it
  • Italiano
  • English

Privacy Policy

Pursuant to Article 13 of Regulation (EU) 2016/679 (hereinafter “Regulation” or “GDPR”), Prima Assicurazioni S.p.A., with registered office in Piazzale Loreto 17, 20131 Milan (MI) (hereinafter “Prima”, the “Company” or the “Data Controller”), provides the following information on the processing of Personal Data carried out through the website http://press.prima.it/  (the “Website”).


For information on the use of cookies, please refer to the cookie banner.



1. Data Controller and Data Protection Officer

Prima is the Data Controller of the Personal Data of the Data Subjects. To request any information regarding the Processing and to exercise your rights you may contact the Data Controller at privacy@prima.it. The Company has appointed a Data Protection Officer (hereinafter the “DPO”), who can be reached at dpo@prima.it.



2. Personal Data processed through the Website


i. Navigation data

The computer systems and software procedures used to operate the Website acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified Data Subjects, but by its very nature it could, through processing and association with data held by third parties, allow for users to be identified. This category of data includes IP addresses or the domain names of the computers used by users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.


ii. Information communicated directly by the Data Subject

In case the Data Subject sends an e-mail to one of the e-mail addresses present on the Website, information such as identification data (name, surname, etc.) and contact data (e-mail address) will be collected, as well as any other Personal Data that may be communicated by the Data Subject during the correspondence.


Personal Data will be collected directly from the Data Subject following the interaction between the latter and the Website (Personal Data as per paragraph 2.i), or it will be communicated directly by the Data Subject to Prima (Personal Data as per paragraph 2.ii).


By sending an email to one of the email addresses on the Website, a user may also communicate Personal Data of third parties to the Data Controller. With respect to this hypothesis, the user concerned assumes the responsibility of receiving adequate authorisation from the third party in question. In this sense he/she grants on this point the widest indemnity with respect to any dispute, claim, request for compensation for damages from Processing, etc. that Prima may receive from third parties whose Personal Data have been processed following a communication made by the user in violation of applicable data protection laws.



3. Purposes and legal basis of the Processing

In compliance with applicable data protection laws, and without the need for a specific Consent of the Data Subject, Personal Data referred to in paragraph 2.i will be processed by Prima for the following purposes:

  • to make the Website available to the Data Subject and to allow its proper functioning. The legal basis for the Processing carried out for this purpose is Article 6(1)(b) of the GDPR (performance of contract);
  • to obtain anonymous statistical information on the use of the Website and to verify its correct functioning, as well as to identify anomalies and/or abuses. The legal basis for the Processing carried out for this purpose is Article 6(1)(f) of the GDPR (legitimate interest of the Controller to ensure the quality of its services);
  • if need be, for the establishment of liability in case of computer crimes against the Website or third parties. The legal basis of the Processing for this purpose is Article 6(1)(f) of the GDPR (legitimate interest of the Controller to protect itself in Court).

The provision of Personal Data is necessary to enable the Company to provide the Website; failure to provide such data would result in the Company being unable to provide the Website to the Data Subject.


In compliance with the applicable legislation on Personal Data protection, and without the need for a specific Consent of the Data Subject, the Personal Data referred to in paragraph 2.ii will be processed by Prima for the following purposes:

  • to handle contact requests received by the Controller. The legal basis of the Processing for this purpose is Article 6(1)(f) of the GDPR (legitimate interest of the Controller to handle requests received by Data Subjects).

The provision of Personal Data is optional and the Data Subject is not required to communicate it to the Data Controller.



4. Recipients of Personal Data

Personal Data may be processed by personnel in charge of the Processing pursuant to Article 29 GDPR, or by third parties appointed as Data Processors pursuant to Article 28 GDPR, and in particular to service providers necessary for the provision of the Website, such as hosting providers, or to subjects that may also operate as autonomous Data Controller (for example in the context of legal advice), where this is necessary for contractual reasons or for requirements protected by current regulations.


Finally, Personal Data may be shared with authorities, legal entities and/or individuals to which they are communicated by virtue of legal provisions or orders of authorities. These authorities, legal entities and/or individuals will act as autonomous Data Controllers.



5. Transfer to Third Countries

With regard to the possible transfer of Personal Data to Third Countries, the Processing will be subject to the adoption of the necessary guarantees provided for by Articles 44 and following of the Regulation, such as, for example, the adoption of Standard Contractual Clauses, the identification of organisations operating in countries that guarantee an adequate level of protection, as well as the compliance with the principles and methodological rules defined in the relevant recommendations of the European Data Protection Board (EDPB) and of the Italian Data Protection Authority.


Upon request, further information may be obtained from the DPO and/or the Company at the above-mentioned contacts.



6. Data Retention

Navigation data is deleted after 35 days from our log systems, while it remains in our backups for up to one year. After this retention period, the Data will be deleted, destroyed, or further processed in an anonymous form.


The Personal Data referred to in paragraph 2.ii will be kept only for the time necessary to fulfil the purposes referred to in paragraph 3, respecting the principles of retention limitation and minimization set out in Article 5(1)(c) and (e) GDPR. In any case, Prima will process such Personal Data until the time allowed by the Italian law to protect its interests and in line with the time provided by the law on prescription of rights (Articles 2946 and following of the Italian civil code).


Once the aforementioned reasons for the Processing no longer apply, the Data will be deleted, destroyed or further processed in an anonymous form.


Upon request, it is possible to obtain further information from the DPO and/or the Company at the above-mentioned contacts.


7. Data Subjects’ rights

In relation to the aforementioned processing operations, any Data Subject may exercise the rights set out in Articles 15 to 22 GDPR. In particular, the Data Subject has the right to request from the Company access to and rectification or erasure of his/her Personal Data; he/she has the right to object to the Processing or request the restriction of the Processing in the cases provided for by Article 18 GDPR, and to obtain in a structured, commonly used, and machine-readable format his/her Personal Data, in the cases provided for by Article 20 GDPR. The data subject may also revoke at any time the Consents given pursuant to Article 7 GDPR, as well as lodge a complaint with the Data Protection Authority pursuant to Article 77 GDPR, if he or she considers that the Processing of his or her Personal Data is contrary to applicable law.


In cases of opposition to the Processing of Data pursuant to Article 21 GDPR, the Company reserves the right to evaluate the request, which will not be accepted if there are compelling legitimate reasons to proceed with the Processing, which override the interests, rights and freedoms of the Data Subject.


Requests for the exercise of the aforementioned rights must be sent in writing to Prima at privacy@prima.it.