Privacy Policy

Learn how we collect, use, and protect your personal information.

Last updated: April 10, 2025

Privacy Policy Summary

At CareItalia, we respect your privacy and are committed to protecting your personal data. This summary provides key points from our Privacy Policy:

  • We collect personal information necessary to provide insurance services, including sensitive health data with your explicit consent
  • We use your data to process applications, manage policies, handle claims, and improve our services
  • We share information with trusted third parties only when necessary and with appropriate safeguards
  • You have rights to access, correct, and delete your personal information
  • We implement strong security measures to protect your data in accordance with GDPR and local regulations

Please read the full policy below for detailed information.

1. Introduction

This Privacy Policy explains how CareItalia Life Insurance ("we", "our", "us") collects, uses, discloses, and safeguards your personal information when you use our services, website, or applications.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy is designed to inform you about our practices regarding the collection, use, and disclosure of personal information we might receive from users of our website and services.

2. Information We Collect

2.1 Information You Provide to Us

We collect personal information that you voluntarily provide to us when you:

  • Register for an account
  • Apply for insurance coverage
  • Submit a claim
  • Contact our customer service
  • Subscribe to our newsletter
  • Participate in surveys or promotions

This information may include:

  • Personal identifiers (name, address, date of birth, contact details, etc.)
  • Financial information (bank details, payment information, etc.)
  • Health information (medical history, current health status, etc.)
  • Employment information
  • Lifestyle information
  • Beneficiary information

2.2 Information Collected Automatically

When you visit our website or use our services, we may automatically collect certain information about your device and usage, including:

  • Device information (IP address, browser type, operating system, etc.)
  • Usage data (pages visited, time spent on pages, links clicked, etc.)
  • Location information (if you permit your device to share it)
  • Cookies and similar tracking technologies (see our Cookie Policy for more details)

2.3 Information from Third Parties

We may receive information about you from third parties, including:

  • Medical providers (with your consent)
  • Financial institutions
  • Credit reference agencies
  • Identity verification services
  • Other insurance companies
  • Public databases and government agencies

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Managing Services

  • Process insurance applications
  • Underwrite policies
  • Administer and manage insurance policies
  • Process and evaluate claims
  • Process payments
  • Provide customer support

3.2 Communication

  • Send policy information and updates
  • Respond to inquiries and requests
  • Send service-related notifications
  • Send marketing communications (with your consent)

3.3 Improvement and Development

  • Analyze usage patterns to improve our services
  • Develop new products and features
  • Conduct research and analysis
  • Enhance user experience

3.4 Legal and Security

  • Detect and prevent fraud
  • Comply with legal obligations
  • Enforce our terms and policies
  • Protect our rights, property, and safety

The table below summarizes the legal bases for processing your personal data:

Purpose Legal Basis
Policy administration and claims processing Performance of a contract
Processing health data for underwriting Explicit consent
Fraud prevention and detection Legitimate interest
Marketing communications Consent
Compliance with legal obligations Legal requirement

4. How We Share Your Information

We may share your personal information with the following categories of recipients:

4.1 Service Providers

We engage trusted third-party service providers to perform various functions on our behalf, such as:

  • Payment processors
  • Customer service providers
  • IT and cloud service providers
  • Analytics providers
  • Marketing and advertising partners

These service providers have access to your information only to perform these tasks on our behalf and are contractually obligated to protect your data.

4.2 Insurance Partners

We may share information with:

  • Reinsurers
  • Underwriters
  • Medical examiners
  • Claims investigators

4.3 Legal Requirements

We may disclose your information when required by law, regulation, or legal process, or to:

  • Respond to legal requests from public authorities
  • Protect our rights, privacy, safety, or property
  • Prevent or investigate fraud or illegal activities

4.4 Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any change in ownership or uses of your information.

4.5 With Your Consent

We may share your information with other third parties with your explicit consent.

5. International Data Transfers

We primarily store and process your data within the European Economic Area (EEA). However, we may transfer your personal information to countries outside the EEA for processing. When we do so, we ensure appropriate safeguards are in place in compliance with applicable data protection laws, including:

  • Relying on adequacy decisions by the European Commission
  • Using Standard Contractual Clauses approved by the European Commission
  • Implementing binding corporate rules for transfers within our corporate group

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:

  • The duration of our contractual relationship with you
  • Legal obligations to retain certain data for specific periods
  • Statutes of limitations under applicable law
  • Our legitimate business interests

When we no longer need to process your information, we will securely delete or anonymize it.

7. Your Rights

Depending on your location and applicable law, you may have the following rights regarding your personal information:

7.1 Access and Information

You have the right to request confirmation of whether we process your personal data and to access your personal data along with information about how we use it.

7.2 Rectification

You have the right to request that we correct any inaccurate personal data we hold about you, or complete any incomplete personal data.

7.3 Deletion

You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

7.4 Restriction of Processing

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

7.5 Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

7.6 Objection

You have the right to object to the processing of your personal data in certain circumstances, including when we process your data for direct marketing purposes.

7.7 Withdrawal of Consent

Where we process your data based on consent, you have the right to withdraw your consent at any time.

7.8 Complaint

You have the right to lodge a complaint with a supervisory authority if you believe our processing of your personal data violates applicable data protection laws.

To exercise these rights, please contact us using the information provided in the "Contact Us" section.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include:

  • Encryption of sensitive data
  • Regular security assessments
  • Access controls and authentication mechanisms
  • Staff training on data protection
  • Incident response procedures

While we take all reasonable steps to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security.

9. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect or solicit personal information from children. If we learn that we have collected personal information from a child without parental consent, we will delete that information as quickly as possible.

If you believe that a child has provided us with personal information, please contact us using the information in the "Contact Us" section.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated policy on our website with a new effective date. We encourage you to review this Privacy Policy periodically.

Your continued use of our services after the effective date of the updated policy constitutes your acceptance of the changes.

Privacy Questions?

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:

Email: privacy@careitalia.it.com

Phone: +39 080 505 2127

Address: Via Nicola Ruffo, 28, 70124 Bari BA

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) or your local supervisory authority.