DATA PROTECTION PROVISIONS APPLICABLE TO THE GENERALI VITALITY WEB-SITE

As of: May 2018

These data protection provisions apply to the use of the website www.generalivitality.com (hereafter “Generali Vitality Website” or “the Website”) provided by Generali Vitality GmbH, on which information on the Generali Vitality Program may be found.

1. DATA CONTROLLER

Controller according to Art. 4 Abs. 7 General Data Protection Regulation (“GDPR”) is Generali Vitality GmbH, registered office 9 Adenauerring, 81737, Munich, Germany (referred to hereafter as “Generali Vitality” or “we/us/our”) acts as the data controller. In such capacity, it is responsible for collecting and processing all personal data concerning you obtained via the Website.

2. GENERAL

We take your privacy seriously. We process your data carefully and in strict confidence at all times. We treat data about Participants collected via this Website in accordance with applicable legal provisions, and in particular in accordance with the General Data Protection Regulation (GDPR), the German data protection act (BDSG) and the German Telemedia Act (TMG). Our employees are also bound by a duty of professional secrecy, pursuant to article 5 of the BDSG.

These Data Protection provisions of Generali Vitality website set out the purposes for which purpose we collect your data, how we use your data, the parties to which we transfer your date where required, and how you may exercise your rights.

3. WHY DO WE COLLECT PERSONAL DATA AND HOW DO WE USE THESE DATA?

3.1. PERSONAL DATA: DEFINITION

The term “personal data” is defined as follows: “personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”  Hence, personal data is all such data that can be personally related to you, e.g. name, address, email-address, participant behavior. 

3.2. PERSONAL DATA: PURPOSE OF PROCESSING

In the following we inform you about the collection of personal data when using our website. Generali Vitality is pursues the following data processing goals in processing data on this website:

- The provision of general information on the Generali Vitality Program
- An improvement in what is offered on our Website
- Prevention of abuse/fraud
- Answering enquiries, for instance via e-mail

3.3. AUTOMATICALLY COLLECTED USAGE DATA

Each time you use the Website, the server stores usage data in log files. These usage data are transmitted automatically by your web browser. These data include the following information:

- IP address of the computer you use to access the Website
- web address from which you access the Website (known as the original or referrer URL), and the name of your Internet Service Provider
- details of the information or files viewed
- date, time and length of time spent on the Website
- volume of data transferred
- HTTP status code (e.g. “the request has been fulfilled” or “the requested resource could not be found”).

Generali Vitality retains the information contained in the log files for a maximum of 30 days for security reasons (e.g. to identify intrusion attempts). The information is then deleted. Where data must be retained for a longer period of time for incident resolution purposes, such data are retained until the incident is resolved. The information contained in the log files may be transferred to the relevant investigatory authorities on a case-by-case basis.

Moreover, in order to continually improve this Internet presentation, to adapt to users’ interests and in order to find and remedy errors more quickly (see section 4 Cookies and web analysis on this subject), log-file information is only stored and statistically assessed in anonymised form.

3.4. YOUR RIGHT TO OBJECT TO THE USE OF YOUR PERSONAL DATA FOR ADVERTISING PURPOSES

You have the right to object, at any time, to the use of all or part of your personal data for advertising, market research or opinion purposes, and to the receipt of messages containing recommendations to improve your physical activity. To exercise this right, please use the contact details at the bottom of this privacy policy chapter 8.

4. COOKIES AND WEB ANALYSIS

4.1 WHAT ARE COOKIES?

4.2 WHAT COOKIES DO WE SET AND FOR WHAT PURPOSE?

A cookie is a data element that a website can send to your browser to be stored on your system for later use. We use cookies only to increase the comfort of our web pages (e.g. avoidance of multiple entries). The created cookies are automatically deleted after the end of the visit to our pages.

You have the option of setting your browser to either not receive cookies or to be notified when cookies are received. You can then decide whether you want to accept or not accept the cookie. Your privacy remains protected. Of course, our information and services are also available to you without the use of cookies.

For more information about the technologies we use for marketing and statistical analysis of our websites, please refer to the information on web analytics service providers.

4.3 HOW CAN COOKIES BE DEACTIVATED?

You can set your browser in such a way that it informs you when cookies have been placed. You can also completely deactivate the acceptance of cookies on your browser. Should you wish to accept only the Generali Vitality cookies but not the cookies of our service provider and associate companies, you can choose the setting “block third party providers’ cookies” in your browser.

Please note however that use of our website and the membership portal may be restricted as a result or become completely impossible.

4.4 WEB ANALYSIS

In order to be able to continually improve our offer and remedy errors more quickly, we use web analysis technologies developed by the company Webtrekk.

In order to constantly optimise our offer and correct errors faster, we use web analysis technologies of the company Webtrekk GmbH, Boxhagener Str. 76-78, 10245 Berlin. Webtrekk GmbH has been certified by TÜV Saarland in the field of data protection. In particular, the collection and processing of tracking data was checked and certified for data protection conformity and data security.

When using this website, information transmitted by your browser is collected pseudonymously and evaluated exclusively in aggregated form.

This is done by a cookie technology and by so-called pixels, which are integrated on every website. Data is collected, such as browser type/version, operating system, screen resolution, IP address (is pseudonymised exclusively by shortening the end digits for the purpose of session recognition and, if applicable, geo-positioning only up to the city level and is deleted immediately after use), the website from which you visit us, and the pages you visit on our site. There will be no further creation and evaluation of usage profiles.

According to the Telemedia Act, as a contact page visitor, you have the right to object to the storage of your (pseudonymised) visitor data for the future, so that they will no longer be recorded in the future. The collection and storage of data by Webtrekk can therefore be revoked at any time with effect for the future. Please use the corresponding opt-out function of our service provider Webtrekk directly. To do so, please call up the following link: I would like to be excluded from tracking by Webtrekk.

Your cancellation from tracking will be confirmed if successful. The logout is maintained by a cookie called "webtrekkOptOut". If you accept this cookie and do not delete it, you do not have to request another logout from tracking.

5. LINKS TO SOCIAL MEDIA AND LINKS TO THIRD-PARTY WEBSITES

5.1. LINKS TO SOCIAL MEDIA

This website refers to the following providers of social networks (social media providers) by way of links without however simultaneously setting social plug-ins (plug-ins): Facebook (www.facebook.de), Linkedin (www.linkedin.com) , Youtube (www.youtube.com), Instagram (www.instagram.de) Once various providers’ social networks (Facebook, Linkedin, Youtube) have been called up, it may occur that these social media providers collect data that is however completely outside what this website offers and the control of Generali Vitality. You can find additional information on the nature and type of data used by social media providers under the relevant provider’s information on data protection.

5.2. LINKS TO THIRD-PARTY WEBSITES

This website contains links to third-parties websites. These external websites are designed and operated by third-party providers. Generali Vitality has no control over the design, content and functionalities of these websites. Under no circumstances may Generali Vitality be held responsible for the content of any such website. Please note that third-party websites have their own privacy policies and may install cookies on your computer or collect personal data. Generali Vitality has no control over the collection of data by third parties. Where necessary, please contact the providers of these websites directly for further information.

6. DATA SECURITY

Generali Vitality employs great efforts regarding technologies and organisational measures to protect your personal data against loss, corruption and unauthorised access pursuant to the applicable data privacy law.

Please note that we cannot guarantee the confidentiality of any information you send to us by email. The content of unencrypted emails may be intercepted by unauthorised third parties during transmission. Most e-mail providers already use automatic transport encryption procedures in order to ensure confidentiality in e-mail traffic. Please ask your e-mail provider whether it also uses the TLS procedure. Otherwise, you ought to consider changing to an e-mail provider with TLS support in order to ensure sufficient encryption.

In addition to the transport encryption procedure, TLS, in order to safeguard the confidentiality of your sensitive data, we also offer you end-to-end encryption through the PGP procedure. Your e-mails are encrypted by PGP in such a way that only the intended recipient may read it.

7. LEGAL BASES OF PROCESSING

The legal basis for the processing of your personal data for pre-contractual and contractual purposes is Art. 6 Para. 1 b) DS-GMO. We also process your data to protect the legitimate interests of us or of third parties (Art. 6 Par. 1 f) DS-GMO). This may be necessary in particular to ensure IT security and operation. In addition, we process your personal data to fulfil legal obligations such as commercial and tax data retention obligations. In this case, the legal basis for the processing is the respective legal regulations in connection with. Art. 6 para. 1 c) DS-GMO.

8. MODIFICATION OF THE GENERALI VITALITY WEBSITE PRIVACY POLICY

Generali Vitality reserves the right to modify the Generali Vitality Website privacy policy at any time without notice. You should therefore refer to this privacy policy each time you visit the Website.

9. YOUR RIGHTS

You have the right to access information about the personal data that we hold, the origin and recipients of such data, and the purpose for which such data are stored. You may also request that your data be corrected if it is incorrect or incomplete.

 Claims for deletion or blocking of your data may exist if their collection, processing or use proves to be inadmissible or no longer necessary.

If we process your data to protect legitimate interests, you can object to such processing if your particular situation gives rise to reasons against data processing.

You can assert your rights with the data protection officer of Generali Vitality GmbH. You can contact him or her by post to the address of Generali Vitality GmbH (see under 1 "Responsible party") with the addition "for the attention of the data protection officer" or by e-mail to: datenschutzbeauftragter@generalivitality.de 

You also have a right to appeal directly to the supervisory authority. The supervisory authority responsible for Generali Vitality GmbH is:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27
91522 Ansbach
Phone: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300

E-mail: poststelle@lda.bayern.de

 

10. RECIPIENTS OF CATEGORIES OF RECIPIENTS TO WHOM THE DATA MAY BE COMMUNICATED

Public authorities that receive data due to legal regulations

- Internal departments involved in the execution of the respective business processes

- external contractors (service companies) in accordance with Art. 28 DS-GMO or on the basis of the explicit consent of the customer

11. TRANSMISSION OF DATA TO A THIRD COUNTRY

If we transfer personal data to service providers outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed an appropriate level of data protection by the EU Commission or if adequate data protection guarantees (Binding Corporate Rules or Standard Contractual Clauses) are available.

12. DATA PROTECTION, GENERAL QUESTIONS AND OUR CONTACT DETAILS

If you have any questions about the processing of your personal data, please write to us.  You can reach our data protection officer under the following email address: datenschutzbeauftragter@generalivitality.de or under our post address adding „the data protection officer“. If you have any questions about the Generali Vitality programme and the general terms and conditions, please write to us at the following email address: service@generalivitality.de, or call us on the following number: +49-(0)800 - 7879700 between the hours of 8 am and 7 pm, Monday to Friday.

OUR CONTACT DETAILS ARE AS FOLLOWS:

Generali Vitality GmbH
9 Adenauerring
81737, Munich, Germany

service@generalivitality.de