- DATA CONTROLLER
The data controller of the personal data collected through the Site and/or within the Customer Service is Banca CF+ S.p.A. (hereinafter “Banca CF+”), with registered office in Rome, via Piemonte n. 38, Share Capital Euro 14,000,000.00 fully paid-up, tax code and registration number with the Register of Companies of Rome 00395320583 – VAT No. 16340351002, REA No. RM-30897, Parent Company of the “Banca CF+ Banking Group”, Bank Register No. 8006, ABI Bank Code and ABI Group Code 10312.7, member of the Interbank Deposit Protection Fund, e-mail address email@example.com. Banca CF+ has appointed a Data Protection Officer (DPO), who can be reached at the following e-mail address: firstname.lastname@example.org.
- CATEGORIES OF DATA COLLECTED AND PROCESSING PURPOSES.
- Banca CF+ collects and processes the following categories of personal data of users visiting the Site:
- The Navigation data: data acquired by computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified data subjects, but by its very nature could allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc..) and other parameters relating to the operating system and computer environment of the user. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and is deleted immediately after processing. The data could also be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
- The user’s consent is not required for the collection and subsequent processing of the personal data listed above, as the processing is necessary to allow, respectively, navigation on the Site and the use of the services offered therein and, where applicable, to respond to any requests for information, support or assistance from the user.
Please note that further and more specific information on the processing of personal data in relation to the use of online banking services is available in the privacy area, to which you are referred.
- METHOD OF PROCESSING.
The data is processed with the aid of electronic, computerised or telematic tools, with logic strictly related to the purposes expressed above and, in any case, so as to ensure the security and confidentiality of the data.
Nature of data conferment and consequences in case of refusal.
|CATEGORIES OF DATA||NATURE OF DATA CONFERMENT||CONSEQUENCES IN THE EVENT OF REFUSAL|
|Navigation Data||Required||The user may not access the Site|
- COMMUNICATION, DISSEMINATION AND TRANSFER OF DATA
As a rule, personal data are not communicated to third parties, unless this is provided for as compulsory by law or by order of the judicial authorities (e.g. in case of computer crimes) or is necessary in order to protect the rights of Banca CF+. It is understood that the collected and processed data may be processed by the staff of Banca CF+, in the performance of their duties and only upon instructions of the latter, for the above-mentioned purposes and for the pursuit of the company’s aims. In order to know the updated list of all the subjects who process personal data as data processors, users can contact Banca CF+ at one of the above-mentioned addresses (point 1). Banca CF+ does not disclose users’ personal data collected through the Website, nor does it transfer them outside the European Union or the European Economic Area.
- DATA STORAGE
Users’ personal data are stored for the time strictly necessary to guarantee a correct consultation of the Site or, in case of contacts, for the time strictly necessary to follow up the user’s request and, in any case, in compliance with the law.
- USERS’ RIGHTS
Users may at any time exercise the rights granted to them by the applicable legislation on the protection of personal data (Article 7 of Legislative Decree 196/2003 and Articles 15 to 22 of Regulation (EU) 2016/679), including the right to obtain:
- Access to the following information:
- Purposes of the processing;
- Categories of personal data concerned;
- Recipients or categories of recipients to whom such personal data have been or will be disclosed, in particular if they are recipients in third countries or international organisations;
- Existence of the data subject’s right to request from the controller the rectification or erasure of personal data or restriction of the processing of personal data concerning him or her or to object to their processing.
- Rectification, by which is meant:
- Correction of inaccurate personal data concerning him/her without justified delay;
- Supplementation of incomplete personal data, including by providing a supplementary declaration.
- Deletion of data concerning him without undue delay, if:
- The data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- You withdraw your consent and there is no other legal basis for processing;
- You object to the processing and there is no overriding legitimate reason to process the data;
- The personal data have been processed unlawfully;
- The personal data must be erased to comply with a legal obligation;
- The personal data have been collected in connection with the provision of information society services.
- Limitation of processing:
- Where the accuracy of personal data is contested, for the period necessary for the controller to verify the accuracy of such personal data;
- When the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead that their use be restricted;
- Where the personal data are necessary for the establishment, exercise or defence of legal claims by the data subject, although the controller no longer needs them for the purposes of processing;
- Where you object to the processing by virtue of your right to object.
- Notification in case of rectification or erasure of personal data or restriction of processing;
- Data portability, i.e. the right to receive in a structured, commonly used and machine-readable format personal data concerning you and the right to transmit such data to another data controller, if:
- The processing is based on the express consent of the data subject for one or more specific purposes or is carried out pursuant to a contract entered into with the data subject;
- The processing is carried out by automated means.
- Object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her.
You have the right to file a complaint with a supervisory authority if you believe that the rights indicated here have not been acknowledged to you.
In order to exercise these rights, you may contact Banca CF+ at the above-indicated contacts (point 1).