INFORMATION NOTICE

INFORMATION NOTICE TO NATURAL PERSONS PURSUANT TO ART. 13 AND 14 OF REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 27 APRIL 2016 (HEREINAFTER “NOTICE”)

The Regulation on the “protection of natural persons with regard to the processing of personal data and on the free movement of such data” (the “Regulation”) contains a series of rules aiming to ensure that the processing of personal data takes place in compliance with the rights and fundamental freedoms of people. This Notice incorporates the Regulation requirements.

IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER

Intesa Sanpaolo S.p.A., with registered office in Piazza San Carlo 156, 10121 Turin, Parent Company of the Intesa Sanpaolo international Banking Group, in its capacity as Data Controller (the “Bank” or the “Data Controller”) processes your personal data (the “Personal Data”) for the purposes indicated below.


CONTACT DETAILS OF THE DATA PROTECTION OFFICER

Intesa Sanpaolo appointed the “data protection officer” as required by the Regulation (so-called “Data Protection Officer” or “DPO”). With regard to all issues relating to the processing of your Personal Data and/or to exercise the rights provided by Regulation  please contact the DPO at the following e-mail address: dpo@intesasanpaolo.com


CATEGORIES OF PERSONAL DATA, PURPOSES AND LEGAL BASIS OF THE PROCESSING

The Personal Data that the Bank processes include, by way of example, the personal and contact data. Personal data are processed by the Bank, in lawful and correct ways, for the following purposes:

  1. Sending invitations and newsletters relating to events scheduled at the Gallerie d’Italia or related to other cultural initiatives of Intesa Sanpaolo.
    The provision of personal data for the first purpose is a prerequisite for the possible choice to continue with the inclusion of data necessary for the pursuit of additional purposes. Failure to provide personal data for this purpose will make it impossible to process your requests.
  2. Legitimate interest of the Data Controller
    The processing of your Personal Data may be necessary to pursue a legitimate interest of the Bank, ie to carry out fraud prevention activities; to acquire images and videos related to the video surveillance system for security purposes; to pursue any further legitimate interests. In the latter case, the Bank may process your Personal Data only after you have informed it and have established that the pursuit of its legitimate interests or those of third parties does not compromise your rights and fundamental freedoms. In these cases, your consent is not required.


CATEGORIES OF RECIPIENTS TO WHOM YOUR PERSONAL DATA MAY BE COMMUNICATED

Within the Bank and the Intesa Sanpaolo Banking Group, only the employees and external collaborators in charge of the processing can be aware of your personal data, as well as structures that perform technical and support tasks (IT services) on behalf of the Bank and the Group. and corporate control. For the pursuit of the aforementioned purposes, the Bank also needs to communicate your personal data to external parties who perform the function of Data Processing Manager, or operate in complete autonomy as separate Data Controllers. Their constantly updated list is available at the Bank’s operating points.


TRANSFERRING PERSONAL DATA TO A THIRD COUNTRY OR TO AN INTERNATIONAL ORGANISATION OUTSIDE THE EUROPEAN UNION.

Your Personal Data is processed by the Bank within the territory of the European Union and is not disclosed. If necessary, for technical or operational reasons, the Bank reserves the right to transfer your Personal Data to countries outside the European Union for which there are decisions of “adequacy” of the European Commission, or on the basis of adequate guarantees or of the specific exceptions provided for by the Regulation.


PROCESSING METHOD AND PERSONAL DATA RETENTION TIME

The processing of your personal data is done by manual, computerized and telematic tools and in order to guarantee the security and confidentiality of the data.

Your Personal Data is stored for a period of time not exceeding that necessary to achieve the purposes for which they are processed, subject to the terms of conservation required by law. Your Personal Data will be kept by the Bank for the duration of the subscription to the service and up to possible withdrawal from it and will be subsequently deleted permanently from the archives.


RIGHTS OF THE DATA SUBJECT

As an interested party you can exercise, at any time, towards the Owner the rights provided by the Regulation (right of access, rectification, cancellation, treatment limitation, data portability, opposition), by contacting Intesa Sanpaolo – Piazza San Carlo 156 – 10121 Torino, email dpo@intesasanpaolo.com, making explicit reference to his registration on the “Gallerie d’Italia and other cultural initiatives of Intesa Sanpaolo” mailing list“.