Information pursuant to Article 13 of Regulation (EU) 2016/679 on the protection of personal data (hereinafter the GDPR)

 

1. Definition of “cookies” and similar technologies

Cookies are small text files sent by a visited website to a device (pc, smartphone, tablet, console, etc.) to help operate the website and collect information on a user’s online activity. When browsing a website, a user’s terminal may receive cookies from other websites, web services and providers (so-called “third party cookies”) that might contain elements (such as images, maps, sound files, specific links to web pages on other domains) present on the website the user is visiting. There are several types of cookies; however, they all share the common purpose of making the website more effective, enabling certain features and enhancing the user’s browsing experience. 

Banca Monte dei Paschi di Siena S.p.A., the Data Controller, in compliance with applicable Data protection regulations and, particularly, the Italian Data Protection Authority’s “Simplified arrangements to provide information and obtain consent regarding cookies” issued on 8 May 2014 (published in the Official Gazette no. 12 of 3 June 2014), hereby informs the user about the use of cookies on this website.

2. Processing and purposes of technical cookies 

This site uses technical cookies, which are needed to make certain areas of the website function properly. Cookies include both persistent and session cookies. Without these cookies, the website, or parts of its, may not function correctly. Technical cookies, the use of which does not enable the direct or indirect identification of the user, include:

  • "analytics cookies" used by the website manager to collect aggregate information on the number of visitors and how they use the website,
  • browsing or session cookies (for authentication),
  • preference cookies, which allow the user to browse according to a series of selected criteria (e.g. language, products selected for purchase) in order to improve the service provided.

Therefore, regardless of the preferences expressed by the user, these cookies are used for purposes of data authentication, session monitoring and the storage of specific technical information about users who access this website. The user’s prior consent is not required for the installation of these cookies since they are strictly necessary to provide the service requested; therefore, the lawful basis for processing is the need to use this technology to make the site more efficient, enable certain features and make the browsing experience easier. However, the Data Controller remains obliged to inform users in accordance with the GDPR and the above Data Protection Authority’s Regulation.

The following cookies can be disabled by the user through the browser settings used to navigate the website: 

  • Technical browsing or session cookies, essential for the operation of the website or to allow the user to use the content and services requested.
  • Functional cookies, that is cookies that are used to activate specific functions of the website and a series of selected criteria (such as the language) in order to improve the service provided.

WARNING: by disabling technical and/or functional cookies, the website may not be accessible or certain services or functions of the website may be unavailable or may not run properly, and the user may be forced to change or manually enter certain information or preferences each time they visit the website.

3. Processing and purposes of cookies for marketing analysis

In addition to technical cookies, this website also uses profiling cookies, which are aimed at creating user profiles based on the tastes, choices and preferences expressed by the user when browsing and subsequently used to send advertising messages in line with the profile created. Given the invasive nature of these cookies to a user’s privacy, legislation requires that users be properly informed and express valid consent. For this purpose, the lawful basis that legitimises processing is the expression of freely given consent by the user in the appropriate section at the end of this paragraph. If, using the appropriate command, the user closes the cookie consent banner that appears when accessing the website, this shall be construed as refusal of consent to the use of profiling cookies.  Users may, at any time, edit their cookie preferences or disable the use of cookies in their browser, though this may prevent the user from accessing certain parts of the website. Each browser has its own cookie management procedures. Information on how to set cookie preferences on the most popular browsers can be found at the following links:

  • Internet Explorer
  • Firefox
  • Google Chrome
  • Safari.

Profiling cookie settings

The Bank’s use of profiling cookies, which are aimed at creating user profiles based on the tastes, choices and preferences expressed by the user when browsing and subsequently used to send adverts in line with the profile created, may be blocked or enabled by the user by selecting the following options;

AdForm Third party marketing pixel
Doubleclick/Floodlight Third party marketing pixel
Adnxs Third party marketing pixel
Myn Third party marketing pixel
Quantcast Third party marketing pixel
Facebook Third party marketing pixel
LinkedIn Third party marketing pixel
Twitter Third party marketing pixel


4. Third-party websites

When browsing a website, a user’s device may receive cookies from other websites, web servers or providers (so-called “third-party cookies”); this happens because the website may contain items such as images, maps, sound files, links to web pages on different domains that are located on servers other than the one where the page being visited is stored. In other words, the cookies are directly installed by the administrator of the website, web server or provider other than the administrator of the visited website. In these cases, Banca Monte dei Paschi di Siena S.p.A. wishes to specify that third-party cookies are outside of its control and are sent under the responsibility of a third party. This matter was further clarified by the Italian Data Protection Authority in its Provision referred to in point 1 above: “Being the data controller, the operator of any website making use of cookies is required to inform users about the nature and purpose of cookies and obtain their prior contents. Where a website allows the installation of “third-party” cookies, it is the obligation of the third party to provide information and obtain the user’s consent. Users must be properly informed, even in accordance with the simplified arrangements provided for by law, whenever they access a website which allows the installation of third-party cookies or whenever they access contents supplied by third parties. The information must be provided prior to the installation of the cookies on the user’s terminal”.Below are the links to the respective privacy policies of the third parties that send cookies through this website: 

 

TRACKING COOKIES AND PIXELS
 
Third party Type

Purpose of cookies and link to web pages with consent information and requests of Third Parties

Google Analytics

Technical Cookies – Third party statistics system 

Google’s statistic service that tracks user behaviour.  It is based on reading cookies for user recognition. 
It deals with tracking the main interactions on the website, the source of origin, the technology used and other information provided by the browser

https://policies.google.com/privacy

AdForm

Third party marketing pixel 

Tracking service used in case of paid campaigns and remarketing activities campaigns
https://site.adform.com/privacy-policy-opt-out/

Doubleclick/Floodlight

Third party marketing pixel 

Tracking service used in case of paid campaigns and remarketing activities campaigns
https://policies.google.com/privacy?hl=en

Adnxs

Third party marketing pixel 

Tracking service used in case of paid campaigns and remarketing activities campaigns
https://www.xandr.com/privacy/cookie-policy/

Myn

Third party marketing pixel 

Tracking service used in case of paid campaigns and remarketing activities campaigns

https://www.networker.global/privacy-policy/

Quantcast

Third party marketing pixel 

Tracking service used in case of paid campaigns and remarketing activities campaigns

https://www.quantcast.com/privacy/

Linkedin Third-party marketing pixel Tracking service for paid campaigns and remarketing

https://www.linkedin.com/legal/cookie-policy
Twitter Third-party marketing pixel Tracking service for paid campaigns and remarketing

https://help.twitter.com/en/rules-and-policies/twitter-cookies

 

PROFILING COOKIES

 

Name

Service

Purpose

Duration

_gat_UA-71289306-1

Google Analytics

Used by Google Analytics to limit the frequency of requests

1 day

_gat_UA-71289306-20

Google Analytics

Used by Google Analytics to limit the frequency of requests

1 day

_ga

Google Analytics

Registers a unique ID used to generate statistical data on how the visitor uses the website.

2 years

_gaGlobal

Google Analytics

Registers a unique ID used to generate statistical data on how the visitor uses the website.

2 years

_gaGlobal_gid

Google Analytics

Registers a unique ID used to generate statistical data on how the visitor uses the website.

1 day

_gid

Google Analytics

Registers a unique ID used to generate statistical data on how the visitor uses the website.

1 day

_gcl_au

Doubleclick – Adwords -Adsense

Used by Google AdSense to test the efficiency of advertising on all websites using these services.

3 months

IDE

Doubleclick – Adwords -Adsense

Used by Google Doubleclick and for advertising on non-Google sites.

1 year

anj

Adnxs.com

Contains data that indicates if a Cookie ID is synchronised with an AppNexus partner.

3 months

icu

Adnxs.com

This cookie provides information on how the end user uses the website and advertisements that the user may have seen prior to using the website.

3 months

uuid2

Adnxs.com

Registers a unique ID for user recognition.

3 months

myn_id

Myn

Registers a unique ID for user recognition.

2 weeks

__qca

Quantcast

This is a cookie associated with Quantcast, a digital advertising company. It provides website rankings and the data collected is also used for audience segmentation and targeted advertising.

1 year

mc

Quantcast

This is a cookie associated with Quantcast, a digital advertising company. It provides website rankings and the data collected is also used for audience segmentation and targeted advertising.

1 year

fr

Facebook

Used by Facebook Ads, it associated a unique ID for delivering targeted advertising and measuring conversions.

4 months

_fbp

Facebook

Used by Facebook Ads, it associated a unique ID for delivering targeted advertising and measuring conversions.

4 months

uid

Adform

Unique identifier for user tracking and delivering targeted advertising.

2 months

C

Adform

Identifies if the user’s browser has accepted AdForm’s cookie policy and related cookies

1 – Cookies are allowed 
3 – Opt-out

2 months

ct0 Twitter This cookie, provided by Twitter, is used together with social media plug-ins to allow those who follow our Twitter accounts to easily share content via Twitter and view the latest tweet. Twitter uses cookies to improve its service, personalise content and enable additional features, or to target Twitters ads to registered Twitter users. 6 hours
guest_id Twitter Twitter cookie serves to identify the user with a unique number associated with Twitter 2 years
personalization_id Twitter Used by Twitter if you are logged into Twitter to associate your device with your Twitter account. Twitter may also use this cookie for personalisation on all devices regardless of whether you signed in to Twitter or not. 1 year
mbox Twitter This cookie, provided by Twitter, is used together with social media plug-ins to allow those who follow our Twitter accounts to easily share content via Twitter and view the latest tweet. Twitter uses cookies to improve its service, personalise content and enable additional features, or to target Twitters ads to registered Twitter users. 2 years
muc Twitter This cookie, provided by Twitter, is used together with social media plug-ins to allow those who follow our Twitter accounts to easily share content via Twitter and view the latest tweet. Twitter uses cookies to improve its service, personalise content and enable additional features, or to target Twitters ads to registered Twitter users. 1 year
lang Linkedin Used to remeber a user's lanaguage setting session
s_ppv Linkedin Used by Adobe Analytics to store and retrieve the page view percentage session
AMCVS_14215E3D5995C57C0A495C55%
40AdobeOrg
Linkedin Indicates the start of a session for Adobe Experience Cloud session
s_plt Linkedin Keeps track of the time taken to load the previous page session
li_gc Linkedin Used to store guest consent to the use of cookies for non-essential purposes 2 years
bcookie Linkedin Browser identifier cookie to uniquely identify devices accessing LinkedIn to detect abuse on the platform 2 years
s_cc Linkedin Used to determine if cookies are enabled for Adobe Analytics session
gpv_pn Linkedin Used to store and retrieve the previous page visited inAdobe Analytics 6 months
AMCV_14215E3D5995C57C0A495C55%
40AdobeOrg
Linkedin Unique identifier for Adobe Experience Cloud 180 days
AnalyticsSyncHistory Linkedin Used to store information about the time a sync with the  lms_analytics cookie took place 30 days
UserMatchHistory Linkedin LinkedIn Ads ID syncing 30 days
aam_uuid Linkedin Set for ID sync for Adobe Audience Manager 30 days
s_pltp Linkedin Provides page name value (URL) for use by Adobe Analytics session
lissc Linkedin Used to ensure there is correct SameSite attribute for all cookies in that browser 1 year
lidc Linkedin To optimise data centre selection 24 hours
s_tslv Linkedin Used to retain and fetch time since last visit in Adobe Analytics

6 months

5. Data retention times

The user’s data is kept for the time strictly necessary to fulfil the purposes for which the data was collected, in compliance with the prescribed terms or with the data retention terms established by law, or for a longer period if the data has to be kept for the protection of the rights of the Data Controller.

With specific reference to the processing of data through the use of profiling cookies, if the user has given consent, the data will be stored in the Data Controller’s database for a maximum of twenty-four months, after which it will be deleted or made anonymous.

6. The user’s rights

In relation to the processing purposes described above, users are entitled to exercise the rights referred to in Articles 15 et seq. of the GDPR, particularly the right to object to the processing of personal data, and can change their choices at any time by accessing the appropriate user preferences section or by contacting the DPO and Privacy Compliance Staff of Banca Monte dei Paschi di Siena S.p.A. at the following:

Via A. Moro n. 11/13 - 53100 Siena;
Fax + 39 0577 296520;
Email: privacy@mps.it.

Users also have the right to submit a complaint to the Data Protection Authority, to be sent to the Garante per la Protezione dei dati personali, piazza Venezia n. 11 – 00187 Roma (garante@gpdp.it; phone + 39 06 69677.1; fax + 39 06 69677.3785).

7. Data Controller and Data Protection Officer

The Data Controller is Banca Monte dei Paschi di Siena S.p.A. with registered office in Piazza Salimbeni, n.3, Siena.

The Data Protection Officer (or DPO) is the Interim Head of the DPO and Privacy Compliance Staff Unit and can be contacted via certified email at responsabileprotezionedeidati@postacert.gruppo.mps.it or via ordinary email at responsabileprotezionedeidati@mps.it for all matters relating to the processing of a user’s personal data and for exercising of rights under the GDPR.