FinecoBank S.p.A. (the “Bank”) confirms that your personal data, provided directly by you or by third parties, may be processed, even by third party companies (which may be located overseas) appointed by the Bank, for the following purposes:
(a) Compliance with law, regulations, guidance issued by competent authorities and organisations (e.g. responsible for compliance with Anti Money Laundering laws). The collection of your personal data for this purpose is compulsory, and its processing does not require your consent.
(b) Purposes strictly related to the management of client relationships (e.g. acquiring information prior to Account opening, performing contractual obligations, verification procedures and reports concerning the relationship and related risks). There is no need to provide personal data, but refusal to do so may make it impossible for the Bank to provide you with the requested Service. This processing of data does not require your consent.
(c) Purposes related to Bank activity, such as:
- Quality controls concerning client satisfaction with the Services of the Bank and Unicredit Group, carried out via interviews, questionnaires, etc.;
- Promotion and sale of Bank products, Unicredit Group products or products of third party companies, carried out via letter, telephone, advertisement, automated advertising systems, email, messages such as MMS (Multimedia Messaging Systems) and SMS (short message service), etc.;
- The performance of market research and studies, carried out via interviews, questionnaires, etc. and public relations.
The provision of personal data is not compulsory, and its processing requires your explicit consent for these purposes. Without this consent, the Bank cannot process the data. Processing is carried out manually, automatically or via any computerised means for the abovementioned purposes, ensuring the security and privacy of the data.
The Bank does not ask clients for “Sensitive Personal Data” (i.e., data revealing, for example, health conditions, political opinions, trade union or political memberships). However, the Bank may be required to process this data in order to carry out specific requests in connection with the Services (e.g. payment of membership fees to said trade unions or parties, bank transfers in favour of associations etc.). Since the Bank cannot intercept and refuse these requests, the contract may not be finalised unless you give explicit consent to this processing. The data will be processed exclusively for the purpose of carrying out your requests.
A. The Bank – without the need for your consent – may transmit the personal data it has collected to:
B. The Bank may also transmit, with your consent, your data to companies, entities or external groups which act on the Bank’s behalf for the purpose of processing/controlling data in compliance with:
The complete list of entities which may be involved in the processing of your personal data is available at www.finecobank.com. Your personal data will not be made publicly available.
C. Your personal data may also be disclosed to legal and natural persons (by virtue of their position as entities responsible for the processing of data) specified in Part 5 of this document, and to the following persons: Bank employees, interns, contractors, financial salesmen, consultants and third party companies appointed for processing data.
Persons to whom FinecoBank can communicate customer data
Data protection law grants you specific rights, including the right to know what data (related to you) is in the Bank’s possession and how it is used. The rights granted to you include the right to demand deletion, anonymisation or blocking of your personal data if used in breach of the law, and for the update, correction or, should there be a need for it, amendment of data and objection (if for legitimate reasons) to its processing.
You may, at any time, object to the processing of your personal data for direct marketing communications or market research requests from the Bank.
Under relevant Italian legislation, Italian companies with shares admitted to listing on regulated markets or in multilateral trading facilities incorporated in Italy or in other Member States of the EU, with the issuer’s consent, may request (if it is provided for in their articles of association), from intermediaries at any time personal data relating to any shareholders who have not expressly refused disclosure thereof, together with the number of shares registered in accounts held by such persons., In accordance with subsequent changes to legislation, issuers of shares recorded in the centralised management system may request from intermediaries, at any time and at their own expense, through a centralised management company, personal data on shareholders, together with the number of shares registered in accounts held by such persons. The shareholders may expressly refuse disclosure of their personal data.
It may be possible for any interested party to request from persons with voting rights in listed companies authorisation to exercise these rights at the General Meeting of Shareholders. The Bank, in its capacity as the last intermediary within the meaning of the relevant legislative provisions, has an obligation to disclose, within three working days following receipt of the request made by anyone wishing to request authorisations with respect to a specific issuer of shares, name and contact details relating to the persons entitled to the voting right and who have not expressly refused disclosure of their personal data, as well as the number of shares of the issuing company registered in the relevant accounts.
We therefore inform you that in implementation of the legislation referred to above, in the situations described above and where there is no express refusal from the affected client, the Bank will arrange to provide the aforementioned persons with the required information, as detailed above. The disclosures described above will not entail any additional costs or obligations for you. You may change your preference as to being a subject to the Bank’s disclosure and refuse for such disclosure to be made at any time by simply sending a written notification to the Bank.
Persons to whom FinecoBank can communicate customer data
The entity responsible for controlling your personal data is FinecoBank S.p.A., Piazza Durante 11, Milan, Italy, www.finecobank.com. The General GBS Vice-director, under the authority of the Bank, may be contacted in order to exercise the rights described in the previous section.
Requests may be sent, in writing, to FinecoBank, via Rivoluzione d’Ottobre 16, 421213 Reggio Emilia, Italy; or via email to privacy@finecobank.com
The current list of entities appointed by the Bank to process/control personal data is available at www.finecobank.com.
If you make a request which involves international financial operations (e.g. a bank transfer to an institution based in a foreign country) and certain domestic operations (e.g. a bank transfer in a foreign currency and/or for the benefit of a counterparty not resident inUK), the Bank will need to use an international financial messaging service.
This service is administered by S.W.I.F.T. (Society for Worldwide Interbank Financial Telecommunication). The Bank transmits to SWIFT (holder of the SWIFT Net Fin system) data related to the transaction which is required to carry out the transfer (e.g. your name, payee name, the banks involved in the transaction, financial details, amount of payment and, if specified, the reason for the payment). If the payee is located outside the European Economic Area (EEA) then this means that data about you relating to the payment will be sent outside of the EEA in order to effect the transaction.
The Bank may record certain telephone calls you make to or with the Bank (including to preserve a record of instructions or discussions in case these need to be confirmed in future). In these instances, you will be informed that the call is being recorded at the beginning of the call. The Bank uses systems and procedures for the proper functioning of call centres, which collect data from your calls, including telephone number (unless it has been made private), IVR navigation data (digits inputted by the caller in order to reach the Services), call duration and, by giving prior notice, the audio recording of the call itself.
The Bank also uses cookies and similar technologies if you visit its website www.finecobank.com. A cookie is a small text file which is stored on your computer when you visit a website, for purposes such as recognising users who return to a website, helping navigation between different pages and help remember choices you make. For further information about how the Bank uses cookies, please visit the Bank’s Privacy Policy and Cookie policy online.
| Companies belonging to the UniCredit Group | |
|---|---|
| UNICREDIT S.P.A. | parent company of the banking Group of the same name to which FinecoBank S.p.A. belongs |
| UNICREDIT BUSINESS INTEHRATED SOLUTIONS S.C. p.A. | IT and administration services |
The following parties, IT service providers connected to UBIS S.C.p.A. by a contractual relationship, have been named Data Controllers by FinecoBank under the terms of Leg. Dec. No. 196/2003:
|
|
| UNICREDIT CREDIT MANAGEMENT BANK S.P.A. | problem loans management company |
| Companies outside the UniCredit Group | |
|---|---|
| Assist S.p.A. | SMS management |
| CO.GEN S.p.A. | On-call service and support for video surveillance systems |
| CONSULGESTITALIA SRL | loan collection company |
| FIRST DATA | credit card management for international circuits |
| DHL | work related to the transmission of communications to customers |
| C-GLOBAL Cedacri Global Services S.p.A. | mass processing for printing, enveloping and transmission of communications to customers - paper filing of customer documentation |
| GFT Italia | IT services |
| GIESECKE & DEVRIENT | production and personalisation of plastic cards |
| GRAFICHE ERREDUE | printing and binding services |
| ICTEAM | IT services |
| In.Te.S.A. S.p.A. | IT services |
| KIWARI | direct digital marketing company |
| DELOITTE & TOUCHE SPA | auditing and certification of accounts |
| CFI GROUP SRL | marketing research |
| NAMIRIAL S.P.A. | services for management of tax payment authorisation |
| OBJECTWAY | IT services |
| TRADE CALL CENTER | call centre support, information and sales campaigns |
| ROTOMAIL ITALIA S.p.A. | document production, enveloping and mailing service; data control, processing and transmission service for postal payment slips |
| SELECTA S.p.A. | PSW regeneration, PIN and activation code printing, enveloping and mailing service |
| SIA S,p.A. | IT and technological services connected with interbank automation |
| GIESECKE & DEVRIENT ITALIA Srl | supply of plastic supports and microchip modules, credit card accessories and personalisation services |
| STMICROELECTRONICS Srl | supply of plastic supports and microchip modules and credit card personalisation services |
| ITALARCHIVI Srl | subcontracting of document paper files |
| TNT Post Milano srl | work related to the transmission of communications to customers |
| UNO SERVIZI SRL | loan collection company |
| USUP SRL | management of competitions and special events |
| DIENNEA SRL | Email and SMS dispatch of newsletters and direct marketing campaigns |
| CA SRL | software solutions relating to authentication within the framework of online payments |
| PROGETTO LAVORO Società Cooperativa | contact centre and data entry activities |
| CENTRO ISTRUTTORIE S.p.A. | investigation service for loan application assessment |
| INNOFIN SIM S.p.A. | customer support for loan applications |
| GRUPPO DPS SRL | cheques and transfers processing and filing service in Clearing Houses |
| SODALI S.p.A. | maximisation of Shareholder support at FinecoBank Shareholders' Meetings |
| TAGETIK SOFTWARE SRL | supply of an IT system for the development and completion of reporting on "Intraperiod Liquidity" |
| WEBTREKK GmbH | supply of a suite for predictive statistics and analyses |
| TAS S.p.A. | bureau service for access to the SWIFT network |
| PERSONS TO WHOM FINECOBANK CAN COMMUNICATE CUSTOMER DATA | |
|---|---|
| BANCA D'ITALIA | Central bank of the Italian Republic (supervisory body) |
| CONSOB | National Commission for Companies and the Stock Exchange (supervisory body) |
| IVASS | Istituto per la Vigilanza sulle Assicurazioni [Insurance Supervisory Authority] (supervisory body) |
| CRIF S.p.A. | private person that manages information systems on consumer credit, reliability and punctuality of payments |
| CRIF DECISION SOLUTIONS S.p.A. | CRIF Group company specialising in the management of systems in support of loan management decisions |
| CTC - Consorzio per la Tutela del Credito | private company that manages information systems on consumer credit, reliability and punctuality of payments |
| EXPERIAN ITALIA S.p.A. | private company that manages information systems on consumer credit, reliability and punctuality of payments |
| Equitalia S.p.A. | services for management of tax payment authorisation |
| POSTE ITALIANE S.p.A. | mass processing in relation to the transmission of communications to customers |
| SUN MICROSYSTEMS ITALIA | IT services, provision of training and staff development |
| SWIFT SC | interbank messaging services |
| ALA ASSICURAZIONI S.p.A. | travel accident and multi-risk policies for credit card holders |
| LIBERTY MUTUAL INSURANCE EUROPE LIMITED | Liability for activities of Financial Advisors |
| BROKER AON BENFIELDE | Liability for activities of Financial Advisors |
| DHL | work relating to the transmission of communications to customers |
| NEXIVE S.p.A. | delivery of correspondence with tracking and certification of the delivery |
| Internal data processors |
|---|
| Head of GBS Dept. |
| Chief Financial Officer |
| Chief Risk Officer |
| Head of Network PFA Dept. |
| Head of Organization and Bank Operations Dept. |
| Head of Information & Communication Technology Dept. |
| Head of Global Business Dept. |
| Head of Investments and Wealth Management Dept. |
| Head of Legal & Corporate Affairs Dept. |
| Head of Compliance |
| Head of Financial Operations Dept. |
| Head of Customer Relationship Management Dept. |
| Head of Network Controls, Monitoring and Services Dept. |
| Head of Information Security & Fraud Management |
| Head of General Services |
| Head of Human Resources |
Under relevant Italian legislation, Italian companies with shares admitted to listing on regulated markets or in multilateral trading facilities incorporated in Italy or in other Member States of the EU, with the issuer’s consent, may request (if it is provided for in their articles of association), from intermediaries at any time personal data relating to any shareholders who have not expressly refused disclosure thereof, together with the number of shares registered in accounts held by such persons. In accordance with subsequent changes to legislation, issuers of shares recorded in the centralised management system may request from intermediaries, at any time and at their own expense, through a centralised management company, personal data on shareholders, together with the number of shares registered in accounts held by such persons. The shareholders may expressly refuse disclosure of their personal data.
It may be possible for any interested party to request from persons with voting rights in listed companies authorisation to exercise these rights at the General Meeting of Shareholders. The Bank, in its capacity as the last intermediary within the meaning of the relevant legislative provisions, has an obligation to disclose, with- 24 in three working days following receipt of the request made by anyone wishing to request authorisations with respect to a specific issuer of shares, name and contact details relating to the persons entitled to the voting right and who have not expressly refused disclosure of their personal data, as well as the number of shares of the issuing company registered in the relevant accounts.
We therefore inform you that in implementation of the legislation referred to above, in the situations described above and where there is no express refusal from the affected client, the Bank will arrange to provide the aforementioned persons with the required information, as detailed above. The disclosures described above will not entail any additional costs or obligations for you. You may change your preference as to being a subject to the Bank’s disclosure and refuse for such disclosure to be made at any time by simply sending a written notification to the Bank.