CONTROLLER AND DATA PROTECTION OFFICER
The Data Controller is UniCredit S.p.A, with registered office at Piazza Gae Aulenti n. 3, Tower A, 20154 Milan (the "Data Controller").
The Data Protection Officer may be contacted at UniCredit S.p.A., Data Protection Office, Piazza Gae Aulenti n. 1, Tower B, 20154 Milan, e-mail: Group.DPO@unicredit.eu, certified e-mail: Group.DPO@pec.unicredit.eu.
THE COOKIES USED BY THIS SITE
Cookies are short strings of text sent to the browser of the user's device (PC, Notebook, Smartphone, Tablet, etc.) when they visit a website. They are stored there and then sent back to the same website the next time the user visits.
The Data Controller informs you that this Site uses the types of cookies described below, also combined, which are classified based on rulings and indications of the competent authorities, including the Italian Data Protection Authority ("IDPA") and the European Data Protection Board (EDPB).
These are cookies which are essential in order to send a communication via an electronic communication network or to provide a service specifically requested by the user, such as, for example, home banking activities (displaying account statements, bank transfers, paying bills, etc.), for which these cookies allow the user to be identified during the session. Without the use of such cookies, navigation on the Site and certain operations requested by the user could not be carried out or would be less secure.
Considering the purposes for which technical cookies are used, their storage in the user's device does not require the user's prior consent.
These are cookies used to collect information, on an aggregate and strictly anonymous basis, for internal research on the number of users and how they visit the Site.
For analytics cookies, the Data Controller uses a mechanism to irreversibly encrypt the IP address (the address assigned to the user's device which is necessary to browse the Internet), and additional data, in order to derecognise the user. In particular, the IP address of each user is replaced with an alphanumeric code that has no connection with the IP address and with other user-relevant information, and whose sole purpose is to distinguish one user from another.
The purpose of these cookies is solely to improve the service provided by the Data Controller to all users and to improve the Site.
These are cookies used to send advertising messages in line with user preferences. These cookies are saved in the user's device directly by the Data Controller or by other entities ("Third Parties").
Consent from the user accessing the Site is necessary to save these cookies in the device.
The user is free, at any time, to manage his or her preferences in relation to profiling cookies by accessing the link "Make your choices", also available on each page of the Site.
PROFILING COOKIES INSTALLED BY THE DATA CONTROLLER - UNICREDIT S.p.A. (OR FIRST-PARTY PROFILING COOKIES)
These profiling cookies are installed directly by the Data Controller; all first-party profiling cookies have a maximum validity of 6 (six) months.
PROFILING COOKIES INSTALLED BY THIRD PARTIES: THE THIRD PARTIES ACT AS DATA CONTROLLERS
This Site also installs cookies managed by Third Parties, who act as data controllers.
By clicking on "Make your choices", the user will be able to access the cookie policies of the Third Parties who install profiling cookies through this Site and, therefore, manage such cookies in granular form.
UNICREDIT PROFILING COOKIES INSTALLED THROUGH THIRD PARTY SITES: UNICREDIT HOLDER
These are the profiling cookies installed by UniCredit through a Third Party Site. These cookies are used so that the user can receive, while browsing the Third Site, advertising messages in line with the preferences expressed in the context of online browsing.
- The user is free to accept the installation of these cookies or to change the choices previously expressed on the Third Party Sites also by accessing the following link: https://js.ucg.datafront.co/oba/index.html.
A maximum deadline of 6 (six) months is established for all profiling cookies installed by UniCredit through a Third Party Site.
MANAGEMENT AND DELETION OF COOKIES THROUGH THE CONFIGURATION OF THE BROWSER USED
The Data Controller informs that the user can express or modify his/her preferences on cookies also through the settings of the browser used in his/her device.
Please note that the preferences expressed through the browser will take effect only from the first connection of the user after the change of his/her preferences.
Please refer to the information and operating procedures to be performed to configure the settings, as provided by the provider of the browser used by the user:
Firefox: click here
Internet Explorer: click here
Safari: click here
Chrome: click here
Opera: click here
PURPOSE, LEGAL BASIS FOR PROCESSING ANS CATEGORY OF PROCESSED DATA
Subject to the user's free and informed consent, the Data Controller will process the information collected through first-party profiling cookies for the following purposes:
- for users who are clients or non-clients of the Data Controller, the promotion and sale of "dedicated" products and services of the Data Controller, of UniCredit Group companies or of third-party companies, specifically identified through the elaboration and analysis, also through the use of automated techniques or systems, of information relating to preferences, habits, consumption choices, aimed at subdividing users into homogeneous groups for specific behaviors or characteristics. These purposes will be pursued exclusively through the navigation data collected through the aforementioned cookies and not through the crossing or enrichment of such information with different data already available to the Data Controller;
The legal basis allowing for this processing is consent, that the user accessing Site is free to give or not give and if given, can withdraw at any time.
Providing data necessary for these purposes is not mandatory, and not giving these data will not have any negative effect for the user, nor prevent them from browsing the Site, apart from them not being able to receive dedicated commercial information.
WITHDRAWING OR CHANGING CONSENT TO THE INSTALLATION OF COOKIES
The Data Controller informs the user of the Site that he/she can change his/her options about storing cookies, at any time, by accessing the area of the Site "Make your choices".
RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Data may be communicated to:
i) entities to whom such communication must be made to in order to comply with an obligation of law, regulations or EU law;
ii) third parties, suppliers of products and/or services, whether or not belonging to the UniCredit Group.
These recipients, depending on the cases, process personal data as autonomous data controllers or as data processors. The categories of autonomous data controllers and the list of data processors to whom the data may be communicated can be consulted by accessing Privacy
Your data may also be disclosed to persons authorized to process personal data, in relation to the data necessary to perform the tasks assigned to them, natural persons belonging to the following categories: workers employed by the Data Controller or seconded to it, temporary workers, interns, consultants and employees of external companies appointed as data processors.
TRANSFER OF DATA TO THIRD COUNTRIES
The Data Controller informs that the personal data collected may be transferred to countries outside the European Economic Area (c.d. Third Countries), only if recognised by the European Commission as having an adequate level of protection and, in any cases, in compliance with the applicable law and ensuring the exercise of the data subjects' rights. Further information can be requested by writing to Group.DPO@unicredit.eu
RIGHTS OF DATA SUBJECTS
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the "GDPR"), gives natural persons, individual companies and/or the self- employed specific rights, including the right to have their personal data held by the Data Controller recognized and how said data are used (right of access), the right to have their data updated, rectified or, if there is an interest, supplemented, as well as have their data erased, anonymised or to obtain the restriction of the processing.
Data subjects may, at any time, withdraw consent, if given, to cookies being saved on their device, and to the processing of personal data resulting from the use of the cookies, according to the terms indicated above.
The Data Controller points out that the withdrawal of consent will only take effect for the processing that follows it.
DATA STORAGE PERIOD AND RIGHT TO ERASURE ("RIGHT TO BE FORGOTTEN")
The Data Controller will process the information collected for the period strictly necessary to pursue the predetermined purposes; the data collected through first-party profiling cookies will be processed for a maximum period of 6 months.
At the end of this storage period, the information collected will be erased or kept in a manner that does not allow for the identification of the user (e.g. irreversible anonymisation), unless further processing is necessary for one of the following reasons: i) to settle pre-litigation and/or litigation started before the end of the storage period; ii) to continue investigations/inspections of internal control functions and/or external authorities started before the end of the storage period; iii) to follow up requests from Italian and/or foreign public authorities received by/notified to the Data Controller before the end of the storage period.
HOW TO EXERCISE YOUR RIGHTS
You can exercise your rights as a data subject, indicated in the previous paragraph, by contacting:
UniCredit S.p.A., Claims, Via Del Lavoro n. 42, 40127 Bologna, tel. +39 051.6407285, fax +39 051.6407229, indirizzo e-mail: firstname.lastname@example.org.
The deadline for replying is one (1) month, extendible to two (2) months in cases of particular complexity; in these cases, the Data Controller will provide at least initial communication within one (1) month.
The exercise of rights is, in principle, free; the Data Controller reserves the right to ask for a contribution in case of requests that are evidently without grounds or excessive (also recurrent).
The Data Controller may request information necessary to identify the requesting party.
COMPLAINTS OR REPORTS TO THE ITALIAN DATA PROTECTION AUTHORITY
The Data Controller informs the user that he/she may file complaints or report to the the IDPA or alternatively file a complaint with the Judicial Authorities. The contacts of the IDPA are available from http://www.garanteprivacy.it