Intesa Sanpaolo S.p.A., with registered office in Piazza San Carlo 156, 10121 Turin, Head of the Intesa Sanpaolo international banking group, in the capacity of Processing Controller provides you with some information on the use of personal data you have provided through this site called Destination Gusto, created to promote product offers from leading companies, expression of excellence of the territory, gathered by the Intesa Sanpaolo Group.
SECTION 2 - DATA PROTECTION OFFICER CONTACT DETAILS
Intesa Sanpaolo has appointed the “data protection officer” required by the Regulation (known as “Data Protection Officer
SECTION 3 - CATEGORIES OF PERSONAL DATA, PURPOSES AND LEGAL GROUNDS FOR PROCESSING
Categories of Personal Data
The Personal Data processed by the Bank include, by way of example, personal details and contact information.
Purposes and legal basis of processing
Your Personal Data, communicated by you to the bank or collected from third parties (in the latter case subject to verifying respect of the conditions of lawfulness by those third parties), are processed by the Bank as part of its activity for the following purposes:
a) Offer of services and/or products of the Bank
The provision of your Personal Data required to perform activities connected to the offer of services and/or products requested by you is not mandatory, but any refusal to provide those Personal Data will prevent the Bank from fulfilling your request.
b) Fulfilment of national and Community regulatory requirements
The processing of your Personal Data to fulfil regulatory requirements is mandatory and your consent is not required. Such processing is mandatory, for example, when required by the regulations on anti-money laundering, tax, anti-bribery, preventing fraud in payment services or to fulfil provisions or requests of the supervisory and control authority.
c) Direct and indirect marketing
The processing of your Personal Data,
- to perform activities functional to the promotion and sale of products and services of companies of the Intesa Sanpaolo Group or third companies via letter, telephone, Internet, SMS and other communication systems;
is optional and your consent is required.
d) Legitimate interest of the Controller
The processing of your Personal Data is necessary to pursue a legitimate interest of the Bank, namely:
- to perform fraud prevention activity;
- to acquire images and videos from video surveillance systems for security purposes;
- to pursue any additional legitimate interests. In the latter case, the Bank may process your Personal Data only after having informed you and having ascertained that the pursuit of its legitimate interests or those of third parties does not compromise your rights and fundamental freedoms and your consent is not required.
SECTION 4 - CATEGORIES OF RECIPIENTS TO WHICH THE PERSONAL DATA MAY BE COMMUNICATED
To pursue the purposes indicated above, the Bank may need to communicate your Personal Data to the following categories of recipients:
1) Companies of the Intesa Sanpaolo Group
including companies that manage the information system and some administrative, legal and accounting services, and subsidiary companies.
2) Third parties
(companies, freelance professionals, etc.) operating both within and outside the European Union which process your Personal Data as part of:
- banking, financial and insurance services, payment systems, revenues and treasuries;
- provision and management of IT procedures and systems;
- management of customer communication, as well as archiving of data and documents both in paper and electronic format; - identification of the quality of the services, market research, information and commercial promotion of products and/or services.
(for example, judicial, administrative, etc.) and public information systems established at the public administrations, such as, for example, the Central Credit Register at the Bank of Italy, the Central Anti-Fraud Office of Payment Means (known as UCAMP) and the Public system for administrative prevention of fraud in the consumer credit sector with specific reference to identify theft (known as SCIPAFI), the latter established at the Ministry of Economy and Finance, as well as the Tax Registry - Archive of relationships with financial operators.
The Companies of the Intesa Sanpaolo Group and third parties to which your Personal Data may be communicated act as: 1) processing Controllers, namely entities that determine the purposes and means of processing of the Personal Data; 2) Processors, namely entities that process the Personal Data on behalf of the Controller or 3) Joint Controllers of processing which determine jointly with the Bank of Italy the purposes and methods of the same. The updated list of entities identified as Controllers, Processors or Joint Controllers is available at all Intesa Sanpaolo branches.
SECTION 5 - TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANISATION OUTSIDE THE EUROPEAN UNION.
Your Personal Data are processed by the Bank within the territory of the European Union and are not disseminated.
SECTION 6 - PROCESSING METHODS AND STORAGE TIMES OF PERSONAL DATA
Your Personal Data are processed using manual, IT and electronic tools and so as to guarantee the security and confidentiality of those data. Your Personal Data are stored, for a period of time not exceeding that necessary to achieve the purposes for which they are processed, subject to the storage periods provided by law. In particular, your Personal Data are stored for a period of 18 months commencing from their acquisition
SECTION 7 - RIGHTS OF THE DATA SUBJECT
In the capacity as Data subject, you may exercise, at any time towards the Data Controller, the rights provided by the Regulation (right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object) by sending a specific request in writing to the e-mail email@example.com
; by post to the address Intesa Sanpaolo S.p.A., Piazza San Carlo, 156 – 10121 Turin