(Information furnished pursuant to Art. 13 of Legislative Decree No. 196/2003 – “The personal data protection code”)
The procedures for the administration of the site with regard to the processing of the personal data on site users is described on this page. The information is provided only for this site and not for other websites that users may consult by clicking on links.
THE DATA CONTROLLER AND PROCESSOR
The personal data relating to persons identified or identifiable may be processed following consultation of this site.
The Data Controller is the Parent, UBI Banca, with registered office at 8 Piazza Vittorio Veneto 24122 Bergamo and the internal officer responsible for data processing is the pro tempore Chief Commercial Officer, domiciled for the purposes of these functions at the registered address of the bank.
SCOPE OF DATA PROCESSING
Data processing connected with the web services of this site is carried out only by the technical personnel of the office responsible for data processing or by persons who may be engaged for occasional maintenance operations. Data may also be processed by persons engaged by UBI Sistemi e Servizi S.p.a., the services company of the UBI Banca Group appointed as the Data Processor for the management of the IT system and the “Customer Assistance - Contact Centre” service provided in the name of and on behalf of the Bank. Personal data furnished voluntarily by users who make use of site functions or send in requests for information is used for the sole purpose of providing the service requested. For this purpose the personal data of users may be communicated to persons, who may be abroad, belonging to the following categories, so that they may carry out related processing and communications:
- persons who provide banking, financial or insurance services;
- companies belonging to the Unione di Banche Italiane banking Group, or in any case to its subsidiaries or associates;
- persons who provide services for the management of the Bank’s IT system;
- persons who carry out document filing activities;
- persons who provide assistance to customers (e.g. by telephone);
- persons who carry out activities for the supervision, audit and certification of activities performed by the Bank, which may be also in the interests of customers.
The persons belonging to the above-mentioned categories shall use data received in their capacity as independent “Controllers”, except in those cases where “Data Processors” with specific responsibilities have been appointed by the Bank. An up-to-date list of Data Processors is available by clicking on the relative link at the foot of this information page. The personal data of users is not made public.
TYPES OF DATA PROCESSED
a) Navigation data
During the course of their normal functioning, the IT systems and software procedures employed for the functioning of this website acquire some personal data, the transmission of which is implicit in the use of internet communication protocols. It is information that is not acquired to be associated with the persons identified, but which by its nature could, by means of processing and associations with data held by third parties, be used to identify users. The data that falls within this category are the IP addresses or the domain names of the computers used which connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of requests, the method used to submit requests to the server, the size of the file obtained in reply, the numerical code indicating the state of the reply given by the server (successful, error, etc.) and other parameters of the operating system and IT environment of the user. This data is used for the sole purpose of acquiring anonymous statistical information on the use of the site and to monitor it for correct functioning. For functioning and maintenance necessities, this web site and any third party services that it may use could acquire system logs, or in other words files which record interactions and which may contain personal data such as for example user IP addresses.
b) Data provided voluntarily by users
The use of some of the functionalities available on the site involves the acquisition of personal data provided by users and their subsequent use for specific purposes stated when the data is acquired. Specific summary information will be progressively reported or displayed on the pages of the site used for particular on-request services.
Cookies are strings of text, small in size, which sites visited by users send to their terminals (usually a browser), where they are stored and then sent back to the same sites the next time they are visited by those users. During the navigation of a site, users may also receive on their terminals cookies that are sent by other sites or web servers (known as “third parties”) on which some items (e.g. images, maps, sounds, specific links to images on other domains) may be present on the site that the user is visiting. Cookies are usually present on users’ browsers in large numbers and may sometimes remain there for long periods of times. They are used for different purposes: for IT authentication, monitoring sessions, storing information on specific configurations concerning users who access services, etc. The use of what is termed “technical cookies” is strictly limited to the transmission of session identification (consisting of random numbers generated by the server) needed to allow secure and efficient navigation of the site. The information that is stored in cookies will remain anonymous because the cookie ID is not associated with the personal data provided by users. For the purposes of the information provided here, information relating to cookies also applies for similar tools which allow the identification of users or of terminals (e.g. web beacons, web bugs, clear gifs, etc.). More specifically, this site makes use of the following types of cookies:
Technical cookies (navigation or session cookies; analytics or cookies; functionality cookies)
Technical cookies are used for the sole purpose of “carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service”.
Technical cookies can be classified as: navigation or session cookies, which guarantee normal navigation and use of the website (allowing for example a purchase to be made or authentication to be carried out for access to reserved areas); analytics cookies, similar to technical cookies, where they are used directly by a website administrator to acquire information in aggregate form on the number of users and on how these visit the site; functionality cookies, which allow users to navigate on the basis of a series of criteria they have selected (e.g. the language, products selected for purchase) in order to improve the service provided for them. No prior consent is requested from users for the installation of these cookies, without prejudice to the obligation to provide information pursuant to Art.13 of the Code, which if site administrators use only these tools, they may provide in the manner they consider most appropriate.
Consent of the persons concerned is not necessary for the use of technical cookies.
Third-party profiling cookies
Third party cookies also known as “share this” cookies may be installed during the navigation of a site and they allow data to be acquired from a user’s navigation of the site or of specific functionalities. In these cases the site publisher acts as an intermediary between the third parties and users. This site uses the following third-party cookies:
- Video Vimeo (https://vimeo.com/privacy) - Vimeo is a video content display service operated by Vimeo, LLC which enables this software application to embed that content in its pages.
- Widget Video Youtube (http://www.google.it/intl/en/policies/privacy/) - Youtube is a video content display service operated by Google Inc. which enables this Software Application to embed that content in its pages.
This site uses Google Analytics to acquire information in aggregate form on the number of users of this site and how they visit it.
The use of visitors’ IPs by Google Analytics cookies
The tool Google Analytics acquires the IP addresses of website visitors to provide an indication of their geographical location. This method is known as IP geolocation. Google Analytics does not report information on the actual IP addresses of visitors. By using a method known as IP masking, Google Analytics communicates information in a way that allows only part of the IP address to be used for geolocation, rather than the entire address.
Browser add-ons to deactivate Google Analytics cookies
Each user may nevertheless set its browser to receive a warning of the presence of a cookie and decide whether to accept it or refuse it. It is also possible to automatically refuse to receive cookies by enabling the special opt-out option on browsers. While total or partial deactivation of cookies may compromise the use of site functionalities we nevertheless inform you that it is possible to change the security settings on your browser at any time by clicking on the following links:
OPTIONAL DATA THAT IS GIVEN
Apart from that which has been stated regarding navigation data and excluding data acquired by means of technical cookies for which consent is not required, users are free to provide personal data in order to use functionalities and services made available on the site. Failure to give this information may make it impossible to obtain what has been requested.
DATA PROCESSING PROCEDURES AND DATA STORAGE TIMES
Personal data, including that provided voluntarily by users, is processed using manual and automated tools strictly for the time needed to achieve the aims for which it has been acquired. Except for cases where data is processed for legal purposes and in cases of hypothetical computer crimes which damage the site, data on website contacts has a life of not longer than seven days, while data provided voluntarily by users is stored strictly for the time necessary to respond to requests. Only if a user grants consent – where relevant – for processing for commercial purposes will data be stored for not longer than 12 months. Specific security measures are employed to prevent the loss of data, illicit or incorrect use of it and unauthorised access to it. More specifically, in those sections of the site in which personal data is acquired on users (e.g. in forms specially designed to request information) data is encrypted using security technology known as Secure Sockets Layer (SSL), which encrypts the information before it is exchanged via internet, thereby making it incomprehensible to unauthorised persons and guaranteeing its confidentiality. However, the use of SSL requires a compatible browser.
THE RIGHTS OF THE PERSONS CONCERNED
Persons on which personal data is held may exercise their rights under Art. 7 of Legislative Decree No. 196/2003, which means that they may know their personal data that is being processed, have additions made to it, have it amended or deleted for violations of the law or oppose processing of the data for legitimate reasons by sending a written request accompanied by a copy of an appropriate and valid identity document to UBI Banca, Tutela della Privacy (Privacy Protection), Piazza Vittorio Veneto 8 - 24122 Bergamo.
REQUEST FOR FURTHER INFORMATION ON PERSONAL DATA PROTECTION
For further information on privacy please write to: UBI Banca, Tutela della Privacy (Privacy Protection), Piazza Vittorio Veneto 8 - 24122 Bergamo BG.
Last updated: July, 2015