This section describes the methods and purposes of processing the data collected through the "Mobile Banking" application (below also the "App") by Banca Sistema Spa Largo Augusto 1/A, ang. via Verziere 13, Milan, in its capacity as Data Controller.
The data are acquired through the App to manage the services requested by the Customer and provided by the Bank through the App as part of the Bank's normal operations and for purposes related to the management of the relationship with Customers that have already given their consent to the processing of their personal data upon signing the agreement with the Bank for the use of its banking, financial and investment services and, in general, to comply with or require compliance with regulatory and supervisory obligations.
The provision of personal data for the above purposes is mandatory and the consent of the data subject is not required. The refusal to provide the data will make it impossible for the Bank to establish and implement these services. Please note however that the systems used for the functioning of the App (such as Apple Store, Google Play and Windows Phone Store) routinely acquire certain types of personal data, the transmission of which is implicit in the use of Internet communication protocols, smartphones and the devices used. This category of data includes, but is not limited to, geographical location, telephone identity, customer contact information, email address, and credit card information. The Bank is not involved in such processing and cannot be held responsible for it.
The Data Controller processes the Personal Data of the Customers, according to the purposes for which they were collected, adopting appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of the Personal Data.
The data are processed digitally and/or electronically using organisational methods and approaches designed to guarantee the confidentiality and security of the data.
For the performance of part of its activities, the Bank uses the company CSE - Consulting, which operates as the Processor of the personal data.
You may exercise your rights under Articles 15 to 23 of the GDPR at any time by contacting:
The exercise of the rights indicated in this section is not subject to any form of restriction and is free of charge. The Data Controller shall be obliged to provide information on action taken by the data subject without undue delay and within one month of receipt of the request. Extensions are permitted under Article 12(3) of the EU Regulation.
You may exercise the following rights in relation to the processing described in this information notice:
Any rectification or erasure of personal data or restriction of processing carried out upon request from the data subject - unless it proves impossible or involves disproportionate effort - shall be notified by the Data Controller to each recipient to whom the personal data have been disclosed.