Privacy Policy

Methods of processing personal data

This section explains how the site processes the personal information of the users who visit it.
According to Article 13 and Article 14 of Regulation (UE) 2016/679, the policy is also made available to those who interact with the Bank’s web services, accessible electronically from the address: and from the related APPs1.

This document also takes into account Recommendation no. 2/2001 on the protection of personal data that the European authorities have adopted to identify the minimum requirements for the collection of personal data online.

The policy applies only to the concerned website and to the above-mentioned APPs, not to any other websites that the user accesses via links.
The data controller is Intesa Sanpaolo S.p.A with head office at Piazza San Carlo, 156 – 10121, Torino.

Data processing

The processing of data is handled only by authorized technical personnel. None of the data obtained by a web service is communicated or disclosed to third parties.

The personal data provided by users who request information material are used for the sole purpose of offering the service and are disclosed to third parties only when strictly necessary.

Types of data processed

Browsing data

During normal use, the IT systems and software procedures for running this website acquire some personal data the transmission of which is implicit in the use of Internet communication protocols. It concerns information that is not collected to be associated with specific individuals, but by their own very nature could, through the processing and association with data held by third parties, allow users to be identified.

This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters related to the operating system and the users.

This data is used only to obtain anonymous statistical information on the Site and to check its correct functioning and is deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Site: except for this possibility, the data on web contacts are stored for 12 months.

These data are processed for the following purposes:

  • to comply with the requirements dictated by national and EU regulations as well as with instructions issued by the Supervisory and Control Bodies, also in relation to the monitoring obligations of operational and credit risks at the banking Group level; the processing of your personal data to comply with regulatory requirements is mandatory and your consent is not required.
  • to pursue a legitimate interest of Intesa Sanpaolo, Group companies or third parties if these interests do not conflict with the interests or fundamental rights and freedoms of the data subjects (Article 6.1 letter f of EU Regulation no. 679/2016), namely:
    • ascertaining responsibility in the event of hypothetical computer crimes against the site and for investigations in the event of any disputes.
    • obtain anonymous statistical information on the use of the site and to check its correct functioning, as well as for the purpose of measuring and improving the services offered and the Site.
    • to pursue any further legitimate interests. In the latter case, the Data Controller may process your Personal Data only after having informed you and having ascertained that the pursuit of their legitimate interests or those of third parties does not compromise your fundamental rights and freedoms.

and your consent is not required.

The data collected on navigation persist on the servers for a period of 12 months. Personal Data may also be processed for a longer period, if an interruption and / or suspension of the prescription that justifies the extension of the data retention occurs.

APP data

The processing of personal data resulting from the installation and use of the Web Applications* (hereinafter referred to “app”) is handled to enable the use of the services distributed through that application.

Following the download and installation of the app, the kind of electronic device, as well as the type and version of operating system, are automatically detected. This information allows us to provide the performance required and to manage the app, analyzing its use, protecting it against misuse and improving the user experience.  

For the sole purpose of offering a more engaging experience, in some cases the app may require the users to indicate their age group. These data are not stored. Data relating to age are collected anonymously and temporarily, for the sole purpose of providing the best possible user experience.

In any case, the incorrect age group indication does not result in exposure to contents not suitable for minors.

Personal data are used to make the app available, to maintain and improve it, to communicate with users.

Moreover, the download of the app is used as a quantitative data for the sole purpose of obtaining anonymous statistical information about the number of users who download the app.

*Test&Fun, Fuga dal Castello, Il Tesoro di Mica, IT’S MY LIFE and BE PRIME MINISTER!

Data provided voluntarily by the user

The elective, explicit and voluntary sending of e-mail messages to the addresses posted on the website entails the subsequent acquisition of the sender address, which is necessary to answer any queries, as well as of any other personal information included in the message.

Specific summary information dedicated to particular services on request will be provided or displayed on the pages of the website.


Cookies are small text strings exchanged between a server and the web client. They are used to perform automatic authentication, session tracking and storage of specific information about users accessing the server.

Cookies are short strings of text that are sent from the site server to the browser of the site user and are automatically saved on the user’s PC.
The text stores information that the site is able to read when it is consulted at a later time. The main purpose of these cookies is to make site navigation more usable.

Cookies can be first or third party.

First-party cookies are those that are saved directly from the website you visit. These record information such as the number of sessions or page views. On the contrary, third-party cookies can be transmitted to a site other than the one visited.

This site uses the following types of cookies:

Anonymized technical and analytical cookies

Used to save the user’s session and to carry out other activities strictly necessary for the functioning of the same. The site can also use cookies to save browsing preferences and optimize the browsing experience. These cookies include, for example, those for setting the language and currency or for maintaining the browsing session. The so-called technical cookies are also comparable to technical cookies. “Web Analytics”, used to collect aggregate and anonymous statistics on the use of the site by visitors. In particular, the IP address collected through these cookies is appropriately anonymized, so as to exclude its traceability to the individual user.

Management of cookies from browser settings

This website works best if cookies are enabled. Using your browser settings you can, however, disable the use of cookies on your computer. If you completely disable cookies, you may disable some functionalities of the site or prevent it from functioning correctly overall. Even with all cookies disabled, your computer will continue to store a small quantity of information, which is necessary for the basic functioning of the site. For information on how to change your cookie settings, refer to the website of your browser provider.

For information on how to change cookie settings you can refer to the website of the manufacturer of your browser.

Methods of processing

The personal data are processed using automated tools only for the period of time required to fulfil the purposes for which the data were collected.
Special security measures are taken to prevent the loss of data, illicit or improper use, and unauthorised access.

Rights of the data subject

In your capacity as Data subject, you may exercise, at any time towards the Data Controller,
the rights provided by the Regulation (right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object)
by sending a specific request in writing to the e-mail address or via post to the address Intesa Sanpaolo S.p.A., Piazza San Carlo, 156 – 10121 Turin, Italy.

Complete information notice on

1Test&Fun, Fuga dal Castello, Il Tesoro di Mica, IT’S MY LIFE and BE PRIME MINISTER!