This page describes the methods and logic of personal data processing of users (hereinafter referred to as "Users") who visit the website https://www.drave.com/ (hereinafter also referred to as the "Site") concerning the processing of personal data of users who access it. This information is provided only for the website https://www.drave.com/ and not for other websites that the user may consult through links.
The Data Controller, pursuant to articles 4 and 24 of the Regulation, is the company DRAVE Underwriting S.r.l. ("Drave") with registered office in Milan - Via Matteo Bandello 15, 20123, and the operational offices listed below:
Milan Office: Via Vincenzo Monti 8 - 20123 Milano (MI), Italy
Rome Office: Via Velletri 7 - 00198 Roma (RM), Italy
PEC: draveunderwritingsrl@legalmail.it
The Data Protection Officer ("DPO"), pursuant to Article 37 of the Regulation, can be contacted at the following address: dpodrave@legalmail.it
Personal data is processed exclusively for the purpose of providing the services accessible through the Site and for fulfilling legal obligations. The legal basis for the processing for the aforementioned purposes is provided by Article 6(1)(b) of the GDPR ("processing is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract") and Article 6(1)(c) ("processing is necessary for compliance with a legal obligation to which the data controller is subject").
The Data Controller adopts appropriate technical and organizational measures to ensure that only personal data relevant to the Users' specific processing purposes are processed and to minimize the risks of destruction or accidental loss, unauthorized access, or processing not allowed or not in accordance with the purposes indicated in this Policy. The processing of Users' personal data may be carried out using electronic or automated means, with procedures strictly necessary for achieving the above-described purposes.
The processing of personal data will be carried out by subjects specifically designated by the Data Controller, operating at its headquarters. These subjects, with merely organizational functions, will process the data in compliance with the instructions received from the Data Controller, either as processors (Article 28) or as authorized persons (Article 29), or as subjects expressly designated for data processing as provided by the Regulation and national legislation adapting to the provisions of the GDPR (Legislative Decree no. 101/2018). Among these are employees or collaborators responsible for the Data Controller's facilities. The provided data may also be processed by the Data Controller or communicated to third parties exclusively for administrative and accounting purposes, computer service companies, management, storage, or other technical/organizational services.
The data will be retained for a period not exceeding the achievement of the above-indicated purposes ("principle of data minimization" pursuant to Article 5 of EU Regulation 2016/679) or according to the deadlines set by laws and in accordance with the timeframes specified for cookies in the cookie policy.
Data will not be transferred to a third country outside the European Union or to International Organizations.
According to Articles 15 and onwards of the Regulation, the data subject has the right to request from the Data Controller:
- access to their personal data;
- rectification or erasure of the data, or restriction of processing concerning them;
- objection to processing;
- data portability as provided in Article 20;
- revocation of consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal if the processing is based on Article 6(1)(a) or Article 9(2)(a).
Without prejudice to any other administrative or judicial remedy, the data subject who believes that the processing concerning them violates the GDPR has the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or the place of the alleged infringement, according to Article 77 (the Italian supervisory authority is the Garante per la protezione dei dati personali - Data Protection Authority).
To exercise the above rights, the data subject may contact the Data Controller at the above-mentioned contact details.
The privacy policy of this website is subject to updates; users are therefore invited to periodically check its content.
Identity and contact details of the Data Controller
The Data Controller, pursuant to articles 4 and 24 of the Regulation, is the company DRAVE Underwriting S.r.l. ("Drave") with registered office in Milan - Via Matteo Bandello 15, 20123, and the operational offices listed below:
Milan Office: Via Vincenzo Monti 8 - 20123 Milano (MI), Italy
Rome Office: Via Velletri 7 - 00198 Roma (RM), Italy
PEC: draveunderwritingsrl@legalmail.it
Identity and contact details of the Data Protection Officer (DPO).
The Data Protection Officer ("DPO"), pursuant to Article 37 of the Regulation, can be contacted at the following address: dpo@drave.com
This information aims to describe the management methods of the website concerning the use of cookies and the related processing of personal data of users who consult it.
Cookies are small pieces of data that allow us to compare new and past visitors and understand how users navigate through our site.
Based on the purposes pursued by those who use them, two main categories of cookies are identified: "technical" cookies and "profiling" cookies.
Depending on the subject that installs cookies on the user's device, a distinction is made between the site manager being visited ("publisher") and other subjects that install cookies through the former ("third parties").
Regarding the above-mentioned categories and definitions of cookies, please note that this site only uses technical navigation or session cookies and analytical cookies (in anonymous form).
For the installation of such cookies, it is not mandatory to obtain the prior consent of users, but the obligation to provide information to the user remains.
Technical cookies are used solely for the purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide the service. The technical cookies used by the site can be divided into:
• navigation or session cookies, which ensure the normal navigation and use of the website (for example, allowing a purchase or authentication to access restricted areas);
• analytics cookies, used directly by the site operator to collect information, in an aggregated form, about the number of users and how they visit the site itself;
• functionality cookies, which allow the user to navigate based on a set of selected criteria (such as language, selected products for purchase) in order to improve the service provided to the user.
| Cookie Name | Description | Type | Duration |
|---|---|---|---|
| Google.com | Technical cookie related to session persistence | Session cookie | Session |
| Iubenda.com | Technical cookie related to session persistence | Session cookie | Session |
When visiting a website, cookies can be received both from the visited site ("first-party") and from sites managed by other organizations ("third parties"). An example of these are "social plugins" linked to Facebook, Twitter, Google+, Instagram, or LinkedIn. These are parts of the visited page generated (totally or in part) by the aforementioned sites and integrated into the hosting site's page. The most common use of social plugins is aimed at sharing content on social networks.
The presence of these plugins involves the transmission of cookies to and from sites managed by third parties. The management of information collected by "third parties" is governed by their respective information, to which reference should be made. To ensure greater transparency and convenience, the following are the web addresses of the various information and methods for managing cookies:
Users can set their browser to receive a warning about the presence of a cookie and then decide whether to accept it or not. They can also automatically reject all cookies by activating the relevant option on their browser in advance. Below is a list of the main browsers and their references to user guides on cookies:
However, we inform you that disabling cookies may make browsing the site less smooth or functional.
For any other information regarding the subjects accessing or to whom personal data are communicated, your rights under the GDPR, and how to exercise them, please read our privacy policy regarding browsing on the site. go to the privacy policy
For any further information, you may contact the Data Controller at the aforementioned contact details.
Drave Underwriting Srl places customer satisfaction at the forefront and is committed to ensuring you receive the best levels of service in terms of quality and efficiency. If this has not been the case, we take every suggestion, comment, complaint, or grievance very seriously.
Complainant: Any entitled party to submit a complaint to the Company or the intermediary, the direct party concerned acting as the policyholder, insured, beneficiary, or claimant.
Proposer: The direct party concerned (Complainant), consumer associations, entities representing collective interests, any person acting as a Legal Advisor or Consultant, or other roles acting on behalf of the direct party concerned.
Any complaints or statements of dissatisfaction concerning the contractual relationship or insurance service, as well as the conduct of the Intermediary, its employees, or collaborators, must be submitted in writing to the following contacts:
Drave Underwriting Srl
Via Vincenzo Monti, 8 - 2013 Milano
PEC reclami-drave@legalmail.it
Please provide the following information:
- Full name and address of the Complainant, including any contact telephone number;
- Identification of the subject or subjects about whom the complaint is made;
- Brief and concise description of the reason for the complaint;
- Any documents useful for providing more comprehensive information about the circumstances (including the policy document).
Once we receive the complaint, we will promptly forward it to the insurance company, notifying the Complainant accordingly.
The insurance companies are directly responsible for handling the complaints related to the conduct of their agents. They will provide a response to the Complainant within 45 days from receiving the complaints using the same means of communication used by the Complainant to submit the complaint.
The above-mentioned term may be suspended for a maximum of 15 days to allow the Company to collect any additional information useful for managing the complaint and express its position on the matter.
The complaints received and forwarded to the Company, or directly sent to the Company, will be managed as indicated in the Information Sets of the insurance products for which the complaint is made.
In the event of no response or no acceptance of the complaint within the established terms, and before initiating any proceedings before the judicial authority, the Complainant may contact IVASS (Italian Insurance Supervisory Authority) by sending the form available on the website: https://www.ivass.it/consumatori/reclami/Allegato2_Guida_ai_reclami.pdf along with a copy of the complaint submitted to the intermediary or directly to the Company, to the following address:
IVASS - Servizio Tutela del Consumatore
Via del Quirinale, 21 - 00187 Roma
FAX: 06 42133206
PEC: tutela.consumatore@pec.ivass.it
In any case, the option to resort to the Judicial Authority is reserved, or alternatively, to use alternative dispute resolution systems:
- Mediation: Contact a Mediation Body from those listed on the Ministry of Justice's website at www.giustizia.it
- Assisted Negotiation: Consult with your Legal Advisor
- Cross-border dispute: Submit the complaint to IVASS, or directly to the competent foreign system, requesting the activation of the FIN-NET procedure. This system can be identified by accessing the website http://ec.europa.eu/internal_market/fin-net/members_en.htm
The Drave Group ensures a transparent and honest working environment for employees and third parties. Therefore, we encourage anyone to report events related to behaviors that may violate laws, regulations, internal policies, or the Code of Conduct.
Drave enforces a "zero-tolerance" policy towards any potential or actual retaliation against those who make a good-faith report, where there are reasonable grounds to believe that misconduct has occurred, and those who contribute to investigations arising from such reports.
Any report is treated very seriously, and the utmost confidentiality is ensured in managing each case, both for the reporting party and the subject alleged to be responsible for the reported behavior.
Everyone should feel free to make a report and should have the option to keep their identity confidential. Anonymity is guaranteed.
Therefore, a dedicated online platform has been set up, allowing compliance with all regulatory requirements as indicated by EU Directive 2019/1937 and Legislative Decree No. 24 of 10.03.2023 on the protection of persons who report violations of European and national law.
To submit a report, please visit the link https://drave.integrityline.com/ and follow the instructions.
You can make the report in writing, by voice message, and with the support of documents and images.
The platform is managed by an external service provider that guarantees compliance with legal terms without being able to access the content of the reports.
Once the mandatory information is provided, the system grants access to the report in confidence through a verification code. Do not share this information with anyone and do not provide information classified as personal views irrelevant to the investigation.
After completing the process, the report is handled by personnel specifically trained for this purpose, who may involve other functions on a case-by-case basis if deemed relevant to reconstructing the events.
The reporting party has the right to proceed with an external report through the ANAC (National Anti-Corruption Authority) reporting channel at the following link https://www.anticorruzione.it/-/segnalazioni-contratti-pubblici-e-anticorruzione if the internal report has not been acted upon, or there are reasonable grounds to believe that the internal report cannot have an effective outcome, or if it exposes the reporting party to the risk of retaliation, or if there are reasonable grounds to believe that the violation may constitute an imminent or evident danger to the public interest.