Information provided according to articles 13 and 14 of EU Regulation 2016/679
In compliance with the provisions of the current law provisions on personal data protection (EU Regulation 2016/679: GDPR o Regulation), Previndai is willing to duly provide all information on the purposes and methods of personal data and sensitive personal data provided to the Fund, also to receive benefits
We inform you that the use of personal data will be carried out according to the principles of lawfulness, fairness, and transparency, always respecting the obligations and the current laws on the subject, to protect privacy and data of members.
Previndai aims at providing to its members additional pension benefits to those of the national social security system. For this purpose, the Fund collects contributions, invests them according to member choices, and provides pension benefits to them. The Fund is non-profit.
To achieve its purposes, Previndai needs to acquire some personal data, sensitive and non-sensitive, concerning members and, where applicable, their beneficiaries. According to the Regulation, as an example, these data are not sensitive: name, surname, place, and date of birth, residence address, tin code, job contract details, banking details, employer or former employer, type of pension benefit requested (where applicable); name, surname, and degree of relationship of a dependent family member of Previndai and/or beneficiaries.
Sensitive data are, among others: health data, concerning personal health conditions (medical certificates, or any other medical document submitted), and additionally, all data concerning race, ethnic origin, religion or philosophical beliefs, political opinions, membership to trade unions, political parties, associations or organizations with political, religious, philosophical purposes, sexual orientation.
For functioning reasons, the Fund may process sensitive data concerning the health condition of members, following to a request of capital for medical expenses, invalidity, and long term care pension benefits.
1. Purposes of the processing
Personal data, sensitive and non-sensitive, will be processed by the Fund as Data Controller for the following purposes:
a. management of the member account in Previndai and benefits requests. The management of the account includes informative and formal communications for members and connected with the different choices the manager may have to make, during the entire membership phase.
Consent to data processing for the purposes of point 1 letter a) is implied and mandatory and the failure to communicate one’s data or partial or inaccurate communication may result in the impossibility for Previndai to manage members’ accounts and provide services regularly.
b. communications (by e-mail, mail and/or SMS and/or telephone, etc.) different from the institutional ones, such for example those concerning events on welfare and other subjects not strictly connected with Previndai.
Consent to data processing for the purposes herein explained at point 1. Lett. b) shall be expressed in a detailed fashion and before starting such data processing.
2. Data processing methods
1. Processing is performed with manually and/or with technological support, to guarantee data safety, integrity, and privacy, respecting all the provision of the current laws in force, to minimize any destruction or loss risk, and any unauthorized access, modification, or disclosure.
2. When membership to the Fund ends, the data will be kept in the database just for the necessities linked to the account management (for example: to manage any missing contribution payment from the company and the following payment of the benefit to the manager, payment of a survivor’s annuity pension), and only for the time necessary to comply with law requirements or rules, the Fund has to comply with. Following to that, a reversible anonymization process will take place.
3. To perform some activities, Previndai may need to communicate some data to trustworthy companies or third parties, that will use them – as controllers of the data, if applicable – to carry out the procedures to pay benefits and pensions and of other required services, or to support the Fund in its activities.
Common and sensitive personal data, according to the specific case, can be communicated to the following third parties:
a. The software company the Fund is currently collaborating with, and other companies providing additional services;
b. Insurance companies the Fund has management agreements with;
c. banks that pay benefits and pensions;
d. the pension Fund to which Previndai will transfer a member’s capital upon their request or from which receives, in the best interest of the member, information on the years of membership to a supplementary pension Fund;
e. companies managing computerized postal services or providing additional services to the Fund;
f. legal counselors, tax, actuarial, and accounting advisors of the Fund;
g. organizations and authorities, possibly foreign, however inside the EU, to which due to law provisions the Fund has to communicate personal data, or which have the possibility to access personal data due to law provisions (e. g. COVIP, Commission for the supervision of pension funds in Italy, Inland Revenue, Register of Pensioners).
4. The data supplied are not subject to dissemination.
5. Personal data may be transferred abroad in the cases and the forms provided for by articles 44 et seq. of the GDPR, for example when a member asks for the payment to be in a foreign bank account or when the same has their main residence in a foreign country.
3. Data subject’s rights
The subject has the right to:
1. To access data: that is the possibility to have personal data confirmed and verify its correctness, to know the purposes for the processing, the data origin, the recipients to which data may be transferred or have been transferred;
2. To obtain a correction, cancellation or request a partial processing of data;
3. To object, in whole or in part, on legitimate grounds, to the processing of personal data;
4. To data portability;
5. To revoke the consent given to the processing at point 1 letter b above;
6. To lodge a complaint, on legitimate grounds, to the Authority for the protection of personal data.
The subject may make all their requests:
a. Sending a registerd letter with return receipt to:
Previndai – Fondo Pensione
c.a. Responsabile della Protezione dei dati
Via Palermo 8
00184 Rome
Itlay
b. A registred email (italian PEC) to: rpd.previndai@pec.it ;
c. An email to privacy@previndai.it ;
4. Controller of personal data
The controller for personal data is Previndai – Fondo Pensione, Fondo di Previdenza a Capitalizzazione per i Dirigenti di Aziende Industriali, Via Palermo 8, 00184 Rome represented by its acting Chairman.
The fund has appointed the Data Protection Officer, that can be contacted at the above-mentioned addresses.
The list of possible additional Officers may be requested to the Controller.