Cookies policy

The information contained in this cookie policy (the "Cookie Policy") is provided by the Controller (as defined below) as an integration of the information notice on the processing of personal data always available on this website (the "Site") and accessible by clicking here 

 

DATA CONTROLLER AND DATA PROTECTION OFFICER

The Data Controller is UniCredit SpA with registered office in Piazza Gae Aulenti, 3, Tower A - 20154 Milano (hereinafter, also the "Data Controller").

The Data Protection Officer may be contacted at UniCredit S.p.A., Data Protection Office, Piazza Gae Aulenti n. 1, Tower B, 20154 Milan, E-mail: Group.DPO@unicredit.eu, PEC: Group.DPO@pec.unicredit.eu.


COOKIES USED BY THIS SITE

Cookies are small text strings that websites visited by the user send to the browser of his device (PC, Notebook, Smartphone, Tablet, etc..), where they are stored and then transmitted to the same sites the next time the same user visits.

The Controller informs that this Site uses the types of cookies described below and classified on the basis of measures and indications of the competent authorities, including the Authority for the Protection of Personal Data (the "Authority") and the European Data Protection Board (EDPB).

 

TECHNICAL COOKIES

These are the cookies that are indispensable to allow the transmission of a communication on the electronic communication network and the fruition of the services requested by the user, such as for example home banking activities (visualization of the account statement, bank transfers, payment of bills, etc.), for which these cookies allow the identification of the user during the session. Without the use of such cookies, navigation on the Site and certain operations requested by the user could not be carried out or would be less secure.

In light of the purposes for which technical cookies are used, their storage in the device does not require the user's prior consent.

 

MANAGEMENT AND DELETION OF COOKIES THROUGH THE CONFIGURATION OF THE BROWSER USED

The Controller informs that the user of the Site can express or modify his/her preferences on cookies through the settings of the browser used in his/her device.

It should be noted that, with regard to the Site, the preferences expressed through the browser will take effect only from the first connection of the user after the change of these preferences.

Please refer to the information and operating procedures to be performed to configure the settings, as provided by the provider of the browser used by the user:

Firefox: https://support.mozilla.org/it/kb/protezione-antitracciamento-avanzata-firefox-desktop?redirectslug=Attivare+e+disattivare+i+cookie&redirectlocale=it;

Internet Explorer: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d#ie=ie-11;

Safari: https://support.apple.com/it-it/HT201265;

Chrome: https://support.google.com/chrome/answer/95647?hl=it;

Opera: https://help.opera.com/en/latest/web-preferences/#cookies.

Edge: https://support.microsoft.com/search/results?query=gestione+cookie+Microsoft+Edge&isEnrichedQuery=true

 

RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA

The data may be communicated

i) to those entities (e.g. administrative, judicial, supervisory and control authorities) to which such communication must be made in compliance with an obligation provided for by law, regulation or Community legislation;

ii) financial intermediaries belonging to the UniCredit Group, on the basis of the provisions of the anti-money laundering legislation (see art. 39, paragraph 3 of Legislative Decree no. 231/2007), which provides for the possibility of communicating personal data relating to reports considered suspicious between financial intermediaries belonging to the same group;

iii) third parties, suppliers of products and/or services, whether or not part of the UniCredit Group.

These recipients, depending on the case, process personal data as autonomous Data Controllers or Data Processors. The categories of autonomous Data Controllers and the list of Data Processors to whom the data may be communicated can be consulted by accessing in the "Privacy" section of the website

https://www.unicreditgroup.eu/en/info/privacy.html  

In addition, the data may be disclosed to the natural persons belonging to the following categories as persons authorized to the processing and only for the data necessary to perform the tasks assigned to them: employees of the Controller or seconded to it, temporary workers, interns, consultants and employees of external companies appointed as Data Processors.


DATA TRANSFER TO THIRD COUNTRIES
 
The Data Controller informs that personal data may be transferred also to countries not belonging to the European Economic Area (so-called Third Countries) only if recognized by the European Commission as having an adequate level of protection of personal data and, in any case, in full compliance with the applicable legislation and always ensuring the exercise of the rights of the Data Subjects. Further information can be requested by writing to Group.DPO@unicredit.eu.

 

RIGHTS OF DATA SUBJECTS

Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (the "GDPR") gives individuals, sole proprietorships and/or freelancers specific rights, including the right to know what personal data is held by the Data Controller and how it is used (right of access), to obtain updating, rectification or, if there is interest, integration, as well as erasure, transformation into anonymous form or limitation.

 

DATA RETENTION PERIOD AND RIGHT TO BE FORGOTTEN

The Controller will process the information collected for as long as is strictly necessary for the pursuit of the predetermined purposes.

At the end of this retention period, the information collected will be deleted or stored in a form that does not allow identification of the user (eg. irreversible anonymization), unless their further processing is necessary for one or more of the following purposes: i) resolution of pre-litigation and / or litigation initiated before the expiry of the retention period; ii) to follow up investigations / inspections by internal control functions and / or external authorities initiated before the expiry of the retention period; iii) to respond to requests from public authorities in Italy and / or foreign received / notified to the Controller before the expiry of the retention period.

 

METHODS OF EXERCISING RIGHTS

Each user, in order to exercise the rights referred to in the preceding paragraph, may contact:

The deadline for response is one (1) month, extendable by two (2) months in cases of particular complexity; in such cases, the Controller shall provide at least one interim communication within one (1) month.

The exercise of the rights is, in principle, free of charge; the Controller reserves the right to ask for a contribution in case of manifestly unfounded or excessive requests (including repetitive ones).

The Data Controller has the right to request the information necessary to identify the applicant.

 

COMPLAINT OR REPORT TO THE AUTHORITY FOR THE PROTECTION OF PERSONAL DATA

The Controller informs you that the user has the right to file a complaint or make a report to the Authority or to appeal to the Judicial Authority. The contacts of the Authority are available at the following link: http://www.garanteprivacy.it.