Privacy

We make every effort to protect your personal dataand guarantee its security and confidentiality

Data Controller

The methods of managing the website relating to processing the personal data of users visiting the website are detailed in this section. This Privacy Policy is provided, pursuant to Articles 13 and 14 of Regulation (EU) 2016/679, for those who use web-based services of Intesa Sanpaolo Private Banking S.p.A (hereinafter, “Intesa Sanpaolo Private Banking” or the “bank”), accessible online from the address:
 

This document also takes into account Recommendation no. 2/2001 that the European data protection authorities adopted to identify the minimum requirements for online personal data collection.

This Privacy Policy is only provided for the website www.intesasanpaoloprivatebanking.it , and does not apply to other websites which the user may access via links.

The Data Controller is Intesa Sanpaolo Private Banking S.p.A. with registered office in Milan, Via Montebello 18 – 20121.

Privacy Policies

Privacy Policy - Intesa Sanpaolo Private Banking
Code of conduct - Information notice

DPO - Data Protection Officer

Intesa Sanpaolo Private Banking has identified a person from within the Intesa Sanpaolo Group organisation, to which ISBP belongs, whom it has appointed “Data Protection Officer (DPO)”, as required by Article 37 of Regulation (EU) 2016/679.

Data Protection Officer is a new role that is responsible for overseeing compliance with the Regulation, assessing the risks, for the data subjects (customers, prospective customers, employees, private bankers, suppliers) of any personal data processing carried out by Intesa Sanpaolo Private Banking.

The DPO provides support to Intesa Sanpaolo Private Banking in informing employees and private bankers about the obligations deriving from the Regulation and other provisions regarding the protection of personal data.

It also cooperates with the Data Protection Authority and acts as a point of contact for Intesa Sanpaolo Private Banking on every issue related to the processing of personal data.

To contact the DPO for all matters relating to the processing of your Personal Data and/or to exercise the rights provided for by the Regulation, you may contact:

  • by post to the address Intesa Sanpaolo Private Banking S.p.A. c/o Intesa Sanpaolo S.p.A., Piazza San Carlo, 156 - 10121 Torino (to the attention of Uffici Privacy), or directly at any branch of the Bank
  • by email address: dpo@intesasanpaolo.com
  • by certified email address: privacy@pec.intesasanpaolo.com


Data and processing methods

The data processing related to this site’s web services is only handled by the technical personnel of the department responsible for/authorised to perform such processing. No data from the web service is disclosed or disseminated. Personal data provided by users who request information is only used to carry out the service requested, and is only disclosed to third parties if necessary to provide said service.

The processing of personal data as a result of installing and using the Bank's APPS* (hereinafter referred to as the “apps”) is for the purpose of enabling users to use the services distributed through those applications.

For the Bank's customers, some of the data collected by the apps (e.g., geolocation data) may also be used for profiling purposes, based on the consent given, to offer products and services of the Bank and Intesa Sanpaolo Group companies.

Following the download and installation of the app, the mobile device automatically recognises the model, as well as the type and version of the operating system it uses. This information helps us to provide the required services and manage the app, analyse its use, protect the app and its content from inappropriate or improper use and improve the user experience.
Personal data is used to enable the app to function, to maintain and improve the app, and to communicate with users.

Downloading the app is also used as numerical data for the sole purpose of obtaining anonymous statistical information about the number of users who download the app.
* Intesa Sanpaolo Mobile, Intesa Sanpaolo Investo, Intesa Sanpaolo Private

Processing methods

Personal data is processed by automated systems for the time strictly necessary to achieve the purposes for which it was collected. Specific security measures are taken in order to prevent a loss of data, its illegal or improper use, and unauthorised access to data.

Note that during the ordinary course of operations, the IT systems and software procedures used to operate the apps (App Store or Google Play) acquire certain user data, whose transmission is implied in the use of the communication protocols of the Internet, smartphones and the devices used.

The Bank is not involved in such processing and therefore may not be held liable for such processing.

Users may, however, view the privacy information available on the following websites:

Browsing data

During the ordinary course of operations, and only for the duration of the connection, the IT systems and software procedures for running this website acquire some personal data, whose transmission is implied in the use of the communication protocols of the Internet (browsing data).

It concerns information that is not collected to be linked to identified data subjects, but by their own very nature could, through the processing and association with data held by third parties, allow users to be identified.

This category of data includes IP addresses or domain names of computers used by users who connect to the website, URI addresses (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters related to the operating system and the user’s IT environment.

This data is processed for the following purposes:
  • to comply with the prescriptions of domestic and European laws and provisions issued by Supervisory and Control Authorities, including in relation to the obligations to monitor the operational and credit risks at the Banking Group level; the processing of your Personal Data to comply with the regulatory provisions is mandatory and your consent is not required;
  • to pursue a legitimate interest of Intesa Sanpaolo Private Banking, companies within the Bank’s Group or third parties where such interests do not conflict with the interests or fundamental rights and freedoms of the data subjects (Article 6.1 point f of Regulation (EU) 2016/679), namely: 
    • to ascertain liability in the event of hypothetical computer crimes against the website, and for investigations should any disputes arise;
    • to obtain anonymous statistical information on the use of the website and to ensure that it is functioning correctly, as well as for measuring and improving the services offered and the website itself;
    • to pursue any and additional legitimate interests. In the latter case, the Data Controller may process your Personal Data only after having informed you and having ascertained that achieving its legitimate interests or those of third parties does not compromise your rights and fundamental freedoms;

and your consent is not required.

The browsing data collected on the website and the app will remain on the servers for 12 months. Likewise the Personal Data may be processed for a longer time, in cases an act occurs that interrupts and/or suspends the provision that justifies the extension of the data retention.

Regarding the data stored by the app in the device's keystore, depending on the operating system used, please note the following:
  • Android: data is stored in shared preferences until the customer either runs “Clear Data” from the Application Manager or uninstalls the app;
  • IOS: data is stored in the keystore.
The Bank is not involved in such processing; for further information on saving and deleting data on the device, please contact the manufacturers of the operating systems used.

Data provided voluntarily by the user

The optional, explicit and voluntary sending of emails to the addresses indicated on this website subsequently involves obtaining the sender’s address, required in order to reply to requests, as well as obtaining any other personal data within the message.

The use of personal data to send advertising material, commercial information, or the sale of products or services by the Bank may only occur if the sender has given prior consent by ticking the appropriate box.

Specific summary information will be progressively reported or displayed on the website’s pages, which provide particular services on request.


Rights of the data subject

Right of access

You can obtain confirmation from the Bank about whether your Personal Data is being processed or not and, in this case, obtain access to the Personal Data and the information envisaged under Article 15 of the Regulation, among which, by way of example: the purposes of the processing, the categories of Personal Data processed etc.

If the Personal Data is transferred to a third country or to an international organisation, you have the right to be informed of the existence of suitable guarantees relating to the transfer. If requested, the Bank can provide you with a copy of the Personal Data subject to processing. For any additional copies, the Bank may charge you a fee reasonably based on the administrative costs. If the request in question is submitted via electronic means, and unless otherwise specified, the information will be provided by the Bank in an electronic format of common usage.

Right to rectification

You may obtain rectification from the Bank of your Personal Data that is inexact as well as, taking into account the purpose of the processing, its integration, if the data is incomplete, by providing a supplementary declaration.

Right to erasure

You may obtain from the Data Controller the erasure of your Personal Data, if there is one of the reasons under Article 17 of the Regulation, including, by way of example, if the Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed or if the consent on which the processing of your Personal Data is based was revoked by you or there is no other legal principle for the processing. We hereby inform you that the Bank may not erase your Personal Data: if its processing is necessary, for example, to fulfil a legal obligation, for reasons of public interest, to verify, exercise or defend a right in court.

Right to restriction of processing

You may obtain the restriction of your Personal Data if one of the hypotheses under Article 18 of the Regulation applies, among which, for example: given your objection to the accuracy of your Personal Data subject to processing or if your Personal Data is needed in order to verify, exercise or defend a right in court, although the Bank no longer needs it for the purposes of the processing.

Right to data portability

If the processing of your Personal Data is based on the consent or is necessary for the performance of a contract or pre-contractual measures and the processing is performed with automated means, you may:
  • request to receive the Personal Data provided by you in a structured format, of common usage and legible by an automatic device (e.g., a computer and/or tablet);
  • send your Personal Data received to another Data Controller with no barrier by the Bank.
In addition, you may request that your Personal Data is sent by the Bank directly to another data controller specified by you, if this is technically feasible for the Bank. In this case, you shall provide us with all the exact details of the new data controller to whom you intend to transfer your Personal Data, providing us with suitable written authorisation.

Right to object

You may object to the processing of Personal Data at any time if the processing is performed for the execution of an activity of public interest or to achieve a legitimate interest of the Data Controller (including profiling). Should you decide to exercise the right to object described here, the Bank will abstain from processing your personal data further, unless there are legitimate reasons to proceed with the processing (reasons prevailing over the interest, rights and freedoms of the data subject), or the processing is necessary to verify, exercise or defend a right in court.

Automated decision process relating to natural persons, including profiling

The Bank, in the presence of the creditworthiness requirements and to set amount thresholds, carries out automated decision-making processes, among others, to issue credit cards, for applications for personal loans and finalised loans, providing, in these cases, more details as part of specific information and acquiring, to this end, the explicit consent. The Regulation grants the data subject the right not to be subject to a decision based only on the automated processing of your Personal Data, including profiling, which produces legal effects that concern you or significantly affect you, unless the above-mentioned decision:
a) is necessary for the conclusion or performance of a contract between you and the Bank;
b) is authorised by the Italian or European law;
c) is based on your explicit consent.
In the cases under letters a) and c), the Bank will implement appropriate measures to protect your rights, your freedoms and your legitimate interest and you may exercise the right to obtain the human intervention by the Bank, to express your opinion or dispute the decision.

Right to lodge a complaint with the Data Protection Authority

Notwithstanding your right to appeal to any other administrative or jurisdictional court, should you deem that the processing of your Personal Data by the Data Controller takes place in breach of the Regulation and/or the applicable regulations, you may lodge a complaint with the competent Data Protection Authority. For all matters relating to the processing of your Personal Data and/or to exercise the rights provided for by the Regulation, you may contact: • by post to the address Intesa Sanpaolo Private Banking S.p.A. c/o Intesa Sanpaolo S.p.A., Piazza San Carlo, 156 - 10121 Torino (to the attention of Uffici Privacy), or directly at any branch of the Bank • by email address: dpo@intesasanpaolo.com • by certified email address: privacy@pec.intesasanpaolo.com
  •  by post to the address Intesa Sanpaolo Private Banking S.p.A. c/o Intesa Sanpaolo S.p.A., Piazza San Carlo, 156 - 10121 Torino (to the attention of Uffici Privacy), or directly at any branch of the Bank
  • by email address: dpo@intesasanpaolo.com
  •  by certified email address:  privacy@pec.intesasanpaolo.com
In the “Data Controller” section, a form for exercising your rights with regard to the protection of personal data is available and may be used to submit your requests.