Data Privacy and Personal Data Protection Policy

Protection of Personal Data
At Generali Investments, Management Company LLC, we devote special attention to the protection of data and handle them with due care and responsibility, in compliance with the applicable regulations. We respect your right to privacy and process personal data in a manner that safeguards your interests, fundamental rights and freedoms. We process personal data lawfully, fairly and in a transparent manner, ensuring an appropriate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by means of appropriate technical or organizational measures. Prior to commencing the processing of your personal data, we carefully assess the proportionality of the envisaged processing in relation to any positive or negative effects on you or your rights from the perspective of personal data protection.

Legal basis
The legal basis for the processing of personal data are as follows:
– Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC – the General Data Protection Regulation (GDPR), the Personal Data Protection Act;
– the Investment Funds and Management Companies Act;
– the Electronic Communications Act;
– the Anti-Money Laundering and Counter-Terrorist Financing Act;
– the Rules on the technical requirements to be met by secure remote or electronic identification procedures and means of identification;
– tax legislation;
– any other regulations governing the processing and/or protection of personal data.

Data Controller
The controller of personal data is Generali Investments, družba za upravljanje, d.o.o., Dunajska cesta 63, 1000 Ljubljana. Access to your personal data and the right to process them for precisely defined purposes are granted only to those employees of Generali Investments who are duly authorized for this purpose, and to carefully selected authorized contractual processors of the company who can provide sufficient guarantees, including with regard to the security of processing, and who have concluded a personal data processing agreement with us, thereby committing themselves to the same standards of personal data processing as those applied by us.

Generali Investments has appointed a Data Protection Officer. The contact address is: dpo@generali-investments.si.

Personal data
Personal data means any information relating to an individual, such as, for example, first name, surname, tax identification number, e-mail address, and any other data that can identify an individual and relate to him or her.
You are obliged to provide us with true, accurate and complete personal data and to notify us of any changes thereto..

Purposes of the processing of personal data
We process your personal data on the basis of a business relationship with you (signed accession statement, contract), on the basis of law, on the basis of our legitimate interest, and on the basis of your consent.

Processing of data for purposes other than those for which the personal data were initially collected is permitted only where it is compatible with the purposes for which the personal data were originally collected, or where this is provided for by applicable regulations

Except in cases provided for by law, we will not disclose your personal data to any third party without your written consent. As a rule, we process your personal data within the EU and the European Economic Area (“EEA”). In certain cases, however, we also transfer your data to recipients outside the EU and the EEA; in such cases, an equivalent level of personal data protection will be ensured as if the processing were carried out by us ourselves, and all requirements of the regulations relating to the transfer of personal data to third countries will be complied with.

Processing based on a contract
We process your personal data in connection with the provision of services (management of sub-funds of the Generali Umbrella Fund) for the purpose of fulfilling our obligations arising from the business relationship with you.
Upon the establishment of the relationship (execution of an accession statement, contract), we require from you all data that we are obliged to obtain from you in accordance with applicable regulations. If you do not provide all the necessary data, we will request them from you; if you still do not wish to provide them thereafter, we reserve the right not to enter into or to terminate the relationship with you. Upon establishment of the relationship or subsequently, you may also voluntarily provide other data that are not explicitly required at the time the relationship is established. In certain cases, in accordance with the regulations, we may also obtain certain data from third parties or from public sources.
Prior to the establishment of the relationship, we may process the data you provide to us for the purpose of contacting you in connection with advisory services, for the purpose of determining your financial profile in order to provide appropriate advice on a suitable product, or for informing you about our offer.

Processing based on law
On the basis of various legislative acts, we process personal data in order to fulfil statutory obligations and for purposes imposed on us by regulations (e.g. tax legislation, regulations in the field of anti-money laundering and counter-terrorist financing, etc.).

Identification of clients in the mobile application – biometric data
Within the use of the Generali Investments mobile application, for the purpose of implementing the provisions of the Anti-Money Laundering and Counter-Terrorist Financing Act, we establish and verify the identity of clients by using remote or electronic procedures, with the assistance of an external contractual service provider who independently performs the capture and processing of biometric facial data (captured facial image, identity verification and liveness detection) for this purpose, in accordance with applicable regulations. Biometric data are not transferred to the company and are not processed by the company. The company receives from the external provider exclusively the personal data that it retains pursuant to Article 8 of the Rules on the technical requirements to be met by secure remote or electronic identification procedures and means of identification, and Article 142 of the Anti-Money Laundering and Counter-Terrorist Financing Act, as well as information on the outcome of the identification performed, which is necessary for the fulfilment of statutory obligations. Prior to the commencement of identification, the individual is informed about the processing of personal data and, in accordance with Article 7 of the Rules on the technical requirements to be met by secure remote or electronic identification procedures and means of identification, gives explicit consent for the performance of such identification procedure and for the retention of data in accordance with the legally prescribed retention periods.

Processing based on legitimate interest
We may process personal data for the purposes of our legitimate interests or the legitimate interests of third parties, except where such interests are overridden by the interests or fundamental rights and freedoms of the individual to whom the personal data relate, which require protection of personal data, in particular where the data relate to a child. Legitimate interests are our interests related to carrying out our activities in a friendly and secure manner, in compliance with prescribed requirements. Processing based on legitimate interest is substantiated by an impact assessment, by means of which we identify the legitimate interest and assess the potential predominance of the interests of the individuals whose data are to be processed over the legitimate business interest of the company.
The company’s legitimate interests include the development, advertising and offering of savings products and services, improvement of business processes, ensuring regulatory compliance of operations, ensuring the security of operations and data processing, better tailoring of our offer, and improvement of your user experience.

Processing based on consent
We may also process personal data on the basis of your voluntary consent. By giving consent, you agree that personal and other data collected in the course of providing our services or during other forms of interaction (e.g. information collected via a web browser) may be collected, stored and used for selected purposes. We receive data directly from you or from other sources (social networks, websites or other public sources), or they are provided to us by contractual service providers who, on our authorization, collect personal data or conduct surveys or market research. In the case of incompletely completed consent, you authorize us to enter into the database the missing data that we already hold from other contractual, transactional or sales documentation.
Within the scope of consent, you may specify one or more of the following purposes of personal data processing:

• direct marketing (e.g. informing about the company’s promotional activities and targeted (segmented) marketing, such as sending newsletters, articles, in-house magazines, invitations to events, offers, promotional materials, greeting cards, newspapers and prize games);
• conducting surveys or market research for our needs;
• statistical processing;
• profiling, monitoring of the customer’s purchasing behavior (including for past periods) on the basis of past activities, processing and receiving messages and benefits that are intended and tailored to you.

Consent is intended primarily for the development of our products and services, the adaptation of our offer, the improvement of your user experience, the receipt of company notifications, and assistance with financial decisions. Your consent does not affect any prior consents that we may have obtained from you before its entry into force, provided that they are not in conflict therewith. Communication on the basis of consent is carried out via the communication channels you selected when giving consent.

Processing within the Generali ZAME Benefits Program
If you are a member of the Generali ZAME Benefits Program, we process your personal data together with the co-founder, Generali d. d., in accordance with the Rules of the Generali ZAME Benefits Program.

Retention period of personal data
The retention period of personal data varies depending on the types and purposes of processing. Certain data are retained for 10 years or more after the termination of the business relationship or the execution of a transaction. Data obtained on the basis of voluntary consent are retained until withdrawal. The law may prescribe a longer retention period.
Personal data that we process for the purposes of one-off events (conferences, meetings, lectures, prize games, visits and excursions) are retained in accordance with applicable legislation and the applicable rules of the individual event, or until withdrawal of consent.
In the event of receipt of a request for erasure of data, we will execute the request in such a way that the processing of data will be restricted solely to the purposes determined by applicable regulations or internal rules.
If we anonymize personal data in such a way that they can no longer be linked to an identified or identifiable individual, we may retain and process them without a retention period.

Rights of the individual
We ensure the exercise of your rights relating to the processing of personal data without undue delay and, in any event, within one month of receipt of the request. The time limit for exercising rights may be extended by a maximum of two additional months, of which we will inform you within one month of receipt of the request, together with the reasons for the delay.
In relation to your personal data, you have the following rights:

• the right to inspect or access your personal data;
• the right to rectification of inaccurate data; in this respect, we reserve the right to request documentation from which the changes are evident;
• the right to data portability and copying; you are entitled to one free copy of personal data in electronic or printed form; for additional copies, we may charge a reasonable fee, taking into account the costs of preparing the copy;
• the right to restriction of processing for legitimate reasons;
• the right to object to processing and the right to erasure of data;
• the right to be informed of rectification, erasure or restriction of processing;
• the right to be provided with a list of recipients to whom your personal data have been disclosed, when, on what legal basis and for what purpose;
• the right to information on the purpose of processing and the categories of personal data being processed, and all necessary explanations in this regard, including all available information on the source, where the personal data are not collected from the data subject;
• the right to an explanation in the case of automated decision-making involving the processing of personal data;
• the right to lodge a complaint with a supervisory authority if you consider that the processing infringes applicable legislation.

Where processing is based on voluntary consent, you may withdraw or amend your consent to the processing of personal data at any time; withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You may arrange this at our registered office, at our branches, or by sending a notification to the e-mail address nasvet@generali-investments.si. For any additional explanations, we are available on the toll-free telephone number 080 80 24.

If you are a member of the Generali ZAME Benefits Program and withdraw your voluntary consent for the purposes of direct marketing, such withdrawal shall automatically also constitute withdrawal from the Generali ZAME Benefits Program.
Generali Investments shall not be liable for any disclosure of personal data or misuse of an individual’s identity resulting from inadequate protection of your own privacy and personal data or of computer or other equipment where personal data are stored, by you or by third parties.

Right to lodge a complaint
If you consider that your rights in connection with the processing of your personal data have been infringed, you may lodge a complaint by sending it to Generali Investments, d.o.o., Dunajska cesta 63, 1000 Ljubljana, or by e-mail to dpo@generali-investments.si.

You also have the right to lodge a complaint with the supervisory authority if you consider that the processing infringes applicable legislation. The supervisory authority is the Information Commissioner of the Republic of Slovenia (Informacijski pooblaščenec Republike Slovenije), https://www.ip-rs.si.

Members of the Generali ZAME Benefits Program
The provisions on the protection of personal data for members of the Generali ZAME Benefits Program can be found at the following link: https://www.generali-zame.si/vop.

Amendments to the Privacy Policy
This Privacy Policy may be amended or supplemented at any time. You will be informed of changes on this website; in the case of substantial changes affecting the processing of personal data, you will also be informed by e-mail.