Cookies
Information pursuant to Article 13 of Regulation (EU) 2016/679 on the protection of personal data (hereinafter the GDPR)
1. Definition of “cookies” and similar technologies
Cookies are small text files sent by a visited website to a device (pc, smartphone, tablet, console, etc.) to help operate the website and collect information on a user’s online activity. When browsing a website, a user’s terminal may receive cookies from other websites, web services and providers (so-called “third party cookies”) that might contain elements (such as images, maps, sound files, specific links to web pages on other domains) present on the website the user is visiting. There are several types of cookies; however, they all share the common purpose of making the website more effective, enabling certain features and enhancing the user’s browsing experience.
Banca Monte dei Paschi di Siena S.p.A., the Data Controller, in compliance with applicable Data protection regulations and, particularly, the Italian Data Protection Authority’s “Simplified arrangements to provide information and obtain consent regarding cookies” issued on 8 May 2014 (published in the Official Gazette no. 12 of 3 June 2014), hereby informs the user about the use of cookies on this website.
2. Processing and purposes of technical cookies
This site uses technical cookies, which are needed to make certain areas of the website function properly. Cookies include both persistent and session cookies. Without these cookies, the website, or parts of its, may not function correctly. Technical cookies, the use of which does not enable the direct or indirect identification of the user, include:
- "analytics cookies" used by the website manager to collect aggregate information on the number of visitors and how they use the website,
- browsing or session cookies (for authentication),
- preference cookies, which allow the user to browse according to a series of selected criteria (e.g. language, products selected for purchase) in order to improve the service provided.
Therefore, regardless of the preferences expressed by the user, these cookies are used for purposes of data authentication, session monitoring and the storage of specific technical information about users who access this website. The user’s prior consent is not required for the installation of these cookies since they are strictly necessary to provide the service requested; therefore, the lawful basis for processing is the need to use this technology to make the site more efficient, enable certain features and make the browsing experience easier. However, the Data Controller remains obliged to inform users in accordance with the GDPR and the above Data Protection Authority’s Regulation.
The following cookies can be disabled by the user through the browser settings used to navigate the website:
- Technical browsing or session cookies, essential for the operation of the website or to allow the user to use the content and services requested.
- Functional cookies, that is cookies that are used to activate specific functions of the website and a series of selected criteria (such as the language) in order to improve the service provided.
WARNING: by disabling technical and/or functional cookies, the website may not be accessible or certain services or functions of the website may be unavailable or may not run properly, and the user may be forced to change or manually enter certain information or preferences each time they visit the website.
3. Processing and purposes of cookies for marketing analysis
In addition to technical cookies, this website also uses profiling cookies, which are aimed at creating user profiles based on the tastes, choices and preferences expressed by the user when browsing and subsequently used to send advertising messages in line with the profile created. Given the invasive nature of these cookies to a user’s privacy, legislation requires that users be properly informed and express valid consent. For this purpose, the lawful basis that legitimises processing is the expression of freely given consent by the user in the appropriate section at the end of this paragraph. If, using the appropriate command, the user closes the cookie consent banner that appears when accessing the website, this shall be construed as refusal of consent to the use of profiling cookies. Users may, at any time, edit their cookie preferences or disable the use of cookies in their browser, though this may prevent the user from accessing certain parts of the website. Each browser has its own cookie management procedures. Information on how to set cookie preferences on the most popular browsers can be found at the following links:
- Internet Explorer
- Firefox
- Google Chrome
- Safari.
Profiling cookie settings
The Bank’s use of profiling cookies, which are aimed at creating user profiles based on the tastes, choices and preferences expressed by the user when browsing and subsequently used to send adverts in line with the profile created, may be blocked or enabled by the user by selecting the following options;
4. Third-party websites
When browsing a website, a user’s device may receive cookies from other websites, web servers or providers (so-called “third-party cookies”); this happens because the website may contain items such as images, maps, sound files, links to web pages on different domains that are located on servers other than the one where the page being visited is stored. In other words, the cookies are directly installed by the administrator of the website, web server or provider other than the administrator of the visited website. In these cases, Banca Monte dei Paschi di Siena S.p.A. wishes to specify that third-party cookies are outside of its control and are sent under the responsibility of a third party. This matter was further clarified by the Italian Data Protection Authority in its Provision referred to in point 1 above: “Being the data controller, the operator of any website making use of cookies is required to inform users about the nature and purpose of cookies and obtain their prior contents. Where a website allows the installation of “third-party” cookies, it is the obligation of the third party to provide information and obtain the user’s consent. Users must be properly informed, even in accordance with the simplified arrangements provided for by law, whenever they access a website which allows the installation of third-party cookies or whenever they access contents supplied by third parties. The information must be provided prior to the installation of the cookies on the user’s terminal”.Below are the links to the respective privacy policies of the third parties that send cookies through this website:
TRACKING COOKIES AND PIXELS
| Third party | Type |
Purpose of cookies and link to web pages with consent information and requests of Third Parties |
|---|---|---|
|
Google Analytics |
Technical Cookies – Third party statistics system |
Google’s statistic service that tracks user behaviour. It is based on reading cookies for user recognition. https://policies.google.com/privacy |
|
AdForm |
Third party marketing pixel |
Tracking service used in case of paid campaigns and remarketing activities campaigns |
|
Doubleclick/Floodlight |
Third party marketing pixel |
Tracking service used in case of paid campaigns and remarketing activities campaigns |
|
Adnxs |
Third party marketing pixel |
Tracking service used in case of paid campaigns and remarketing activities campaigns |
|
Myn |
Third party marketing pixel |
Tracking service used in case of paid campaigns and remarketing activities campaigns https://www.networker.global/privacy-policy/ |
|
Quantcast |
Third party marketing pixel |
Tracking service used in case of paid campaigns and remarketing activities campaigns https://www.quantcast.com/privacy/ |
| Third-party marketing pixel | Tracking service for paid campaigns and remarketing https://www.linkedin.com/legal/cookie-policy |
|
| Third-party marketing pixel | Tracking service for paid campaigns and remarketing https://help.twitter.com/en/rules-and-policies/twitter-cookies |
PROFILING COOKIES
|
Name |
Service |
Purpose |
Duration |
|---|---|---|---|
|
_gat_UA-71289306-1 |
Google Analytics |
Used by Google Analytics to limit the frequency of requests |
1 day |
|
_gat_UA-71289306-20 |
Google Analytics |
Used by Google Analytics to limit the frequency of requests |
1 day |
|
_ga |
Google Analytics |
Registers a unique ID used to generate statistical data on how the visitor uses the website. |
2 years |
|
_gaGlobal |
Google Analytics |
Registers a unique ID used to generate statistical data on how the visitor uses the website. |
2 years |
|
_gaGlobal_gid |
Google Analytics |
Registers a unique ID used to generate statistical data on how the visitor uses the website. |
1 day |
|
_gid |
Google Analytics |
Registers a unique ID used to generate statistical data on how the visitor uses the website. |
1 day |
|
_gcl_au |
Doubleclick – Adwords -Adsense |
Used by Google AdSense to test the efficiency of advertising on all websites using these services. |
3 months |
|
IDE |
Doubleclick – Adwords -Adsense |
Used by Google Doubleclick and for advertising on non-Google sites. |
1 year |
|
anj |
Adnxs.com |
Contains data that indicates if a Cookie ID is synchronised with an AppNexus partner. |
3 months |
|
icu |
Adnxs.com |
This cookie provides information on how the end user uses the website and advertisements that the user may have seen prior to using the website. |
3 months |
|
uuid2 |
Adnxs.com |
Registers a unique ID for user recognition. |
3 months |
|
myn_id |
Myn |
Registers a unique ID for user recognition. |
2 weeks |
|
__qca |
Quantcast |
This is a cookie associated with Quantcast, a digital advertising company. It provides website rankings and the data collected is also used for audience segmentation and targeted advertising. |
1 year |
|
mc |
Quantcast |
This is a cookie associated with Quantcast, a digital advertising company. It provides website rankings and the data collected is also used for audience segmentation and targeted advertising. |
1 year |
|
fr |
|
Used by Facebook Ads, it associated a unique ID for delivering targeted advertising and measuring conversions. |
4 months |
|
_fbp |
|
Used by Facebook Ads, it associated a unique ID for delivering targeted advertising and measuring conversions. |
4 months |
|
uid |
Adform |
Unique identifier for user tracking and delivering targeted advertising. |
2 months |
|
C |
Adform |
Identifies if the user’s browser has accepted AdForm’s cookie policy and related cookies 1 – Cookies are allowed |
2 months |
| ct0 | This cookie, provided by Twitter, is used together with social media plug-ins to allow those who follow our Twitter accounts to easily share content via Twitter and view the latest tweet. Twitter uses cookies to improve its service, personalise content and enable additional features, or to target Twitters ads to registered Twitter users. | 6 hours | |
| guest_id | Twitter cookie serves to identify the user with a unique number associated with Twitter | 2 years | |
| personalization_id | Used by Twitter if you are logged into Twitter to associate your device with your Twitter account. Twitter may also use this cookie for personalisation on all devices regardless of whether you signed in to Twitter or not. | 1 year | |
| mbox | This cookie, provided by Twitter, is used together with social media plug-ins to allow those who follow our Twitter accounts to easily share content via Twitter and view the latest tweet. Twitter uses cookies to improve its service, personalise content and enable additional features, or to target Twitters ads to registered Twitter users. | 2 years | |
| muc | This cookie, provided by Twitter, is used together with social media plug-ins to allow those who follow our Twitter accounts to easily share content via Twitter and view the latest tweet. Twitter uses cookies to improve its service, personalise content and enable additional features, or to target Twitters ads to registered Twitter users. | 1 year | |
| lang | Used to remeber a user's lanaguage setting | session | |
| s_ppv | Used by Adobe Analytics to store and retrieve the page view percentage | session | |
| AMCVS_14215E3D5995C57C0A495C55% 40AdobeOrg |
Indicates the start of a session for Adobe Experience Cloud | session | |
| s_plt | Keeps track of the time taken to load the previous page | session | |
| li_gc | Used to store guest consent to the use of cookies for non-essential purposes | 2 years | |
| bcookie | Browser identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse on the platform | 2 years | |
| s_cc | Used to determine if cookies are enabled for Adobe Analytics | session | |
| gpv_pn | Used to store and retrieve the previous page visited inAdobe Analytics | 6 months | |
| AMCV_14215E3D5995C57C0A495C55% 40AdobeOrg |
Unique identifier for Adobe Experience Cloud | 180 days | |
| AnalyticsSyncHistory | Used to store information about the time a sync with the lms_analytics cookie took place | 30 days | |
| UserMatchHistory | LinkedIn Ads ID syncing | 30 days | |
| aam_uuid | Set for ID sync for Adobe Audience Manager | 30 days | |
| s_pltp | Provides page name value (URL) for use by Adobe Analytics | session | |
| lissc | Used to ensure there is correct SameSite attribute for all cookies in that browser | 1 year | |
| lidc | To optimise data centre selection | 24 hours | |
| s_tslv | Used to retain and fetch time since last visit in Adobe Analytics |
6 months |
5. Data retention times
The user’s data is kept for the time strictly necessary to fulfil the purposes for which the data was collected, in compliance with the prescribed terms or with the data retention terms established by law, or for a longer period if the data has to be kept for the protection of the rights of the Data Controller.
With specific reference to the processing of data through the use of profiling cookies, if the user has given consent, the data will be stored in the Data Controller’s database for a maximum of twenty-four months, after which it will be deleted or made anonymous.
6. The user’s rights
In relation to the processing purposes described above, users are entitled to exercise the rights referred to in Articles 15 et seq. of the GDPR, particularly the right to object to the processing of personal data, and can change their choices at any time by accessing the appropriate user preferences section or by contacting the DPO and Advisory Staff of Banca Monte dei Paschi di Siena S.p.A. at the following:
Via A. Moro n. 11/13 - 53100 Siena;
Fax + 39 0577 296520;
Email: privacy@mps.it.
Users also have the right to submit a complaint to the Data Protection Authority, to be sent to the Garante per la Protezione dei dati personali, piazza Venezia n. 11 – 00187 Roma (garante@gpdp.it; phone + 39 06 69677.1; fax + 39 06 69677.3785).
7. Data Controller and Data Protection Officer
The Data Controller is Banca Monte dei Paschi di Siena S.p.A. with registered office in Piazza Salimbeni, n.3, Siena.
The Data Protection Officer (or DPO) is the Interim Head of the DPO and Privacy Advisory Staff Unit and can be contacted via certified email at responsabileprotezionedeidati@postacert.gruppo.mps.it or via ordinary email at responsabileprotezionedeidati@mps.it for all matters relating to the processing of a user’s personal data and for exercising of rights under the GDPR.