Vai alla Privacy prospect Privacy prospect Print

Prospective Client Privacy Policy

This privacy note is intended specifically and exclusively for the processing of personal data of persons who do not have products/services at the Bank.

1.Data Controller and Data Protection Officer

The Data Controller is FinecoBank S.p.A. - a Company belonging to the UniCredit Banking Group with registered office at Piazza Durante no. 11, 20131 Milan (the "Bank" or "Fineco").

The Data Protection Officer may be contacted at Fineco, Data Protection Office, Piazza Durante no. 11, 20131 Milan, E-mail:, PEC:

2. Purpose and legal basis of the processing

Fineco processes personal data of natural or legal persons and individual companies and / or self-employed professionals ("data subjects") for the following purposes:

3. Categories of data handled

Fineco processes personal data collected directly from the data subject or from third parties, which includes, by way of example, identification data (for example, surname, forename, address, date and place of birth), data relating to image (for example, identity card photo) and other data attributable to the above-mentioned categories.

4. Receivers or categories of receivers of data

The data subject's personal data may become available to natural or legal persons with the title of controllers and to natural persons that process data to carry out the tasks assigned to them, including: Fineco employees, secondees, temporary workers, interns, consultants and contractors.

The Bank - without the consent from the data subject being necessary - may communicate the personal data in its possession:

The detailed list of the entities to whom the data may be communicated can be consulted at the "Privacy" section of the website

5. Rights of the data subjects

The current regulations on data protection give specific rights to the data subject who, to exercise those rights, may address themselves directly and at any time to the Data Controller.

The rights that may be exercised by the data subject are described below:

The data subject may at any time amend their optional consent preferences.

Right of access

The right to access sets out the possibility for the data subject to know what personal data concerning him or her are being processed by the Bank and to receive a copy of it (in the case of further copies being requested a contribution based on the costs incurred may be debited). The information provided include: the purposes of the processing, the categories of personal data concerned, where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, as well as the guarantees applied in the case of transfer of data to a third country and the rights that may be exercised by the data subject will be detailed.

Right to rectification

The right to correction allows the data subject to update or correct inaccurate or incomplete data held by the Bank relating to them.

Right to erasure (so-called "right to be forgotten")

The right to be forgotten, allows the data subject to require the erasure of personal data concerning him or her in the following special cases:

This right may be exercised even after withdrawal of consent.

Right of restriction

A data subject may request the Bank to limit the way their data is processed under certain circumstances. The right of restriction of processing may be exercised by the data subject in the case of:

With the exception of storage, where processing has been restricted any processing of the personal data is prohibited.

Right to portability

The right to portability allows the data subject to receive the personal data concerning him or her, which he or she has provided to the Bank, for other purposes. Each data subject may ask to receive the personal data relating to them or to request its transfer to another data controller, in a structured format, in common use and legible.

Note, data portability only relates to personal data (for example, surname, forename, address, date and place of birth, residence), as well as a set of data generated by the transaction activity that the Bank has defined for each macro-category of product / service (for example, current or extinguished relationships, current account transactions). This right does not apply to non-automated processing (for example, paper files or records).

Right to object

The right to object allows the data subject to object to the processing of their personal data in certain circumstances.

5.1 Exceptions to the exercise of the rights

The regulations on data protection recognise specific exceptions in relation to the exercise of the Data Subject's rights.

The Bank may continue to process personal data despite a data subject's exercise of their rights if one or more of the following applicable conditions applies:

5.2. Procedure for exercising rights

In order to exercise his/her rights, a data subject may contact the Bank at the email address or make the request in writing to FinecoBank, Via Rivoluzione d’Ottobre 16, 42123 Reggio Emilia.

The period for the response is one (1) month, extended to two (2) months in cases of particular complexity; in these cases, the Bank shall provide at least one interim communication within one (1) month. In principle, the exercise of the rights is free; having assessed the complexity of dealing with the request and, in the case of clearly unfounded or excessive requests (including repeated requests) the Bank reserves the right to ask for a contribution.

The Bank has the right to ask for further information necessary for the purposes of identifying the requesting party.

6.Personal data storage periods

Fineco processes and keeps the personal data of the data subject, prospect Customer, for the purpose for which they were collected as set out at Chapter 2 "Purpose and legal basis of the processing". The period of storage of personal data of the data subject runs from the registration of the personal data in the Systems of the Bank.

At the end of the storage period, the personal data referring to the data subject will be erased or kept in a form that does not allow the identification of the data subject, unless its further processing is necessary for one or more of the following purposes:

7. Transfer of data to other countries

Personal data may also be transferred to countries not belonging to the European Union or to the European Economic Area (so-called "Third-Party Countries") recognised by the European Commission as having an adequate level protection of personal data. Fineco shall only transfer data to other Third-Party Countries if such countries have an adequate level of protection of personal data compared to that of the European Union (for example, through the signing of the standard contractual clauses set out by the European commission) and the Fineco suppliers located in the third-party country have agreed to appropriate measures so that the exercise of the rights of the data subject is protected.

8. Information note on the processing of data for navigation, cookies and data referring to the use of the Call Centre

Identification of the consumer habits and propensities of the data subject will be analysed by means of the use of cookies and other similar technologies, in respect of the appropriate safeguards and necessary measures, according to the applicable regulation. Fineco shall only use cookies to the extent permitted by the current regulations.

Furthermore, the systems and the procedures of the Bank’s Call Centre requires access to some data of the data subject (for example any remote number of the caller, duration of the call, and, subject to prior notice to the data subject, audio recording of the call).

For special orders and instructions from clients, as well as in relation to specific concrete requirements (such as for example those relating to security checks), the Bank may record the content of telephone conversations held, also for evidentiary purposes and for protection of rights in the case of dispute. In all these cases, the data subject shall be informed of these recordings at the start of the telephone conversation.

The full information note on the subject is available at the dedicated area on the website
The full information note on the subject will be issued to the data subject in the case of subscription to the service.

9.Claim or report to the Italian data protection authority (Garante per la protezione dei data personali)

Where the data subject believes he/she has suffered a breach of their rights they may make a claim or a report to the Italian data protection authority or contact the relevant legal authorities in his/her own jurisdiction. Contact details of the Italian data protection authority can be found at

10.Changes to this Privacy Policy

Fineco reserves the right to make changes to this policy from to time to time. Please check back on the website to be aware of any updates.