Privacy Policy

Pursuant to the existing personal data protection legislation, TRANSFER have adopted their own privacy policy which is based on the following points:

The Data Controller is TRANSFER, which has appointed General Manager Marco Masala as the person in charge of the implementation of privacy legislation at corporate level;

Data subjects may apply to TRANSFER to exercise their rights of access and obtain any further information on privacy;

Privacy Data Processors have been appointed to guarantee compliance with privacy legislation and the instructions given to the whole legislation;

Those who process personal data are referred to as “Persons in charge of the processing”. They have been provided with specific instructions and benefit from an ongoing training programme;

Due to specific technical and organisational requirements, TRANSFER avails itself of third parties who are responsible for parts of the process. They may act in their capacity as “Persons in charge of the processing”, or “Data Processors” of TRANSFER, or operate autonomously as “Data Controllers” of subsequent processing having the same purposes as TRANSFER.


TRANSFER can only access personal information as is strictly necessary to perform specific services or for the purposes for which such information has been collected by providing the specific information. Particular importance is attached to sensitive data, which are processed only after having ascertained that processing of such data in anonymous form on a case by case basis is not possible.


TRANSFER shall process all personal information by taking all necessary physical and IT security measures, in accordance with the arrangements laid down in the Privacy Code and in the technical specifications thereto attached.
At the end of the processing, TRANSFER shall store processed data and, if such obligation does not exist or if such term has elapsed, shall erase or anonymize the data.


Data subjects may apply to


for any information on personal data, namely:


to obtain confirmation as to whether or not personal data concerning him/her exist and communication of such data in intelligible form;

to be informed of the source of the personal data, of the purposes and methods of the processing and of the logic applied to the processing if the latter is carried out thanks to electronic means;

to obtain a list of the entities or categories of entity to whom or which the personal data may be communicated and who may get to know said data in their capacity as data processor(s) or person(s) in charge of the processing (see for example the list of the entities to whom or which the personal data may be communicated for purposes related to the provision of insurance services);

to require the updating or rectification of the processed data, and erasure, anonymization or blocking of data that has been processed unlawfully;

to object, in whole or in part, to the processing of personal data concerning him/her on legitimate grounds or for commercial purposes.

Comments are closed.