Information on the personal data processing of the users consulting the website www.aidexa.it pursuant to article 13 of Regulation (EU) 2016/679 (hereafter “Regulation or the “GDPR”).
This page describes how we process the personal data of the users consulting the website of Banca AideXa and using its Web services. This information does not apply to other sites, pages or online services accessible via hypertext links that may be published on the sites but referring to resources external to the domain of the Data Controller.
The Data Controller is Banca AideXa S.p.A., who has registered offices and General Offices at Via Cusani no. 10 – 20121, Milan (“AideXa”).
Data Protection Officer
AideXa has appointed a Data Protection Officer, or “DPO”), who can be contacted in the following ways:
• certified email (PEC): firstname.lastname@example.org
• Postal address: Banca AideXa S.p.A. - Data Protection Officer: Via Cusani, no.10 - 20121, Milan.
Types of data processed and purposes of processing
The personal data provided voluntarily by visitors to the website is used for the sole purpose of providing the services requested, and is communicated to third parties only if necessary for this purpose. No personal data deriving from the service is disclosed.
AideXa collects the personal data of the users through the following channels:
• through the “Contact us” form;
• by accessing the customer services;
• by browsing the website.
Optional nature of providing the personal data
Except as provided for browsing data, the user may freely provide the personal data reported in the relevant electronic request forms present in the site.
Failure to provide this data may, however, mean that it is impossible for AideXa to provide the requested service.
Website browsing data
The systems and the software used within the site acquire some personal data whose transmission is inherent in the use of the Internet, based on the TCP/IP protocol.
This is information which is not collected in order to be associated to identified data subjects, but which, by its very nature, could allow users browsing the website to be identified , through processing and associations with data held by third parties.
This category of data includes the “IP addresses“ or domain names of electronic devices used by users connecting to the website, the Uniform Resource Identifier (so-called URI) of the resources requested, the time of the request, the method used to submit the request to the server, the size of the response file, the numerical code indicating the status of the response from the Web server and other parameters associated with the user's operating system and computer environment. This data is only used to obtain anonymous statistical information on the use of the site in order to ensure that the AideXa website operates correctly.
The browsing data may also be used for ascertaining liability in the event of cyber crimes to the detriment of our website or by external subjects who AideXa asks to carry out the contractual obligations, designated by the Data Controller as "External Data Processors", or to other connected or linked websites. Without prejudice to this event, browsing data is deleted immediately after the relevant statistical processing and in any case it is kept for a maximum of 12 months from the moment it is collected.
The systems and procedures for operating the AideXa Customer Service acquire some data related to the phone calls of users or to the network connections in the event of remote assistance provided through chats, chatbots or video-calls. This category includes the phone number of the caller (unless it is hidden), the actions or the keys pressed by the user to access the various services of the recorded messages, as well as the length of the phone call, or in the cases expressly envisaged and only if the data subject is warned, recording of the session itself or even the IP addresses and other technical data necessary to activate the chosen assistance channel.
The data indicated above is processed to obtain anonymous statistical information on the use of the Customer Service, to verify the correct operation and guarantee security, as well as to ascertain liability in the event of any offences, to the detriment of AideXa or to its customers.
What are cookies?
A cookie is a small “text file" that most websites send to the user’s device where they are stored while browsing it. They are sent back to the same sites visited in the event of subsequent visits. While browsing a site, the user may also receive cookies on their terminal that are sent from different websites or servers (so called "third parties"), which may contain certain elements such as sounds, images, maps, links to pages on other domains found on the website that the user is visiting.
Cookies are generally present in the programmes used to browse the Web (hereafter “Browsers”) and there may be many of them and may remain for a long time. Cookies are used for authentication purposes to the customer areas, for monitoring the sessions, for storing information on the configuration of the devices that are used to access the server, etc.
While browsing on the AideXa website several types of cookie can be generated for which a banner appears explaining the type of cookie and asks the customer for specific consent if necessary.
There follows, a description of the various types of cookie (technical, analytical, profiling and third party ones):
Browser Settings to manage cookies
You can set the Browser to be informed of the presence of a cookie and decide whether to accept it or refuse it. It is also possible to activate the special Browser option to automatically refuse the receipt of cookies. It is pointed out that totally or partially disabling cookies may limit the use of the website functions and therefore you are informed that it will be possible to modify the security options at any moment on the basis of the Browser used.
Within this disclosure, what is referred to cookies must also be intended for similar instruments that allow identification of the user or of the user’s device, such as Web bug, Web beacon, clear gif, etc.
Subjects who can be communicated the personal data
The following subjects are the recipients of the collected data after consulting the site or may become aware of the data when carrying out technical activity or maintenance:
• Microsoft Azure
The listed categories of subjects will use the data received in their capacity of independent “Data Controllers", unless they are designated by AideXa as "External data processors" of their specific competence.
The personal data collected is also processed by the AideXa personnel authorised to do this, which acts on the basis of specific instructions provided in relation to purposes and methods of the processing itself.
Processing method and security measures
All processing, whether it be automatic or manual, performed by AideXa concerns the purposes described in the previous paragraph and respects the instructions of the GDPR in arts. 5 to 11.
The personal data will be processed with automatic and non-automatic instruments for the time strictly necessary to achieve the purposes for which it was collected. Specific safety measures are also implemented to prevent the loss of the data, unlawful or incorrect use thereof or unauthorised access.
Particularly, in the sections of the site in which the user is requested personal data, the channel through which the data transits is encrypted by means of security technologies called Secure Sockets Layer & Transport Layer Security, (so-called SSL/TLS). This technology provides an encrypted channel in which the information transits before it is exchanged via the Internet between the user's device and AideXa's systems, thereby making the data indecipherable by non-authorized persons and thus guaranteeing the confidentiality of the information transmitted.
The use of the SSL/TLS requires a compatible browser capable of executing the "exchange" of a security key with a minimum length of 128 bits, required for establishing the aforementioned secure connection with AideXa's main systems.
Without prejudice to cases of processing for legal purposes and any use of the browsing data to ascertain responsibility in the event of cyber crimes to the detriment of the site, the Web contact data shall not persist for more than 180 days, whereas the data provided by the user voluntarily is stored for the time necessary to respond to the requests. If the user issues consent to processing for commercial purposes, the data will be stored for no more than 12 months.
Rights of the data subjects
The subjects who any personal data collected refers to are entitled, under arts. 15 and following of Regulation EU no. 679/2016, at any moment to know what personal data AideXa possesses and how it is used, to update, rectify or, if interested, to integrate, as well as delete, anonymize, request its portability or limitation and they can, at any moment, revoke, if issued, the consent to process the data: for purposes of sending commercial and advertising material, direct sale or market research and enrichment for marketing purposes also with the profiling method.
In the event of processing the personal data based on issuing consent, the Data Subject is entitled to revoke this consent at any moment. Revoking consent does not affect the lawfulness of the processing performed before the revocation itself.
In order to exercise the rights it is possible to send a specific request to the DPO by writing to the contact data reported in this disclosure, annexing a copy of an identity document and of the tax code to the request.
The data subject is also entitled to lodge a complaint with the Personal Data Processing Authority by connecting to the website www.garanteprivacy.it.
Form for the exercise of data subject's rights
What is reported in this privacy disclosure will be subject to update or modification. In any case the various versions of the same will be made available, if necessary.
Date of update: 26th November 2020