Privacy Policy

DATA CONTROLLER

This page describes how this website is managed with regard to the processing of users' personal data. This information is also provided pursuant to Art. 13 and 14 of Regulation (EU) 2016/679 to those who interact with web services electronically accessible from the address:


www.exetra.com


This document also takes into account Recommendation no. 2/2001 adopted by the European authorities for the protection of personal data in order to identify the minimum requirements for the online collection of personal data.

The information is provided only for this website and not for other websites that may be consulted by the user through links.


The Data Controller is Exetra S.p.A., Via Monte di Pietà 12 - 20121 Milan.


DATA AND METHODS OF PROCESSING

The processing operations relating to the web services of this site are carried out only by the technical staff of the department in charge of data processing. No data deriving from the web service is communicated or disseminated.

Personal data are processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorised access.

The personal data provided by users who request informative material are used for the sole purpose of performing the service or provision requested and are communicated to third parties only if necessary for this purpose.


TYPES OF DATA PROCESSED.

Data provided voluntarily by the user.

The optional, explicit and voluntary sending of e-mails to the addresses indicated on this website entails the subsequent acquisition of the sender's address, which is necessary to respond to requests, as well as any other personal data included in the message. The provision of personal data is optional but is a strictly necessary condition to manage the data subject's requests and for the performance of the services offered.


Browsing data

During their normal operation and for the sole duration of the connection, the computer systems and software procedures used to operate this website may acquire some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error etc.) and other parameters relating to the user's operating system and computer environment.


These data are processed for the following purposes:
  • to comply with the requirements of national and EU regulations and with the provisions issued by the Supervisory and Controlling Bodies, also in relation to the obligatory monitoring of operational and credit risks at banking Group level; the processing of your personal data to comply with regulatory requirements is mandatory and your consent is not required.
  • to pursue a legitimate interest of Intesa Sanpaolo, Group companies or third parties where such interests do not conflict with he interests or fundamental rights and freedoms of the data subjects (Article 6.1 letter f of EU Regulation No. 679/2016), namely:
    • to ascertain responsibility in the event of hypothetical cyber-crimes against the site and for investigations in the event of any legal disputes.
    • to obtain anonymous statistical information on the use of the site and to check its correct functioning, and to measure and improve the services offered and the Site.
    • to pursue any other legitimate interests. In the latter case, the Data Controller may process your Personal Data only after having informed you and ascertained that the pursuit of its own legitimate interests, or those of third parties, does not override your fundamental rights and freedoms.
    In these cases, your consent is not required.


The browsing data collected through the website will remain on the servers for a period of 30 days. Personal Data may also be processed for a longer period if an act interrupting and/or suspending the statute of limitations justifies the extension of data storage.


RIGHTS OF THE DATA SUBJECTS.

The data subjects may at any time exercise the rights provided for in the Regulation, towards the Data Controller (right of access, rectification, erasure, restriction of processing, data portability, objection) by sending a specific request in writing to the email address dpo@intesasanpaolo.com - by post to Exetra S.p.A. - c/o Intesa Sanpaolo Tutela Aziendale - Privacy, Piazza San Carlo, 156 - 10121 Torino and making explicit reference to the website www.exetra.com.

This document constitutes the "Privacy Policy" of this site which will be subject to updates.

Download this document in PDF format.