- Recommendation 2/2001 of the Art. 29 Group, related to the minimum requirements for the collection of online data in the EU;
- Directive 2009/136/EC, amending Directive 2002/58/EC (so-called e-Privacy Directive), related to the processing of personal data and protection of private life in the electronic communications sector;
The Data Controllers is Banca Ifis S.p.A., with registered office in Via Terraglio 63, 30174, Venice.
The Data Controllers have appointed a Data Protection Officer, who can be contacted by email at: firstname.lastname@example.org.
Type of personal data processed and processing purpose
1) Data provided voluntarily by users
The user may voluntarily provide the Controller with its personal data, with specific reference to personal information, e-mail address and other contact data, in the following circumstances:
- sending communications by e-mail to the addresses provided in this website;
The personal data provided are collected, processed and stored by the process Controller for the following purposes:
- to respond to communications received;
- to respond to the requests for assistance (including reports on any disservice);
The personal data supplied are processed by the Controller solely for the time needed to achieve the purpose they were collected for. Once that purpose has been achieved, the personal data are deleted or made irreversibly anonymous.
2) Navigation data
During their normal operations and solely for the connection duration, the information systems operating this website acquire some personal data transmitted implicitly on using internet communication protocols. This information is not collected to be associated with identified data subjects but, for its very nature, could enable user identification through processing and association with data held by third parties. This data category includes: IP addresses or the names of computers used by users to connect to this website; URI (Uniform Resource Identifier) addresses of the resources requested, the time requests are made, the method used to submit requests to the server, the size of the file obtained in response, the numerical code indicating the status of the answer given by the server (successful, error, etc.), the characteristics of the browser used for navigation purposes, the size of the window in which the browser is performed in the device used, and other parameters related to the user’s operating system and computer environment. These data are only to collect anonymous statistics on how this website is used and to check it operates correctly, and are deleted straight after processing. The data could be used to ascertain responsibilities in any hypothetical computer crimes damaging the website. In that occurrence too, the contact data do not last longer than seven days.
Cookies are small strings of text that the website sends and memorises in the user’s device; to then be used by the website itself at the user’s next visit. During navigation, the user’s device may also receive cookies sent by different websites or web servers (belonging to so-called “third parties”), on which there could be elements (for example, images, maps, sounds, specific links to the pages of other domains) present on the website visited. Cookies are used for different purposes such as performing IT authentication, monitoring sessions, memorising information on specific configurations concerning users accessing the server.
Cookies can be technical or profiling.
- Technical cookies: technical cookies can be divided into session cookies (guaranteeing normal website navigation and use) and permanent cookies (cookie analytics, used to collect information in an aggregated form, on the number of users and on how they visit the website; functionality cookies enabling the user to navigate based on selected criteria, for example, language etc.). Prior user consent is not needed to install those cookies. Technical cookies are installed in the user’s device in order to identify the user when it logs in to websites, to analyse navigation in order to continuously optimise it and to conduct analysis to improve website aspect, functionalities and security. This website uses technical cookies enabling personalised navigation, based on criteria entered in the website by the user.
- Profiling cookies: profiling cookies create user profiles and are used to send advertising messages in line with preferences shown by the user itself when navigating online. By law, the user has to have expressed valid consent before those cookies can be installed. Profiling cookies can be used for remarketing / retargeting activities in order to present users with advertising for the products and services they have already seen on third party websites (e.g. social network like facebook, etc.). This website might also use tag pixels / web beacons, that is images incorporated in the website to measure and analyse its use. Lastly, it could also use third party multimedia widgets / plug-ins to enable sharing website contents on social networks. Those interactive programs collect the IP addresses of users, the website page visited and configure cookies to enable the widgets / plug-ins to function correctly. The operations that users can do through those widgets / plug-ins are regulated by the privacy policies of the third parties (e.g. social networks like facebook) providing them.
The user can avoid the Controller using cookies by setting its navigation browser settings. However, users who choose to eliminate the technical cookies from their devices, or to stop their storage, might not have access to all website functionalities. Even if the user disables all cookies, the user’s browser will still memorise a small amount of information needed for basic website functionalities.
Here below please find a list of the cookies used on our website, both proprietary and of third parties:
|Owner of the cookie (proprietary / of third party)||Type of cookie (technical / profiling)||Name of cookie||Storage times||Description of the cookie function||Full information (if of third party)|
|–||Technical cookie||cc_nplmeeting_cookies||1 year||These cookies allow the loading of site monitoring scripts, in order to improve their management.||–|
|Google Universal Analytics||Technical cookie||_ga||2 years||This cookie is used to identify individual users by assigning a number generated randomly as a client id. It is included in every website and is used to calculate the number of visitors and data used to produce analysis reports||https://policies.google.com/privacy|
|Technical cookie||_gat||1 minute||A cookie used to limit the request speed, limiting the gathering of data on websites subject to intense traffic|
|Technical cookie||_gid||24 hours||This cookie is used to identify individual users by assigning a number generated randomly as a client id|
If you want to change the use settings of all cookies you need to consult the instructions below based on the browser used:
|Microsoft Internet Explorer||https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies|
How personal data are processed
Personal data collected by the website are processed automatically for the time strictly needed to achieve collection purposes. Where needed, processing performed by the Controller on data collected from the website could be based on automated decision-making processes that produce legal effects or have a similar significant effect on the data subject such as, for example, processing performed using profiling cookies. Suitable technical and organisational security measures are complied with to prevent damage, whether material or immaterial (e.g. loss of control of the personal data or limiting rights, discrimination, theft or usurping identity, financial losses, unauthorised decryption of pseudonymisation, prejudice to reputation, loss of the confidentiality of personal data protected by professional secret or any other significant economic or social damage).
Categories of subjects that personal data may be communicated to or who can gain knowledge of them
To pursue the purposes described or when it is indispensable or required by law or by authorities with the power to impose it, the Controller reserves the right to communicate data to recipients belonging to the following categories:
- subjects providing banking, financial and insurance services;
- supervision and control Authorities and Bodies and, in general, public or private subjects with important public enforcement functions (e.g.: FIU, Bank of Italy, Revenue Office, Central Interbank Alarm Register, Central Risk Register of the Bank of Italy, Judicial Authorities, in any case solely within limits set forth in the assumptions established by laws applicable);
- other companies of the Group the Controller belongs to, or in any case parent companies, subsidiaries or associated companies pursuant to art. 2359 Italian civil code (also located abroad);
- subjects performing data acquisition and processing services;
- subjects providing services to manage the IT system of the Controller and the telecommunications networks (including mailing services);
- subjects providing document filing and data-entry activities;
- subjects providing assistance services to the data subject;
- professional firms or companies as part of assistance and advisory relations;
- subjects performing market surveys to measure the customer satisfaction level on the quality of services and activities provided by the Controller;
- subjects performing controls, audits and certification of activities implemented by the Controller.
Subjects belonging to the categories indicated above operate autonomously as separate process controllers, or as processors appointed specifically for the service; the list, updated continuously, is published on the website www.bancaifis.it.
The personal data may be known, related to tasks performed, by Controller employees, including internees, temporary workers, consultants, the employees of external companies, all specifically authorised, instructed and appointed as processors.
Lastly, no data coming from the web services are circulated.
Transfer of data to Non-EU Countries/organisations
When needed to perform the purposes mentioned, the data of the data subject could be transferred abroad, to non-EU Countries/organisations that guarantee a personal data protection level deemed suitable by the European Commission with a decision; or, in any case, based on other suitable guarantees, for example the Standard Contractual Clauses adopted by the European Commission. A copy of any data transferred abroad and the list of the non-EU Countries/organisations to which the data has been transferred can be obtained from the Controller by submitting a specific request by ordinary mail sent to the registered office of the Controller or by e-mail sent to email@example.com.
Rights of the data subject
Pursuant to articles from 15 to 22, the Regulation attributes specific rights to the data subject. More specifically, the data subject can obtain: a) confirmation of whether its personal data is being processed or not and, in that case, access to that data; b) rectification of incorrect personal data and integration of any incomplete data; c) erasure of its personal data in cases where it is permitted by the Regulation; d) restriction to processing, for hypotheses set forth in the Regulation; e) communication, to recipients that the personal data were transmitted to, of the requests to rectify/erase the personal data and restrict processing received from the data subject, except when that should prove impossible or imply a disproportionate effort; f) reception, in a structured, commonly-used format readable by an automatic device, of the personal data provided to the Controller and their transmission to another controller, at any time, even if relations possibly held with the Controller should cease. The data subject also has the right to object at any time to its personal data being processed. In those cases, the Controller is obliged to abstain from any further processing, with no prejudice to reasons permitted by the Regulation. The data subject also has the right not to be subjected to a decision based solely on automated processing, including profiling, that causes legal effects concerning him/her and significantly affecting his/her person; unless that decision: a) is needed to finalise or execute a contract between the data subject and the Controller; b) is authorised by Union law or that of the member State the Processor is subject to; c) is based on the specific data subject consent. For the aforementioned letters a) and c), the data subject has the right to obtain human intervention from the Controller, to express its opinion and dispute the decision. Requests may be submitted by ordinary mail sent to the registered office of the Processor or by email sent to firstname.lastname@example.org. The data subject also has the right to submit a complaint to the data protection Authority pursuant to art. 77 of Regulation (EU) 2016/679, and to take legal action pursuant to arts. 78 and 79 of the Regulation itself.