Web Privacy Policy



This page describes the methods of and approaches towards processing the personal data of users (the “Users”) who browse our website www.fbs.it (the “Site”). This policy is aimed at all Users who interact with the Site and is made available in accordance with Article 13 of EU Regulation 2016/679 “General Data Protection Regulation” (GDPR), and current Italian legislation on personal data protection. The validity of the contents of this policy is limited only for the Site and does not extend to other websites which may be browsed using hyperlinks. By processing we mean any operation or set of operations which is performed with or without the use of automated means on Personal Data or on sets of Personal Data, even if not recorded on a database, such as collection, recording, organisation, structuring, storage, study, selection, blockage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. The policy may be subject to modifications due to the introduction of new regulations on the subject. Users are therefore invited to periodically check this page. With regard to the Site, the Data Controller is FBS S.p.A., with registered office in via Senato no. 6, 20121 Milan (the “Data Controller” and/or the “Company”). Users can contact the Data Controller for clarifications regarding this policy and/or to exercise the rights recognised by EU Regulation 2016/679 at the following e-mail address: privacy.fbs@bancaifis.it. &nsbp;

Types of data processed and purposes of processing

1) Data provided voluntarily by users Voluntarily sending e-mail to the e-mail addresses indicated on this Site means that we will subsequently acquire the sender’s e-mail address, which is necessary for responding to requests, and any other personal data included in the communication. This also applies to the handling of complaints from users and the answers we provide. The data provided in this way are processed by the Data Controller for the time necessary for completion of the purposes for which they have been communicated, and they will be erased as soon as these time limits have expired. Users who publish personal content on the Site must be aware of the fact that published information may also be read, gathered or used by third parties who do not have any relationship with the Data Controller, in order to send unsolicited messages. The Data Controller is not responsible for the way in which third parties use the personal data that users choose to publish with these means. 2) Navigation data The computer systems used to operate the Site, during standard operation, and for the sole duration of the connection, acquire various forms of personal data, the transmission of which is implicit in using internet communication protocols. This information is not gathered in order to be associated to specific Data Subjects, but, by its very nature, could allow users to be identified through processing of, and association with, data held by third parties. This category of data includes: IP addresses or the names of computers used by the users who connect to the Site, addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the requests, the method used to make the requests to the server, the size of the file received in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.), the characteristics of the browser used for navigation, the size of the window in which the browser is running on the device in use, and other parameters relating to the operating system and the user’s computing environment. These data are used solely to gather anonymous statistical information regarding the use of the Site and in order to monitor its correct functioning, and are erased immediately after being processed. Data could be used to ascertain responsibility in the event of hypothetical computer offences committed against the Site. 3) Cookies Cookies are small strings of text that the website sends and saves in the user’s device, to then be used by the same website when the user returns. During navigation, the user may also receive cookies on their device which have been sent by other websites or servers (belonging to so-called “third parties”) which may contain some elements (such as, for example, images, maps, sounds, specific links to pages in other domains) present on the website visited. Cookies are used for various purposes such as, for example, computer authentication, session monitoring, and the saving of information concerning specific configurations regarding the users accessing the server. Cookies can be divided into different types.
  • Technical cookies (or essential cookies): technical cookies can be sub-divided into session cookies (which guarantee normal navigation and use of the website) and permanent cookies (analytical cookies, used to collect information in an aggregated form regarding the number of users and how they visit the website, and functional cookies, which allow the user to navigate according to a series of selected criteria, such as, for example, language, etc.). Installation of these categories of cookies does not require the prior consent of the users. Technical cookies are installed on the user’s device in order to identify the user when they log into the websites, to analyse navigation with a view to continuous optimisation, and to carry out analyses aimed at improving the appearance, functionality and security of the website. Furthermore, this website makes use of technical cookies that allow personalised navigation, according to a series of criteria entered on the website by the user.
  • Profiling cookies (or behavioural cookies): profiling cookies are aimed at creating user profiles and are employed to send advertising messages in line with the preferences demonstrated by the users during navigation online. In order for these cookies to be installed, regulations require for the user to provide their consent. Profiling cookies can be used for remarketing/retargeting activities, in order to present users with advertising constructed on other websites, according to the way the users make use of the website. The website can also use tag pixels/web beacons, which are images incorporated into the website with the aim of measuring and analysing use. Lastly, use can also be made of third-party widgets/multimedia plug-ins allowing for the use of social networks and sharing of content through their accounts. These interactive programs are operated from our servers and gather users’ IP addresses, the page visited on our site, and they configure cookies to allow the correct functioning of widgets/plug-ins. The operations that users carry out by means of the widgets/plug-ins are regulated by the privacy policy of the third-party companies that provide them, and not by this policy.
  This Site does not use cookies defined as “profiling cookies”.  
  • “Third-party” cookies: third-party cookies are cookies set by a website other than the site you are currently visiting. They enable Google Analytics functionality (anonymising your IP address) and help Site operators to analyse information regarding visitors such as browser use, number of visitors and other data that help the Company to improve content. The information generated will be transmitted to, and stored in, Google’s servers in the United States. Google will use this information in order to track and study website use, to prepare reports on website activity for Site operators and to provide other services relating to Site activity and Internet use. Google may also transfer this information to third parties where required by law.
Users can prevent the Data Controller from using cookies through the appropriate settings in the web browser. However, users who choose to delete technical cookies from their device, or to block them, may not have access to all the functions of the service. Even with all cookies deactivated, the browser will continue to save a small amount of information which is necessary for the basic functioning of the website. The cookies used on this Site are set out below.
Third party Type of cookie Cookie Storage time Description Extended policy
Google Universal Analytics Technical cookie __utma 2 years This cookie is used to distinguish users and sessions. https://policies.google.com/privacy
Technical cookie __utmb 30 minutes This cookie is used to memorise the timestamp for the visit to the website.
Technical cookie __utmt 10 minutes This cookie is used to limit the speed of a request.
Technical cookie __utmz 6 months This cookie memorises the source of traffic or the campaign which explains how the user reached the site.
Iubenda Technical cookie _iub_cs-[id] 1 year This cookie memorises the acceptance and/or visualisation of a privacy policy by a user. https://www.iubenda.com/it
If you wish to modify settings regarding the use of all cookies, please refer to the instructions below according to the browser you are using:
Browser Link to cookie management page
Chrome https://support.google.com/chrome/answer/95647?hl=it
Microsoft Internet Explorer https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage-cookies
Safari https://support.apple.com/kb/PH19255?viewlocale=it_IT&locale=it_IT
Mozilla Firefox https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Methods of processing personal data and storage periods

The personal data gathered by the Data Controller’s website are processed by automatic instruments for the time strictly necessary for the purposes for which they were collected. At the end of this period, the data will be erased or rendered anonymous, unless further storage is necessary for legal reasons or to comply with orders from Public Authorities and/or Supervisory Bodies. The Site processes users’ data in a lawful and fair manner, adopting appropriate security measures aimed at preventing unauthorised access, disclosure, modification or destruction of data. Processing is carried out using computer and/or telematic tools, with organisational methods and approaches that are strictly related to the purposes indicated. No data deriving from web services will be subject to public disclosure.

Categories of entity to which personal data may be disclosed or who may become aware of this data

To achieve the purposes described, or in cases in which it is strictly necessary or required by law or by authorities empowered to impose this law, the Data Controller reserves the right to communicate the data to the following categories of recipient:
  • Entities which carry out banking, financial and insurance services;
  • Regulatory and Control Authorities and Bodies and, in general, public or private entities with prominent public functions (e.g. the Italian Financial Information Unit – UIF, the Bank of Italy, the Italian Tax Authority – Agenzia delle Entrate, the Interbank Register of Bad Cheques and Payment Cards, the Bank of Italy’s Central Credit Register, the Judicial Authorities, in any case solely within the limits of the conditions established by the applicable legislation);
  • Other companies of the Group to which the Company belongs, whether controlling, subsidiary or associated, in accordance with Article 2359, Italian Civil Code (including those situated abroad);
  • Entities which carry out services to gather, process and study data;
  • Entities providing IT and telecommunications network management services for the Company (including mailing services);
  • Entities responsible for document storage and data-entry;
  • Entities responsible for customer services;
  • Professional firms or companies providing assistance and consultancy services;
  • Entities carrying out market research, aimed at identifying the level of satisfaction expressed by customers on the quality of the services provided and activities carried out by the Company;
  • Entities carrying out analyses of the activities of visitors to the website and of the performance of online campaigns aimed at improving content and services. The Company may allow these service providers to use cookies and other technology to supply said services on its behalf;
  • Entities responsible for the control, auditing and certification of the Company’s activities.
Data may also become known, in the exercising of assigned tasks, by the Data Controller’s personnel, including interns, temporary workers, consultants, employees of external companies, all specifically authorised to process personal data.

Transferring data to non-EU countries/organisations

Where it is necessary to achieve the purposes mentioned, Data Subject’s Personal Data may be transferred abroad, to non-EU countries/organisations which guarantee a level of protection of personal data that is deemed appropriate under the decision of the European Commission, or in any case based on other appropriate safeguards, for example, the Standard Contractual Clauses adopted by the European Commission. A copy of any Data transferred abroad, as well as the list of non-EU countries/organisations to which Data have been transferred, may be requested from the Data Controller by presenting a request to the organisational unit charged with responding to Data Subjects, via standard mail sent to the Data Controller’s registered office or via e-mail to privacy.fbs@bancaifis.it.

Rights of Data Subjects

In accordance with Articles 15 to 22, the Regulation enables Data Subjects to exercise specific rights. In particular, a Data Subject may obtain: a) confirmation as to whether or not personal data concerning him or her are being processing and, if so, access to that personal data; b) rectification of incorrect personal data and supplementation of incomplete personal data; c) erasure of personal data concerning him or her, when permitted by the Regulation; d) restriction of processing, in the cases provided for by the Regulation; e) communication to recipients of the personal data of requests made by the Data Subject regarding the rectification/erasure of personal data and the restriction of processing of the personal data, unless this proves impossible or involves disproportionate effort; f) the reception, in a structured, commonly used and machine-readable format, of the personal data provided to the Data Controller, as well as the transmission of those data to another data controller, at any time, even on termination of any relationship established with the Data Controller. The Data Subject also has the right to oppose, at any time, the processing of personal data concerning him or her: in this case, the Data Controller is obliged to refrain from any further processing, except for the scenarios set out in the Regulation. The Data Subject also has the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or has a similar effect on their person, unless this decision is: a) necessary for entering into, or performing a contract between the Data Subject and the Data Controller; b) authorised by European Union law or by the laws of the Member State to which the Data Controller is subject; c) based on the explicit consent of the Data Subject. In the cases specified in points a) and c) above, the Data Subject has the right to obtain human intervention from the Data Controller, to express his or her opinion and to appeal against the decision. These requests may be submitted to the organisational unit responsible for responding to Data Subjects, via standard mail sent to the Data Controller’s registered office or via e-mail to  privacy.fbs@bancaifis.it. The Data Subject also has the right to file a complaint with Garante Privacy [the Italian Data Protection Authority].