Environmental & Social Information • Mar 19, 2020
Environmental & Social Information
Open in ViewerOpens in native device viewer
This policy is intended to provide you with an overview of the use of your personal data by FinecoBank S.p.A. and of your rights under Articles 13 and 14 of the General Regulation on the Protection of Personal Data - Regulation (EU) 2016/679 (hereinafter also "GDPR").
The Data Controller is FinecoBank S.p.A. - Parent Company of the FinecoBank Banking Group - with registered office at Piazza Durante no. 11, 20131 Milan (hereinafter "Bank" or "Fineco").
The Data Protection Officer (DPO) can be contacted at:
FinecoBank S.p.A. Data Protection Officer P.zza Durante no. 11, 20131 Milan E-mail: [email protected]
Fineco processes the personal data in its possession, collected directly from you, or possibly through competent local administrations, also for the purpose of verifying their truthfulness, for the following purposes:
These obligations concern, inter alia, the verification, during the candidacy phase and on an ongoing basis, whether you meet the eligibility requirements set out by law, Fineco's By-laws and the provisions of the Code of Conduct for Listed Companies, to accept and hold office or particular qualifications (requirements of integrity, fairness, professionalism, competence, independence, time commitment and holding of multiple positions, compliance with the prohibition of interlocking) and for the application of regulations on related-party transactions as well as for the fulfilment of social security and tax obligations related to the remuneration paid.
Please note that some of the checks indicated involve the processing of data referring to your family2 and, therefore, we ask you to have them read this Policy.
The needs illustrated above constitute the legal basis legitimising the relevant processing. The conferment of data is necessary to fulfil the obligations deriving from accepting a senior position; without your personal data, Fineco would be unable to establish/continue the relationship or execute it.
B. Fulfilment of legal obligations and requests from the Public and/or Supervisory Authorities regarding the need to acquire, communicate and/or make public - also in the candidacy phase prior to taking office - on the website \_www.finecobank.com and/or in specific company documents (e.g., Prospectuses/Corporate Governance Report, Financial Statements) information concerning you (e.g., that contained in your curriculum vitae, in the list of positions held, as required by current regulations and in compliance with Fineco's By-laws and Code of Conduct).
The needs illustrated above constitute the legal basis legitimising the relevant processing. The conferment of data is necessary to fulfil obligations under the law and requests of Authorities and to accept a senior position at Fineco; without your personal data, Fineco would be unable to fulfil its legal obligations and therefore to establish the relationship with you.
1 Directors, Statutory Auditors and their families.
2 The perimeter of your family is identified in accordance with the specific applicable rules.
Fineco processes personal data collected directly from you, or from third parties (e.g., competent local authorities), which include, by way of example, personal details (e.g., name, surname, address, date and place of birth) bank data, information on your financial situation (e.g., personal estate, information on credit reports), positions held and related remuneration, employment relationships, commercial/professional relationships, etc..
This information may relate to existing or past relationships with Fineco as well as with third parties.
Fineco processes judicial data (i.e., personal data relating to criminal convictions, crimes or related security measures, including any information on ongoing proceedings) that may involve you in order to ascertain the subjective and good repute requirements and/or prerequisites that prohibit holding a senior position. In such cases, processing is necessary to fulfil a legal obligation or to comply with requests from Public or Supervisory Authorities (for example, filling in the questionnaire requested by the ECB). This need constitutes the legal basis legitimising the relevant processing. The conferment of data is necessary to fulfil legal obligations; without your personal data, Fineco would be unable to fulfil its regulatory obligations and therefore to establish the relationship with you.
Your data may come to the knowledge of the natural and legal persons in the list available on the website www.finecobank.com in their capacity as Data Processors and of the natural persons belonging to the categories below in the discharge of their duties in the capacity as persons in charge of processing: employees of or seconded to Fineco, temporary workers, interns, consultants and employees of external companies appointed as Processors.
The data may be communicated to:
The list of persons to whom the data may be communicated is available in the "Privacy" section of the website www.finecobank.com.
Fineco informs that personal data may also be transferred to countries outside the European Union or the European Economic Area (so-called Third Countries) recognised by the European Commission with an adequate level of personal data protection or, otherwise, only if it is contractually guaranteed by all Fineco suppliers located in the Third Party Country an adequate level of personal data protection with respect to that of the European Union (e.g., by signing the standard contractual clauses provided by the European Commission) and that the exercise of the rights by data subjects is always ensured.
Personal data are processed by means of manual, IT and telematic instruments using logic strictly related to the purposes and, in any case, in order to guarantee the security and confidentiality of said data.
The GDPR entitles you to know what data concerning you is in Fineco's possession, as well as how it is used and to obtain, when the conditions subsist, the copy, erasure, updating, correction or, if of interest, integration of the data, as well as the right to portability.
Fineco processes and keeps your personal data for the duration of the term of your office, to fulfil the inherent and ensuing obligations and to comply with legal, contractual and regulatory applicable obligations, as well as for defensive purposes of its own or third parties until the expiry of the longer period of limitation provided for by applicable law (i.e., 11 years) starting from the date of termination of office.
At the end of the applicable storage period, personal data relating to you shall be deleted or stored in a form that does not allow your identification (e.g., irreversible anonymisation), unless further processing is necessary for one or more of the following purposes: i) resolution of pre-litigation and/or litigation initiated before the expiry of the retention period; ii) to carry out investigations/inspections by internal control functions and/or external authorities initiated prior to the expiry of the retention period; iii) to comply with requests from Italian and/or foreign public authorities received by/notified to Fineco before the expiry of the retention period.
The e-mail address which you may contact to exercise your rights under paragraph 7 above is: [email protected] or submit the request in writing to FinecoBank, Via Rivoluzione d'Ottobre no. 16, 42123 Reggio Emilia.
The term for reply is one (1) month, which may be extended by two (2) months in particularly complex cases; in such cases, the Bank shall provide at least one interim communication within one (1) month.
In principle, the exercise of rights is free of charge; Fineco reserves the right to request a contribution in case of manifestly groundless or excessive (even repetitive) requests.
Fineco informs you that you are entitled to lodge a complaint or make a report to the Italian Data Protection Authority (Garante per la protezione dei dati personali) or alternatively to lodge a complaint with Judicial Authorities. The contact details of the Italian Data Protection Authority can be found on the website http://www.garanteprivacy.it.
Building tools?
Free accounts include 100 API calls/year for testing.
Have a question? We'll get back to you promptly.