INDEX
SRIB EUROPA Srl (hereinafter SRIB EU) is committed to protecting the privacy and confidentiality of the Personal Data it processes in the context of the services provided, even indirectly, to customers.
The services offered by SRIB EU essentially consist of the supply of insurance products, mostly wholesale, risk consultancy and insurance intermediation, as well as the submission of compensation requests as part of these services and generally in the management of insurance relationships.
Insurance is the contract with which a person (called Contractor) insures his own assets (or that of another person who assumes the role of sole Insured) in relation to the consequences of a future and uncertain event, assuming the characteristic of a contract random; the insurance contract includes objective and subjective limits of operation and limitations of the Insurers' obligation to indemnify.
For this purpose it is necessary that information, including Personal Data of different categories of people, is shared between the various operators in the insurance market during the entire life cycle of the insurance.
The operators of the insurance market are definable as follows:
During the pre-contractual phase and subsequently during the life cycle of an insurance, SRIB EU may receive Personal Data relating to current or potential Policyholders, policy beneficiaries, their family members, claimants, and other parties involved in a compensation claim. Therefore, in the context of this policy, the term “data subjects” refers to any living person included in the previous list in which Personal Data is received by SRIB EU in connection with the services that the company provides in the framework of the commitments undertaken towards its customers. This information defines the criteria according to which SRIB EU uses, stores, transfers and protects the aforementioned Personal Data and discloses them to other operators in the insurance market and to other third parties.
This information explains the data processing methods and policies of SRIB EU. It applies to all personal data that you provide to us and to all data that we collect from other sources, unless a different, more specific privacy statement is provided to you at the time of data collection.
This information refers to and is valid only for the SRIB EU site and not for other sites that may be consulted via links.
SRIB EUROPA Srl, Corso di Porta Nuova n. 16 – 20121 Milan, Italy (SRIB EU or us) is the data controller of the Personal Data that it processes in connection with the services provided in the framework of the commitments undertaken towards its customers. In certain cases, SRIB EU and the customer may have agreed that in the performance of certain services SRIB EU acts as data controller. In such situations, SRIB EU will retain the Personal Data in accordance with what is established between SRIB EU and the customer.
It is specified that each list referred to in this information is illustrative and not exhaustive in nature.
SRIB EU may process the following Personal Data:
Personal Data: name, address, other contact details (e.g. e-mail address and telephone number), gender, marital status, health conditions, family data, date and place of birth, employer, qualification and work history, assets and income data, relationship with the Contractor, insured, beneficiary, or applicant.
Identification details: identification numbers issued by government agencies or bodies (for example, depending on the country of residence of the interested party, social or national security number, passport number, identity card number, tax code, driving license number).
Financial information: payment card number, account number and bank details, income and other financial and asset information.
Insurance Risk: information on the insured risk containing Personal Data which may include, only to the extent relevant to the insured risk:
Policy information: information on the quotes received and the policies taken out by the interested party.
Data relating to credit and previous fraud: relating to loans and creditworthiness (information on fraud convictions, alleged criminal offenses and details of sanctions incurred from various anti-fraud databases and sanctioning databases or from regulatory agencies and/or authorities law enforcement officers).
Previous claims: information about previous claims, which may include health data, criminal records data, and other special categories of Personal Data (as defined in the insured risk paragraph).
Ongoing claims: information on ongoing claims, which may include health data, criminal record data, and other special categories of Personal Data (as defined in the insured risk paragraph).
Knowledge of circumstances suitable for giving rise to a request for compensation: information on elements and factual data from which, according to normal experience and with regard to the type of risk and the profile of the Insured, a person of normal prudence may fear being subjected to a request for compensation.
Marketing data: information relating to the data subject's express or denied consent to receive marketing communications from us and third parties.
When the aforementioned information comes directly from interested parties, SRIB EU takes care to inform you of the need to obtain such information and the consequences that could arise from the decision not to provide it in the appropriate form.
Personal Data is collected from various sources, varying depending on the nature of the services and the purpose of collection. Sources may be the following (depending on the country of residence of the interested party):
In some cases, some data and information are collected automatically through navigation on the site and/or through e-mails that could be exchanged. Automated technologies may include the use of web server logs to collect IP addresses, cookies, and web beacons. Further information on our use of cookies can be found in our cookie policy, available on the site and in the cookie preferences center.
If by chance data of third parties are also provided (for example information on spouse, partner, children, dependents, emergency contacts) this information must be provided in advance to these people; SRIB EU reserves the right to ask these third parties for explicit consent.
Collection and Use of Data
When you submit information through the forms on our website, this data is securely transmitted from visitors' browsers to Webflow servers via encrypted HTTPS connections. The collected data may include information such as name, email address, phone number, and messages sent through the forms. We use this information solely to provide the requested services or respond to visitor inquiries, and we do not share, analyze, or sell this data to third parties.
Security and Encryption
Webflow implements advanced security measures to protect the data collected through the forms. All data transmitted through the forms is encrypted during transfer to ensure the security and confidentiality of personal information.
Data Storage and Privacy Shield
All form data collected is stored in an encrypted database on servers hosted on Amazon Web Services (AWS) in the United States. Webflow is certified under the Privacy Shield program, which creates a legal framework for transferring EU/Swiss data subjects' data outside of Europe.
Data Access and Processing
Access to form data collected through Webflow is strictly limited to authorized personnel who need such information to deliver the requested services or respond to visitor inquiries. Webflow staff do not have direct access to the form data submitted by website visitors.
Transparency and Trust
Webflow does not share, analyze, or sell any form submission data to third parties. We provide website owners only with the form data collected so they can use it for the purposes for which it was collected. We are committed to ensuring transparency and trust in the management of form data on our website.
This section defines the purposes for which Personal Data is used, illustrates how the information collected is shared and specifies the "legal bases" on which SRIB EU relies for the processing of information. These “legal foundations” are defined in the General Data Protection Regulation (GDPR), which authorizes companies to process Personal Data only in compliance with the legal basis established in the Regulation itself (the complete description of each legal basis is available by clicking here).
Please note that, in addition to the recipients set out in the table below, SRIB EU is authorized to disclose Personal Data for the purposes set out in this Policy to service providers, contractors, agents, and Group companies carrying out activities on our behalf.
Estimate / Activation
Purpose of the treatment
Establishment of a relationship with the customer, including the necessary checks regarding fraud, money laundering, and sanctioning procedures.
Legal foundations
For the processing of particular categories of Personal Data (e.g., health data) and criminal data record:
Recipients of the information
Verification of creditworthiness in case of taking on a credit risk
Recipients of the information
Evaluation of the risks covered and identification of the appropriate insurance, policy, and premium
For the processing of particular categories of Personal Data (e.g., health data) and criminal record data:
Recipients of the information
Policy management
Purpose of the treatment
General support, including customer communications.
Legal foundations
For the processing of particular categories of Personal Data (e.g., health data) and criminal record data:
Collecting or returning premiums, paying claims, and processing and facilitating other payments.
Legal foundations
Recipients of the information
Processing of compensation claims
Management of compensation claims.
Legal foundations
For the processing of particular categories of Personal Data (e.g., health data) and criminal record data:
Recipients of the information
Action or defense in legal proceedings.
For the processing of particular categories of Personal Data (e.g., health data) and criminal record data:
Recipients of the information
Purpose of the treatment
Fraud investigation and prosecution.
Legal foundations
For the processing of particular categories of Personal Data (e.g., health data) and criminal record data:
Recipients of the information
Renewals
Interactions with the customer to proceed with the renewal of the insurance policy.
Legal foundations
Recipients of the information
Throughout the entire insurance lifecycle
Marketing analysis and direct marketing, including data anonymization.
Legal foundations
Recipients of the information
Corporate book transfers, sales, and reorganization of companies
Legal foundations
For the processing of particular categories of Personal Data:
Recipients of the information
General risk modeling.
Legal foundations
For the processing of particular categories of Personal Data (e.g., health data) and criminal record data:
Compliance with our legal or regulatory obligations.
Legal foundations
For the processing of particular categories of Personal Data (e.g., health data) and criminal record data:
Recipients of the information
To facilitate the provision of insurance coverage and manage compensation requests, the activity is based on the necessary and requested consent of the interested party to the processing of particular categories of Personal Data and criminal record data, including health data and criminal records, according to the methods illustrated in the previous table and, as regards profiling, in compliance with what is established in the following section.
The consent of the interested party authorizes us to share the information with other Insurers, Intermediaries, and Reinsurers, including foreign ones, who may need to process such data to carry out their role in the insurance market (which, in turn, allows share the risk and determine the price in a sustainable manner).
The interested party's consent to the processing of special categories of Personal Data and criminal record data is an essential prerequisite for SRIB EU to be able to provide the services requested by the customer.
If the interested party provides us with information relating to other persons, he undertakes to inform them of the use of their Personal Data by SRIB EU and to obtain their consent on our behalf.
The interested party can revoke his consent to such processing at any time and request the deletion of his data. By doing so, however, SRIB EU may no longer be able to continue providing the services to the customer in question. Furthermore, if a data subject withdraws his/her consent to the processing of particular categories of Personal Data and criminal record data by an Insurer or Reinsurer, continuity of insurance coverage may not be guaranteed.
Insurance premiums are calculated by insurance market operators by carrying out a comparative analysis of the characteristics of customers and beneficiaries compared to those of other customers and beneficiaries and evaluating the probability that the insured events will occur. As part of this comparative and statistical analysis, SRIB EU and other Insurance Market Operators must collect and analyze the information received from all insureds, beneficiaries, or applicants to model such propensities. Consequently, Personal Data may be used both to compare them with the information contained in the models and to create models that allow setting the prices of premiums in general and for other insured persons. SRIB EU and other Insurance Market Operators may use particular categories of Personal Data and criminal records data (for such modeling activity to the extent necessary for the purpose, as in the case of health data for life insurance or previous convictions for driving offenses in the case of car insurance).
SRIB EU and other Insurance Market Operators use these techniques to evaluate the information provided by customers and interested parties in order to understand fraud mechanisms, determine the likelihood of future losses in the event of compensation claims, and for the purposes explained below.
These templates are used exclusively for the purposes specified in this privacy policy. In most cases, our collaborators' decisions are based on models.
Automated brokerage platform
When customers use the automated brokerage platform, quotes are processed exclusively by analyzing what is provided by customers to verify whether or not they correspond to the criteria established by the Insurers; this analysis therefore allows you to determine (to the extent permitted by applicable legislation and with the limit of the automatically generated estimate):
(a) whether it is possible to proceed with an estimate,
(b) under what conditions,
(c) at what price.
Each insurer uses different algorithms to set their prices and customers should consult each insurer's privacy policy for more information.
The platform simply evaluates whether the attributes of potential policyholders meet the insurers' models and returns the relevant results. If the potential insured's attributes do not align with insurers' models, the quote request is passed to an underwriting team for review. Fraud prediction algorithms are also applied to the information we receive from customers in order to identify and prevent any fraudulent behavior. All profiling and related algorithms are subjected to periodic review to identify possible inaccuracies and systematic errors. These partially automated processes may result in the customer not being offered insurance coverage or impact the price or terms of the policy.
Customers can request information on the methodology used for decision making and ask us to verify the correctness of the automated decision. SRIB EU has the right to reject such a request, to the extent permitted by applicable law, even if the transmission of this information would result in the disclosure of a trade secret or would interfere with the prevention and detection of fraud or other crimes; however, in such circumstances we will still verify that the algorithm and source data work as expected and are free from errors or distortions.
Physical, electronic, and procedural security measures are adopted that are appropriate to the sensitivity of the information in our possession. These measures vary depending on the sensitivity, format, location, quantity, and manner of distribution and storage of the Personal Data and include measures designed to protect the Personal Data against unauthorized access. Security measures include, where appropriate, encryption of communications via SSL, encryption of stored information, firewalls, access controls, segregation of duties, and other similar security protocols. Access to Personal Data is limited to personnel and third parties who need to access it for appropriate and legitimate business purposes and subject to consent.
Personal Data is collected, used, disclosed, and processed to the extent necessary to achieve the purposes identified in this privacy policy or within the limits permitted by law. If it is deemed necessary to collect Personal Data for purposes incompatible with those specified in this privacy policy, SRIB EU will communicate to customers the new purpose and will obtain, where necessary, the consent of the interested parties (or to ask other parties to do so on behalf of SRIB EU) to the processing of Personal Data for the new purposes.
Personal Data is retained for the period of time necessary to satisfy legal requirements, business, and contractual needs. Personal Data is retained for the time necessary to achieve the processing purposes for which it was collected and other permitted and related purposes or as required by applicable legislation. When Personal Data is no longer needed, it is either anonymized (with the option to retain and further use the anonymized information) or securely destroyed.
SRIB EU transfers Personal Data, for the purposes referred to in the processing, to countries both within and outside the European Economic Area (EEA) or allows access to Personal Data from the aforementioned countries. If the data protection regulations in force in these countries do not guarantee levels of protection of Personal Data similar to that guaranteed within the EEA, SRIB EU undertakes, in any case, to safeguard the Personal Data according to the terms established in this privacy policy and in the relevant EU Regulation of reference.
Some countries outside the EEA have been recognized by the European Commission as offering a level of protection substantially equivalent to that provided by current data protection laws in the EEA. EU data protection laws allow SRIB EU to freely transfer Personal Data to such countries.
In the event of transfer of Personal Data to other countries not belonging to the EEA, the legal conditions justifying such transfer will be provided, such as binding corporate rules, standard contractual clauses, the consent of the interested parties, or other reasons permitted by the applicable legislation.
Data subjects may request further information on the specific security measures applied to the export of their Personal Data by contacting Legal Counsel at the address below.
We work to ensure that Personal Data is always accurate, complete, and up-to-date. Interested parties can contact us at privacy@sribeuropa.com to update their personal information.
Any questions on the practices adopted by SRIB EU regarding privacy must first be addressed to the Data Processing Manager of SRIB EU who, as the conditions are not met, has not appointed the DPO (Data Protection Officer).
In certain circumstances, data subjects have the right to contact SRIB EU to request the following:
These rights are subject to some exceptions in order to protect public interests (e.g., the prevention and detection of crimes) and our interested parties (e.g., respect for professional secrecy). SRIB EU undertakes to respond to most requests within 30 days, where possible.
If SRIB EU is unable to provide an adequate response to a request for clarification or a complaint, interested parties have the right to forward a complaint to the Personal Data Protection Authority (Public Relations Office, Piazza di Monte Citorio n. 121 – 00186 Rome telephone (+39) 06.69677.2917 e-mail urp@gpdp.it.
For any questions or requests relating to this privacy policy, you can contact Legal Counsel by writing to the following address:
Legal Counsel
SRIB EUROPA Srl
Porta Nuova Corso n. 16 – 20121 Milan
Email: privacy@sribeuropa.com
This privacy policy may be modified at any time. The last change was made on (October 24, 2023). Whenever changes are made to the privacy policy, SRIB EU will update the date relating to the latest version.
MAIN INSURANCE TERMS
MAIN TERMS RELATING TO DATA PROTECTION