Generali Osiguranje Srbija processes your personal data*
Generali Osiguranje Srbija a.d.o. (hereinafter: Company, with its registered office at Vladimira Popovića 8 processes your personal data as Data Controller*.
If you wish to receive more information, you can use the following mailing address: Generali Osiguranje Srbija a.d.o., Vladimira Popovića 8, 11070 Novi Beograd, Srbija.
For any questions or if you wish to exercise a right in respect of the processing of your personal data, you can contact our Data Protection Officer*:
By email at: dpo@generali.rs
By traditional mail:
Generali Osiguranje Srbija a.d.o., Vladimira Popovića 8, 11070 Novi Beograd, to the attention of the Data Protection Officer (Lice za zaštitu podataka)
Why the provision of your personal data is required
- When you browse our website www.generali.rs looking for information, i.e. you have not registered or otherwise provided us with information, we only collect personal data that your browser sends to our server. We process this data to enable you to browse the entire content of our website smoothly and safely and to improve your user experience.
- When you send a contact request, the Company will use your personal data to answer your question, suggestion, or respond to an insurance offer request (for more information about this data processing, please read the Privacy Notice for Customers and other Interested Parties).
The processing of personal data for the purposes indicated in the point 1 is based on the Company’s legitimate interest to prevent and identify possible abuses and to enable safe website browsing.
The processing of personal data for the purposes indicated under the point 2 is based on your request to take action for the purpose of concluding an insurance contract and for the purpose of filing a complaint. In the case of compliments and suggestions regarding the Company’s operations, data processing is based on the Company’s legitimate interest.
Why the provision of your personal data is required
We need your personal data to be able to display the website and guarantee its stability and security. You can accept or decline to provide them to us, but without your personal data we cannot provide you with the best user experience possible.
Which personal data we use
We process only the personal data* strictly necessary to achieve the purposes above indicated. Depending on the type of our business relationship, we mainly process:
- biographical and identification data of legal representatives, proxies and other persons who are the subject of the contractual relationship;
- Contact details;
- Tax and bank account details;
Personal data can be provided by you, directly or indirectly from public sources (records, lists, public registries, public documents) or from third parties (Generali Group related parties, employer, etc.)
With whom we share your personal data
Our staff processes your personal data in line with procedures that provide an adequate level of data security and privacy. In this respect, the Company implements the international standard for information security ISO27001 and a number of other technical protection measures.
We can only share your personal data with third parties authorized to process personal data for the above purposes. Depending on the type of data processing, these are Data Processors* or Joint Controllers*.
Our staff and third parties who process your personal data receive explicit instructions on how to conduct the processing.
Third parties perform computer-based, telecommunication, administrative, archiving activities, printing and mailing services, debt collection services, services related to the implementation of insurance contracts, loss assessment and claim settlement, and financial audit activities. Third parties include other public and private entities, such as the National Bank of Serbia, the Tax Administration and other authorities, and the Generali Group related parties.
Where we transfer your personal data
As a general rule, we do not transfer your personal data outside the Republic of Serbia and the countries of the European Economic Area.
In exceptional cases, only for the purposes indicated above and upon request, we may transfer your personal data to a third party or an authority outside the Republic of Serbia and the European Economic Area.
In any case, the transfer of your personal data is performed in compliance with the applicable laws and international agreements, implementing suitable safeguards (such as standard contractual clauses, binding business rules, approved codes of conduct, issued certificates, contractual provisions between the Data Controller and Data Processor, approved by the Commissioner).
The rights you can exercise in respect of the processing of your personal data
Access
You may request access to your personal data to receive information, for example, about the categories of personal data that the Company is currently processing, but you must note that the request refers to the data of a customer or a person interested in a product.
Rectify or update
You may ask the Company to correct or update personal data that are inaccurate or incomplete;
Erase
You may ask the Company to erase personal data if one of the following applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- You withdraw consent on which the processing is based and where there is no other legal ground for the processing;
- You object to automated decision-making and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing purposes;
- The personal data have been unlawfully processed;
- The personal data have to be erased in compliance with the Company’s legal obligations;
- The personal data have been collected in relation to the information society services.
Restrict
You may ask the Company to restrict how it processes your personal data, where one of the following applies:
- You contest the accuracy of your personal data, for a period enabling the Company to verify the accuracy of your personal data.
- The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead.
- The Company no longer needs the personal data, but they are required by you for the establishment, exercise or defense of legal claims.
- You have objected to processing pursuant to the right to object and automated decision-making, pending the verification whether the legitimate grounds for the Company override those of you.
Portability
You can request that you receive the data processed by the Company under the contract or based on your consent in a structured, commonly used, machine-readable format and that you transfer this data to another organization, or that it be transferred by the Company, if technically feasible.
In case you provided your consent to the processing of personal data, you may withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
If your personal data are transferred outside the European Economic Area, you have the right to obtain a copy of such data as well as an indication of the Country/Countries where the personal data have been made available.
You can exercise your personal data processing rights by sending a request by e-mail or traditional mail. Sending a request is free of charge, unless it turns out to be unfounded or excessive.
E-mail: dpo@generali.rs
Traditional mail: Generali Osiguranje Srbija a.d.o., Vladimira Popovića 8, 11070 Novi Beograd
Your right to object to the processing of your personal data
An objection to the processing of personal data will be automatically accepted only if we process your data based on consent.
In other cases, an assessment is made to decide whether the objection is accepted or not, and you will be informed in writing.
Your right to file a complaint with a competent authority
If you believe that the personal data processing was carried out against the Law on Personal Data Protection, you have the right to file a complaint to the Commissioner for Information of Public Importance and Personal Data Protection* to the address listed on the website https://www.poverenik.rs/sr
How long we retain your personal data
Your personal data can be retained for different periods of time, depending on the purposes of the processing, in compliance with the applicable privacy laws.
We store data collected based on consent for cookies for 12 months, or until the withdrawal of consent - whichever comes first. The data collected based on legitimate interest is stored until the purpose for which it was collected is fulfilled.
Changes and updates of the Privacy Notice
The Company may update, wholly or partially, this Privacy Notice due to possible amendments to the applicable privacy laws. Any changes or updates will be posted on the Company’s website www.generali.rs
Glossary
Processing means any operation or set of operations which is performed on personal data or sets of personal data, such as collection, recording, classification, grouping or structuring, storage, adaptation or alteration, disclosure, access, use, disclosure by transmission, i.e. delivery, copying, dissemination or otherwise making available, comparison, restriction, erasure or destruction, whether or not by automated means.
Personal data mean any information relating to an individual identified or identifiable, directly or directly, especially based on an identifier, such as a name and an identification number, location data, an online identifier, or one or more characteristics of their physical, physiological, genetic, mental, economic, cultural or social identity.
Special categories of data mean the personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership as well as genetic data, biometric data where they uniquely identify a person, data concerning health, or data concerning a person’s sex life or sexual orientation.
Health data mean the personal data relating to the physical or mental health of an individual, including those about medical services, disclosing information about their health.
Data subject means the person whose personal data are processed.
Data controller means the individual or legal person, i.e. an authority which, alone or jointly with others, determines the purpose and means of processing. The law that determines the purpose and means of processing can also determine the data controller or set the terms of their assignment.
Joint controller means the individual or legal person, public authority, agency or other body which, jointly with other data controllers, determines the purposes and means of the processing of personal data.
Data processor means the individual or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.
Consent of the data subject is any data subject’s wish that is freely given, specific, informed and unequivocal, by which that person, via statement or by a clear affirmative action, agrees to the processing of personal data relating to him or her.
Personal data breach means a breach of personal data security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Data Protection Officer means a person in charge of performing support activities for the Company functions and control activities in respect of the processing of personal data. It is also in charge of cooperating with the Supervisory Authority and it represents the contact point, also for the data subjects, for any matters connected with the processing of personal data.
The Commissioner for Information of Public Importance and Personal Data Protection is an independent and autonomous authority established under the law, responsible for supervising the implementation of the Law on Personal Data Protection and performing other tasks required under the law.