REGULATORY FRAMEWORK

•    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, also defined GDPR (General Data Protection Regulation)

•    Italian Data Protection Authority’s decision of 8 May 2014 - Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies.

DATA CONTROLLER

On the website www.creditofondiario.eu data referring to identified or identifiable natural persons is subject to be processed. The “Data Controller” of such processing is Credito Fondiario S.p.A., Via Piemonte 38, 00187 Rome, Italy.

TYPES OF PERSONAL DATA PROCESSED

Navigation Data

The computer-based systems and the software procedures involved in the working of this website can, in the course of their normal service, acquire some personal information, the transmission of which is implied in the use of the protocols of internet communication. This information is not collected to be associated to any identified individual, but, by its own nature might lead to the identification of users. This category of data includes IP addresses or the names stored in the domain of the computers used by those who access the site, the addresses in notation URI (Uniform Resource Identifier) of the required resources, the time of the request, the method used to submit the request to the server, the size of the file received in reply, the digit codeshowing the state of the reply given by the server (good, error, etc.) and other parameters connected with the operating system and the structure and conditions of the user’s computer. This data is used only to get anonymous statistical information about the use of the site and to check its correct performance, and is deleted immediately after processing. The data might be used to investigate responsibility, should there be any breaches against the site, and for any possible criminal investigation in the event that it is required.

Data voluntarily provided by the user

The optional, explicit and voluntary forwarding of personal data to the email addresses on this site implies the subsequent acquisition of the data provided by the sender, which is essential to the delivery of the required service. Specific, concise information will be reported or displayed on the pages of the site set up for particular services on demand.

COOKIES

This site uses the service offered by Google Analytics.

Google Analytics uses “cookies” to anonymously collect and analyze information on how websites are used. Such information (the user’s IP address included) is collected by Google Analytics, which elaborates it in order to file reports for Credito Fondiario S.p.A.’s operators about the use of this website. Google does not associate IP addresses to any other collected data and does not try to connect an IP address to a user’s identity. Google can also communicate this information to third parties in case it is required by law or such third parties use the information on behalf of Google.

Details of the cookies this website uses are listed in the chart below:

COOKIE NAME
EXPIRATION DATE
COOKIE DESCRIPTION
 SESSION At end of session These cookies help enhance the performance and usability of our website (such language preferences).
 _ga 2 years _ga cookies belong to Google Analytics and are used to distinguish users. These cookies do not contain any of your personal information.
_gat 10 minutes _gat cookies are used exclusively to make a statistic analysis (through Google Analytics’ service)

For further information regarding how data is gathered and used by Google, we recommend visiting the website: www.google.it/policies/privacy/partners/ .

COOKIES MANAGEMENT

Please note that the complete or partial disabling of technical cookies might affect the functionality of this website. However, you can enable or disable cookies by changing the security settings of your browser.

It is also possible to selectively disable Google Analytics by installing on your browser the opt- out add-on provided by Google. To disable Google Analytics, click on the following link: https://tools.google.com/dlpage/gaoptout

OPTIONAL DATA SUBMISSION

Apart from that specified for online browsing data, the user is free to provide personal data. However, failing to provide such data may lead to the requested service not being available for use or to a limited use of the website.

PROCESSING ARRANGEMENTS

Personal data is processed with automated instruments only for the necessary time to attain the purposes for which the data was collected. Specific security procedures are mantained to prevent the risks of data loss, unauthorized access or unlawful processing operations. Credito Fondiario S.p.A. has adopted all Minimum Security Measures required by law and operates in

accordance with the agreed international standards. It has also taken further security measures to minimize risks regarding the confidentiality, integrity and availability of the personal data collected and processed.

SHARING, COMMUNICATION AND CIRCULATION OF DATA

The data we collect may be transferred or communicated to other companies for activities closely connected and instrumental to the efficiency of the service, such as the management of the IT system. Personal information may be forwarded to third parties solely and exclusively if this is essential to execute requests from the Judicial Authorities or from the Police. No data deriving from the web service will be circulated.

DATA SUBJECT’S RIGHTS

The user may at any time exercise its rights under the legal framework on data protection (i.e. the GDPR), including:
•    Right of access
The right to obtain confirmation as to wheather or not personal data or special categories of personal data concerning him or her are being processed.
•    Right to rectification
The right to obtain the rectification of personal data from Credito Fondiario.
•    Right to erasure
The right to obtain from Credito Fondiario the erasure of personal data, in case the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. In certain cases provided for by the laws and regulations applicable to the banking sector (see Italian Consolidated Banking Act, Bank of Italy Circular No. 285), Credito Fondiario reserves its right to comply with the right of erasure (by way of example but not exhaustive) when the personal data are necessary to ascertain, exercise or defend a right in court.
•    Right to restriction of processing
The right to obtain from Credito Fondiario restriction of processing of personal data by all contractors and employees of Credito Fondiario. In certain case, Credito Fondiario reserves the rights to consent the access to a limited number of persons to guarantee security, integrity and correctness of the personal data.
•    Right to data portability
The right to obtain from Credito Fondiario the transmission of personal data in a structured and commonly used format. Such transmission may be requested to a portable devices (USB stick or hard drive or PC) or to another controller.
•    Right to object
The right to object the processing of personal data carried out from Credito Fondiario.
To exercise these rights please send an email to the following address: dpo@creditofondiario.eu.

CHANGES TO CURRENT PRIVACY POLICY

Credito Fondiario S.p.A. regularly checks its own privacy and security policy and, if necessary, reviews it in accordance with the amendments introduced by law, the organization, or prompted by technological developments. Any changes to this policy will be published on this page.

QUERIES, COMPLAINTS AND SUGGESTIONS

Further information, requests, suggestions and complaints or concerns about the privacy policy or the way the company treats their personal data, should be addressed to Credito Fondiario S.p.A. at Via Piemonte 38, 00187 Rome, Italy, in writing.