Right of access
You may obtain confirmation from the Bank as to whether or not Personal Data concerning you are being processed and, in that case, obtain access to the Personal Data and to the information provided by Art. 15 of the Regulation, including, by way of example: the processing purposes, the categories of Personal Data processed, etc.
If the Personal Data are transferred to a third country or to an international organisation, you have the right to be informed of the existence of appropriate safeguards relating to the transfer.
If requested, the Bank may provide you with a copy of the Personal Data subject to processing. For any further copies the Bank may charge you a reasonable contribution to the costs, based on the administrative costs. If the request in question is submitted by electronic means and unless otherwise indicated, the Bank will provide the information to you in a commonly used electronic form.
Right to rectification
You may obtain the rectification of your inaccurate Personal Data from the Bank, as well as, taking the processing purposes into account, the completion of your incomplete Personal Data, by providing a supplementary statement.
Right to erasure
You may obtain the erasure of your Personal Data from the Controller, where one of the grounds indicated in Art. 17 of the Regulation subsists, including, by way of example, if the Personal Data is no longer necessary in relation to the purposes for which they were collected or otherwise processed or if the consent on which the processing of your Personal Data is based has been withdrawn by you and there is no other legal ground for the processing. Please note that the Bank shall not proceed with the erasure of your Personal Data: if its processing is necessary, for example, for compliance with a legal obligation, for reasons of public interest, for the establishment, exercise or defence of legal claims.
Right to restriction of processing
You may obtain restrictions on the processing of your Personal Data where one of the circumstances provided by Art. 18 of the Regulation applies, including, for example: in response to your contesting the accuracy of your Personal Data that is subject to processing or if your Personal Data are necessary for the establishment, exercise, or defence of a legal claim, despite the Bank no longer needing them for the processing purposes.
Right to data portability
If the processing of your Personal Data is based upon consent or is necessary to implement a contract or pre-contractual measures and the processing is carried out by automated means, you may:
- ask to be given the Personal Data you provided in a structured, commonly used and machine-readable format (for example: by a computer and/or tablet);
- transmit your Personal Data to another Data Controller, without hindrance from the Bank.
You may also ask for the Bank to transmit your Personal Data to another Data Controller indicated by you, where technically feasible for the Bank. In this case, it is your duty to provide us with all the correct details of the new Data Controller to which you intend to transfer your Personal Data and provide us with appropriate written authorisation.
Right to object
You may object at any time to the processing of your Personal Data where the processing is carried out to perform an activity in the public interest or to pursue a legitimate interest of the Controller (including profiling activity). Should you decide to exercise the right to object as described here, the Bank will refrain from further processing your personal data, unless there are legitimate grounds for the processing (which override the interests, rights and freedoms of the data subject), or if the processing is necessary for the establishment, exercise or defence of legal claims.
Automated individual decision-making, including profiling
The Regulation provides that the data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which results in legal consequences concerning him or her or similarly significantly affects him or her, unless the above-mentioned decision:
a) is necessary for concluding or executing a contract between you and the Bank;
b) is authorised by EU or Italian law;
c) is based on your explicit consent.
In the cases referred to in points a) and c), the Bank shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, and you shall have at least the right to obtain human intervention on the part of the Bank, to express your point of view, or to contest the decision.
Right to lodge a claim with the Italian Data Protection Authority
Without prejudice to your right to take action in any other administrative or jurisdictional venue, if you believe that the processing of your personal Data by the Controller is occurring in breach of the Regulation and/or the applicable legislation, you may lodge a complaint with the competent Data Protection Authority.