Categories of subjects that personal data may be communicated to or who can gain knowledge of them
To pursue the purposes described or when it is indispensable or required by law or by authorities with the power to impose it, the Controller reserves the right to communicate data to recipients belonging to the following categories:
- subjects providing banking, financial and insurance services;
- supervision and control Authorities and Bodies and, in general, public or private subjects with important public enforcement functions (e.g.: FIU, Bank of Italy, Revenue Office, Central Interbank Alarm Register, Central Risk Register of the Bank of Italy, Judicial Authorities, in any case solely within limits set forth in the assumptions established by laws applicable);
- other companies of the Group the Controller belongs to, or in any case parent companies, subsidiaries or associated companies pursuant to art. 2359 Italian civil code (also located abroad);
- subjects performing data acquisition and processing services;
- subjects providing services to manage the IT system of the Controller and the telecommunications networks (including mailing services);
- subjects providing document filing and data-entry activities;
- subjects providing assistance services to the data subject;
- professional firms or companies as part of assistance and advisory relations;
- subjects performing market surveys to measure the customer satisfaction level on the quality of services and activities provided by the Controller;
- subjects performing controls, audits and certification of activities implemented by the Controller.
Subjects belonging to the categories indicated above operate autonomously as separate process controllers, or as processors appointed specifically for the service; the list, updated continuously, is published on the website www.bancaifis.it.
The personal data may be known, related to tasks performed, by Controller employees, including internees, temporary workers, consultants, the employees of external companies, all specifically authorised, instructed and appointed as processors.
Lastly, no data coming from the web services are circulated.