Cookie

With this document ("Cookie Policy") the Data Controller, as defined below, wishes to inform you about the methods and purposes of processing your personal data arising from the use of cookies and other tracking tools on the website www.ersel.it (hereinafter, jointly, the "Site"), in accordance with the provision issued by the Data Protection Authority on May 8, 2014 "Identification of simplified methods for the information and the acquisition of consent for the use of cookies" and subsequent clarifications and updates of art. 122 of D. Lgs. 30 June 2003, n. 196 ("Privacy Code") and art. 13 of the GDPR.

1. Data Controller and Data Protection Officer

The data controller is Ersel Banca Privata S.p.A., with registered office in Piazza Solferino, 11 - 10121 Torino, in the person of its pro tempore legal representative (hereinafter "Ersel" or "Data Controller"). 

For the exercise of your rights, listed in article 7 below, as well as for any other request relating to them and/or to this Policy, you may contact the Data Controller at the following addresses:

• telephone: +39 011 5520111 
• email: privacy@ersel.it

The Data Controller has appointed a Data Protection Officer ("DPO") pursuant to art. 37 of the GDPR, which you can contact to exercise your rights as well as to receive any other information relating to them and/ or this Policy, by writing to dpo@ersel.it.

2. What cookies are for and what they are for

Cookies are small strings of text, normally consisting of letters and/or numbers, that the websites visited by the User send and place on your terminal (usually through the browser) where they are stored and stored to be then transmitted to the same websites that generated them on the next visit of the same User, thus keeping memory of your previous interaction with the Site. 

The information encoded by cookies includes personal data (e.g. IP address, user name, e-mail address, etc.) or non-personal data such as language settings or information about the type of device used by the User to navigate the Site. 

Cookies therefore perform various functions and allow you to browse the Site efficiently, remembering your preferences and improving your browsing experience. For example, cookies are used to store computer authentications, the User’s preferred language or other information or preferences about specific configurations, monitor sessions, facilitate and make more efficient use of online content, show the User advertisements that might interest him more etc.

3. General categories of cookies

Depending on the criteria considered, cookies can be classified into various categories.

For example, depending on the subject that installs cookies on the User’s terminal, they distinguish: (a) «first-party cookies», installed directly by the operator of the website visited by the User and to him only visible; and (b) «third-party cookies» installed by the operator of another website, which installs cookies through the first. 

Depending on the duration of processing, it is possible to distinguish: (a) «session cookies», which are temporarily stored during the browsing session and are automatically deleted from the User’s terminal after closing the browser; and (b) «persistent cookies» instead, they remain on the User’s terminal until a fixed deadline or until their cancellation.

The classification that best meets the rationale of the legislation on the protection of personal data is that which distinguishes cookies in two macro categories:

• «technical cookies», cookies strictly necessary for the proper functioning of the website or the operation of the same due to the navigation choices made by the User. This category includes the "navigation cookies", which guarantee the normal navigation and use of the website (allowing, for example, the regular display of pages or their scrolling, etc.) as well as the "functionality cookies", which allow the User to navigate the website according to the criteria selected by the same (e.g. the language, the products selected for a purchase) in order to improve the service requested. The technical storage and access to the information contained in technical cookies does not require the consent of the User;
• «profiling cookies», which analyze and record the actions or patterns of behavior implemented by the User in the use of the features of the Site so as to (i) create a profile of the User, (ii) classify it within the different profiles that group homogeneous groups of users, (iii) in order to send the same User targeted advertising messages and in line with the preferences expressed by this in the context of web browsing. The technical storage and access to the information contained in technical cookies is subject to the granting of consent by the User. 

To the two macrocategories mentioned above, we can add the one of «analytical cookies», used to process statistical analysis, such as analysis aimed at (i) evaluating the effectiveness of the services rendered through the Site, (ii) designing the Site, or (iii) measuring the "traffic"the number of visitors, possibly classified according to the characteristics of interest (e.g. geographical area, time slot, etc.). 

The processing of data collected by means of analytical cookies does not require the consent of the User where such data are used only to produce aggregated statistics in relation to a single site or mobile application and, for data collected with analytical cookies of "third party", only if (a) the structure of the analytical cookie of "third party" is such as to reasonably prevent the identification of the User and if (b) the "third party" refrains from putting in place actions on the data (e.g. combination, enrichment etc.) to identify the User. When these specific conditions are used, analytical cookies (both first and third party) are similar to technical cookies.

4. Types of cookies used by this Site, purpose, legal basis

Without prejudice to the general categories described above, the Data Controller has deemed it appropriate to adopt a different classification of cookies on the Site, separate according to the legal basis that justifies the processing of personal data collected through cookies, in accordance with the provisions of the GDPR and art. 122 of the Privacy Code. 

In particular, the Data Controller has divided the cookies on the Site into the following types:

5. How to manage your Cookie Preferences: the Privacy Preferences Center

Upon the first access to the Site, the User will see an immediate pop-up banner containing the brief information on cookies, the link to this extended information on cookies and a series of features for the management of preferences about cookies to be installed on your device. 

In particular, through the functions contained in the banner, the User may: (i) accept all cookies on the Site, including those for targeted advertising, by giving their consent ; (ii) refuse the installation of all cookies on the Site other than those strictly necessary for the proper functioning of the Site (i.e. the "Cookies required"); (iii) access, through a special link, the "Privacy Preference Center"where to acquire more information on the specific cookies on the Site, grouped by homogeneous categories, and, where applicable, grant or withdraw consent or object to processing with regard to the categories of cookies to be enabled or disabled on your device; (iv) close the cookie banner by clicking on the appropriate icon and continue browsing the Site keeping the default settings. 

The Data Controller specifies that the "default" setting of cookies implies the installation of all cookies that do not require the consent of the User, that is, the necessary Cookies and Performance Cookies.

At any time, the User may modify the choices on cookies made when first accessing the Site, by accessing the Privacy Preference Center, through the link contained at the bottom of the Site home page, and by operating on the related functionalities. 

The User can manage their cookie preferences also through the settings of the browser used, which allow you to delete/remove all or some cookies or block the sending of cookies or limit it to certain sites.

Below are the instructions and links to the guides for managing cookies of the main desktop browsers:

• Microsoft Edge: click on the icon with the three dots in the upper right and then on "Settings". From the menu on the left select "Cookies and site permissions" and adjust the settings of cookies. Below is the link for more information: https: //support.microsoft.com/it-it/help/4027947/microsoft-edge-delete-cookies
• Google Chrome: click on the icon with the three dots in the upper right and then on "Settings". Select "Advanced" and in the "Privacy and Security" section click on "Site Settings". Then adjust the cookie settings by selecting "Cookies and site data". Below is the link for more information: https:///support.google.com/chrome/answer/95647?hl=it&p=cpn_cookies%20https://support.google.com/accounts/answer/61416? hl=it
• Mozilla Firefox: click on the icon with the three horizontal bars in the upper right and select "Options". In the window select "Privacy and security" to adjust the cookie settings. Below is the link for more information: https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie
• Apple Safari: Select "Preferences" and then "Privacy" where you can adjust your cookie settings. Below is the link for more information: https://support.apple.com/it-it/guide/safari/sfri11471/mac
• Opera: select the icon with the three horizontal bars in the upper right and then on "Advanced". Select "Privacy & Security" and then "Site Settings". From the "Cookies and site data" section, adjust the cookie settings. Below is the link for more information: https://help.opera.com/en/latest/web-preferences/#cookies

For browsers other than those listed above, you must consult the relevant guide to identify how to manage cookies. For example, if you use a mobile device, you should refer to its instruction manual to find out how to manage cookies.

6. Transfer of personal data outside the EU

The User’s personal data collected using cookies (e.g. third-party cookies) may be transferred to extra-countriesEU: such transfer is in any case legitimate as guaranteed by the existence of adequacy decisions issued by the European Commission and/or by the prior signing of contractual clauses of standards (Standard Contractual Clauses) adopted on the basis of the models of the European Commission pursuant to art. 46, 2, letter c) and d) of the GDPR. 

The User may request a copy of the guarantees adopted by writing to the Data Controller at the addresses indicated in art. 1 of this Cookie Policy. 

7. Recipients of personal data

The User’s personal data may be known by the employees, assimilated staff and collaborators of the Data Controller assigned to the pursuit of the purposes indicated above, who will act as authorised persons for the processing of personal data and have received appropriate operational instructions.

In addition, for the purpose of pursuing the purposes referred to in the previous part 4, the User’s personal data may be processed by third parties belonging, by way of example, to the following categories:

• providers of technical assistance services for the management and maintenance of the Site;
• advertising agencies;
• providers of statistical processing services on the use of the Site;
• companies that provide management and maintenance services of the Data Controller’s information systems;
• business partners;
• companies that own social media sites; 
• companies that offer e-mail services or other providers of external telematic platforms for sending communications;
• supervisory and control authorities and bodies and, in general, public or private entities, with a public function entitled to request data in accordance with the provisions of current national and European legislation;
• companies, associations or firms providing assistance and advice.

The subjects belonging to the above categories operate, in some cases, as data processors specifically appointed by the Data Controller in compliance with Article 28 GDPR, in other cases in total autonomy as separate data controllers, on the understanding that, in the latter case, the communication of your personal data to such independent data controllers would only take place for the purposes of the purposes referred to in the previous paragraph. 4.

The complete and updated list of subjects to whom your personal data may be disclosed can be requested by contacting the Data Controller at the address indicated in art. 1 of this Cookie Policy.

The data collected using cookies will not be disseminated.

8. Data subjects' rights

In relation to the processing described in this Policy, as a data subject, you may, under the conditions provided for by the GDPR, exercise the rights enshrined in art. 15 - 21 of the GDPR, in particular: 

• right of access: right to obtain confirmation that personal data concerning you are being processed or not and, if so, to obtain access to your personal data - including a copy thereof - and communication, among others, the information referred to in art. 15 of the GDPR;
• right of rectification: right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and/or the integration of incomplete personal data pursuant to art. 16 of the GDPR; 
• right to erasure (right to be forgotten): right to obtain, without undue delay, the cancellation of personal data concerning you, in the cases indicated in art. 17 of the GDPR; the right to erasure does not apply insofar as the processing is necessary for the fulfilment of a legal obligation or for the performance of a task carried out in the public interest or for the investigation, the exercise or defence of a right in court;
• right to limitation of processing: right to obtain limitation of processing, in the cases indicated in art. 18 of the GDPR;
• right to data portability: right to receive, in a structured format, commonly used and readable by an automatic device, the personal data concerning you provided to the Data Controller and the right to transmit them to another holder without hindrance, if the processing is based on consent and is carried out by automated means, as indicated in art. 20 of the GDPR. In addition, the right to obtain that your personal data are transmitted directly by the Data Controller to another data controller if this is technically feasible;
• right to object: right to object to the processing of personal data concerning you, unless there are legitimate reasons for the Data Controller to continue processing, pursuant to art. 21 of the GDPR; 
• right to withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given before the withdrawal;
• right to lodge a complaint with the Italian Data Protection Authority, Piazza Venezia n. 11, 00187, Rome (RM).

The above rights may be exercised, against the Data Controller, by contacting the references indicated in the previous article 1. The Data Controller will take charge of your request and provide it, without undue delay and, however, at the latest within one month of receipt of the request, information on the action taken with regard to your request.

The exercise of your rights as a data subject is free of charge pursuant to art. 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Holder may charge a reasonable fee, in the light of the administrative costs incurred in handling your request, or deny the satisfaction of your request. 

Finally, we inform you that the Data Controller may request additional information necessary to confirm the identity of the data subject. 

The Holder
Ersel Banca Privata S.p.A.