• email: dpo@solution.bank

For any communication with the DPO, please include your contact details in your request, as these are essential for identifying and responding to you.

Personal Data Subject to Processing

Following Your Navigation of the Site, We inform you that, as a result of your navigation on the Site, Solution Bank S.p.A. will process personal data that may consist of identifiers such as your name, an identification number, an online identifier, or one or more elements characteristic of your physical, physiological, psychological, economic, cultural, or social identity that are capable of making the subject identified or identifiable (hereinafter referred to as “Personal Data”). The Personal Data processed through the Site are as follows: Browsing Data The IT systems and software procedures responsible for the operation of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes, for example, IP addresses or domain names of the computers used by users connecting to the site, URIs (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.), and other parameters related to the user’s operating system and IT environment. This information is not collected to be associated with identified data subjects; rather, it is used solely to obtain anonymous statistical information on the use of the site and to monitor its proper functioning. However, due to their nature, such data could, through processing and association with data held by third parties, allow for the identification of users. It should be noted that the data could be used by competent authorities for the investigation of responsibilities in the case of alleged computer crimes.
Special Categories of Personal Data When using the “Work with Us” section of the Site, you may provide Personal Data that falls within the special categories of Personal Data as defined in Article 9 of the European Regulation 2016/679, specifically “data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as processing genetic data, biometric data intended to uniquely identify a natural person, data concerning health or sex life or sexual orientation.” We encourage you not to publish such data unless strictly necessary. Please note that if you provide special categories of Personal Data without specific consent to process such data (which does not preclude you from submitting a CV), the Bank will not be held responsible or subject to any complaints, as the processing will be permitted because it involves data manifestly made public by the data subject, in accordance with Article 9, paragraph 1, letter e) of the European Regulation 2016/679. We emphasize, as previously noted, the importance of providing explicit consent for the processing of special categories of Personal Data if you decide to share such information. We also inform you that, for selection purposes, the Bank may analyze professional social profiles that you have freely made available on the Internet (e.g., LinkedIn). Cookies Cookies are small text strings that websites visited by the user send to their device (usually to the browser), where they are stored and then retransmitted to the same websites on the user’s subsequent visit. During navigation on a site, the user may also receive cookies from sites or web servers other than the one they are visiting (so-called “third parties”), which may host certain elements (such as images, maps, sounds, specific links to pages of other domains) present on the site being visited. Thanks to cookies, the server sends information that will be read and updated each time the user returns to the site. This allows the website to automatically adapt to the user, enhancing their browsing experience. Additionally, cookies provide the site manager with anonymous information about user navigation, including statistical data on site usage to improve the browsing experience. The information collected via cookies can also be used to build a “profile” of the preferences expressed by the user during navigation, in order to personalize promotional messages. Under data protection regulations, cookies can be divided into “technical” cookies, for which user consent is not required, and “profiling” cookies, for promotional purposes, for which user consent must be obtained. Even for the use of “third-party” cookies, it is necessary to inform the user and obtain their consent. Technical Cookies This category of cookies is further divided into:

• Navigation/Session Cookies. These are essential cookies that allow users to navigate within the site and use all of its functionalities, such as maintaining the session and accessing restricted areas. They are strictly necessary, as without them, it would not be possible to provide the requested services. These cookies do not collect information for commercial purposes.
• Analytics Cookies. These cookies collect and analyze information about visitors’ use of the site (such as pages visited, number of accesses, time spent on the site, etc.) to optimize site management. These cookies do not collect information that can identify users in any way.
• Functionality Cookies. These cookies allow the user to navigate based on a set of selected criteria (such as language) in order to provide a better browsing experience.

Profiling Cookies Information about the user can be collected through cookies to send advertising messages in line with the user’s preferences expressed during online browsing (profile). Due to the impact on the user’s privacy of using such profiling techniques, user consent is required. If cookies are used for these purposes, the site will display a specific summary notice (banner) including instructions on how to consent to the use of profiling cookies, in accordance with the guidelines of the Privacy Authority’s measure “Identification of simplified procedures for information and consent for the use of cookies – May 8, 2014”. Profiling data is retained for twelve months. Please note that no profiling cookies are present on this site.
Third-Party Cookies While browsing the site, cookies may be installed by other sites, accessible from the site but managed by other parties (third parties). In this case, the site owner acts solely as a technical intermediary between the user and these sites.
**Cookies Present on the Site**:  

Cookie Disabling and Deletion The settings of the browser you use to browse allow for both the deletion and prevention of cookies from being installed on your electronic device. Below is information for managing cookies in major browsers: Internet Explorer and Microsoft Edge, Safari, Chrome, Firefox, Opera, Android, Windows Phone. For more information on cookies and how to manage or disable third-party or marketing/retargeting cookies, you can visit specific sites such as www.youronlinechoices.com or https://www.ghostery.com/. Note: Unless you change your browser settings, continuing to browse will imply consent to the use of such cookies. Consent will be recorded in a technical cookie lasting one year.
Data Voluntarily Provided by the User
To access certain reserved services, registration and submission of some personal data are necessary. Providing certain identifying data is required to authenticate and verify authorization to access various levels of reserved areas. Sensitive or judicial data will not be processed. The optional, explicit, and voluntary sending of emails to the addresses listed on this site results in the acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the communication. Specific summary information will be progressively displayed or visible on the site’s pages prepared for particular request services.
Purposes
The data you provide may be processed for conducting operations strictly necessary to provide the services you may request, including navigating between the site’s pages; providing technological services (mailing lists, newsletters, remote or local assistance and maintenance, etc.), including those by specifically authorized third parties; activities required by laws, regulations, or provisions for executing commercial orders; statistical analyses on aggregated data regarding site performance; evaluations concerning the use of the site by users; optimizing commercial offers through targeted and selective analyses; sending advertisements and/or commercial proposals based on data profiling to highlight information and commercial proposals tailored to your interests as demonstrated by accessing the site’s pages and using available services. On the pages of the site where your personal data is explicitly collected, you will find further specific privacy notices, as well as methods for acquiring your consent when the data controller relies on such legal bases for processing.
Legal Basis
The processing of your personal data will be carried out based on one or more of the following conditions. In particular, the processing carried out for the purposes described above involves:

• points 1 and 2 are based on the necessity to execute your explicit requests to receive a service directly available through the site: this involves the provision of data that is strictly necessary and related to a pre-contractual and/or contractual phase or functional to respond to a specific request from you. Therefore, the data collected on each occasion is mandatory, and if you do not provide it, it will not be possible to deliver the service or respond to your request.
• point 3 is based on the necessity to comply with a legal obligation, such as the requirement to implement security measures mandated by specific banking/financial sector laws applicable to certain services provided through the site. Consequently, these data and related processing activities are mandatory.
• point 4, since these are anonymized data, meaning data from which it is not possible to re-identify an individual, even indirectly, such data are no longer considered personal data. Therefore, the processing of these data is exempt from privacy regulations and does not require a specific legal basis.
• points 5, 6, and 7, these will be based on your informed and freely given consent, which will be requested on specific pages of the site and preceded by our detailed privacy notice or through cookies. In this case, providing data is entirely voluntary; if you do not consent, the data will not be collected or used for these purposes. If you have given consent, you may withdraw it at any time, and from the point of withdrawal, your data will no longer be processed for these purposes. For clarity, please note that the withdrawal of consent does not affect the data processed before the withdrawal.

If you are under the age of 16, the processing of your data for these purposes will require obtaining authorization from the person holding parental responsibility for you. All data will be processed primarily in electronic format. Personal data and any other information that can be directly or indirectly associated with a specific user will be collected and processed using technical and organizational security measures to ensure an adequate level of security relative to the risk, considering the state of the art and implementation costs. Where required, security measures prescribed by specific regulations, such as those issued by the Data Protection Authority or specific regulations for the banking/financial sector, will be applied and will be accessible only to authorized personnel. Regarding personal data protection, you are invited, under Article 33 of the GDPR, to report any circumstances or events that might result in a potential “data breach” to allow for immediate assessment and the adoption of appropriate actions to address such an event. Please send any such communication to dpo@solution.bank. A data breach is defined as “a security breach that leads to accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data transmitted, stored, or otherwise processed.” The measures taken by the data controller do not exempt the user/customer from the necessity of paying appropriate attention to the use of passwords/PINs of adequate complexity, which should be periodically updated and kept secure and inaccessible to others, to prevent misuse and unauthorized access. Personal data will be retained in a form that allows identification of the data subjects for a period not exceeding the achievement of the purposes for which the data is processed, except where a longer retention period is required following requests by competent authorities in matters of crime prevention and prosecution or to assert or defend a legal right in judicial proceedings. Personal data will be processed by personnel specifically authorized by the data controller as well as by third parties, potentially located in countries outside the European Union, only when necessary for the operation and maintenance of the site and the services offered through the site, subject to any legal obligations (e.g., inspections by tax authorities). Under no circumstances will the data be made public. As required by the GDPR, the data controller will appoint third-party companies as data processors who carry out all or part of the activities on behalf of the data controller. In the event that third parties located outside the European Union are involved, appropriate safeguards corresponding to the adequacy decisions issued by the European Commission and/or the relevant national Data Protection Authority are adopted for the transfer of data abroad. Further information regarding potential data transfers to countries outside the European Union and the related safeguards adopted, as well as information about the appointed data processors, can be requested from the DPO. Personal data provided by users who request the sending of informational materials (such as various documents, reports, responses to inquiries, publications, etc.) are used solely to execute the requested service or performance and are communicated to third parties only if necessary for this purpose (e.g., for the delivery service of publications). In relation to the processing of your personal data carried out through this site, you can exercise your rights under the GDPR at any time. Specifically, you can:

• access your personal data, obtaining evidence of the purposes pursued by the data controller, the categories of data involved, the recipients to whom the data may be communicated, the applicable retention period, the existence of automated decision-making processes, including profiling, and, at least in such cases, significant information on the logic used, as well as the importance and potential consequences for the data subject, where not already indicated in this Privacy Notice.
• obtain without delay the rectification of inaccurate personal data concerning you;
• obtain, in cases provided by law, the deletion of your data;
• obtain the restriction of processing or object to it, when permitted under applicable legal provisions in the specific case;
• in cases provided by law, request the portability of the data you have provided to the data controller, that is, to receive it in a structured, commonly used, and machine-readable format, and also request that such data be transmitted to another controller, if technically feasible;
• where appropriate, file a complaint with the supervisory authority.

For personal data processing for which the legal basis is consent, you can always revoke it and, in particular, exercise the right to object to direct marketing. To exercise these rights, you only need to contact the DPO using the contact details provided at the beginning of this Privacy Policy. For further information regarding your rights and privacy regulations in general, we invite you to visit the website of the Data Protection Authority at http://www.garanteprivacy.it/
Modifications
This Privacy Policy has been in effect since May 25, 2018. The Bank reserves the right to modify or update its content, in whole or in part, also due to changes in applicable regulations; such changes will be communicated to you as soon as they are introduced and will be binding as soon as they are published on the Website. Therefore, the Bank invites you to regularly visit this section to review the most recent and updated version of the Privacy Policy so that you are always informed about the data collected and its use.  

Version of May 25, 2018