Web Privacy Policy

Introduction

Pursuant to arts. 13 and 14 of Regulation (EU) 2016/679 (“the Regulation”), we would like to inform users about how and why the personal data of those interacting with our websites / blogs are processed. This Web Privacy Policy is provided solely for www.ifisnpl.it and not for other websites possibly consulted by the user through links published on the above website. This Policy considers all sector regulations, with specific reference to:

  • Recommendation 2/2001 of the Art. 29 Group, related to the minimum requirements for the collection of online data in the EU;
  • Directive 2009/136/EC, amending Directive 2002/58/EC (so-called e-Privacy Directive), related to the processing of personal data and protection of private life in the electronic communications sector;
  • General Provision of the Authority for the protection of personal data “Identification of the simplified methods related to information and acquiring consent to use cookies” of 8 May 2014.

The personal data Controller is Ifis Npl S.p.A. with registered office in via Terraglio 63, 30174 Venice. The Controller has appointed a Data Protection Officer (DPO) who can be reached at this e-mail address: rpd@bancaifis.it.

The Controller of personal data processing is IFIS Npl Servicing S.p.A. with registered office in 20121 Milan, Corso Venezia no. 56. The Controller has not appointed a Data Protection Officer (DPO).

Personal data processed and processing purpose

1) Data provided voluntarily by users

The user may voluntarily provide the Controller with its personal data, with specific reference to personal information, e-mail address and other contact data, in the following circumstances:

  • sending communications by e-mail to the addresses provided in this website;
  • filling in online contact forms present on this website to request assistance;
  • subscribing to the periodical newsletter;
  • taking part in surveys to investigate the quality of services offered;
  • creating its own account.

The personal data provided are collected, processed and stored by the process Controller for the following purposes:

  • to respond to communications received;
  • to respond to the requests for assistance (including reports on any disservice);
  • to send newsletters and other information and/or advertising material for products and services offered by the process Controller;
  • to generate and manage user accounts;
  • to process data collected during surveys conducted to assess the level of satisfaction with services provided.

The personal data supplied are processed by the Controller solely for the time needed to achieve the purpose they were collected for. Once that purpose has been achieved, the personal data are deleted or made irreversibly anonymous.

Users using the forums, or other channels, to publish their contents, hence including their personal data, on this website, acknowledge that information made public can be read, collected and used by third parties who have no relationship with the Controller, also to send unwanted messages. The Controller declares that it is not responsible for any improper use that third parties could make of the personal data that users decided to publish through the channels mentioned.

2) Navigation data

During their normal operations and solely for the connection duration, the information systems operating this website acquire some personal data transmitted implicitly on using internet communication protocols. This information is not collected to be associated with identified data subjects but, for its very nature, could enable user identification through processing and association with data held by third parties. This data category includes: IP addresses or the names of computers used by users to connect to this website; URI (Uniform Resource Identifier) addresses of the resources requested, the time requests are made, the method used to submit requests to the server, the size of the file obtained in response, the numerical code indicating the status of the answer given by the server (successful, error, etc.), the characteristics of the browser used for navigation purposes, the size of the window in which the browser is performed in the device used, and other parameters related to the user’s operating system and computer environment. These data are only to collect anonymous statistics on how this website is used and to check it operates correctly, and are deleted straight after processing. The data could be used to ascertain responsibilities in any hypothetical computer crimes damaging the website. In that occurrence too, the contact data do not last longer than seven days.

3) Cookies

Cookies are small strings of text that the website sends and memorises in the user’s device; to then be used by the website itself at the user’s next visit. During navigation, the user’s device may also receive cookies sent by different websites or web servers (belonging to so-called “third parties”), on which there could be elements (for example, images, maps, sounds, specific links to the pages of other domains) present on the website visited. Cookies are used for different purposes such as performing IT authentication, monitoring sessions, memorising information on specific configurations concerning users accessing the server.

Cookies can be technical or profiling.

  • Technical cookies: technical cookies can be divided into session cookies (guaranteeing normal website navigation and use) and permanent cookies (cookie analytics, used to collect information in an aggregated form, on the number of users and on how they visit the website; functionality cookies enabling the user to navigate based on selected criteria, for example, language etc.). Prior user consent is not needed to install those cookies. Technical cookies are installed in the user’s device in order to identify the user when it logs in to websites, to analyse navigation in order to continuously optimise it and to conduct analysis to improve website aspect, functionalities and security. This website uses technical cookies enabling personalised navigation, based on criteria entered in the website by the user.
  • Profiling cookies: profiling cookies create user profiles and are used to send advertising messages in line with preferences shown by the user itself when navigating online. By law, the user has to have expressed valid consent before those cookies can be installed. Profiling cookies can be used for remarketing / retargeting activities in order to present users with advertising for the products and services they have already seen on third party websites (e.g. social network like Facebook, etc.). This website might also use tag pixels / web beacons, that is images incorporated in the website to measure and analyse its use. Lastly, it could also use third party multimedia widgets / plug-ins to enable sharing website contents on social networks. Those interactive programs collect the IP addresses of users, the website page visited and configure cookies to enable the widgets / plug-ins to function correctly. The operations that users can do through those widgets / plug-ins are regulated by the privacy policies of the third parties (e.g. social networks like Facebook) providing them.

The user can avoid the Controller using cookies by setting its navigation browser settings. However, users who choose to eliminate the technical cookies from their devices, or to stop their storage, might not have access to all website functionalities. Even if the user disables all cookies, the user’s browser will still memorise a small amount of information needed for basic website functionalities.

Click here to view the cookies used in our websites.

If you want to modify settings on the use of all cookies, you need to follow the instructions below based on the browser used:

How personal data are processed

Personal data collected by the website are processed automatically for the time strictly needed to achieve collection purposes. Where needed, processing performed by the Controller on data collected from the website could be based on automated decision-making processes that produce legal effects or have a similar significant effect on the data subject such as, for example, processing performed using profiling cookies. Suitable technical and organisational security measures are complied with to prevent damage, whether material or immaterial (e.g. loss of control of the personal data or limiting rights, discrimination, theft or usurping identity, financial losses, unauthorised decryption of pseudonymisation, prejudice to reputation, loss of the confidentiality of personal data protected by professional secret or any other significant economic or social damage).

Categories of subjects that personal data may be communicated to or who can gain knowledge of them

To pursue the purposes described or when it is indispensable or required by law or by authorities with the power to impose it, the Controller reserves the right to communicate data to recipients belonging to the following categories:

  • subjects providing banking, financial and insurance services;
  • supervision and control Authorities and Bodies and, in general, public or private subjects with important public enforcement functions (e.g.: FIU, Bank of Italy, Revenue Office, Central Interbank Alarm Register, Central Risk Register of the Bank of Italy, Judicial Authorities, in any case solely within limits set forth in the assumptions established by laws applicable);
  • other companies of the Group the Controller belongs to, or in any case parent companies, subsidiaries or associated companies pursuant to art. 2359 Italian civil code (also located abroad);
  • subjects performing data acquisition and processing services;
  • subjects providing services to manage the IT system of the Controller and the telecommunications networks (including mailing services);
  • subjects providing document filing and data-entry activities;
  • subjects providing assistance services to the data subject;
  • professional firms or companies as part of assistance and advisory relations;
  • subjects performing market surveys to measure the customer satisfaction level on the quality of services and activities provided by the Controller;
  • subjects analysing visits to this website and the online campaign services, in order to improve contents and services. The Controller could allow those service providers to use cookies and other technologies to provide the services on its behalf;
  • subjects performing controls, audits and certification of activities implemented by the Controller.

Subjects belonging to the categories indicated above operate autonomously as separate process controllers, or as processors appointed specifically for the service; the list, updated continuously, is published on the website www.bancaifis.it.

The personal data may be known, related to tasks performed, by Controller employees, including internees, temporary workers, consultants, the employees of external companies, all specifically authorised, instructed and appointed as processors.

Lastly, no data coming from the web services are circulated.

Transfer of data to Non-EU Countries/organisations

When needed to perform the purposes mentioned, the data of the data subject could be transferred abroad, to non-EU Countries/organisations that guarantee a personal data protection level deemed suitable by the European Commission with a decision; or, in any case, based on other suitable guarantees, for example the Standard Contractual Clauses adopted by the European Commission. A copy of any data transferred abroad and the list of the non-EU Countries/organisations to which the data has been transferred can be obtained from the Controller by submitting a specific request by ordinary mail sent to the registered office of the Controller or by e-mail sent to privacy@bancaifis.it.

Rights of the data subject

Pursuant to articles from 15 to 22, the Regulation attributes specific rights to the data subject. More specifically, the data subject can obtain: a) confirmation of whether its personal data is being processed or not and, in that case, access to that data; b) rectification of incorrect personal data and integration of any incomplete data; c) erasure of its personal data in cases where it is permitted by the Regulation; d) restriction to processing, for hypotheses set forth in the Regulation; e) communication, to recipients that the personal data were transmitted to, of the requests to rectify/erase the personal data and restrict processing received from the data subject, except when that should prove impossible or imply a disproportionate effort; f) reception, in a structured, commonly-used format readable by an automatic device, of the personal data provided to the Controller and their transmission to another controller, at any time, even if relations possibly held with the Controller should cease. The data subject also has the right to object at any time to its personal data being processed. In those cases, the Controller is obliged to abstain from any further processing, with no prejudice to reasons permitted by the Regulation. The data subject also has the right not to be subjected to a decision based solely on automated processing, including profiling, that causes legal effects concerning him/her and significantly affecting his/her person; unless that decision: a) is needed to finalise or execute a contract between the data subject and the Controller; b) is authorised by Union law or that of the member State the Processor is subject to; c) is based on the specific data subject consent. For the aforementioned letters a) and c), the data subject has the right to obtain human intervention from the Controller, to express its opinion and dispute the decision. Requests may be submitted by ordinary mail sent to the registered office of the Processor or by email sent to privacy@bancaifis.it. The data subject also has the right to submit a complaint to the data protection Authority pursuant to art. 77 of Regulation (EU) 2016/679, and to take legal action pursuant to arts. 78 and 79 of the Regulation itself.

Privacy Policy