Privacy Notice on the Processing of Personal Data pursuant to Articles 13 and 14 of EU Regulation 2016/679 (“General Data Protection Regulation”) and Legislative Decree 196/2003 (“Privacy Code”, as amended and supplemented) (the “Privacy Regulation”)
Data Controller and Data Protection Officer (DPO)
The Data Controller pursuant to the Privacy Regulation is Finint Private Bank S.p.A., with registered office in Corso Monforte no. 52, 20122 – Milan, Tax ID 01733820037, represented by its legal representative pro tempore, Tel. +39.02.85906.1 – Fax +39.02.85906.2140 – Email: privacy.fpb@finint.com (the “Controller” or the “Bank”).
The Bank has appointed a Data Protection Officer (“DPO”), who can be contacted at the following email address: dpo.fpb@finint.com.
Source of Personal Data – How we collect your data
The Bank collects and processes your personal data in the following circumstances:
– When you submit a contact request through the website https://thelighthouse.finintprivatebank.com/ (the “Website”) and during subsequent interactions as part of dissemination activities – also via remote communication techniques – related to research or studies in the field of financial products/instruments offered through the Website (the “Service”).
Categories of Data Processed
The Bank will process the following personal data:
– Personal and identification data: first name, last name, contact details (e.g. phone number, address, email address);
– Additional information: any other data provided during follow-up after your request;
– Website usage: information on how you use the site and read our communications, including those collected via cookies.
Purpose and Legal Basis of the Processing
The following list outlines the purposes for which your data are processed and the corresponding legal bases:
A) Managing the Client relationship and/or providing the Service to collect your request for follow-up contact and conduct a phone call to evaluate the conditions for subscribing to research dissemination services regarding financial products/instruments.
Legal Basis: the processing is necessary to perform a contract to which the data subject is party or pre-contractual measures taken at their request.
Providing your data is mandatory; refusal, even partial, would prevent the Bank from offering the Service.
B) Compliance with legal or regulatory obligations, including accounting, tax, administrative requirements, and those set by competent authorities (e.g. Bank of Italy’s rules on the Credit Register, anti-usury and anti-money laundering laws).
Legal Basis: compliance with a legal obligation to which the Controller is subject.
Failure to provide such data would prevent the Bank from establishing a relationship or providing the Service.
C) Fraud prevention, investigation, and detection.
Legal Basis: the Bank’s legitimate interest in preventing fraud, subject to the right to object under Article 21 GDPR.
D) Defending rights during judicial, administrative, or out-of-court proceedings, or in disputes related to the Service. Legal Basis: the Bank’s legitimate interest in protecting its rights.
Data Retention Period
We retain your data only as long as necessary for the purposes for which it was collected or for any related legitimate purposes. Specifically:
A) and C): data processed to fulfill contractual obligations may be stored for the duration of the contract and for up to 10 years thereafter;
B): according to legal obligations;
D): in the event of legally binding requests and/or disputes, the Bank may retain data as long as reasonably necessary to pursue or defend a legal claim.
Data Processing Methods
Processing is carried out through the operations listed under Article 4.2 of the GDPR. It may involve manual, digital, and telematic tools strictly related to the purposes described, ensuring security and confidentiality. Protection is also assured when using digital banking channels such as online banking and trading platforms.
The Controller ensures appropriate technical and organizational measures to safeguard personal data against accidental loss, unauthorized access, or unlawful processing.
Processing is limited to what is strictly necessary and will be minimized, or avoided altogether, when anonymized data can fulfill the intended purposes.
Scope of Data Disclosure
Personal data is processed by authorized personnel who need access to perform their duties or by external data processors.
To fulfill contractual obligations or legal/regulatory requirements, or to meet specific client requests, the Bank may share data with third parties whose involvement is necessary.
The Bank may also share information with other financial intermediaries within the same group if transactions are deemed “suspicious” under anti-money laundering and counter-terrorism financing regulations (Legislative Decree 231/2007).
Data may be shared with the following entities or categories:
– Service providers (e.g., IT and technical support);
– National/international fraud detection and prevention systems;
– Fraud control and debt recovery agencies;
– Financial market supervisory authorities;
– Tax authorities;
– UCAMP (Central Office for Payment Fraud Prevention);
– Public administrations and third parties for legal obligations.
Group companies may also access your personal data for legal and/or contractual obligations. No consent is required for these communications as they are related to contract execution or legal compliance.
These parties may act as data processors (appointed by the Bank) or as independent data controllers. The full list of recipients is available upon request at: privacy.fpb@finint.com.
Data Transfer Abroad
Your personal data may be transferred to countries outside the EU/EEA (“Third Countries”) recognized by the European Commission as having an adequate level of data protection. Otherwise, transfers will only occur with contractual safeguards (e.g., Standard Contractual Clauses) ensuring adequate protection in compliance with Chapter V of the GDPR.
Your Rights Regarding Data Processing
You may exercise the following rights by contacting us:
– Access your personal data;
– Where technically feasible, request a copy and/or transfer to another controller (data portability);
– Request rectification of your data;
– Request erasure of data no longer legally required;
– Withdraw consent where processing is based on consent;
– Restrict processing, where allowed by law;
– Object to processing based on legitimate interests, citing reasons related to your specific situation.
These rights are subject to exceptions (e.g., public interest or our legitimate interests like professional confidentiality). We may ask for proof of identity and will respond within one month.
To exercise your rights or request more information, contact the Bank at:
Corso Monforte, 52 – 20122 Milan, Italy
Email: privacy.fpb@finint.com
Or the DPO: dpo.fpb@finint.com
You also have the right to lodge a complaint with the Italian Data Protection Authority: www.garanteprivacy.it
