Pursuant to Regulation (EU) 2016/679 (hereafter “GDPR”) and the national law in force on personal data protection (hereafter, together with the GDPR, “Privacy Law”), Mediobanca – Banca di Credito Finanziario S.p.A., based in Milan, Piazzetta Enrico Cuccia 1 (hereafter the “Controller” or “Mediobanca”), as Data controller, is required to provide a notice relating to the use of personal data.
The personal data held by the Controller are collected directly from the data subjects through registration with the online service “Certificates WebPricer”, which is made available for free by Mediobanca, and its use (hereafter the “Service”).
- Purpose of processing and obligation to provide data
All personal data are processed, in compliance with legal provisions and confidentiality obligations, for purposes strictly connected with and necessary for the registration with the Service and its use.
The provision of personal data is optional, therefore failure to provide them does not entail any negative consequence, except the impossibility of registering with and using the Service.
- Legal basis
The legal basis of the processing is identified in the performance of a contract to which the data subject is party or in the implementation of pre-contractual measures taken at the data subject’s request.
- Means of processing
The processing of personal data will take place, in compliance with the provisions envisaged by the Privacy Law, using print, IT or online instruments, with approaches closely connected to the purpose indicated and, in any case, with means suitable to guarantee its security and confidentiality in compliance with the Privacy Law.
- Data communication and dissemination
To pursue the purpose described at point a) above, personal data will be disclosed to Mediobanca employees who will act as authorised data processors.
In addition, data can be communicated to:
- other companies belonging to the Group;
- people who handle the sending of email communications;
- other people whom Mediobanca uses in various capacities to supply the service requested;
- people who provide services to manage the Mediobanca IT system;
Personal data will be transferred outside the European Economic Area solely on the basis of an adequacy ruling by the European Commission or if other appropriate safeguards provided for in the Privacy Law are in place (including standard contractual clauses for the transfer of personal data to other countries).
Personal data processed by Mediobanca are not disseminated.
- Data retention
In compliance with the principles of proportionality and need, personal data will be stored in a form which enables the identification of the data subjects for a period of time which does not exceed the achievement of the purposes for which they are processed, i.e. by taking into consideration:
- the need to continue to keep the personal data collected in order to provide the Service;
- the existence of specific legal obligations (legal codes, anti-money laundering law, investment services law, tax monitoring law, etc.) or contractual obligations that make the processing and retention of the data necessary for set periods of time.
Mediobanca will adopt reasonable measures to guarantee that inaccurate personal data are rectified or cancelled.
- Rights of the data subject
The people to whom the personal data refer are entitled at any time to obtain confirmation of the existence or non-existence of such data and to know their content and origin, check their accuracy or ask for their integration or updating, or their rectification (Articles 15 and 16 of the GDPR).
In addition, data subjects are entitled to request the erasure, restriction of processing, withdrawal of consent, data portability, as well as to lodge a complaint with the supervisory authority and to object in any case, on legitimate grounds, to their processing (Article 17 et seq. of the GDPR).
These rights can be exercised by sending a written communication to: privacy@mediobanca.com
Mediobanca, also through its designated structures, will arrange to handle the request and to provide, without unjustified delay, information relating to the action taken.
- Data Controller and Data Protection Officer
The Data controller is Mediobanca – Banca di Credito Finanziario S.p.A., based in Milan, Piazzetta Enrico Cuccia 1.
Mediobanca has appointed a Data Protection Officer. The Data Protection Officer can be contacted at the following addresses:
Mediobanca – Banca di Credito Finanziario S.p.A.
