compliance with the applicable laws and international agreements, implementing suitable safeguards (such as standard contractual clauses, binding business rules, approved codes of conduct, issued certificates, contractual provisions between the Data Controller and Data Processor, approved by the Commissioner).

 

The rights you can exercise in respect of the processing of your personal data

 

Access

You may request access to your personal data to receive information, for example, about the categories of personal data that the Company is currently processing, but you must note that the request refers to the data of a customer or a person interested in a product.

 

Rectify or update

You may ask the Company to correct or update personal data that are inaccurate or incomplete;

 

Erase

You may ask the Company to erase personal data if one of the following applies:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • You withdraw consent on which the processing is based and where there is no other legal ground for the processing;
  • You object to automated decision-making and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing purposes;
  • The personal data have been unlawfully processed;
  • The personal data have to be erased in compliance with the Company’s legal obligations;
  • The personal data have been collected in relation to the information society services.

 

Restrict

You may ask the Company to restrict how it processes your personal data, where one of the following applies:

  • You contest the accuracy of your personal data, for a period enabling the Company to verify the accuracy of your personal data.
  • The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead.
  • The Company no longer needs the personal data, but they are required by you for the establishment, exercise or defense of legal claims.
  • You have objected to processing pursuant to the right to object and automated decision-making, pending the verification whether the legitimate grounds for the Company override those of you.

 

Portability

You can request that you receive the data processed by the Company under the contract or based on your consent in a structured, commonly used, machine-readable format and that you transfer this data to another organization, or that it be transferred by the Company, if technically feasible.

In case you provided your consent to the processing of personal data, you may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

If your personal data are transferred outside the European Economic Area, you have the right to obtain a copy of such data as well as an indication of the Country/Countries where the personal data have been made available.

You can exercise your personal data processing rights by sending a request by e-mail or traditional mail. Sending a request is free of charge, unless it turns out to be unfounded or excessive.

By e-mail: dpo@generali.rs
Traditional mail: Generali Osiguranje Srbija a.d.o., Vladimira Popovića 8, 11070   Novi Beograd

 

Your right to object to the processing of your personal data

An objection to the processing of personal data will be automatically accepted only if we process your data based on consent.

In other cases, an assessment is made to decide whether the objection is accepted or not, and you will be informed in writing.

 

Your right to file a complaint with a competent authority

If you believe that the personal data processing was carried out against the Law on Personal Data Protection, you have the right to file a complaint to the Commissioner for Information of Public Importance and Personal Data Protection* to the address listed on the website https://www.poverenik.rs/sr

 

How long we retain your personal data

Your personal data can be retained for different periods of time, depending on the purposes of the processing, in compliance with the applicable privacy laws.

When data processing is performed based on a contract, we are required to retain your personal data for the entire duration of the contractual relationship and for 10 years after the termination of the insurance contract. In case of a loss event or an insured event, we store the data for 10 years from the moment the loss, i.e. the stipulated amount was determined.

We store the data collected based on consent for a period of 5 years, or until the withdrawal of consent - whichever comes first, while the data collected based on legitimate interest is stored until the purpose for which it was collected is fulfilled.

 

Changes and updates of the Privacy Notice

The Company may update, wholly or partially, this privacy notice due to possible amendments to the applicable privacy laws. Any changes or updates will be posted on the Company’s website www.generali.rs

 

Glossary

Processing means any operation or set of operations which is performed on personal data or sets of personal data, such as collection, recording, classification, grouping or structuring, storage, adaptation or alteration, disclosure, access, use, disclosure by transmission, i.e. delivery, copying, dissemination or otherwise making available, comparison, restriction, erasure or destruction, whether or not by automated means.

Personal data mean any information relating to an individual identified or identifiable, directly or directly, especially based on an identifier, such as a name and an identification number, location data, an online identifier, or one or more characteristics of their physical, physiological, genetic, mental, economic, cultural or social identity.

Special categories of data mean the personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership as well as genetic data, biometric data where they uniquely identify a person, data concerning health, or data concerning a person’s sex life or sexual orientation.

Health data mean the personal data relating to the physical or mental health of an individual, including those about medical services, disclosing information about their health.

Data subject means the person whose personal data are processed.

Data controller means the individual or legal person, i.e. an authority which, alone or jointly with others, determines the purpose and means of processing. The law that determines the purpose and means of processing can also determine the data controller or set the terms of their assignment.

Joint controller means the individual or legal person, public authority, agency or other body which, jointly with other data controllers, determines the purposes and means of the processing of personal data.

Data Processor means the individual or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.

Consent of the data subject is any data subject’s wish that is freely given, specific, informed and unequivocal, by which that person, via statement or by a clear affirmative action, agrees to the processing of personal data relating to him or her.   

Personal data breach means a breach of personal data security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Data Protection Officer means a person in charge of performing support activities for the Company functions and control activities in respect of the processing of personal data. It is also in charge of cooperating with the Supervisory Authority and it represents the contact point, also for the data subjects, for any matters connected with the processing of personal data.

The Commissioner for Information of Public Importance and Personal Data Protection is an independent and autonomous authority established under the law, responsible for supervising the implementation of the Law on Personal Data Protection and performing other tasks required under the law.