The Privacy Sub-Department of the Safety and Protection Head Office Department ensures that personal data are collected and processed in accordance with laws and the principles in the Code of Ethics. All Group personnel receive training and updates on this issue, through mandatory initiatives online, and in classroom sessions and activities focused on specific areas.

During 2016, the website's privacy policy for retaining browsing data, processing with Apps for mobile devices and information on the use of profiling cookies, with particular reference to the combined use of online profiling tools, were all updated, based on Data Protection Authority guidelines.

During the year, the Data Protection Authority issued seven claims procedures against Group companies, with necessary follow-up provided; no cases of Group customer data being lost or stolen were registered (see also the section “Claims Management”).

In May 2016, the Regulation (EU) 2016/679 came into force (effective from 25 May 2018), which requires the Group to align with new requirements on privacy, including: the “right to be forgotten”, privacy “by design” and “by default” and the pseudonymisation and portability of data. Project activities on this aspect have been started with other specific company functions.