The rules followed to manage this website, as regards the processing of personal data of website visitors, are listed below. This notice is provided also pursuant to Article 13 of D. Lgs. no. 196/2003 dealing with the "Data protection code" relating to the website www.grupposanpaoloimi.com. The notice takes into account also Recommendation 2/2001 which the European Data Protection Authorities adopted to identify the basic requisites for the on-line collection of personal data. This notice relates to the www.grupposanpaoloimi.com website and does not apply to any other websites accessed by the links included in the aforesaid website. The collection of personal data takes place within specific sections of the website through electronic forms which provide further information about the processing of such data. The Data processor is Sanpaolo IMI S.p.A., with registered offices in Turin, Piazza San Carlo 156, 10121 - Torino The Data processor of the Bank, in charge of personal data, located at the registered address of Sanpaolo IMI S.p.A., is: the pro tempore responsible official for Sanpaolo IMI S.p.A. Planning The data processing connected with the web services provided by this site is managed by the data protection technical staff or by any other person carrying out periodical maintenance. Visitors are not required to input their personal data to access the website, however, protected areas reserved for customers included in the Sanpaolo IMI S.p.A. mailing list will require the use of the access codes provided to individual users for authentication purposes. Personal data collected through the use of the website services are in no way disclosed or circulated. The IT systems and the software procedures handling the consultation of this website capture, during the connection and only for that length of time, a number of significant data which are implicit in the use of Internet communication protocols. These identification data are not permanently stored and are not collected to be associated with identified interested parties, but, by their nature, they might, through processing and by associating them with data held by third parties, allow the visitor to be identified. The data falling under this category are IP addresses or domain names of the computers of users visiting the website, the URIs (Uniform Address Identifiers) of the requested resources, the time of the request, the method used to forward the request to the web server, the size of the file obtained following the request, the numerical code indicating the status of the response provided by the web server (successful, error, etc...) and other parameters relating to the operating system and the user's IT environment. When e-mails are sent by users to contact experts of the bank through this website, their e-mail addresses as well as any other relevant personal details will be captured and stored in order to enable the experts to provide a reply to the users' requests. The use of personal details to send advertising material, commercial information, sale of products or services by the bank is subject to the authorization by the sender, by ticking the appropriate box. The bank does not use cookies to transmit personal details nor does it use any of the so-called persistent cookies that collect information on websites that may lead to personal identification. Session cookies (which are stored in temporary memory and are not retained after users close the web browser) are used solely to store information (unique numbers randomly generated by the web server) which is required for added security and efficiency when navigating the bank's website. Personal data which are captured and stored while visiting any of the sessions of this website are processed using automated equipment and only for the length of time required to achieve the purposes for which the data have been collected. The IT systems contain all the required and appropriate security measures to prevent the loss, illicit or incorrect use of, and unauthorized access to, such data. Data subjects will be able to exercise all the rights provided for in Article 7 of D. Lgs. no. 196/2003. In particular, data subjects will have the right to obtain confirmation as to whether or not personal data concerning them exist, to be informed of the content and source of the personal data, and to request that they be amended, cancelled or blocked. All information relating to the right of access may be requested from Sanpaolo IMI S.p.A., Investor Relations, Piazza San Carlo n. 156, 10121 - Torino; e-mail: investor.relations@sanpaoloimi.com
| 
