Computer systems and software procedures responsible for the operation of this website and the application acquire, during their normal operation and only for the duration of the connection, some personal data whose transmission is implicit in the use of Internet communication protocols and the application. This is information that is not collected to be associated with identified data subjects, but which by its very nature could, through the processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers and mobile devices used by users who connect to the website and application, URI addresses (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters related to the operating system and the user’s IT environment.
This data are processed for the following purposes:
o to comply with national and European law and the regulations of supervisory and control bodies, also in relation to operating and credit risk monitoring obligations at banking Group level; the processing of personal data in order to comply with regulatory requirements is mandatory and your consent is not required.
o to pursue a legitimate interest of Intesa Sanpaolo, Group companies or third parties if such interests do not conflict with the interests or fundamental rights and freedoms of the data subjects (article 6.1 letter f of Regulation (EU) no. 679/2016), namely:
o to ascertain liability in the event of hypothetical computer crimes against the website, and for investigations should any disputes arise.
o to collect anonymous statistical information on the use of the website and application and to monitor their proper functioning, as well as for measurement purposes and to improve the services offered and the website and application.
o to pursue any other legitimate interests. In the latter case, the Data Controller may process your Personal Data only after informing you and having ascertained that achieving its legitimate interests or those of third parties does not compromise your fundamental rights and freedoms.
and your consent is not required.
The browsing data collected (both via the website and the application) are stored on the servers for a period of 7 days. Personal Data may, also, be processed for a longer period, if an act interrupting and/or suspending the statute of limitations occurs that justifies the extension of data retention..
With regard to the data saved by the application in the “keystore” of the mobile device, on the basis of the operating system used please note:
• Android: data is saved in “shared preferences” until the customer clicks on “Cancel data” in Manage Applications or uninstalls the application;
• IOS: data is saved in the “keystore”.
The Bank is not involved in this processing; for further information on the saving and erasure of data on mobile devices please contact the producers of the operating systems used.