This privacy policy (the “Privacy Policy”) describes the processing activities of the personal data referring to the users of this web site (accessible at https://annualreport.unicredit.eu and, hereinafter, the “Site”).
The Privacy Policy is provided pursuant to art. 13 and 14 of Regulation (EU) 2016/679 (“GDPR”) by the Controller (as defined below).
The Privacy Policy is provided only for the Site, and not for other websites that may be consulted by the user through the Site https://ir2022.financialreports.unicredit.eu/en.
DATA CONTROLLER AND DATA PROTECTION OFFICER
Your data will be processed by UniCredit S.p.A., with registered office at Piazza Gae Aulenti n. 3, Tower A, 20154 Milan, as data controller (hereinafter, also the “Controller”).
The Data Protection Officer appointed by UniCredit S.p.A. may be contacted at UniCredit S.p.A., Data Protection Office, Piazza Gae Aulenti n. 1, Tower B, 20154 Milan, email: Group.DPO@unicredit.eu, PEC: Group.DPO@pec.unicredit.eu.
CATEGORIES OF DATA PROCESSED
Navigation data
During their normal operation, the information systems and software procedures used for the functions of this websites collect certain personal data, the transmission of which is implicit in the use of Internet, based on the TCP/IP protocol.
This is information which is not gathered to be associated with identified data subjects, but which by its very nature could, through processing and association with data held by others, enable the users to be identified.
This category of data includes the "IP addresses" or domain names of the computers used by users who visit the Site, the addresses in URI (Uniform Resource Identifier) format of the resources requested, the time of the request, the method used in submitting the request to the web server, the dimensions of the file obtained in response, the numerical code indicating the state of the response given by the web server and other parameters relating to the user's operating system and IT environment.
Such data are used for the sole purpose of handling user requests pursuant to art. 6, let. b) of the GDPR and to check its correct functioning, pursuant to art. 6, let. f) of the GDPR.
it should be noted that the aforementioned data could be used to ascertain responsibility in case of computer crimes against the Site or other websites connected or linked to it.
COOKIES
Further information about the cookies installed through the Site are available at the link: https://ir2022.financialreports.unicredit.eu/en/cookies-policy.
PROCESSING METHOD AND SECURITY MEASURES
Specific security measures are implemented to prevent loss of data, illegal or incorrect uses and unauthorized access.
RIGHTS OF THE DATA SUBJECTS
The GDPR grants individuals, sole proprietorships and/or freelancers specific rights the rights referred to in art. From 15 to 22 of GDPR, including the right to know what personal data is held by the Controller and how it is used (Right of Access), to obtain the updating, rectification or, if interested, integration of such data, as well as their erasure, transformation into anonymous form or limitation.
PERIOD OF DATA STORAGE AND RIGHT TO ERASURE (i.e. RIGHT TO BE FORGOTTEN)
The Controller processes your personal data for the time strictly necessary to achieve the purposes described above.
At the end of the applicable retention period, personal data relating to the user will be deleted or stored in a form that does not permit the identification of the user (e.g., irreversible anonymization), unless their further processing is necessary for one or more of the following purposes: i) resolution of pre-litigation and/or litigation initiated before the expiry of the retention period; ii) to follow up investigations/inspections by internal control functions and/or external authorities started before the expiry of the retention period; iii) to follow up requests from Italian and/or foreign public authorities received/notified to the Controller before the expiry of the retention period.
HOW EXERCISE THE DATA SUBJECTS’ RIGHTS
In order to exercise the rights described in the previous paragraphs, the user may apply to: UniCredit S.p.A., Claims, Via Del Lavoro n. 42, 40127 Bologna, tel. +39 051.6407285, fax +39 051.6407229, indirizzo e-mail: diritti.privacy@unicredit.eu.
The deadline for the reply is one (1) month, which may be extended by two (2) months in particularly complex cases; in these cases, the Controller will provide at least one interim communication within one (1) month.
The exercise of the rights is, in principle, free of charge; the Controller reserves the right to charge a fee in the event of manifestly unfounded or excessive requests (including repetitive ones).
The Controller has the right to request information necessary to identify the applicant.
COMPLAINT OR REPORT TO THE PERSONAL DATA PROTECTION AUTHORITY
The Controller informs you that you have the right to file a complaint or a report to the Italian Data Protection Authority or alternatively to appeal to the judicial authority.
The contact details of the Italian Data Protection Authority can be found on the website http://www.garanteprivacy.it.