0 items


UniCredit S.p.A. Website Privacy Policy

The Purpose of this Notification

This page describes how the UniCredit S.p.A. website is managed with reference to processing the website users’ personal data.  This statement is also issued in compliance with article 13 of the Italian Legislative Decree no. 196 dated 30th June 2003 (hereinafter referred to as Privacy Policy) to all users of the UniCredit S.p.A. website services,    accessible through web interaction at, which corresponds to the UniCredit S.p.A. website homepage.  This statement solely regards UniCredit S.p.A. websites and not any other websites possibly available to the user through hyperlinks. This statement is also issued with reference to the Recommendation no. 2/2001 adopted by the European Data Protection Authorities, under the Group provided for by article 29 of the 95/46/EC directive, on 17th May 2001 with the aim of identifying minimum requirements regulating the collection of personal data online and, in particular, the methods, times and nature of information that the owner of personal data management is required to disclose to the users once the latter access the web pages, regardless of the purposes of access.

The "Controller” of  Personal Data Management

Further to the consultation of this website, data relating to identified or identifiable individuals may be processed. The “controller” of the personal data management processes is UniCredit S.p.A., with its registered office in Via Alessandro Specchi  16, Rome, and its Head Office in Piazza Gae Aulenti 3, Tower A - 20154 Milan. When data processing is performed in the various sections of the website, the respective controllers responsible for the processes are indicated.

Place of Data Management

Personal data related to services provided in this website is processed at the aforementioned Head Office as well as at the premises located in Via Livio Cambi 1 in Milan. Furthermore, the personal data shall be managed exclusively by UniCredit S.p.A. employees designated to process personal data or persons designated by UniCredit Business Integrated Solutions S.C.p.A., as well as “controller” designated by UniCredit S.p.A., the owner of the submitted personal data. No personal data deriving from access to the website services shall be disclosed. Any personal data submitted by the users shall be exclusively used for executing the requested service. In addition, the personal data shall be disclosed to third parties only if necessary to execute the service in question.

Types of Data Processed

Navigation data

Information systems and software utilised for the operation of this website may, during their normal operations, acquire personal data which are implicitly transmitted through the use of the Internet based on protocols TCP/IP.

This information is not collected to be associated to the identified parties in question, but it could allow identifying the generating  users due to the very nature of the information by processing and associating it with data held by third parties.

This data category includes “IP addresses” or domain names of computers used by the users accessing the website, URI (Uniform Resource Identifier) of the requested resources, the time of request, the method used to submit the request to the web server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server (success, error, etc.) and other parameters regarding the operating system and user’s computer environment. This data shall be solely used for obtaining anonymous statistical information on the use of the website and monitoring the proper functioning of the UniCredit S.p.A. website. They are deleted after processing them but they could be archived and used to investigate and prove piracy or illegal actions: apart from these cases, data is kept for no longer than 7 days.  

It should be observed that the aforementioned data could be used to ascertain responsibility in case of cybercrime against the UniCredit S.p.A. website or facilities of UniCredit Business Integrated Solutions S.C.p.A , or any other websites connected or related thereto: save for the case above, the web contact data is currently held no longer than a few days .

Data provided voluntarily by the user

A request to send emails to the addresses indicated in the specific section of the UniCredit S.p.A. website implies subsequent acquisition of certain personal data of the requesting party, including the requesting party’s email address, which is required to meet the requests thereof. Specific summary disclosures shall be progressively contained or displayed on the website pages meant for these particular services of request.


A cookie is a 9pt “data file” that some websites, while they are being visited, send to the address of the user browsing the website with the aim of tracing the route taken within the website and gathering data in an exclusively anonymous form to improve the service and usability of the website in question.   Thus, the UniCredit web server may also exchange cookies with the users’ computers during navigation of the UniCredit website. In any case, the user may opt to set the browser thereof in such a way so as to receive a warning of the presence of a cookie and decide whether to accept or reject it. The user may also set the computer thereof to automatically block cookies.  However, blocking cookies could jeopardise interaction with the UniCredit S.p.A. website.

Call Center

Systems and procedures required for the operation of the UniCredit S.p.A. Call Center acquire certain data in relation to customer calls. This category includes the caller ID (if not hidden), IVR navigation data (i.e. actions/keypad input carried out by the customer to gain access to various services), call duration, as well as an audio recording in the cases expressly provided for and after notifying the party in question. The aforementioned data shall be processed with the aim of obtaining anonymous statistical information on the use of the Call Center, for monitoring its proper functioning and ensuring security thereof, as wells as ascertaining responsibilities in case of unlawful conduct or damages against UniCredit S.p.A. or its customers.

Optional provision of personal data

Besides the information provided regarding the navigation data, the user is free to provide the personal data included in the specific electronic request forms, in the sections of the website designated for particular services offered upon request. Furthermore, it should be noted that failure to provide the aforementioned data may prevent the successful delivery of the requested service.

Processing Method and Security Measures

Personal data shall be processed using automated and non-automated tools, solely for the period strictly required to achieve the purposes subject of collection thereof. Specific security measures are taken to prevent loss, unlawful or improper use of data, as well as unauthorised access. More specifically, in the sections of the website meant for particular services, where the user’s personal data is required, the data is encrypted by means of security technology called Secure Sockets Layer, abbreviated as SSL. The SSL technology encrypts the information before it is exchanged between user’s computer and the UniCredit S.p.A. systems via web, thus making them incomprehensible to unauthorised entities and hence guaranteeing the confidentiality of the provided information.  In addition, use of SSL requires a compatible browser capable of “exchanging” a security key that is at least 128 bits, which is required to establish the aforementioned secure connection with the UniCredit S.p.A. systems.

Rights of the Interested Parties

Subjects to whom the personal data belongs that may have been gathered in the aforementioned specific sections, have the right to request confirmation of the existence or otherwise of the said data, as well as be informed of the content and origin, verify the correctness, request additions updates, or rectification thereof pursuant to article 7 of the Privacy Policy.

The party in question has the right to request deletion, transformation into anonymous form, or denial of consent to process the data for any legitimate reason.

Any requests shall be submitted to:


UniCredit S.p.A.

Via Del Lavoro, 42

40127 Bologna

Tel.: +39 051.6407285

Fax: +39 051.6407229



UniCredit S.p.A. does not knowingly use its website to gather data from minors (below 18 years of age).

Versions of the Privacy Policy

Given that the state of development of automatic monitoring systems does not currently exempt them from error or malfunction,- it should be noted that the present document constitutes the Privacy Policy of the UniCredit S.p.A. website and it shall be subject to updates (which shall however be made available in their various versions). 

 Statement issued to customers pursuant to article 13 of the Italian Legislative Decree no. 196/2003 (“Personal Data Protection Code” or "Privacy Policy”).