Privacy Policy

The protection of your personal data is an essential part of the digital services we offer. With this policy, we wish to explain, with the utmost clarity and transparency, how we use your data when you browse the website www.yolo-insurance.com (the “Website”), when you use our insurance services and when you choose to interact with our support channels, including the new virtual assistant based on artificial intelligence (“AI Agent“).
The aim is to enable you to easily understand what data we process, for what purposes, with what guarantees and what your rights are.

1. WHO PROCESSES YOUR DATA AND WHY

Personal data is processed jointly by YOLO Group S.p.A. and YOLO S.r.l. (insurance intermediary registered with the RUI, section B). The two companies act as joint controllers pursuant to Article 26 of the GDPR, on the basis of an agreement that clearly defines roles and responsibilities.

If you wish to know the essential contents of this agreement, you can request a copy by writing to our DPO: dpo@yolo-group.com.

The data is processed exclusively to provide you with a correct, efficient service in line with the services requested, both when you consult the Website and when you purchase an insurance product or contact our support channels.

2. WHAT DATA WE COLLECT WHEN YOU USE OUR DIGITAL SERVICES

During navigation, certain technical data is processed, such as IP addresses, access logs and information about the device used. This data is necessary to ensure the secure and stable functioning of the Website, to improve the browsing experience and to prevent any abuse or abnormal use.

When you contact us, submit a request or purchase an insurance product, we may process the data you provide us directly, such as personal details, contact details or other information useful for preparing quotes and managing services.

In cases where insurance regulations or the nature of the cover require it, we may also need to process special categories of personal data. In such circumstances, we will ask for your explicit consent, limited to what is strictly necessary for the management of your case.

3. FOR WHAT PURPOSES DO WE USE YOUR DATA?

We use your data to enable you to take full advantage of our Website and the insurance services it offers. The main purposes include:

1. 1. enabling you to browse the Website correctly and access its various sections;
   2. providing quotes at your request and managing the pre-contractual stages;
   3. enabling you to purchase insurance products and transmitting the data necessary for underwriting to our partner companies;
   4. managing the administrative, commercial and operational requirements related to the relationship;
   5. responding to your requests and offering you adequate assistance;
   6. complying with regulatory obligations, in particular those provided for by insurance and anti-money laundering regulations.

In addition to these purposes, only if you give your specific consent, we may carry out marketing activities, send personalised commercial communications, perform profiling and geolocation activities, which are intended to make our service offering more targeted and interesting.

Without your consent, none of these activities will be carried out.

4. THE AI AGENT AND HOW IT WORKS

We have introduced an artificial intelligence-based virtual assistant on the Website, designed to facilitate your navigation and help you better understand the features of insurance products.

The use of the AI Agent is entirely optional: you can choose it as a support channel, or you can ignore it and use traditional methods.

The AI Agent is designed to be secure and privacy-friendly. The system can only process the information you choose to share during the conversation (which you can interrupt at any time), and the logic is set up to prevent the acquisition of sensitive or unnecessary data.

The AI Agent does not make decisions that affect you, does not perform profiling and does not determine legal effects of any kind. It simply provides preliminary guidance, for example by helping you identify the most suitable product or explaining certain features of the cover.

The legal basis for the processing is the pre-contractual measures requested by you or the legitimate interest of the Joint Controllers in improving the browsing experience. Only if you decide to voluntarily provide further information will the processing be based on the consent implied in your submission.

The data processed by the AI Agent is stored for the time strictly necessary to manage the session and is not reused for other purposes.

Any technology provider that supplies the AI platform may process the data as a Data Processor, according to the instructions of the Joint Controllers.

5. DATA RETENTION PERIODS

Data is retained only for the time required for the purposes for which it is collected. In general:

• • (i) data necessary for the management of insurance relationships is retained for the duration of the contract and for the subsequent legal terms;
  • (ii) requests for assistance are retained for a limited period, functional to the management of communication and system security;
  • (iii) data processed for marketing purposes is retained for a maximum period of 12 months;
  • (iv) data collected through the AI Agent is retained only for the duration of the conversation.

6. TO WHOM THE DATA IS COMMUNICATED

In order to provide our services correctly, it may be necessary to share some data with external parties who support us, such as partner insurance companies, companies that manage IT systems, cloud providers, authorised consultants, supervisory bodies or public authorities when required by law.

Each external party that processes data on our behalf is appointed as a Data Processor and operates on the basis of documented instructions.

Your data will not be disclosed or sold and will not be communicated for purposes other than those indicated.

7. DATA TRANSFERS TO NON-EU COUNTRIES

Some technology providers may involve the localisation of data in countries outside the European Economic Area.

In such cases, the transfer only takes place if adequate safeguards are in place, including adequacy decisions by the European Commission, Standard Contractual Clauses or other measures provided for in Articles 46 and 49 of the GDPR.

8. YOUR RIGHTS

The law recognises several rights that you can exercise at any time: access your data, request its correction or deletion, limit its use, object to certain types of processing (in particular those based on legitimate interest or marketing), or obtain a copy of the data in a portable format.

You also have the right to withdraw your consent at any time, without prejudice to the lawfulness of the processing already carried out.

Finally, you can always lodge a complaint with the Data Protection Authority if you believe that there has been a breach of the rules on personal data protection.

9. HOW TO EXERCISE YOUR RIGHTS OR CONTACT US

For any requests or clarifications, please contact our DPO at: dpo@yolo-group.com

We will respond as quickly as possible and provide you with all the necessary information.

Updated version 10/12/2025

YOLO S.r.l.

Via Della Moscova, 12 – 20121 Milano (MI)
Email: dpo@yolo-group.com
Phone: +39 0284070731
Website:
www.yolo-insurance.com