Privacy In Generali Group

The Generali Group considers the safeguarding of personal Data as a priority to protect the fundamental rights and freedoms of customers, employees and all other stakeholders. To this purpose, the Generali Group has adopted a Personal Data Protection Group Policy to set the key principles and requirements to be followed when Processing Personal Data, keeping into account the provisions of the European Regulation on Protection of Personal Data.


As outlined in our Code of Conduct, the Group requires that personal information are properly handled and privacy rights are respected. Employees must process personal information concerning third parties, whether customers, employees, suppliers or others, on a need-to-know basis and in accordance with local law. It is requested that personal data are collected, processed and shared only for specified, legitimate and required purposes and to the extent they are strictly necessary. This approach explicitly prohibits unlawful data processing and a zero tolerance policy is applied for any violation concerning the handling of personal information. As for all the other violations of the Code, also in case of breach of privacy rights, the defined escalation process must be followed and, when it is appropriate, the corrective or disciplinary actions are taken ranging from a simple warning to the termination of employment, in accordance with local law and internal regulations.

Personal data protection is an identified and constantly managed risk within the operational risk management framework of the Group. The risk is therefore assessed and monitored by 3 level lines of defense: Operational, Risk and Compliance\DPO, and Audit. In particular DPO, with the support of Compliance staff, regularly plan and execute controls activities, quarterly collect Key Risk Indicators in order to monitor the personal data protection risk exposure and involve all relevant risk owners in a comprehensive risk assessment, at least once a year, in order to highlight any needed mitigation action to the Board of Directors. Audit Functions too, according to their methodology, regularly perform audit activities on the personal data protection risk, taking in consideration compliance topics related to the relevant internal regulations.  Besides what above each Group Company, at its discretion, can engage external consultancy companies in order to conduct an independent review of some internal privacy processes. In addition, a regular training activity of all employees is delivered to process personal data in compliance with external and internal regulation.

Privacy notice

The European regulation on the protection of personal data (GDPR) requires us to review our privacy notices in order to make our stakeholders more aware of the purposes and modalities related to the processing of their personal data.

We consider our stakeholders’ personal data as a core value to be safeguarded, and we wish to establish a relationship with them based on full transparency and awareness with respect to the purposes and modalities we use when processing their data.

In order to ensure that our information is clear, we have drawn up some ad-hoc documents (privacy notices), dedicated to each specific type of relationship that might be established.

We invite you to examine the privacy notice relevant to you, in order to get aware, in detail, of how we process your personal data.

The documents uploaded on this website are only aimed at providing information. In case it might be necessary to collect your consent, due to the nature of the personal data processed, we will perform this activity with different modalities and channels.