INFORMATION ON THE WEBSITE (Art. 13 Reg. EU 2016/679)

Introduction

This page describes the procedures used to manage the Banca Popolare di Sondrio Società cooperativa per azioni website with regard to the processing of the personal data of those who visit it.

It is an Information Notice provided pursuant to art. 13 of Regulation (EU) 679/2016 - hereinafter the “Regulation” - to those who interact with the Bank's home banking services, which are accessible online from this website.

The Information Notice refers solely to this website and does not cover any other sites which users may decide to browse by clicking other links.

Data Controller

Upon consulting this website personal data may be processed relative to identified or identifiable persons. The “Data Controller” is Banca Popolare di Sondrio, a cooperative joint-stock company, with registered office in Piazza Garibaldi, 16 - 23100 Sondrio (SO).

Data Protection Officer

In compliance with the regulatory obligations, the Bank has appointed a Data Protection Officer “DPO”, whose contact details are as follows: email address: responsabileprotezionedati@popso.it PEC: responsabileprotezionedati@pec.popso.it; tel. no.:

1. CATEGORIES OF PROCESSED DATA

Personal data means any information concerning an identified or identifiable natural person (hereinafter “Data Subject”). When you visit our website we may process the following process data:

  • Identification data: including your name, surname, company name;
  • Contact details: email address;
  • Technical and navigation data: by way of example, but not limited to , Internet Protocol (IP) address, login details, type and version of browser used, time zone settings and location, the types and versions of browser plug-ins, the operating system, platform, and other technologies of devices used to access this website.

2. HOW WE COLLECT YOUR DATA

We use different methods to collect your data:

  • Direct interaction: you may provide us with your identification and contact details by filling in the appropriate forms on the website or by contacting us by standard mail, telephone, email or any other form. 
  • Automated technologies or interfaces: when you interact with our website, we automatically collect certain technical data on your devices and navigation activities. To collect some of this information we use cookies, small text files that are sent and placed by our website and stored by the browser installed on your device. Please visit our “Cookies Policy” for further information.

3. HOW WE USE YOUR PERSONAL DATA

The following is a description of the ways we use your personal data and the legal bases that justify such processing, also identifying the legitimate interests of the Bank. In particular, your personal data is used in the following circumstances:

  • when it is necessary to provide a service you request (for instance, to respond to a contact request) or to enable the execution of website support and maintenance services;
  • when it is necessary to pursue a legitimate interest of the Bank, only if its fundamental interests and rights do not prevail over such a legitimate interest.

The table below provides a detailed description of the purposes of data processing, the legal bases on which it is based and the relative storage and retention times.

Purpose Legal basis Retention times
Functioning of the website, provision of the relevant services and control of the correct functioning of the same. Execution of a contract For the entire duration of the website navigation session.
Statistical performance analyses, carried out by tracking activities using a code placed on your browser (e.g. cookies). Legitimate interest For the entire duration of the website navigation session.
Execution of a contact request submitted via a specific online form or other tools (email, etc.). Execution of a contract Data shall be erased within 30 days from submitting the request.

4. CONFERRAL OF DATA

We may need to process and collect your personal data to execute a contract or provide a service, for example to respond to a contact request you submit. In these cases, the conferral of personal data is mandatory; therefore, if you refuse to provide such data when requested, we shall be unable to provide the relevant service.

5. RECIPIENTS OF THE DATA AND AUTHORISED DATA PROCESSORS

Personal data can be disclosed to subjects operating as independent data controllers, including authorities and supervisory and control bodies and, more in general, subjects, public or private, entitled to request such data.

The data may be processed, on behalf of the Bank, by persons designated as data processors, including, for instance, companies appointed to provide website maintenance services. The Bank verifies and ensures that all its suppliers undertake to comply with the security regulations regarding your personal data and to process them in accordance with the laws in force. Moreover, the Bank does not allow them to use your personal data for their own purposes, but solely for those specifically defined by the Bank and in accordance with the instructions provided by the latter.

The data may only be processed by the employees of the company departments appointed to pursue the aforementioned purposes, who have been expressly authorised to carry out such processing and have received adequate operating instructions.

6. TRANSFER OF PERSONAL DATA TO NON-EU COUNTRIES

Your personal data shall not be disseminated or transferred to non-EU countries.

7. RIGHTS OF THE DATA SUBJECT

In the cases provided for in art. 15 et seq. of the Regulation, you are entitled to obtain from the Bank access to your personal data, their rectification or erasure and portability to another Data Controller, as well as the right to restriction of such processing. In any case, you also have the right to lodge a complaint with the Authority for the Protection of Personal Data, as well as to resort to the other means of protection provided for by the applicable legislation, pursuant to arts. 77 and 79 of the Regulation.

For further information, please contact the branch where your account is opened or, in writing, to the DPO c/o Banca Popolare di Sondrio - Data protection and management - Piazza Garibaldi, 16 - 23100 Sondrio (SO), email privacy@popso.it

8. LINKS TO THIRD PARTY SITES

This website may contain links to third-party Sites, plug-ins, and applications. By clicking on these links or enabling such applications, this may allow third parties to collect or share your data. The Bank does not manage any third party sites and we are therefore not responsible for their information notices on the processing of your personal data. When you leave our website, the Bank recommends that you consult the information notices of any third-party site you visit thereafter.

9. AMENDMENTS TO THE INFORMATION NOTICE

The Bank reserves the right to amend and update this Information Notice. We therefore recommend you consult it on a regular basis. It is important that your personal data is always complete, accurate and up-to-date. To this end, please notify any such amendments to the Bank who shall rectify them accordingly.