General Data Protection Regulation (EU) No. 2016/679 (GDPR)


The purpose of this section is to inform data subjects accessing the website of essential aspects on the processing of personal data. In accordance with our company policy and the cited legislation, such processing will be based on principles of lawfulness, fairness, transparency and protection of your confidentiality and your rights. The Company guarantees compliance with the legislation applicable to the processing of personal data.

In particular, the Company ensures compliance with the rules contained in Legislative Decree No. 196/2003 “Italian Privacy Code”, as subsequently amended and extended, and in EU Regulation No. 679 of 2016 on the matter of personal data protection (so-called GDPR).

Data Protection Statement

Source of Data and Data Controller

This document has been drafted pursuant to Article 13 of EU Regulation No. 2016/679 (hereinafter “GDPR”) to inform you of our data protection policy. It describes the general modalities for processing the personal data of users of the website and the cookies used and how your personal information is managed when you use our website

The information and data that you provide or is otherwise obtained when using the services found on the Website will be processed in accordance with the provisions of the Regulation and the confidentiality obligations on which Banca Generali’s activity is based. According to the Regulation’s provisions, the processing carried out will be based on the principles of lawfulness, fairness, transparency, purpose and storage limitation, data minimisation, accuracy, integrity and confidentiality.

The Data Controller of the processing carried out through the Website is Banca Generali S.p.A., whom you may contact for any information regarding the processing of personal data. The Company has appointed the Data Protection Officer responsible for ensuring compliance with the rules for protecting your Personal Data who may be contacted for questions regarding the processing of your data at the following address:

This statement is made solely for this Website and not for any other websites consulted by the user through links. Reference is made to any special website sections where you can find specific information and any requests for consent for individual processing.

Types of personal data

Following navigation of the Website and any use of the services provided, please note that the Company will be able to process the following types of personal data:

2.1) Navigation data

The IT systems and software procedures used to operate this website obtain personal data, during their normal functioning, the transmission of which is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with identified interested parties, but that could, by its very nature, allow users to be identified through processing and associations with data held by third parties.

This data category includes: the IP addresses or domain names of the computers used by users connecting to the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used when submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and IT environment of the user. These data are used for the sole purpose of obtaining anonymous statistical information on website use and to check that the site is working properly. The data could be used to establish responsibility in the event of hypothetical cybercrimes against the website.

Retention of data

Your data will be stored for a maximum period of 26 months.

Purposes of the processing and legal basis

The personal data processing that we intend to carry out, with your specific consent where necessary, has the following purpose:

  • to allow navigation of the Website and delivery of the Services offered by the Website.

The legal basis for the processing is represented by:

  • informed and free consent that you will be asked for on special pages of the website where it will be preceded by our specific policy statement or via cookie banners (see section dedicated to the cookie policy). In this case, the provision of data is absolutely free, and in the absence of your consent, the data will not be collected and used in any way for such purposes. If you have given your consent, you may withdraw it at any time and the data will not be processed further for such purposes from the time consent is withdrawn. For the sake of maximum clarity, we would point out that withdrawal of consent has no retroactive effects on data processed before withdrawal.

Communication of personal data

The data may be brought to the attention of:

  • subjects authorised by the Company to process Personal Data required to carry out activities strictly related to the delivery of Services, who have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality (e.g., employees and system administrators);
  • any third parties working on Website management and acting typically as Data Controllers or Data Processors (a complete and updated list of Data Processors may be requested from the Company);
  • subjects, bodies or authorities to whom it is mandatory to communicate your Personal Data by virtue of legal provisions or orders of the authorities.

Transfer of personal data

Some of your Personal Data are shared with Recipients who could be outside the European Economic Area. The Company ensures that the processing of your Personal Data by these Recipients takes place in compliance with the GDPR, since it can be based on an adequacy decision, Standard Contractual Clauses approved by the European Commission or another suitable legal basis.

Your rights

With reference to the data processed, the Company guarantees you the option to:

  • receive confirmation that the personal data concerning you exist or not and receive a copy of such information in an intelligible format;
  • have your data updated, rectified or supplemented;
  • request that your data be erased, within the permitted terms, or ask for it to be anonymised;
  • object, wholly or in part, for legitimate grounds, to the processing of personal data concerning you;
  • limit the processing, in the event of infringement, request for rectification or objection;
  • request the portability of the electronically processed data that you have provided on the basis of consent or contract;
  • withdraw consent for the processing of your data, if applicable.

Please note that the Company undertakes to respond to your requests within one month, except in particularly complex cases, when a longer period could be required. In any case, the Company will give you the reason for the delay within one month of your request.

You will be given the outcome of your request in writing or in electronic format. If you request the rectification, erasure or limitation of the processing, the Company undertakes to notify the outcomes of your requests to each recipient of your data, unless this proves to be impossible or implies a disproportionate effort. You are reminded that withdrawal of consent does not prejudice the lawfulness of the processing based on consent prior to withdrawal.

The Company specifies that you may be asked to make a financial contribution if your demands are manifestly unfounded, excessive or repetitive, and, in this regard, the Company will keep track of your requests for intervention.

The contacts for the exercise of rights are: