Provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR) to users who consult and interact with this website.
Last update: June 2026
Halcyon Insurance S.p.A. attaches the utmost importance to the protection of users’ personal data. This notice describes how data collected through the website is processed. For the processing connected with the conclusion and management of insurance contracts, a specific notice dedicated to clients is provided at the pre-contractual stage.
1 Data controller
The data controller is Halcyon Insurance S.p.A., with registered office at Via Catone 3, 00192 Rome and head office at Via Assarotti 52/5, 16122 Genoa — Tax code/VAT 17285101006 — registered with the R.U.I. Section A no. A000736902 — PEC halcyoninsurancespa@pec.it.
2 Data Protection Officer (DPO)
The Controller has appointed a Data Protection Officer (DPO), who can be contacted at dpo@halcyoninsurancespa.it for any matter relating to the processing of personal data and the exercise of rights.
3 Data processed through the website
a) Navigation data
The IT systems and software procedures responsible for the operation of the website acquire, in the course of their normal operation, certain data whose transmission is implicit in the use of Internet communication protocols (e.g. IP addresses, browser and device type, operating system, access times and pages visited). Such data is used solely to obtain anonymous statistical information and to ensure the security and proper functioning of the website.
b) Data provided voluntarily by the user
The optional, explicit and voluntary sending of messages through the contact forms, the e-mail addresses or the information/quotation requests on the website entails the acquisition of the sender’s contact details and of the personal data included in the communication, necessary to respond to the request.
c) Cookies
The website uses cookies and similar technologies as described in the dedicated section and in the Cookie Policy.
4 Purposes of the processing and legal bases
| Purpose | Legal basis (GDPR) |
|---|---|
| Provision, operation and security of the website | Art. 6(1)(f) — legitimate interest of the Controller |
| Responding to contact, information or quotation requests sent by the user | Art. 6(1)(b) — pre-contractual measures; (a) — consent, where required |
| Compliance with legal obligations connected with the service | Art. 6(1)(c) — legal obligation |
| Sending informational/commercial communications (where the user opts in) | Art. 6(1)(a) — consent |
5 Nature of the provision of data
The provision of navigation data is connected with the use of Internet protocols. The provision of data through the contact forms is optional but necessary to obtain a response to the request: failure to provide the data indicated as mandatory makes it impossible to handle the request.
6 Recipients of the data
The data may be processed by the Controller’s authorised personnel and communicated to:
- providers of hosting, maintenance and IT management services for the website, appointed as data processors pursuant to Art. 28 GDPR;
- consultants and professionals assisting the Controller, within the limits of their respective competences;
- public authorities and bodies, where provided by law.
The data is not subject to dissemination. The updated list of data processors is available on request from the Controller.
7 Transfers to third countries
As a general rule, the data is processed within the European Economic Area. Should a transfer to third countries become necessary, it will take place in compliance with Articles 44 et seq. of the GDPR, on the basis of an adequacy decision or of appropriate safeguards (e.g. standard contractual clauses).
8 Retention period
| Type of data | Retention |
|---|---|
| Navigation data and technical logs | For the time strictly necessary for security and statistical purposes, and in any case within the terms of law |
| Data provided through contact forms | For the time necessary to handle the request and, where a relationship arises, according to the relevant terms |
| Data processed for commercial communications | Until withdrawal of consent |
| Cookies | According to the durations indicated in the Cookie Policy |
9 Cookies
The website uses technical cookies, necessary for proper functioning and security, and — with the user’s prior consent collected through the dedicated banner — any analytics and third-party cookies. The user may manage their preferences at any time from the consent panel and through the browser settings. For details of the types, purposes and durations, please refer to the website’s Cookie Policy.
10 Data subject’s rights
In the cases and within the limits provided for in Articles 15-22 of the GDPR, the user may exercise the rights of access, rectification, erasure, restriction of processing, portability and objection, and withdraw at any time the consents given, without prejudice to the lawfulness of the processing carried out before withdrawal.
11 How to exercise rights
Requests may be addressed to the Controller or to the DPO at the following contacts: dpo@halcyoninsurancespa.it — PEC halcyoninsurancespa@pec.it. The Controller will respond within one month of the request, a term that may be extended by two months in cases of particular complexity.
12 Amendments to this notice
The Controller reserves the right to amend or update this notice, including as a result of regulatory changes. Updated versions will be published on this page with the date of the last update.