1. Data Protection
FinecoBank S.p.A. (the “Bank”) confirms that your personal data, provided directly by you or by third parties, may be processed, even by third party companies (which may be located overseas) appointed by the Bank, for the following purposes:
(a) Compliance with law, regulations, guidance issued by competent authorities and organisations (e.g. responsible for compliance with Anti Money Laundering laws). The collection of your personal data for this purpose is compulsory, and its processing does not require your consent.
(b) Purposes strictly related to the management of client relationships (e.g. acquiring information prior to Account opening, performing contractual obligations, verification procedures and reports concerning the relationship and related risks). There is no need to provide personal data, but refusal to do so may make it impossible for the Bank to provide you with the requested Service. This processing of data does not require your consent.
(c) Purposes related to Bank activity, such as:
- Quality controls concerning client satisfaction with the Services of the Bank and Unicredit Group, carried out via interviews, questionnaires, etc.;
- Promotion and sale of Bank products, Unicredit Group products or products of third party companies, carried out via letter, elephone, advertisement, automated advertising systems, email, messages such as MMS (Multimedia Messaging Systems) and SMS (short message service), etc.;
- The performance of market research and studies, carried out via interviews, questionnaires, etc. and public relations.
The provision of personal data is not compulsory, and its processing requires your explicit consent for these purposes. Without this consent, the Bank cannot process the data. Processing is carried out manually, automatically or via any computerised means for the abovementioned purposes, ensuring the security and privacy of the data.
2. Sensitive Personal Data (“SPD”)
The Bank does not ask clients for “Sensitive Personal Data” (i.e., data revealing, for example, health conditions, political opinions, trade union or political memberships). However, the Bank may be required to process this data in order to carry out specific requests in connection with the Services (e.g. payment of membership fees to said trade unions or parties, bank transfers in favour of associations etc.). Since the Bank cannot intercept and refuse these requests, the contract may not be finalised unless you give explicit consent to this processing. The data will be processed exclusively for the purpose of carrying out your requests.
3. Possible Recipients of Personal Data
A. The Bank –
without the need for your consent – may transmit the personal data it has collected to:
- Entities to which this transmission must be carried out in order to comply with current law, regulations or EU law;
- Financial intermediaries which are part of Unicredit Group, according to the applicable EU Anti-Money Laundering Directive fully in effect from time to time, which provides the possibility of transmitting personal data related to suspicious activity reports to all financial intermediaries which are part of the same Group;
- Companies belonging to the Unicredit Group, or controlled or under a significant influence pursuant to Art 2359 of the Italian Civil Code (even if partner is located overseas), if the data has been transferred in line with measures mandated by the Italian Data Protection Authority or related legal provisions;
- In any other case specified by applicable data protection law, if the data oncerns financial activity or its status.
B. The Bank may also transmit, with your consent, your data to companies, entities or external groups which act on the Bank’s behalf for the purpose of processing/controlling data in compliance with:
- Purposes specified in Section 1, Point b;
- Purposes specified in Section 1, Point c.
The complete list of entities which may be involved in the processing of your personal data is available at www.finecobank.com. Your personal data will not be made publicly available.
C. Your personal data may also be disclosed to legal and natural persons (by virtue of their position as entities responsible for the processing of data) specified in Part 5 of this document, and to the following persons: Bank employees, interns, contractors, financial salesmen, consultants and third party companies appointed for processing data.
4. Your Rights
Data protection law grants you specific rights, including the right to know what data (related to you) is in the Bank’s possession and how it is used. The rights granted to you include the right to demand deletion, anonymisation or blocking of your personal data if used in breach of the law, and for the update, correction or, should there be a need for it, amendment of data and objection (if for legitimate reasons) to its processing. You may, at any time, object to the processing of your personal data for direct marketing communications or market research requests from the Bank.
5. Disclosure of personal data relating to shareholders of listed companies
Under relevant Italian legislation, Italian companies with shares admitted to listing on regulated markets or in multilateral trading facilities incorporated in Italy or in other Member States of the EU, with the issuer’s consent, may request (if it is provided for in their articles of association), from intermediaries at any time personal data relating to any shareholders who have not expressly refused disclosure thereof, together with the number of shares registered in accounts held by such persons., In accordance with subsequent changes to legislation, issuers of shares recorded in the centralised management system may request from intermediaries, at any time and at their own expense, through a centralised management company, personal data on shareholders, together with the number of shares registered in accounts held by such persons. The shareholders may expressly refuse disclosure of their personal data.
It may be possible for any interested party to request from persons with voting rights in listed companies authorisation to exercise these rights at the General Meeting of Shareholders. The Bank, in its capacity as the last intermediary within the meaning of the relevant legislative provisions, has an obligation to disclose, within three working days following receipt of the request made by anyone wishing to request authorisations with respect to a specific issuer of shares, name and contact details relating to the persons entitled to the voting right and who have not expressly refused disclosure of their personal data, as well as the number of shares of the issuing company registered in the relevant accounts. We therefore inform you that in implementation of the legislation referred to above, in the situations described above and where there is no express refusal from the affected client, the Bank will arrange to provide the aforementioned persons with the required information, as detailed above. The disclosures described above will not entail any additional costs or obligations for you. You may change your preference as to being a subject to the Bank's disclosure and refuse for such disclosure to be made at any time by simply sending a written notification to the Bank.
6. Data Controller and Liability
The entity responsible for controlling your personal data is FinecoBank S.p.A., Piazza Durante 11, Milan, Italy, www.finecobank.com. The General GBS Vice-director, under the authority of the Bank, may be contacted in order to exercise the rights described in the previous section. Requests may be sent, in writing, to FinecoBank, via Rivoluzione d’Ottobre 16, 421213 Reggio Emilia, Italy; or via email to privacy@finecobank.com. The current list of entities appointed by the Bank to process/control personal data is available at www.finecobank.com.
7. Data Protection in relation to SWIFT fund transfers
If you make a request which involves international financial operations (e.g. a bank transfer to an institution based in a foreign country) and certain domestic operations (e.g. a bank transfer in a foreign currency and/or for the benefit of a counterparty not resident inUK), the Bank will need to use an international financial messaging service. This service is administered by S.W.I.F.T. (Society for Worldwide Interbank Financial Telecommunication). The Bank transmits to SWIFT (holder of the SWIFT Net Fin system) data related to the transaction which is required to carry out the transfer (e.g. your name, payee name, the banks involved in the transaction, financial details, amount of payment and, if specified, the reason for the payment). If the payee is located outside the European Economic Area (EEA) then this means that data about you relating to the payment will be sent outside of the EEA in order to effect the transaction.
8. Cookies and Call Centre Usage
The Bank may record certain telephone calls you make to or with the Bank (including to preserve a record of instructions or discussions in case these need to be confirmed in future). In these instances, you will be informed that the call is being recorded at the beginning of the call. The Bank uses systems and procedures for the proper functioning of call centres, which collect data from your calls, including telephone number (unless it has been made private), IVR navigation data (digits inputted by the caller in order to reach the Services), call duration and, by giving prior notice, the audio recording of the call itself.
The Bank also uses cookies and similar technologies if you visit its website www.finecobank.com. A cookie is a small text file which is stored on your computer when you visit a website, for purposes such as recognising users who return to a website, helping navigation between different pages and help remember choices you make. For further information about how the Bank uses cookies, please visit the Bank’s Privacy Policy and Cookie policy online.
