• email: dpo@solution.bank

For any communication with the DPO, please include your contact details in your request, as these are essential for identifying and responding to you.

Personal Data Subject to Processing

Following the navigation of the Site, we inform you that Solution Bank S.p.A. will process personal data that may consist of an identifier such as name, an identification number, an online identifier or one or more characteristic elements of your physical, physiological, psychic, economic, cultural or social identity that can make the subject identified or identifiable (hereinafter only ‘Personal Data’).

The Personal Data processed through the Site are as follows:

Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes, by way of example, the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and IT environment. This information is not collected in order to be associated with identified interested parties, as the data is used solely for the purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. Please note that the data could be used by the competent authorities to ascertain responsibility in the event of hypothetical computer crimes.

Special categories of personal data

When using the ‘Working with us’ section of the Website, you may be asked to provide Personal Data falling under the special categories of Personal Data referred to in Art. 9 of the European Regulation 2016/679, verbatim the ‘[…] data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data concerning the health or sex life or sexual orientation of the person’. We urge you not to publish such data unless strictly necessary. In fact, we would like to remind you that in the event of the transmission of special categories of Personal Data, but in the absence of a specific manifestation of consent to process such data (an eventuality which, however, obviously allows you to send a curriculum vitae), the Bank cannot be held liable in any way, nor can it receive any objections whatsoever, since in such a case the processing will be permitted insofar as it concerns data manifestly made public by the data subject, in accordance with Article 9(1)(e) of European Regulation 2016/679. We specify, however, the importance – as mentioned above – of expressing explicit consent to the processing of special categories of Personal Data, should you decide to share such information.

We also inform you that, for selection purposes, the Bank may analyse social profiles of a professional nature made freely available by you on the Internet (e.g. LinkedIn).

Cookies

Cookies are small text strings that the sites visited by the user send to his/her terminal (usually to the browser), where they are stored and then retransmitted to the same sites the next time the same user visits. While browsing a site, the user may also receive cookies on his terminal equipment that are sent by different sites or web servers (so-called ‘third parties’), on which some elements (such as, for example, images, maps, sounds, specific links to pages of other domains) present on the site that the same user is visiting may reside.

Thanks to cookies, the server sends information that will be re-read and updated every time the user returns to the site. In this way the website can automatically adapt to the user, improving the user’s browsing experience. In addition, cookies provide the site operator with anonymous information on the users’ browsing, also to obtain statistical data on the use of the site and to improve its navigation. The information collected through cookies can also be used to build a ‘profile’ of the preferences expressed by the user during browsing, in order to customise marketing messages. On the basis of the legislation on the protection of personal data, cookies can therefore be divided into ‘technical’ cookies, for the use of which the user’s consent is not required, and ‘profiling’ cookies for promotional purposes, for which the user’s consent must be obtained. The use of ‘third party’ cookies also requires the user’s information and consent.

Technical cookies

This type of cookie is further subdivided into:

• Navigation/Session Cookies. These are essential cookies that allow users to navigate within the site and use all of its functionalities, such as maintaining the session and accessing restricted areas. They are strictly necessary, as without them, it would not be possible to provide the requested services. These cookies do not collect information for commercial purposes.
• Analytics Cookies. These cookies collect and analyze information about visitors’ use of the site (such as pages visited, number of accesses, time spent on the site, etc.) to optimize site management. These cookies do not collect information that can identify users in any way.
• Functionality Cookies. These cookies allow the user to navigate based on a set of selected criteria (such as language) in order to provide a better browsing experience.

The information collected by this type of cookie is anonymous. The website functions optimally if technical cookies are enabled; however, you can decide not to allow cookies on your computer by changing the settings of the browser you are using. Please note, however, that if you disable cookies, some functions of the site may be disabled. Please note that there are internal session cookies within the site (which are deleted when the browser is closed).

Profiling cookies

Cookies can be used to collect information about the user for the purpose of sending advertising messages in line with the user’s preferences when surfing the Internet (profiling). Because of the impact on the user’s privacy of the use of such techniques for profiling purposes, the user’s consent must be obtained. In the event that cookies are used for such purposes, a specific brief information notice (banner) will be proposed on the site, also containing an indication of the means by which it is possible to express consent to the use of profiling cookies, in accordance with the requirements contained in the provision of the Privacy Guarantor ‘Identification of the simplified means for the provision of information and acquisition of consent for the use of cookies – 8 May 2014’. Profiling data are stored for twelve months. Please note that there are no profiling cookies within the website.

Third-party cookies

When browsing the site, cookies may be installed by other sites, accessible from the site but managed by other parties (third parties). In this case the site owner acts only as a technical intermediary between the user and these sites.

Cookies on the Site:

 

and

of

A

,

Cookie Type	Owner Technical Name	Cookies Function and Purpose	Duration
bancaincasa.sba.bcc.it	JSESSIONID	Session Cookies	–
Solution.bank	cookie_notice_accepted	cceptance of Privacy Cookie Policy	1 year
Solution.bank	wordpress_test_cookie, wordpress_logged_in_%ID%, wordpress_sec_%ID%	Gestire l’autenticazione in un’area riservata di WordPress	–
Solution.bank	wp-settings-1	wp-settings-time-1WordPress settings	1 anno
Solution.bank	PHPSESSID	WordPress session cookies	–

 

Disabling and Deleting Cookies

The settings of the browser used by the user to browse allow both the deletion and the
possibility to prevent the installation of cookies on the electronic device used.
Below is information on how to manage cookies in the main browsers:

• Internet Explorer e Microsoft Edge
• Safari
• Chrome
• Firefox
• Opera
• Android
• Windows Phone

To learn more about cookies and how to manage or disable third-party or marketing/retargeting cookies, you can visit specific sites such as www.youronlinechoices.com or https://www.ghostery.com/.

Note: unless your browser settings are different, by continuing to browse you consent to the use of these cookies. The consent will be recorded in a technical cookie with a duration of one year.

Data provided voluntarily by the user

To access certain services reserved for users, it is necessary to register and enter certain personal data. The provision of certain identification data is necessary in order to authenticate and verify the legitimacy of access, at the different levels of the reserved areas, of the persons accessing them. Under no circumstances will sensitive or judicial data be processed. The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the subsequent acquisition of the sender’s address, which is necessary to reply to requests, as well as any other personal data included in the message. Specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request.

Purpose

The data you provide may be processed for:

1) the performance of the operations strictly necessary in order to proceed with the provision of the services you may have requested, including your browsing through the pages of the site;
2) the provision of technological services (mailing lists, newsletters, remote or local support and maintenance, etc.), also by specifically authorised third parties;
3) activities imposed by laws, regulations or measures for the execution of commercial orders;
4) statistical processing of aggregate data in relation to the performance of the site
5) evaluations regarding the use of the site by users
6) optimising the commercial offer also by means of focused and selected analyses
7) sending advertising and/or commercial proposals on the basis of the profiling of your data, implemented in order to highlight information and commercial proposals tuned to the interests you have shown by accessing the pages and using the services available on this site.

On the pages of the site where your personal data are explicitly collected, you will find further specific privacy information where necessary, as well as the methods for obtaining your consent in cases where the controller uses this legal basis for processing.

Legal basis

Your personal data will be processed on the basis of one or more of the following conditions. In particular, processing carried out for the purposes described above, concerning:

• points 1 and 2 are based on the necessity to execute your explicit requests to receive a service directly available through the site: this involves the provision of data that is strictly necessary and related to a pre-contractual and/or contractual phase or functional to respond to a specific request from you. Therefore, the data collected on each occasion is mandatory, and if you do not provide it, it will not be possible to deliver the service or respond to your request.
• point 3 is based on the necessity to comply with a legal obligation, such as the requirement to implement security measures mandated by specific banking/financial sector laws applicable to certain services provided through the site. Consequently, these data and related processing activities are mandatory.
• point 4, since these are anonymized data, meaning data from which it is not possible to re-identify an individual, even indirectly, such data are no longer considered personal data. Therefore, the processing of these data is exempt from privacy regulations and does not require a specific legal basis.
• points 5, 6, and 7, these will be based on your informed and freely given consent, which will be requested on specific pages of the site and preceded by our detailed privacy notice or through cookies. In this case, providing data is entirely voluntary; if you do not consent, the data will not be collected or used for these purposes. If you have given consent, you may withdraw it at any time, and from the point of withdrawal, your data will no longer be processed for these purposes. For clarity, please note that the withdrawal of consent does not affect the data processed before the withdrawal.

Furthermore, if you are under 16 years of age, the processing of your data for these purposes will require the authorisation of the holder of parental responsibility over you.

Processing methods, security measures and retention times

All data will be processed mainly in electronic format. Personal data, as well as any other information that can be associated, directly or indirectly, with a specific user, are collected and processed by applying technical and organisational security measures such as to guarantee a level of security appropriate to the risk, taking into account the state of the art and the costs of implementation, or, where foreseen, security measures prescribed by specific legislation such as, but not limited to: measures provided for by applicable provisions issued by the Italian Data Protection Authority or by specific rules and regulations for the banking/financial sector and shall be accessible only to specifically authorised personnel. Precisely with reference to personal data protection aspects, you are invited, pursuant to Article 33 of the GDPR, to report to the data controller any circumstances or events from which a potential ‘personal data breach’ may arise in order to allow for an immediate assessment and the adoption of any actions to counter such an event, by sending a communication to dpo@solution.bank. Please note that a personal data breach is defined as ‘a breach of security leading accidentally or unlawfully to the destruction, loss, modification, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed’.

The measures adopted by the holder do not exempt the user/customer from paying the necessary attention to the use, where required, of passwords/PINs of appropriate complexity, which he/she shall update periodically as well as carefully guard and make inaccessible to others, in order to avoid improper and unauthorised use.

The personal data processed will be stored in a form that allows the identification of the data subjects for a period of time not exceeding the achievement of the purposes for which they are processed, without prejudice to the need to store them for a longer period following requests by the competent Authorities for the prevention and prosecution of offences or, in any case, to assert or defend a right in court.

Categories of recipients of personal data

Personal data will be processed by specifically authorised personnel of the data controller as well as by third parties, including those established in countries outside the European Union, only if this is necessary for the operation and maintenance of the site and of the services made available through the site itself, without prejudice to any obligations provided for by law (e.g. inspections by the Tax Authority). Under no circumstances will they be disclosed to the public.

As required by the GDPR, the data controller shall appoint as data processors the third-party companies that perform all or part of the activities in question exclusively on behalf of the data controller. In the case of the involvement of third parties established in countries outside the European Union, the appropriate safeguards corresponding to the adequacy decisions issued by the European Commission and/or the National Data Protection Authority appropriate to the case are adopted for the relevant data transfer abroad. Further information regarding cases of possible data transfers to countries outside the European Union and the relevant safeguards adopted, as well as information regarding the companies appointed as data processors, may be requested from the DPO.

The personal data provided by users who request the dispatch of informative material (various documents, reports, answers to queries, publications, etc.) are used for the sole purpose of performing the service or provision requested and are communicated to third parties only if necessary for that purpose (e.g. dispatch of publications).

Rights of data subjects

In relation to the processing of your personal data carried out through this site, you may at any time exercise your rights as a data subject under the GDPR. In particular you may:

• access your personal data, obtaining evidence of the purposes pursued by the data controller, the categories of data involved, the recipients to whom the data may be communicated, the applicable retention period, the existence of automated decision-making processes, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and potential consequences for the data subject, where not already indicated in this Privacy Notice.
• obtain without delay the rectification of inaccurate personal data concerning you;
• obtain, where provided by law, the erasure of your data;
• obtain the restriction of processing or to object to it, when allowed under the applicable legal provisions for the specific case;
• in cases provided by law, request the portability of the data you have provided to the data controller, meaning to receive them in a structured, commonly used, and machine-readable format, and also request to transfer such data to another data controller, if technically feasible;
• where deemed appropriate, lodge a complaint with the supervisory authority.

For the processing of personal data for which the legal basis is consent, you may always withdraw it and in particular exercise your right to object to direct marketing. To exercise these rights, simply contact the DPO by referring to the contact details given at the beginning of this Policy. For further information on your rights and on privacy regulations in general, we invite you to visit the website of the Italian Data Protection Authority at http://www.garanteprivacy.it/

Modifications

This privacy policy is in force as of 25 May 2018. The Bank reserves the right to modify or simply update its content, in part or in full, also due to changes in the applicable legislation; it will inform you of such changes as soon as they are introduced and they will be binding as soon as they are published on the Website. The Bank therefore invites you to visit this section regularly to acquaint yourself with the most recent and up-to-date version of the privacy policy so that you are always up-to-date on the data collected and how it is used.

 

Version of May 25, 2018