PRIVACY POLICY

IN ACCORDANCE WITH ARTICLES 13 AND 14 OF REGULATION (EU)2016/679

contact@GeneraliGlobalInfrastructure.com

1. Which company will process Your personal data*?

Generali Global Infrastructure SAS with registered office in 58 bis, rue La Boétie, 75008 Paris, will process* Your personal data as Data Controller* in accordance with Regulation (EU) 2016/679 (hereinafter the “GDPR”).

If You wish to contact Us, You can use the following contact details:

  • Contact@GeneraliGlobalInfrastructure.com

If You wish to submit any questions or exercise a right regarding the processing of Your personal data, You can contact the Company’s Data Protection Officer*, by using the following contact details:

By mail:

  • 58 bis, rue La Boétie, 75008 Paris, to the attention of the Data Protection Officer/RCCI

By e-mail:                                                         

  • Contact@GeneraliGlobalInfrastructure.com

Effective as from 15/10/2021

This Privacy Policy provides users (hereinafter “You” or “Your”) of the website [www.Generali Global Infrastructure.com] (hereinafter the “Website”) with the information on the processing of their personal data, collected by the Company by means of the Website, in the context of Your use of the Website and the services available on the Website, under Articles 13 and 14 of the GDPR.

Unless otherwise specified herein, this Privacy Policy does not apply to any other data referred to You, collected by the Company by or through any other means, such as information collected offline and on other websites of the entities of the Generali group that You might access via any link found on the Website.

The Company may provide You with further specific information on the processing of Your personal data, along with the relevant request of consent, if needed. This information may also be provided within other webpages of the Website, in case You should make specific requests to the Company, by providing the latter with Your personal data. Those privacy information notices and consents will be respectively provided and obtained prior to the processing of these further categories of personal data.

The Company cares about the confidentiality, protection and safety of Your personal data. In order to help You in understanding this Privacy Policy, You can find a glossary on the last page of this Privacy Policy, which includes the definitions of the main terms used herein.

We strongly recommend You to carefully read this Privacy Policy before browsing through the pages of the Website.

We may amend this Privacy Policy, from time to time, also as a consequence of any legal or regulatory changes. However, the updated version of this Privacy Policy will always be available on the Website, to be consulted by You.

2. How do We process Your personal data and what is the legal basis for the processing of this data?

The Company will process Your personal data in compliance with the obligations to which the Company is subject to under the GDPR.

The Company will process Your personal data (as better identified in Section 4 below) to pursue the following purposes:

  1. Providing the services offered through the Website, including the possibility of obtaining answers to the requests for information or assistance that You should submit to us (hereinafter “Contractual Purposes“);
  2. Complying with the obligations set forth by applicable laws, including responding to possible requests submitted to us by governmental authorities and supervisory bodies (hereinafter “Law Purposes“);
  3. Carrying out activities functional to the sale of companies or business units, acquisitions, mergers, spin-offs or other operations that may affect the Company, as well as executing such operations;
  4. Developing and improving the services offered through the Website, by carrying out statistics on the use of the Website (e.g. analysing the most visited pages, etc.) and checking its functioning; and
  5. Establishing, exercising or defending of legal claims;

(the purposes of the processing listed under letters from c) to e) above are hereinafter jointly referred to as “Legitimate Business Interest Purposes”).

Based on the legitimate interests of the Controllers to establish and maintain beneficial and optimal professional relationships with current and prospective clients (Article 6, letter f, GDPR), Your personal data shall be processed by the Controller for the following purposes:

  • Inviting You to events, meetings, workshops, roundtables, congresses (including professional training), identified as of specific interest to You, organised and managed by the Controller identified from time to time in the invitations (brochures and/or presentations) that will be previously mailed or delivered to You to allow You to register for the event (hereinafter, respectively, the “Event(s)” and the “Partner(s) in the Event”); executing complementary activities following Your registration for the Event, such as, for example, activities related to the organisation and management of the Event itself; if You attend, using Your personal images that may have been collected in the course of the Event for possible publication on different (paper, tape and/or digital) supports, or through other means of communication or media, including websites, portals and social networks present on the internet;
  • Sending You newsletters, publications, studies, survey results, market analyses or analyses of specific industries or businesses, and any other type of professional information material, identified as of specific interest to You, prepared or published by the Controller, independently or in cooperation with other entities identified from time to time in the specific document (hereinafter, the “Publications” and “Publication Partners”, respectively).

Moreover, also on the basis of the legitimate interests of the controller, Your personal data shall be processed without your consent by Generali Global Infrastructure for the following purposes:

  • carrying out customer relationship management, consisting mainly in tracing and managing the relationships and interactions through the professionals belonging to it, develop with the ‘contacts’ of current and prospective clients, and any other persons/entities with whom/which Generali Global Infrastructure have developed business relationships, for the purpose of understanding their needs and expectations, improving services offered, developing new services based on the market’s requirements, as well as growing the business. For those purposes the personal information of ‘contacts’, including Your personal information, will be entered into special data bases owned by or available to the Controllers and will thus be made accessible to Generali Global Infrastructure. Where specific obligations of confidentiality or professional secrecy exist, as well as when there are particular reasons of expediency, Your personal information will be made available, depending on the circumstances, solely to Generali Global Infrastructure, or solely to the Controllers, i.e., solely to the members of the team of the Controller assigned to the specific professional engagement. In any case, it is agreed that You may be contacted, for customer relationship management purposes, only through the professionals who operate within Generali Global Infrastructure with which You have established the main relationship.

In case the Company wishes to process Your personal data for purposes other than the ones listed above, the Company will prior provide You with any required information under the GDPR, and collect Your consent, where needed.

The Company does not process Your personal data only based on automated decision-making processes.

3. Why do We ask You to provide Your personal data?

  1. The processing of Your personal data for Contractual Purposes (please see Section 2, let. a), above) is carried out pursuant to Article 6.1, let. b) of the GDPR and is mandatory, given that otherwise We would not be able to allow You to browse the Website or assist You in relation to Your requests. If You don’t want Us to process Your Identification Data (as defined under Section 4, letter a), below), You will not have to send us a request of information.
  2. The processing of Your personal data for Law Purposes is mandatory, as it is necessary to enable Us to comply with applicable laws.
  3. The processing of Your personal data for Legitimate Business Interest Purposes (please see Section 2, letters from c) to e) above) is based on Our legitimate interests, pursuant to Article 6.1, let. f) of the GDPR, which have been adequately balanced with Your interests and rights, as the processing of Your personal data is carried out only to the extent it is strictly necessary to pursue such purposes. However, You may object to the processing of Your personal data, by following the instructions specified under Section 6 below, unless We have an overriding interest on further processing Your personal data or in case the processing of Your data is necessary to establish, exercise or defend of legal claims.

4. Categories of personal data processed

We will process Your personal data only to the extent necessary to achieve the above-mentioned purposes. In particular, We will process the following categories of personal data referred to You:

  1. Data voluntarily provided by You, by submitting to Us any requests for information or assistance by means of the Website or using Our contact details available on the Website. This data might include Your name, surname, address, occupation, job title, employer/associated company, phone number and email address, as well as any other information referred to You that You should provide to Us by requesting information or assistance; (hereinafter jointly referred to as “Identification Data”);
  2. Browsing data relating to the use of the services on the Website made by You, such as Your IP addresses or domain names of Your devices, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server and other parameters relating to Your operating system and computer environment (hereinafter jointly referred to as “Browsing Data“). This data is automatically collected by means of the cookies* installed on the Website, in accordance with Our cookie policy, which is available at the following link. The collection of the Browsing Data does not aim at matching this data with You and We process this data in aggregate form. However, We may be able to identify You by means of Your Browsing Data.

5. With whom do We share Your personal data?

The Company will process Your personal data only to the extent that it is adequate, relevant and limited to what is necessary in relation to the purposes indicated under Section 2 above, by means of electronical and telematic tools as well as hard copies, in such a way as to ensure the security, protection and confidentiality of Your personal data.

In pursuing the purposes referred to in Section 2 above, We may disclose Your personal data to the following categories of recipients:

  1. Third party suppliers and companies of the Generali group, to the extent that such entities provide assistance or consultancy services to the Company, including but not limited to technological, accounting, administrative, legal and insurance services;
  2. Governmental authorities and supervisory bodies whose right to access to Your personal data is set forth by applicable laws; and
  3. To possible purchasers of the Company and other entities resulting from mergers or any other operations affecting the Company.

Your personal data will not be disseminated.

6. Where do We transfer Your personal data?

In pursuing the purposes referred to in Section 2 above, We may transfer Your personal data to countries outside the European Economic Area (EEA), by implementing appropriate safeguards, according to Articles 44 et seq. of the GDPR.

If You wish to have further information on the Countries where Your personal data may be transferred to as well as the relevant safeguards in place, You can contact Our Data Protection Officer, by using the contact details above.

7. The rights You can exercise regarding the processing of Your personal data

According to Articles 15 et seq. of the GDPR, You have the following rights that You can exercise by contacting Our Data Protection Officer:

–        Right of access

You may ask the Company to access Your personal data in order to know, for example, which personal data referred to You the Company is currently processing.

–        Right to rectification

You may ask the Company to rectify any personal data referred to You which should be inaccurate or incomplete.

–        Right to erasure

You may ask the Company to erase Your personal data when one of the following circumstances occurs:

  • Personal data is no longer necessary with respect to the purposes for which it was collected or otherwise processed;
  • You withdrew Your consent on the processing of Your personal data and the Company cannot rely on other legal grounds to process Your data;
  • You have objected to automated decision-making and there are no overriding legitimate grounds for the processing of Your data, or You have objected to the processing of Your data for direct marketing purposes;
  • Personal data has been unlawfully processed by the Company;
  • Personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the Company is subject; and
  • Personal data has been collected in connection with the provision of information society services, referred to in Article 8, paragraph 1, of the GDPR.

–        Right to restriction

You may ask the Company to restrict how it processes Your personal data, and requesting only its storage, where one of the following applies:

  1. You contest the accuracy of Your personal data, for a period enabling the Company to verify the accuracy of Your personal data;
  2. The processing is unlawful and You oppose the erasure of Your personal data and request the restriction of its use instead;
  3. The Company no longer needs Your personal data for the purposes of the processing, but this data is required by You for the establishment, exercise or defense of legal claims;
  4. You have objected to processing pursuant to the right to object and automated decision-making, pending the verification whether the legitimate grounds of the Company override Yours.

–        Right to data portability

You may ask the Company to transfer Your personal data to another company or organization and/or to receive Your personal data in a structured, commonly used and machine-readable format.

If You have granted your consent to the processing of Your data, You may withdraw such consent at any time, without prejudice to the validity of the processing carried out before the withdrawal of Your consent.

If Your personal data has been transferred outside the European Economic Area, You have also the right to obtain a copy of such data or the indication of where it has been made available.

Your rights can be exercised by contacting Our Data Protection Officer, by using the contact details indicated above. We will not charge You any cost for the tasks resulting from Your request, unless this request is manifestly unfounded or excessive, in which case We might charge You the related costs.

When You exercise Your rights, We might request personal information referred to You, in order to verify Your identity.

8. The right to object to the processing of Your personal data

You have the right to object to the processing of Your personal data and request the stop of the processing operations in relation to the processing of Your personal data that is based on the Company’s legitimate interests (please see Section 2, letters from c) to e), above).

9. The possibility to lodge a complaint with the competent Supervisory Authority

In case You noticed any irregularities in the processing of Your personal data, You have the right to lodge a complaint with the supervisory authority, of the Member State of Your habitual residence, place of work or place of the alleged infringements.

You can find Your national supervisory authority at the following website:*

https://edpb.europa.eu/about-edpb/board/members_en

10. How long do We retain Your personal data?

Your personal data will be retained only for the time necessary to pursue the specific purposes for which it was collected, as indicated within this Privacy Policy. In particular:

  1. Your Browsing Data will be retained for no longer than seven days and will be erased immediately after being aggregated, except where governmental authorities and/or supervisory bodies should need such data to perform their duties;
  2. Your Identification Data will be retained for no more than 5 years, unless its retention for a longer period is required under applicable laws or to establish, exercise or defend legal claims.

GLOSSARY

To help You in understanding our Privacy Policy, please find below the meaning of the main terms contained therein:

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, whether or not by automated means.

Personal data means any information relating, directly or indirectly, to a person (such as, for example, name, an identification number, location data, an online identifier, one or more elements able to identify the physical, physiological, genetic, mental, economic, cultural or social identity, etc.).

Special categories of data means the personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership as well as genetic data, biometric data where they uniquely identify a person, data concerning health or data concerning a person’s sex life or sexual orientation.

Data subject means the person whose personal data are processed.

Data controller means the individual or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (for example, the employer is the data controller in respect of its employees’ personal data since, with reference to the employment relationship, it decides the purposes and means of such processing).

Data Processor means the individual or legal person, public authority, agency or other body which processes personal data on behalf of the data controller (for example, the company which provides the service of employees’ salaries calculation may be considered a data processor since it processes personal data on behalf of another company, the employer).

Data Protection Officer means a person in charge for performing support activities for the company functions and control activities in respect of the processing of personal data. It is also in charge for cooperating with the Supervisory Authority and it represents the contact point, also for the data subjects, for any matters connected with the processing of personal data.

Cookies are small text files that are sent to Your device (e.g. computer, smartphone, tablet), when You visit a website, where they are stored to be re-transmitted to the same website at Your next visit. If You wish to have more information about cookies, You can consult Our cookies policy.

Commission Nationale de l’Informatique et des Libertés (CNIL) : refers to the French independant administrative authority for data protection. Its role is to ensure that IT is used ethically in France.