Cookies Policy

The information set out in this cookies policy (the "Cookies Policy") is provided by the Data Controller (as defined below) in addition to the information on the processing of personal data, always available on this website (the "Site").

DATA CONTROLLER AND DATA PROTECTION OFFICER

The Data Controller is UniCredit Spa with registered office at Piazza Gae Aulenti, 3 - Tower A - 20154 Milano. (the "Data Controller").

The Data Protection Officer may be contacted at UniCredit S.p.A., Data Protection Office, Piazza Gae Aulenti n. 1, Tower B, 20154 Milan, e-mail: Group.DPO@unicredit.eu, certified e-mail: Group.DPO@pec.unicredit.eu

THE COOKIES USED BY THIS SITE

Cookies are short strings of text sent to the browser of the user's device (PC, Notebook, Smartphone, Tablet, etc.) when he/she visits a website. They are stored there and then sent back to the same website the next time the user visits.

The Data Controller informs you that this Site uses, also in combination with each other and in compliance with current legislation, the types of cookies described below,, which are classified based on rulings and indications of the competent authorities, including the Italian Data Protection Authority ("Garante per la protezione dei dati personali") and the European Data Protection Board (EDPB).

TECHNICAL COOKIES

These are cookies which are essential in order to send a communication via an electronic communication network or to provide a service specifically requested by the user, such as, for example, home banking activities (displaying account statements, bank transfers, paying bills, etc.), for which these cookies allow the user to be identified during the session. Without the use of such cookies, navigation on the Site and certain operations requested by the user could not be carried out or would be less secure.

Considering the purposes for which technical cookies are used, their storage in the user's device does not require the user's prior consent.

ANALYTICS COOKIES

These are cookies used to collect information, on an aggregate and strictly anonymous basis, for internal research on the number of users and how they visit the Site.

For analytics cookies, the Data Controller uses a mechanism to irreversibly encrypt the IP address (the address assigned to the user's device which is necessary to browse the Internet), and additional data, in order to de-identify the user. In particular, the IP address of each user is replaced with an alphanumeric code that has no connection with the IP address and with other user-relevant information, and whose sole purpose is to distinguish one user from another.

The purpose of these cookies is solely to improve the service provided by the Data Controller to all users and to improve the Site .

In compliance with the applicable law, these types of cookies can be saved in the device without requesting the prior consent of the user.

MANAGEMENT AND DELETION OF COOKIES THROUGH THE CONFIGURATION OF THE BROWSER USED

The Data Controller informs that the user can express or modify his/her preferences on cookies through the settings of the browser used in his/her device.

Please note that the preferences expressed through the browser will take effect only from the first connection of the user after the change of his/her preferences.

Please refer to the information and operating procedures to be performed to configure the settings, as provided by the provider of the browser used by the user:

Firefox: https://support.mozilla.org/it/kb/protezione-antitracciamento-avanzata-firefox-desktop?redirectslug=Attivare+e+disattivare+i+cookie&redirectlocale=it ;

Internet Explorer: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d#ie=ie-11 ;

Safari: https://support.apple.com/it-it/HT201265 ;

Chrome: https://support.google.com/chrome/answer/95647?hl=it ;

Opera: https://help.opera.com/en/latest/web-preferences/#cookies .

Notwithstanding the above, the user may also activate the Do Not Track option available in most browsers. In this case and starting from the first access to the Site following the activation of this option, the Site will respect the user's choice and will stop collecting some of his/her navigation data.

RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Data may be communicated to:

i) entities to whom such communication must be made to in order to comply with an obligation of law, regulations or EU law;

ii) third parties, suppliers of products and/or services, whether or not belonging to the UniCredit Group.

These recipients, depending on the cases, process personal data as autonomous data controllers or as data processors. The categories of autonomous data controllers and the list of data processors to whom the data may be communicated can be consulted by accessing the "Privacy" area of the website www.unicredit.it

Your data may also be disclosed to natural persons belonging to the following categories in their capacity as persons authorized to process personal data, in relation to the data necessary to perform the tasks assigned to them: workers employed by the Data Controller or seconded to it, temporary workers, interns, consultants and employees of external companies appointed as data processors.

RIGHTS OF DATA SUBJECTS

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the "GDPR"), grants natural persons, individual companies and/or the self- employed specific rights, including the right to know what personal data are held by the Data Controller and how said data are used (right of access), the right to have their data updated, rectified or, if there is an interest, integrated, as well as have their data erased, anonymized or to obtain therestriction of the processing.

DATA STORAGE PERIOD AND RIGHT TO ERASURE ("RIGHT TO BE FORGOTTEN")

The Data Controller will process the information collected for the period strictly necessary to pursue the predetermined purposes.

At the end of this storage period , the information collected will be erased or kept in a manner that does not allow for the identification of the user (e.g. irreversible anonymisation), unless further processing is necessary for one of the following reasons: i) to settle pre-litigation and/or litigation started before the end of the storage period; ii) to continue investigations/inspections of internal control functions and/or external authorities started before the end of the storage period; iii) to follow up requests from Italian and/or foreign public authorities received by/notified to the Data Controller before the end of the storage period.

HOW TO EXERCISE YOUR RIGHTS

You can exercise your rights as a data subject, indicated in the previous paragraph, by contacting: Group.DPO@pec.unicredit.eu

The deadline for replying is one (1) month, extendible to two (2) months in cases of particular complexity; in these cases, the Data Controller will provide at least initial communication within one (1) month.

The exercise of the rights is, in principle, free; the Data Controller reserves the right to charge a fee in the event of manifestly unfounded or excessive requests (including repetitive ones).

The Data Controller may request information necessary to identify the requesting party.

COMPLAINTS OR REPORTS TO THE ITALIAN DATA PROTECTION AUTHORITY

The Data Controller informs the user that he/she may file complaints or report to the Italian Data Protection Authority or alternatively file a complaint with the Judicial Authorities. The contacts of the Italian Data Protection Authority are available on the website: http://www.garanteprivacy.it.