CHP Legal SRL (the “Data Controller”) is committed to ensuring that any personal data received from the users of this website (“Website”) is protected and handled in accordance with applicable data protection laws.
In general, any information and data provided to the Data Controller over the Website, acquired in the use of services such as: the registration procedure, the request for products and services, information or estimates, access to the registration procedure (which is reserved for users who have the quality of insurance brokers or intermediaries), filling out the forms provided in order to notify a claim or to request any of the insurance services provided through the Website (“Forms”) or which is otherwise gathered via the Website by the Data Controller in the context of the use of the Data Controller’s services (“Services”), will be processed by the Data Controller in a lawful, fair and transparent manner.
- Data Controller
- Personal Data processed
When you use the Website, the Data Controller will collect and process information regarding you (as an individual) which allows you to be identified either by itself or together with other information which has been collected. The Data Controller may also be able to collect and process information regarding other persons in this same manner, assuming you choose to provide it to the Data Controller.
This information may be classified as “Personal Data” and can be collected by the Data Controller when you choose to provide it (e.g., when you sign up for an account to receive the Data Controller’s Services).
Personal Data that can be processed by the Data Controller through the Website are as follows:
a. Name, contact details and other Personal Data
In various sections of the Website – in particular, if you decide to create an account on the Website or when you fill out a Form – you will be asked to submit information such as your name, phone number, e-mail address, gender, date of birth, country of residence and address, as well as, in certain cases, information related to the company you currently work for and your position in that company.
In addition, whenever you participate in surveys that may be available on the Website, as well as whenever you communicate with the Data Controller through the contact details provided on the Website, the Data Controller may collect additional information that you choose to provide. This is also the case regarding any information you choose to disclose in certain sections of the Website which allow you to fill out a Form or to contact the Data Controller directly.
b. Job applications
When registering to apply for a position within the Data Controller, in the “Careers” section of the Website (where available), you will also be asked to provide different types of Personal Data, including professional and employment details (e.g. resume, cover letter, professional qualifications, availability to start, professional social media URLs, etc.).
You are also asked to provide other job-specific information, including your marital status, gender and date of birth, which may help to give more insight of you as a candidate – however, this is entirely optional and not mandatory.
c. Special categories of Personal Data
Certain areas of the Website provide you with some free text fields where you can describe to the Data Controller some information that you need to communicate to the Data Controller as required in the Forms, or otherwise allow you to post various types of content on the Website, which may contain Personal Data.
You may use such areas to disclose (inadvertently or not) some sensitive (“particular”) categories of Personal Data, such as data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership. The content you upload in these fields may also (inadvertently or not) include other types of particular information relating to you, such as your genetic data, biometric data or data concerning your health, sex life or sexual orientation or any disabilities you may have.
The Data Controller asks that you do not disclose any particular Personal Data in these free text fields on the Website unless it is strictly necessary. If so, please mind that the Data Controller needs your explicit consent to process this type of Personal Data (e.g. by declaring that you consent in the free text field), if you decide, nonetheless, to share it.
d. Other persons’ Personal Data
As mentioned in the previous section, certain areas of the Website and of the Forms include specific fields as well as free text fields where you can write messages to the Data Controller, or otherwise allow you to insert various types of data on the Website. These messages and content may (inadvertently or on purpose) include Personal Data related to other persons.
In other sections of the Website, you are asked to submit Personal Data related to third parties, such as other contacts in your company, colleagues, clients, policyholders, claimants, counterparties and/or insurers.
In any situation where you decide to share Personal Data related to other persons, you will be considered as an independent data controller regarding the Personal Data and must assume all inherent legal obligations and responsibilities. This means that you must fully indemnify the Data Controller against any complaints, claims or demands for compensation for damages which may arise from the processing of this Personal Data, brought by the third parties whose information you provide through the Website.
As the Data Controller does not collect this information directly from third parties (but rather collects them, indirectly, from you), you must make sure that you have the third parties’ consent before providing any information regarding them to the Data Controller; if not, then you must make sure there are some other appropriate grounds on which you can rely to lawfully give this information to the Data Controller.
e. Browsing Data
The Websites operation, as is standard with any websites on the Internet, involves the use of computer systems and software procedures, which collect information about the Websites users as part of their routine operation. While the Data Controller does not collect this information to link it to specific users, it is still possible to identify those users either directly via that information, or by using other information collected – as such, this information must also be considered Personal Data.
This information includes several parameters related to your operating system and IT environment, including your IP address, location (country), the domain names of your computer, the URI (Uniform Resource Identifier) addresses of resources you request on the Website, the time of requests made, the method used to submit requests to the server, the dimensions of the file obtained in response to a request, the numerical code indicating the status of the response sent by the server (successful, error, etc.), and so on.
These data are used to compile statistical information on the use of the Website, as well as to ensure its correct operation and identify any faults and/or abuse of the Website.
Cookies are small text files that may be sent to and registered on your computer by the websites you visit, to then be re-sent to those same sites when you visit them again. It is due to these cookies that those websites can “remember” your actions and preferences (e.g. login data, language, font size, other display settings, etc.), so that you do not need to configure them again when you next visit the website, or when you change pages within a website.
Purposes of processing and lawful basis for processing
The Data Controller intends to use your Personal Data, collected through the Website, for the following purposes:
- Manage and, if necessary, settle claims, collect information and documentation, carry out investigations (also relating to the degree of satisfaction) and investigations, as well as carry out activities’ ancillary and instrumental to the management and settlement of the claims themselves (“Service Provision”). The lawful basis for this process is to perform a contract with the data subject. It is not mandatory for you to give the Data Controller your Personal Data for these purposes; however, if you do not, the Data Controller will not be able to provide any Services to you.
- Access the platforms and verify the identity of the User, help him in case he loses or forgets the login/password credentials for any of the Registration Services of the Data Controller, maintaining a registered user profile and provide any other service that the User may request (“Service Provision”). The lawful basis for this process is to perform a contract with the data subject. It is not mandatory for you to give the Data Controller your Personal Data for these purposes; however, if you do not, the Data Controller will not be able to provide any Services to you.
- Granting judicial and/or out-of-court assignments in relation to insurance claims management (“Service Provision”). The lawful basis for this process is to perform a contract with the data subject. It is not mandatory for you to give the Data Controller your Personal Data for these purposes; however, if you do not, the Data Controller will not be able to provide any Services to you.
- Provide assistance and information following specific requests from the User.
- Send the Furness Insurance Services Ltd newsletter (“Newsletter”). The lawful basis that allow us to process your data is your consent exercised through the opt-in operation.
- Review your curriculum vitae and get in touch with users who have submitted their application through the website (“Recruitment”). The lawful basis for this process can be one of the followings: necessary to perform a contract with you as the Data Subject – compliance with legal obligations that the Data Controller is subject to in relation to employment law – Legitimate interests of the Data Controller – your consent as data subject. Processing for this purpose is needed for the Data Controller to be able to consider offering you a position and, therefore, is necessary to take steps at your request before (potentially) entering into a contract. It is not mandatory for you to give the Data Controller your Personal Data for these purposes; however, if you do not, the Data Controller will not be able to consider your candidacies.
- Comply with laws and regulations that require the Data Controller to collect and/or further process certain types of Personal Data (“Compliance“). The lawful basis for this process is a legal obligation.
Prevent and detect fraudulent activities carried out against the Data Controller (“Abuse“).
- Recipients of Personal Data
Your Personal Data may be shared with the following list of persons / entities (“Recipients”):
- Persons, companies or professional firms providing the Data Controller with advice and consultancy regarding for example accounting, administrative, legal, tax, financial and debt collection matters related to the provision of the Services.
- Entities engaged to provide the Services (e.g., hosting providers or e-mail platform providers).
- Persons authorized to perform technical maintenance (including maintenance of network equipment and electronic communications networks).
- Persons authorized by the Data Controller to process Personal Data needed to carry out activities strictly related to the provision of the Services, who have undertaken an obligation of confidentiality or are subject to an appropriate legal obligation of confidentiality (e.g., employees of the Data Controller).
- Other companies within the Data Controller Group.
- Public entities, bodies or authorities to whom your Personal Data may be disclosed, in accordance with the applicable law or binding orders of those entities, bodies or authorities.
- Transfer of Personal Data
Your Personal Data may be transferred to Recipients located in several different countries. The Data Controller implements appropriate safeguards to ensure the lawfulness and security of these Personal Data transfers, such as by relying on adequacy decisions from the European Commission, standard data protection clauses adopted by the European Commission, or other safeguards or conditions considered adequate to the transfer at hand.
- Retention of Personal Data
- Data subjects’ rights
You have certain rights as a data subject which you can exercise in relation to the information, we hold about you. If you make a request to exercise any of your rights, we reserve the right to ask you for a proof of your identity. We aim to acknowledge your request as soon as possible and will address your query within one month from your request.
You have the following rights:
The right to access
If we are processing your data, you are entitled to a confirmation, a copy of your data, and information about purposes of processing – who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, where your data is from and how you can make a complaint.
The right to rectification
If you believe that the personal information we hold about you is inaccurate or incomplete, you can request for it to be rectified.
The right to erasure
If you withdraw your consent, terminate a contract with us or you believe the personal information is no longer necessary for the purposes for which it was collected, you may request for your data to be deleted. However, this will need to be balanced against other factors, for example, there may be certain regulatory obligations which mean we cannot comply with your request.
The right to restrict processing
You can ask us to restrict (i.e. keep but not use) your personal data, but only where:
- Its accuracy is contested, to allow us to verify its accuracy; or
- The processing is unlawful, but you do not want it erased; or
- It is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- You have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal data following a request for restriction, where we have your consent; to establish, exercise or defend legal claims; or to protect the rights of another natural or legal person.
The right to data portability
If we have collected your information under a contract or your consent, you could request us to transfer your personal information to provide it to another third party of your choice.
The right to object
You have the right to object at any time the processing of your personal data where it is necessary for the performance of a task carried out in the public interest, or in the exercise of an official authority vested in the controller. You may also object where the processing is necessary for the purposes of the legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms – in particular, if you are a child.
The right to withdraw consent
If we have processed your personal information under your consent, you could withdraw it at any time.
We do not have to comply with a request where it would adversely affect the rights and freedoms of other individuals.
- Contact details of the Data Protection Officer
You can also exercise your rights described above by sending a written request to the Data Controller at the following address: firstname.lastname@example.org
If you are not satisfied with our response or believe we are not processing your personal data in accordance with legal requirements you can make a complaint to the relevant Data Protection Authority.
1. Who we are
CHP Legal SRL (the “Data Controller”) registered office is Via Cassanese 41, CAP 20090, Segrate (MI). The Data Controller can be contacted by post at the address indicated above or by e-mail at email@example.com.
2. What are cookies
Cookies are small text files that may be sent to and registered on your computer by the websites you visit, to then be re-sent to those same sites when you visit them again. It is due to these cookies that those websites can “remember” your actions and preferences (e.g., login data, language, font size, other display settings, etc.), so that you do not need to configure them again when you next visit the website, or when you change pages within a website.
When browsing a website, you may also receive cookies from websites or web servers other than the website being visited (i.e., “third-party cookies”).
There are different types of cookies, depending on their characteristics and functions, which may be stored on your computer for different periods: “session cookies”, which are automatically deleted when you close your browser, and “persistent cookies”, which will remain on your device until their pre-set expiration period passes.
According to the law which may be applicable to you, your consent may not always be necessary for cookies to be used on a website. In particular, “technical cookies” – i.e., cookies which are only used to send messages through an electronic communications network, or which are needed to provide services you request – typically do not require this consent. This includes browsing or session cookies (used to allow users to login) and functional cookies (used to remember choices made by a user when accessing the website, such as language or products selected for purchase).
On the other hand, “profiling cookies” – i.e., cookies used to create profiles on users and to send advertising messages in line with the preferences revealed by users while browsing websites – typically require specific consent from users, although this may vary according to the applicable law.
3. What cookies we use and why
The Website could use the following types of cookies:
Browsing or session cookies, which are strictly necessary for the website operation, and/or to allow you to use the website content and Services.
Analytics cookies, which allow the Data Controller to understand how users make use of the Website, and to track traffic to and from the Website.
Functional cookies, which are used to activate specific Website functions and to configure the Website according to your choices (e.g., language), to improve your experience.
Profiling cookies, which are used to observe the preferences you reveal through your use of the Website and to send you advertising messages in line with those preferences.
In detail, the cookies present on our Website are as follows:
|Technical name||Cookie type, function and purpose||Expires after|
|pll_language||HTTP, Preferences/Functional, Determine the preferred language of the visitor||1 year|
|_ga||HTTP, Statistics/Analytics, Register a unique ID to generate statistical data on how the visitor uses the website||2 years|
|_gat||HTTP, Statistics/Analytics, Used by Google Analytics to throttle request rate||1 day|
|_gid||HTTP, Statistics/Analytics, Register a unique ID to generate statistical data on how the visitor uses the website||1 day|
|PHPSESSID||PHP, Necessary, store and identify a users’ unique session ID||Session|
4. Cookies set by Third Party websites
The Data Controller also uses third-party cookies – i.e., cookies from websites/web servers other than the Website, owned by third parties. These third parties will either act as independent data controllers from the Data Controller regarding their cookies (using the data they collect for their purposes and under terms defined by them) or as data processors for the Data Controller (processing personal data on the Data Controller’s behalf). For further information on how these third parties may use your information, please refer to their privacy policies.
5. How to control and delete cookies
If you wish to restrict or block the cookies which are set by the Data Controller, or indeed any other website, you can do this through your browser settings. The “Help” function within your browser should tell you how. Your cookies preferences will be reset if different browsers are used to access the Website.
CAUTION: If you block or delete technical and/or functional cookies used by the Website, the Website may become impossible to browse, certain services or functions of the Website may become unavailable or other malfunctions may occur. In this case, you may have to modify or manually enter some information or preferences every time you visit the Website.
6. Further information
This policy is reviewed every 6 months and the date of the last update of the same is reported below.
Last update: 31.01.2023.