How personal financial data is managed
Similarly to all other personal data, financial information is processed according to principles of strict confidentiality and shall not be communicated to any third parties unless the persons concerned have given their prior explicit consent.

The information gathered by the Bank for the sale of a product or the supply of a service, which may be disclosed to an advertiser or partner, shall only be made available in a common data area  that does not include any individual user information.

Knowing that a person makes use of certain specific services allows the Bank to offer them better contents and more targeted offerings.

It is worth pointing out  that the Bank’s website contains a number of sections in which users may enter information about  their credit cards to complete commercial transactions or just simply for authentication purposes.

Each time the Bank’s website prompts for a credit card number, its code is encrypted with Secure Socket Layer (SSL) before transmission.

International financial transactions
The execution of international financial transactions (such as cross-border bank transfers) and specific domestic transactions  requested  by the clients, requires the use of an international  messaging service. This service is managed by the  "Society for Worldwide Interbank Financial Telecommunication" (SWIFT) which has its registered office in Belgium. The Bank  communicates to SWIFT (which is the owner of the SWIFTNet Fin system) all data necessary to execute these transactions, such as the names of the sender, recipient, relevant banks involved, bank account details and amount of payment.

As at today, banks would not be allowed to execute these transactions without using the interbank network and communicating the afore mentioned data to it. However,  the following should be noted:

  • for operational security reasons, all client data used to perform financial transactions are currently duplicated, transmitted and temporarily stored as a copy by SWIFT on  a company server in the United States;  
  • the data stored on the server may be used in the United States pursuant to local regulations. The relevant US authorities (in particular the Department of the Treasury) have had and may have access to this database according to measures deemed applicable on the basis of  US counterterrorism regulations.

The person concerned will maintain the rights referred to in section 7 of the Italian Personal Data Protection Code.