Privacy Policy

 

This page describes how the website is managed in regards to the processing of personal data of the users who consult it, as well as the methods and purposes of the data processing.

This information is provided pursuant to Articles 13-14 of Regulation (EU) 2016/679 - hereinafter, GDPR - to those who interact with web services accessible by electronic means from the address:
www.intesasanpaolobankluxembourg.lu

This website is the property of INTESA SANPAOLO BANK LUXEMBOURG S.A., which manages and maintains this site with the aim of providing information and communications relating to the products or services offered.

This information is provided only for this website and not for any other websites that may be consulted through the links present on our website, for which INTESA SANPAOLO BANK LUXEMBOURG S.A. is in no way responsible.

INTESA SANPAOLO BANK LUXEMBOURG S.A. with registered office at 28 Boulevard de Kockelscheuer. L-1821 Luxembourg, in its capacity as Data Controller of your personal data, pursuant to and for the purposes of EU Reg. 2016/679 - GDPR, hereby informs you that the aforementioned legislation provides for the protection of data subjects in regards to the processing of their personal data and that such processing will be based on the principles of fairness, lawfulness, transparency and protection of your confidentiality and your rights.

 

CONTACT DETAILS OF THE DATA CONTROLLER

The Data Controller can be contacted at:

Email: DPO@intesasanpaololux.com

Your personal data will be processed in accordance to the provisions of the aforementioned legislation and the confidentiality obligations therein.

TYPES OF DATA PROCESSED

  • Navigation data

    The computer systems and software procedures used to operate this website acquire, during normal operations, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by the users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and IT environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check that it is functioning correctly, and is deleted immediately after being processed. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the site.

  • Identification data

    First and last name, provided directly by the user.

  • Contact data

    email address, provided directly by the user. 

     

PURPOSES OF THE PROCESSING 

  • Sending communications through the contacts section: the optional, explicit and direct communication of the user’s email address when sending an email for a specific request entails the subsequent acquisition of the sender’s email address in order to send an answer to the query.  

  • Statistical purposes: personal data are collected in anonymous form for statistical purposes.

  • Defense in judicial court: identify, review and stop any activities that could breach our policies or break the law.

     

METHODS OF PROCESSING

The data are processed mainly by electronic and computerised means and stored on both computerised and paper supports and on any other suitable support, in compliance with the modalities set out in Articles 6, 32 of the GDPR and by adopting the appropriate security measures to prevent the loss of data, unlawful or incorrect use and unauthorised access.  

We inform you that, in order to provide a complete service, our portal may contain links to other websites, not managed by us. We are not responsible for errors, content, cookies, publication of unlawful moral content, advertising, banners or files that do not comply with the local regulations, nor for any lack of compliance with the Privacy Law on the links available on our website.

In order to improve the services offered, please notify us immediately of any malfunctions, abuses or suggestions to the e-mail address:

ICT_Governance@intesasanpaololux.com

Your data will be processed only by personnel expressly authorised by the Data Controller. 

PURPOSE OF PROCESSING AND LEGAL BASIS

The data will be processed for the following purposes:

  • to provide information on services and products supplied or changes in products or services. The legal basis for the processing is the consent of the data subject, pursuant to Art. 6(1)(a) of the Regulation. The provision of data for these purposes is optional, but failure to provide it would make it impossible to obtain the requested response;

  • Legitimate interest, Art. 6(1)(f), GDPR, in connection with generating statistics.

  • Carrying out obligations under laws or regulations. For this purpose, the processing is necessary to fulfil a legal obligation to which the Controller is subject, pursuant to Art. 6(1)(c) of the Regulation.

  • The protection of the Controller in judicial proceedings. For this purpose, processing is necessary for the pursuit of the legitimate interest of the Controller pursuant to Art. 6(1)(f) of the Regulation.

SUBJECTS TO WHOM PERSONAL DATA MAY BE DISCLOSED

The personal data relating to the processing in question may also be communicated to parties who are granted the right to access your personal data by law or secondary and/or EU regulations. Your data may be communicated exclusively to competent and duly appointed subjects for the performance of the services necessary for the proper management of the relationship, with the guarantee of protection of the rights of the data subject.  Furthermore, some data may be communicated and disseminated to Internet operators that INTESA SANPAOLO BANK LUXEMBOURG S.A. uses to manage its domains. 

Your personal data will not be transferred in any way. 

 

DATA RETENTION PERIOD

We would like to inform you that, in compliance with the principles of lawfulness, purpose limitation and data minimisation, pursuant to Article 5 of the GDPR, the storage period for your personal data is set for a period necessary to carry out the services requested and in compliance with the regulations in force regarding the storage of fiscal, tax and contractual documentation. 

RIGHTS OF THE DATA SUBJECT 

Under data protection law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal information. 

  • Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 

  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances. 

  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances. 

  • Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.

  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at

DPO@intesasanpaololux.com

if you wish to make a request.

Furthermore, if the data subject considers that the processing of his/her data is contrary to the legislation in force, he/she may lodge a complaint with the Data Protection Supervisory Authority pursuant to Article 77 of Regulation 2016/679.