This page describes the methods of management of the Website of UniCredit S.p.A., with reference to the processing of the personal data of users who consult it. This is a disclosure made also under the terms of Art. 13 of Legislative Decree 196 of 30 June 2003 (henceforth the Privacy Code) to those who interact with the web services of UniCredit S.p.A., accessible by electronic means via the addresses:

http://www.unicredit.eu

http://www.unicredit.it

 

corresponding to the homepages of the UniCredit S.p.A. websites. The disclosure is made only for the UniCredit S.p.A. websites and not also for any other websites consulted by the user through links.

The disclosure is based also on Recommendation No 2/2001 which the European Personal Data Protection Authority, meeting as the Working Party established by Art. 29 of Directive 95/46/EC, adopted on 17 May 2001 to identify certain minimum requirements for the on-line gathering of personal data and, in particular, the methods, times and nature of the information that Data Controllers must provide to users when they visit web pages, irrespective of the purposes of the visit.

The "Data Controller"

Following consultation of this website, data on identified or identifiable persons may be processed. The "data controller" is UniCredit S.p.A., whose Registered Office is in Rome at Via Alessandro Specchi n. 16 and whose Operational Headquarters is in Milan, Piazza Gae Aulenti, 3, Tower A - 20154 Milan.

In case of data processing running, within the various sections of the website will be pointed out the relevant Data Processors.

Place of data processing

The processing of data connected with the web services of this site takes place at the above Headquarters and also at the office in Via Livio Cambi, 1, in Milan and is performed only by the personnel of UniCredit S.p.A., in charge of the processing, or by employees of UniCredit Business Integrated Solutions S.C.p.A., the "Data Processor" designated by the controller UniCredit S.p.A..

No personal data deriving from the web service is disseminated.

The personal data provided by users are used for the sole purpose of performing the service or task requested and are communicated to third parties only when necessary for this purpose.

Types of data processed

Navigation data

During their normal operation, the information systems and software procedures used for the functions of this website acquire certain personal data the transmission of which is implicit in the use of the Internet, which is based on the TCP/IP protocol.

This is information which is not gathered to be associated with identified data subjects, but which by its very nature could, through processing and association with data held by others, enable the users to be identified.

This category of data includes the "IP addresses" or domain names of the computers used by users who visit the website, the addresses in URI (Uniform Resource Identifier) format of the resources requested, the time of the request, the method used in submitting the request to the web server, the dimensions of the file obtained in response, the numerical code indicating the state of the response given by the web server (success, error, etc...) and other parameters relating to the user's operating system and IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check the correct operation of the UniCredit S.p.A. website.

It should be noted that the above data could be used to ascertain responsibility in the case of computer crime which harms the UniCredit S.p.A. website or the structures of the data processor UniCredit Business Integrated Solution S.C.p.A., or other websites connected or linked to it: except in this case, the data on the web contacts are not kept for more than a few days

Data provided voluntarily by the user

Requests to send e-mail to the addresses indicated in the relevant section of the UniCredit S.p.A. website entail the subsequent acquisition of certain personal data of the applicant, including the applicant's e-mail address, necessary to respond to the requests.

Specific summary disclosures will be progressively contained or displayed on the pages of the website prepared for these particular services on request.

Cookies

A cookie is a small "data file" that some websites, while they are being visited, may send to the address of the user who is visiting them in order to trace his or her route within the site and gather data in an exclusively anonymous form to improve the services and user-friendliness of the website itself. For these reasons, during navigation of its site, the UniCredit web server may also exchange cookies with the users' computers. All users may in any case, if they so choose, set their browsers in such a way as to receive a warning of the presence of a cookie and decide whether to accept it or refuse it. It is also possible to refuse the reception of cookies automatically activating the specific option in the browser: failure to use cookies, however, could entail difficulties in interaction with the Bank's website.

 

Data provided through use of the Call Center

The systems and procedures arranged for operation of the Bank's Call Center acquire certain data in relation to customers' calls. This category includes the caller's remote number (if not hidden), the navigation data in the IVR call flow (that is the actions/key pad inputs that the customer performs to gain access to the various services), duration of the call, and, only in the cases expressly envisaged and after notifying the caller, audio recording of the call.

The above data are processed in order to obtain anonymous statistical information on the use of the Call Center, to check that it is operating correctly and to ensure its security, as well as for the aware of responsibility in the event of any crimes that damage the Bank or its customers.

Optionality of conferment of personal data

 

Apart from the details provided for navigation data, users are free to provide their personal data included in the specific electronic request forms, in the sections of the website prepared for the particular services on request.

It should be noted, however, that failure to provide such information may make it impossible to fulfil the request.

Processing method and security measures

 

The personal data are processed with automated and non-automated instruments, only for the time strictly necessary to achieve the purposes for which they have been gathered. Specific security measures are observed to prevent loss of data, illegal or incorrect uses and unauthorized access.

In particular, in the sections of the website prepared for particular services, where personal data are requested from users navigating the site, the data are encrypted by means of a security technology entitled Secure Sockets Layer, abbreviated as SSL. The SSL technology codifies the information before it is exchanged via the Internet between the user's computer and the UniCredit S.p.A. central systems, making it incomprehensible to unauthorized persons and thus guaranteeing the confidentiality of the information transmitted.

The use of SSL requires however a compatible browser capable of "swapping" a security key with a minimum length of 128 bits, necessary to establish the said secure connection with the UniCredit S.p.A. central systems.

Rights of data subjects

 

Subjects to whom any personal data gathered in the said specific sections refer, have the right at any time to obtain confirmation of the existence or otherwise of the said data and to know their content and origin, check their exactness or request additions or updates, or rectification under the terms of Art. 7 of the Privacy Code.

The data subject has the right to request the cancellation, transformation into an anonymous form, or to object to their processing, in any case, for legitimate reasons.

Any such requests must be sent to:

UniCredit S.p.A.

Claims

Via Del Lavoro, 42

40127 Bologna

Tel.: +39 051.6407285

Fax: +39 051.6407229

E-mail: Privacyart7@unicredit.eu

Minors

UniCredit S.p.A. does not knowingly use its website to request data from persons of less than 18 years of age.

Versions of the privacy policy

Considering that the stage of development of the automatic control mechanisms does not currently make them exempt from errors and malfunctioning, it should be noted that the present document constitutes the "Privacy Policy" of the UniCredit S.p.A. website and will be subject to updates (in any case the various versions of the same will be made available).