The information set out in this cookies policy is provided by the Data Controller (as defined below) in addition to the information on the processing of personal data, always available on this website
and accessible via the following link: https://www.gtb.unicredit.eu/privacy-cookie.
DATA CONTROLLER AND DATA PROTECTION OFFICER
The Data Controller is UniCredit S.p.A, with registered office at Piazza Gae Aulenti n. 3, Tower A, 20154 Milan (the "Data Controller").
THE COOKIES USED BY THIS SITE
Cookies are short strings of text sent to the browser of the user’s device (PC, Notebook, Smartphone, Tablet, etc.) when he/she visits a website. They are stored there and then sent back to the same website the next time the user visits.
The Data Controller informs you that this Site uses the types of cookies described below which are classified based on rulings and indications of the competent authorities, including the Italian Data Protection Authority and the European Data Protection Board (EDPB).
These are cookies which are essential in order to send a communication via an electronic communication network or to provide a service specifically requested by the user, such as, for example, home banking activities (displaying account statements, bank transfers, paying bills, etc.), for which these cookies allow the user to be identified during the session. Without the use of such cookies, navigation on the Site and certain operations requested by the user could not be carried out or would be less secure.
Considering the purposes for which technical cookies are used, their storage in the user’s device does not require the user's prior consent.
MANAGEMENT AND DELETION OF COOKIES THROUGH THE CONFIGURATION OF THE BROWSER USED
The Data Controller informs that the user can express or modify his/her preferences on cookies through the settings of the browser used in his/her device.
Please note that the preferences expressed through the browser will take effect only from the first connection of the user after the change of his/her preferences.
Please refer to the information and operating procedures to be performed to configure the settings, as provided by the provider of the browser used by the user:
RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Data may be communicated to:
- entities to whom such communication must be made to in order to comply with an obligation of law, regulations or EU law;
- third parties, suppliers of products and/or services, whether or not belonging to the UniCredit Group.
These recipients, depending on the cases, process personal data as autonomous data controllers or as data processors. The categories of autonomous data controllers and the list of data processors to whom the data may be communicated can be consulted by accessing https://www.unicredit.it/it/info/privacy.html
Your data may also be disclosed to natural persons belonging to the following categories in their capacity as persons authorized to process personal data, in relation to the data necessary to perform the tasks assigned to them: workers employed by the Data Controller or seconded to it, temporary workers, interns, consultants and employees of external companies appointed as data processors.
TRANSFER OF DATA TO THIRD COUNTRIES
The Data Controller informs that the personal data collected may be transferred to countries outside the European Economic Area (c.d. Third Countries), only if recognised by the European Commission as having an adequate level of protection and, in any cases, in compliance with the applicable law and ensuring the exercise of the data subjects’ rights. Further information can be requested by writing to Group.DPO@unicredit.eu
RIGHTS OF DATA SUBJECTS
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”), grants natural persons, individual companies and/or the self- employed specific rights, including the right to know what personal data are held by the Data Controller and how said data are used (right of access), the right to have their data updated, rectified or, if there is an interest, integrated, as well as have their data erased, anonymised or to obtain the restriction of the processing.
DATA STORAGE PERIOD AND RIGHT TO ERASURE ("RIGHT TO BE FORGOTTEN")
The Data Controller will process the information collected for the period strictly necessary to pursue the predetermined purposes.
At the end of this storage period, the information collected will be erased or kept in a manner that does not allow for the identification of the user (e.g. irreversible anonymisation), unless further processing is necessary for one of the following reasons: i) to settle pre-litigation and/or litigation started before the end of the storage period; ii) to continue investigations/inspections of internal control functions and/or external authorities started before the end of the storage period; iii) to follow up requests from Italian and/or foreign public authorities received by/notified to the Data Controller before the end of the storage period.
HOW TO EXERCISE YOUR RIGHTS
The deadline for replying is one (1) month, extendible to two (2) months in cases of particular complexity; in these cases, the Data Controller will provide at least initial communication within one (1) month.
The exercise of rights is, in principle, free; the Data Controller reserves the right to charge a fee in the event of manifestly unfounded or excessive requests (including repetitive ones).
The Data Controller may request information necessary to identify the requesting party.
COMPLAINTS OR REPORTS TO THE ITALIAN DATA PROTECTION AUTHORITY
The Data Controller informs the user that he/she may file complaints or report to the Italian Data Protection Authority or alternatively file a complaint with the Judicial Authorities. The contacts of the Italian Data Protection Authority are available on the website: http://www.garanteprivacy.it