CONTROLLER AND DATA PROTECTION OFFICER

The Controller is UniCredit S.p.A. with registered office at Piazza Gae Aulenti n. 3, Tower A, 20154 Milan (the Bank or UniCredit).

The Data Protection Officer may be contacted at UniCredit S.p.A., Data Protection Office, Piazza Gae Aulenti n. 1, Tower B, 20154 Milan, e-mail: Group.DPO@unicredit.eu, certified e-mail: Group.DPO@pec.unicredit.eu.

 

THE COOKIES USED BY THIS SITE

Cookies are short strings of text sent to the browser of the user's device (PC, Notebook, Smartphone, Tablet, etc.) when they visit a website. They are stored there and then sent back to the same website the next time the user visits.

UniCredit S.p.A. informs you that this website uses the types of cookies described below, also combined, which are classified based on rulings and indications of the Data Protection Authority, the European Data Protection Board (EDPB), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and Legislative Decree no. 101 of 10 August 2018.

 

PERSISTENT COOKIES

These are cookies that are saved on your device and are not deleted automatically when you close your browser session. For some of these cookies, a random unique identifier is generated, which enables web analytics procedures to identify a user that returns to a UniCredit website.

 

FIRST-PARTY COOKIES

These are cookies created by UniCredit's website and only this website can read and process them.

 

TECHNICAL COOKIES

These are cookies which are essential in order to be able to:
•        browse and use the website (for example "browsing or session cookies"); without these cookies, some operations could not be possible or would be less secure.
•        browse according to a series of selected criteria (for example, language, "functionality cookies") and thus improve the service provided and optimise the site. These cookies are collected on an aggregate and anonymous basis.

These technical cookies are installed directly by UniCredit and, as they are not used for purposes other than those strictly necessary to send a communication via an electronic communication network or to provide a service specifically requested by the user, they can be saved in the device without requesting the prior consent of the user accessing UniCredit's website.

 

ANALYTICS COOKIES

These are cookies used to gather information, on an aggregate and strictly anonymous basis, for internal research on the number of users and how they visit the site. The purpose of these cookies is solely to improve the service provided by UniCredit to all users and to optimise and improve the site.

For analytics cookies, UniCredit uses a mechanism to encrypt the entire IP address (the address assigned to the user's device which is necessary to browse the Internet), and additional personal data, in order to derecognise the user and  prevent a user being identified on the sole basis of their IP address.

These types of cookies can be saved in the device without requesting the prior consent of the user accessing UniCredit's website..

 

PROFILING COOKIES

These are cookies used to send advertising messages in line with user preferences. These cookies are saved in the user's device directly by the Controller, UniCredit S.p.A., or by other entities ("Third Parties").

Consent from the user accessing the website is necessary to save these cookies in the device.

The user can opt not to accept all profiling cookies being saved, via the banner displayed when they first visit the website, or the buttons at the end of this policy, which is also available via the specific links on UniCredit's website.

 

FIRST-PARTY PROFILING COOKIES : CONTROLLER - UNICREDIT S.p.A.

These are cookies used to send advertising messages in line with user preferences, and according to the purposes indicated. These cookies are installed directly by the Controller The user can opt to not accept these profiling cookies being saved, via the banner displayed when they first visit the website, or via the functions indicated in this policy, which is also available via the specific links on UniCredit's website.

All profiling cookies installed directly by the Controller UniCredit S.p.A. have a maximum validity of 6 (six) months.

 

THIRD-PARTY PROFILING COOKIES: CONTROLLERS - COMPANIES INDICATED

Cookies managed by third-party companies  other than UniCredit S.p.A., that act in a capacity as autonomous (data) controllers are also installed via this website.

The user can opt to not accept these profiling cookies being saved, via the banner displayed when they first visit the website, or via the functions indicated in this policy, which is also available via the specific links on UniCredit's website.

The links indicated below are to the web page of each third-party company, where users can view the policy and information about processing, provided by the company, and where they can give or not give their consent.

Cookie Name Holder Purpose Duration Info Link
UP  UniCredit  Utilizzato nella Data Management Platform per distinguere gli utenti 30 days  
UE UniCredit  Utilizzato nella Data Management Platform per distinguere gli utenti 180 days  
UT  UniCredit  Contiene informazioni sugli annunci pubblicitari visualizzati dagli utenti della Data Management Platform 30 days  
__UCGdfsn UniCredit  Utilizzato nella Data Management Platform per definire la sessione di navigazione 30 minutes  
__UCGdfm  UniCredit  Utilizzato nella Data Management Platform per ottimizzare il numero di chiamate ai server  7 days  
UO  UniCredit  Salva la preferenza di Opt-Out dal tracking dell'utente nella Data Management Platform 60 days  
UUID2 (.adnxs.com) Xandr Utilizzato per identificare in modo univoco il browser o il dispositivo dell'utente tramite un ID  90 days https://www.xandr.com/privacy/cookie-policy/ 
ANJ (.adnxs.com) Xandr  Utilizzato per la sincronizzazione degli ID con i partner.  90 days https://www.xandr.com/privacy/cookie-policy/ 

MANAGING AND DELETING COOKIES BY CONFIGURING THE BROWSER USED

UniCredit S.p.A. informs you that, in addition to the above, website users can express or modify their cookie choices and options via the additional settings of their device browser.

The user can delete or disable any cookie directly,  at any time, via the settings and functions of the browser used in their PC, Notebook, Smartphone or Tablet.

The options selected via browser settings  will only work from the first time the user connects to UniCredit's website after having changed these settings, for choices made directly on this website.

For further details, see the information and operating procedures for settings, provided by the supplier of the user's browser.

 

PURPOSE, LEGAL BASIS FOR PROCESSING AND CATEGORY OF PROCESSED DATA

UniCredit S.p.A. will only process personal data gathered from the use of first-party profiling cookies for the following purpose:

The promotion and sale of "dedicated" products and services of the Bank, of UniCredit Group Companies or third-party companies specifically identified through processing and analysis, also using automated techniques or systems, of information relative to preferences, habits, consumer choices, aimed at dividing data subjects into groups that are uniform based on behaviour or specific characteristics.

For UniCredit customers only, that access the Bank's internet banking service using their authentication credentials, the data and information gathered from first-party profiling cookies may be connected with the data and information the bank already has, but only based on consent already provided by customers.

The legal basis allowing for this processing is consent, that the user accessing UnitCredit's website in a capacity as a data subject is free to give or not give and if given, can withdraw at any time.

Providing data necessary for these purposes is not mandatory, and not giving these data will not have any negative effect for the user, nor prevent them from browsing UniCredit's website, apart from them not being able to receive dedicated commercial information.

 

WITHDRAWING OR CHANGING CONSENT TO THE INSTALLATION OF COOKIES

UniCredit S.p.A. informs users that access the website that they can change their options about storing cookies, at any time, by accessing the  "Cookies Policy" on the website.

 

RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA

The natural and legal persons on the list which may be consulted at Bank premises open to the public and on the website may become aware of the user's personal data, in their capacity as Processors, as well as the persons authorised to process personal data, in relation to the data necessary to carry out the tasks assigned to them, belonging to the following categories: employees of the Bank or seconded to the Bank, temporary workers, persons on work placements, consultants and employees of external companies appointed as the Processors.

Data may be communicated to:

a) entities to whom such communication must be made to in order to comply with an obligation of law, regulations or EU law. Further information can be found in the notice for customers published in the "Privacy" section of the www.unicreditgroup.eu website;

ii) financial intermediaries of the UniCredit Group, based on anti-money laundering regulations (see Article 39, paragraph 3 of Legislative Decree no. 90/2017), which provide for the possibility for personal data relative to suspicious activity reporting to be communicated among financial intermediaries of the UniCredit Group;

iii) companies belonging to the UniCredit Group, and namely subsidiaries or affiliates pursuant to Article 2359 of the Italian Civil Code (also located abroad), to whom such communication is permitted as a result of Italian Privacy regulations or a legal requirement.

The detailed list of subjects to whom the data may be communicated can be consulted in the "Privacy" section of the www.unicreditgroup.eu website.

 

TRANSFER OF DATA TO THIRD COUNTRIES

UniCredit informs you that Personal Data may be transferred to countries outside the EU or European Economic Area (Third Countries), only if recognised by the European Commission as having an adequate level of protection and if the exercise of the rights of data subjects is ensured at all times. Further information can be requested by writing to Group.DPO@unicredit.eu.

 

RIGHTS OF DATA SUBJECTS

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), gives natural persons, individual companies and/or the self employed ("Data subjects") specific rights, including the right to have their personal data held by the Bank recognised and how said data are used (Right of access), the right to have their data updatedrectified or, if there is an interest, supplemented, as well as have their data erasedanonymised  or restricted.

Data subjects may, at any time, withdraw consent, if given, to cookies being saved on their device, and to the processing of personal data resulting from the use of the cookies, according to the terms indicated above, or accessing the "Cookies policy" on the website.

UniCredit informs you that withdrawing consent will only have an effect in the future.

 

DATA STORAGE PERIOD AND RIGHT TO ERASURE ("RIGHT TO BE FORGOTTEN")

UniCredit will process personal data gathered with the first-party profiling cookies indicated in this policy, for a maximum period of 6 months.

Some data referred to session cookies will instead be kept  only for the duration of the session.

At the end of this storage period, , the personal data of data subjects will be erased or kept in a manner that does not allow for the identification of the  data subject (e.g. irreversible anonymisation), unless further processing is necessary for one of the following reasons: i) to settle pre-litigation and/or litigation started before the end of the storage period; ii) to continue investigations/inspections of internal control functions and/or external authorities started before the end of the storage period; iii) to follow up requests from Italian and/or foreign public authorities received by/notified to the Bank before the end of the storage period.

If a user connects to UniCredit's website after the maximum time that cookies can be stored, the banner requesting consent will be displayed again.

 

HOW TO EXERCISE YOUR RIGHTS

You can exercise your rights as a data subject, indicated in the previous paragraph, by contacting:

UniCredit S.p.A.Claims, Via Del Lavoro n. 42, 40127 Bologna, tel. +39 051.6407285, fax +39 051.6407229, e-mail address: diritti.privacy@unicredit.eu.

The deadline for replying is one (1) month, extendible to two (2) months in cases of particular complexity; in these cases, the Bank will provide at least initial communication within one (1) month.

The exercise of rights is, in principle, free; the Bank reserves the right to ask for a contribution in case of requests that are evidently without grounds or excessive (also recurrent).

The Bank may request information necessary to identify the requesting party.

 

COMPLAINTS OR REPORTS TO THE ITALIAN DATA PROTECTION AUTHORITY

The Bank informs you that you may file complaints or report to the Data Protection Authority or alternatively file a complaint with the Judicial Authorities. The contacts of the Data Protection Authority are available from http://www.garanteprivacy.it.

Having read this Cookies Policy, please express your preference, giving or not giving your consent to profiling cookies being saved on your device.

For this purpose, you can accept or not accept  all profiling cookies from the buttons below or consent or not consent  to each single type of profiling cookie being installed, from the next buttons.