This website is for informational purposes only and does not constitute financial, legal, or investment advice.
Home About Services Contact Privacy Policy
Home / Privacy Policy
Legal

Privacy Policy

How Generali Pensionsfonds AG collects, uses, and protects your personal data in compliance with GDPR.

Last updated: 1 January 2025

Contents

  1. Data Controller
  2. Data We Collect
  3. Purpose and Legal Basis
  4. Data Retention
  5. Sharing of Personal Data
  6. Your Rights
  7. Data Security
  8. Cookies
  9. Contact and Data Protection Officer

1. Data Controller

The data controller responsible for the processing of your personal data is:

Generali Pensionsfonds AG
Franklinstraße 46 – 48
60486 Frankfurt am Main-Innenstadt II
Germany
Tel: +49 6915022626
Email: support@generali-ag.org

2. Data We Collect

When you use this website or contact us, we may collect the following categories of personal data:

  • Identification data: name, title, organisation name
  • Contact data: email address, telephone number, postal address
  • Communication data: the content of enquiries submitted through our contact form
  • Technical data: IP address, browser type and version, operating system, referring URLs, and pages visited (collected via server logs and analytics tools)
  • Cookie data: information stored in cookies as described in our Cookie Policy

3. Purpose and Legal Basis

We process your personal data on the following legal bases under the General Data Protection Regulation (GDPR):

3.1 Responding to Enquiries

When you submit an enquiry via our contact form or contact us by email or telephone, we process your data to respond to your enquiry. The legal basis is Article 6(1)(b) GDPR (performance of a contract or pre-contractual measures) or Article 6(1)(f) GDPR (legitimate interests — specifically our interest in communicating with website visitors).

3.2 Operation and Security of the Website

We process technical data such as IP addresses and access logs to ensure the functionality and security of this website. The legal basis is Article 6(1)(f) GDPR (legitimate interests).

3.3 Compliance with Legal Obligations

Where we are required to retain or disclose data by law (e.g., tax law, regulatory obligations under VAG or BaFin requirements), we process data on the basis of Article 6(1)(c) GDPR (legal obligation).

4. Data Retention

We retain personal data only for as long as necessary for the purposes described above:

  • Enquiry data: up to 3 years after the last correspondence, unless a longer period is required by law
  • Server log data: up to 90 days, unless required for security investigations
  • Data subject to statutory retention obligations (e.g., commercial or tax records): up to 10 years as required under German law (§ 147 AO, § 257 HGB)

5. Sharing of Personal Data

We do not sell your personal data. We may share data with:

  • IT service providers: who host and maintain this website and associated systems, under appropriate data processing agreements
  • Regulatory authorities: such as BaFin or tax authorities, where required by law
  • Professional advisers: including auditors and legal counsel, subject to confidentiality obligations

All third-party processors are bound by contractual obligations consistent with GDPR requirements. Where data is transferred outside the European Economic Area, appropriate safeguards (such as Standard Contractual Clauses) are in place.

6. Your Rights

Under the GDPR, you have the following rights with respect to your personal data:

  • Right of access (Art. 15 GDPR): You may request confirmation of whether we process your data and, if so, a copy of it.
  • Right to rectification (Art. 16 GDPR): You may request correction of inaccurate or incomplete data.
  • Right to erasure (Art. 17 GDPR): You may request deletion of your data, subject to legal retention requirements.
  • Right to restriction (Art. 18 GDPR): You may request that processing be restricted in certain circumstances.
  • Right to data portability (Art. 20 GDPR): You may request that your data be provided in a structured, machine-readable format.
  • Right to object (Art. 21 GDPR): You may object to processing based on legitimate interests at any time.
  • Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at support@generali-ag.org. You also have the right to lodge a complaint with a supervisory authority. The competent authority for Germany is the Hessian Data Protection Commissioner (HBDI):

Hessischer Beauftragter für Datenschutz und Informationsfreiheit
Gustav-Stresemann-Ring 1, 65189 Wiesbaden
datenschutz.hessen.de

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include SSL/TLS encryption for data transmitted via this website, access controls, and regular security reviews.

8. Cookies

This website uses cookies. For detailed information about the cookies we use, their purpose, and how to manage your preferences, please refer to our Cookie Policy.

9. Contact and Data Protection Officer

For any questions regarding this Privacy Policy or the processing of your personal data, please contact:

Data Protection Officer
Generali Pensionsfonds AG
Franklinstraße 46 – 48, 60486 Frankfurt am Main
Email: support@generali-ag.org
Tel: +49 6915022626

We reserve the right to update this Privacy Policy periodically to reflect changes in legal requirements or our data processing activities. The current version is always available at generali-ag.org/en/privacy-policy.html.