This page describes the means of management of this site as concerns the treatment of personal information of the users who consult it. Information on this point is provided, also pursuant to Regulation (UE) 2016/679 to those who interact with the Bank's internet services, accessible from the website:
corresponding to the home page of the bank's official website. This document also considers Recommendation 2/2001 which the European Authorities adopted for the protection of personal information to identify the minimum requirements for the on-line collection of personal information. The information is provided solely for the www.group.intesasanpaolo.com site and not for any other sites which may be consulted by the user via links.
The Data Controller is Intesa Sanpaolo S.p.A. with Registered office in Torino, Piazza San Carlo, 156 - 10121.
TREATMENT OF INFORMATION
Treatment connected to web services of this site are managed by technical personnel of the office in charge of treatment. No information deriving from the web service is communicated or disseminated. Personal information provided by users who request documentation are used for the sole purpose of providing the service or satisfying the request and are communicated to third parties only if necessary to this end.
TYPES OF INFORMATION TREATED
Surfing information ICT systems and software procedures which are responsible for the functioning of this website acquire, as part of their normal exercise and for the sole period of connection, personal information whose transmission is implicit in the use of Internet communication protocols. Such information is not collected to be associated to identified parties, but which for its very nature may, via processing or association with information held by third parties, permit the identification of users. This category includes the IP addresses or domains of computers used by surfers who access the site, the Uniform Resource Identifier addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the number code indicating the state of the reply given by the server (ok, error, etc.) and the other parameters relative to the operating system and the user's IT environment. Such information is used for the sole purpose of obtaining anonymous statistics on the use of the site and to check its correct functioning and is immediately cancelled after processing. Such information may be used to ascertain responsibilities should hypothetical IT crimes be committed to damage the site: without prejudice to this use, to date information on web contacts does not persist for over seven days.
Information voluntarily provided by the user Any facultative, explicit and voluntary e-mail sent to the addresses indicated in this site entails the subsequent acquisition of the address of the sender, necessary to respond to requests, as well as any of other personal information contained in the e-mail. The use of personal information to send advertising materials or commercial information, to sell products or services by the Bank requires the prior consent by the sender who must fill in the specific box. Specific summaries will be progressively provided or visualised in the site's pages prepared for particular services which may be requested.
No personal information of users is acquired by the site as concerns this point. Cookies are not used for the transmission of personal information and no so-called persistent cookies of any type nor any other systems to trace users are used. The use of so-called session cookies (which are not memorised in a persistent way on the user's computer and dissolve when the browser is closed) is strictly limited to the transmission of session identification information (made up of random numbers generated by the server) necessary to enable the secure and efficient surfing of the site. So-called session cookies used in this site are an alternative to the use of other ICT techniques which may prejudice the confidentiality of the surfing of users and do not permit the acquisition of the user's personal identification.
MEANS OF TREATMENT
Personal information is treated with automated instruments for the sole time strictly necessary to achieve the purposes for which it has been collected. Specific security measures are complied with to prevent the loss of information, illicit or unfair uses and unauthorised accesses.
RIGHTS OF THE DATA SUBJECT
In your capacity as Data subject, you may exercise, at any time towards the Data Controller, the rights provided by the Regulation (right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object) by sending a specific request in writing to the e-mail address firstname.lastname@example.org or; via post to the address Intesa Sanpaolo S.p.A., Piazza San Carlo, 156 - 10121 Turin, Italy, or directly at any branch of the Bank.