The Purpose of this Notification
The "Controller” of Personal Data Management
Further to the consultation of this website, data relating to identified or identifiable individuals may be processed. The “controller” of the personal data management processes is UniCredit S.p.A., with its registered office in Via Alessandro Specchi 16, Rome, and its Head Office in Piazza Gae Aulenti 3, Tower A - 20154 Milan. When data processing is performed in the various sections of the website, the respective controllers responsible for the processes are indicated.
Place of Data Management
Personal data related to services provided in this website is processed at the aforementioned Head Office as well as at the premises located in Via Livio Cambi 1 in Milan. Furthermore, the personal data shall be managed exclusively by UniCredit S.p.A. employees designated to process personal data or persons designated by UniCredit Business Integrated Solutions S.C.p.A., as well as “controller” designated by UniCredit S.p.A., the owner of the submitted personal data. No personal data deriving from access to the website services shall be disclosed. Any personal data submitted by the users shall be exclusively used for executing the requested service. In addition, the personal data shall be disclosed to third parties only if necessary to execute the service in question.
Types of Data Processed
Information systems and software utilised for the operation of this website may, during their normal operations, acquire personal data which are implicitly transmitted through the use of the Internet based on protocols TCP/IP.
This information is not collected to be associated to the identified parties in question, but it could allow identifying the generating users due to the very nature of the information by processing and associating it with data held by third parties.
This data category includes “IP addresses” or domain names of computers used by the users accessing the website, URI (Uniform Resource Identifier) of the requested resources, the time of request, the method used to submit the request to the web server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server (success, error, etc.) and other parameters regarding the operating system and user’s computer environment. This data shall be solely used for obtaining anonymous statistical information on the use of the website and monitoring the proper functioning of the UniCredit S.p.A. website. They are deleted after processing them but they could be archived and used to investigate and prove piracy or illegal actions: apart from these cases, data is kept for no longer than 7 days.
It should be observed that the aforementioned data could be used to ascertain responsibility in case of cybercrime against the UniCredit S.p.A. website or facilities of UniCredit Business Integrated Solutions S.C.p.A , or any other websites connected or related thereto: save for the case above, the web contact data is currently held no longer than a few days .
Data provided voluntarily by the user
A request to send emails to the addresses indicated in the specific section of the UniCredit S.p.A. website implies subsequent acquisition of certain personal data of the requesting party, including the requesting party’s email address, which is required to meet the requests thereof. Specific summary disclosures shall be progressively contained or displayed on the website pages meant for these particular services of request.
A cookie is a 9pt “data file” that some websites, while they are being visited, send to the address of the user browsing the website with the aim of tracing the route taken within the website and gathering data in an exclusively anonymous form to improve the service and usability of the website in question. Thus, the UniCredit web server may also exchange cookies with the users’ computers during navigation of the UniCredit website. In any case, the user may opt to set the browser thereof in such a way so as to receive a warning of the presence of a cookie and decide whether to accept or reject it. The user may also set the computer thereof to automatically block cookies. However, blocking cookies could jeopardise interaction with the UniCredit S.p.A. website.
Systems and procedures required for the operation of the UniCredit S.p.A. Call Center acquire certain data in relation to customer calls. This category includes the caller ID (if not hidden), IVR navigation data (i.e. actions/keypad input carried out by the customer to gain access to various services), call duration, as well as an audio recording in the cases expressly provided for and after notifying the party in question. The aforementioned data shall be processed with the aim of obtaining anonymous statistical information on the use of the Call Center, for monitoring its proper functioning and ensuring security thereof, as wells as ascertaining responsibilities in case of unlawful conduct or damages against UniCredit S.p.A. or its customers.
Optional provision of personal data
Besides the information provided regarding the navigation data, the user is free to provide the personal data included in the specific electronic request forms, in the sections of the website designated for particular services offered upon request. Furthermore, it should be noted that failure to provide the aforementioned data may prevent the successful delivery of the requested service.
Processing Method and Security Measures
Personal data shall be processed using automated and non-automated tools, solely for the period strictly required to achieve the purposes subject of collection thereof. Specific security measures are taken to prevent loss, unlawful or improper use of data, as well as unauthorised access. More specifically, in the sections of the website meant for particular services, where the user’s personal data is required, the data is encrypted by means of security technology called Secure Sockets Layer, abbreviated as SSL. The SSL technology encrypts the information before it is exchanged between user’s computer and the UniCredit S.p.A. systems via web, thus making them incomprehensible to unauthorised entities and hence guaranteeing the confidentiality of the provided information. In addition, use of SSL requires a compatible browser capable of “exchanging” a security key that is at least 128 bits, which is required to establish the aforementioned secure connection with the UniCredit S.p.A. systems.
Rights of the Interested Parties
The party in question has the right to request deletion, transformation into anonymous form, or denial of consent to process the data for any legitimate reason.
Any requests shall be submitted to:
Via Del Lavoro, 42
Tel.: +39 051.6407285
Fax: +39 051.6407229
UniCredit S.p.A. does not knowingly use its website to gather data from minors (below 18 years of age).