Personal data collected
The collection of certain personal data (such as full name, birth date, mailing address, email address, tax code, etc) is indispensable for the management of contractual relations with clients and the  supply of  services requested.  

Additional information, concerning one’s job, personal interests, etc., may be collected only if voluntarily submitted, for a better customization of the Bank’s services to the visitors’ needs.

The users’ personal data may also be requested for additional purposes such as, for example, to enable them to participate in contests, subscribe to product and/or service promotions sponsored by the Bank, Group companies and/or other selected businesses, or inform the Bank about difficulties or failures that may have emerged while visiting the website or using a service.

If website visitors are  on occasion requested to submit their personal data for  internal statistical purposes, they will in any case be notified of the Bank’s privacy policy.

Use of personal data collected
The Bank gathers personal data on line to provide users with customized services and financial information and to make it possible for clients to communicate interactively, purchase products on line and use a number of other services, some of which are completely free of charge.

Offerings of products and services may be e-mailed to the users only if they have communicated their email addresses to the Bank.

However, the Bank may use e-mail communication for specific services or on a regular basis according to the rules of permission marketing, that is to say upon prior explicit consent by the person concerned. In some instances, the user may in fact communicate a specific email address for special services, other than the address communicated for more general purposes.

It is understood, however, that users may modify their preferences at any time.

Finally, the Bank carries out internal research on its users’ interests and habits based on the information they provide  in order to get a better understanding of their needs and therefore offer a better service.

Who collects personal data
Personal information that may be collected from a website visitor will not be shared with any other subject, unless specified otherwise in appropriate information documents.

Some services are provided in collaboration with partner companies. However, the provision of these services does not require that the users’ personal data be shared also with the partner companies. In any case, when personal data needs to be processed not only by the Bank but also by another company, information will be given to the user prior to its collection or communication.

The Bank’s website may also host promotional campaigns of products and services sponsored by other companies of the Group, other selected partners or jointly by the Bank and other partners.

Upon signing up for these promotions, users will be informed about the fact that their personal data will also be handled by the sponsoring partner.  If the user does not want his personal data to be processed by other companies, he/she may decide not to sign up for the promotional offer.

Third companies using  the Banks’ website for their advertising or any other third party sites linked to the Banks’ website may also obtain personal information about the Bank’s website visitors. Since the data processing practices of these companies  lie outside the Bank’s sphere of competence and responsibility, they shall not be covered in any respect by this Privacy Statement.

With whom is personal data shared
As provided for by articles 23 and 24 of Legislative Decree no.196/03, the Bank will generally not disclose any personal information about the users to third parties unless explicitly authorized by the users during the data collection phase.

More detailed information about the sharing of personal data is contained in the terms and conditions for use of each individual product or service offered by the Bank.

Some of the circumstances in which the users’ personal data may be shared with outside parties are reported below.
Commercial partners and sponsors: The Bank may share the users’ personal data with commercial partners and sponsors on condition that prior detailed notification is given to the users and that consent to personal data disclosure is obtained from them. More detailed information is contained in the terms and conditions set out for participation in contests and commercial promotions.

Third parties’ data and datasets: Based on non-disclosure agreements, the Bank may compare the information it has acquired about a user with that supplied by a third party. In addition, the Bank may disclose certain statistical data (such as, for example, 45% of users being female) to prospective partners, advertisers and other third parties for commercial and/or legal purposes. In this case, personal data will always be presented on an aggregate and anonymous basis.

Other: In the event that a user  breaches the rules for the use of a service or causes (deliberate or non-deliberate) damage to the  rights or property of the Bank, of other website users or of any other subject, the Bank may decide to disclose information concerning the user’s account to the relevant authorities with a view to identifying, contacting or starting an action against the user.

Disclosure under the afore-mentioned circumstances is expressly provided for by existing regulations adopted for the exercise or protection of rights in legal proceedings (as regulated by art. 24 of Legislative Decree no. 196/03) .

How to prevent accidental loss, destruction, misuse or alteration of retained personal data
The user’s account and public profile information is secured with a password  making access possible only to the  user concerned.The user may modify his own account and profile information by using his BMPS (Banca Monte dei Paschi di Siena) ID and password. In this connection, it is reminded that the password should not be disclosed.The Bank will never ask for a user password by way of an unsolicited e-mail or phone call.

Once the user has finished using the service, he will have to exit the account and close all of the browser windows. By doing this, if the user is sharing the computer with another person or if he is using it in a public place (such as a library or a cyber-café), no one will have access to his own personal information and e-mail.  

What a website visitor should know about online personal data treatment
As an International financial institution, the Bank operates everywhere in the world.

The information supplied to the Bank may therefore come from servers located in countries different from those where it was collected, stored or processed (for example it may be transmitted to Italy from another country  of the European Union).

Each time the Bank manages personal information, independently of the country it was collected in, it makes sure that such information is treated in compliance with security measures and  privacy obligations.

However, it is worth pointing out that no data transmission over the Internet can be guaranteed as 100% secure.

As a consequence, despite the ongoing effort made by the Bank to ensure the highest level of protection of personal data processed, it is impossible for the Bank to guarantee its absolute security during transfer from the point of transmission to the point of reception.  Thus, in this respect, data transmission occurs at the user’s risk.

Once it has obtained the information transmitted, the Bank adopts appropriate measures to guarantee its security within the IT systems. In the event that a user divulges his personal data on line by mistake (for instance by mail or in bulletin boards, chat rooms or forums), the risk is there that other users may intercept or misuse it.  

Ultimately, the user is the only person responsible for the secrecy of his password and/or any other information concerning his own account.

Confidentiality and responsibility are always necessary on line.