This section contains the main information documents required by Italian privacy laws.


The purpose of this privacy policy is to describe the way in which the personal information of users/visitors is utilised. This information has been given pursuant to article 13 of legislative decree no. 196 of 30 June 2003 (the Privacy Code), to all those interacting with the web services of Banca SISTEMA S.p.A. (the Bank), accessible online at:


For any question regarding your personal data processing you can contact the Data Protection Officer at the following email address:


Access to some sections of the website and/or certain requests for information or services may require the provision of personal data. This information will be processed by the Bank, as data controller, in accordance with the Privacy Code as amended.

This policy is intended to inform users of how the Bank uses customer data, even before they access the website or give their details. Users must therefore read the policy before giving their personal details, by completing the relevant sections on the website where requested.

This policy only applies to the website of the Bank, not to other websites that may be visited through the links on it.

Data processing methods and security measures

Personal information is mainly processed by automated means, and is only used for the time necessary to fulfil the purpose for which it was gathered. Specific security measures will be observed to prevent the loss of data, any illegal or inappropriate use, or unauthorised access.

Sharing, disclosing and circulating data

The data may be transferred or disclosed to other companies owned by or affiliated to the Bank, for activities closely linked to service functionality such as management of the IT system, or for use by other group companies with the same purposes. The personal data provided by users requesting informative materials (brochures etc) will only be used for the purposes of providing the requested service and will only be disclosed to third parties (providers of enveloping, labelling and despatching services) if necessary. Apart from the cases mentioned above, personal information will not be disclosed or released to anyone except where required by contract, or with the authorisation of the data subject. Personal information may be disclosed to a third party, but only in cases where:

  • there is express consent for the information to be disclosed to a third party;
  • information must be shared with a third party for the purposes of providing the requested service;
  • it is necessary to fulfil requests of judicial or public security bodies.

Provision of personal data

Provision of personal data is optional, but is sometimes necessary (i.e. where the field is marked with an asterisk) in order for the Bank to fulfil the user's requirements with regard to site functions. Non-provision, or partial or inaccurate provision of personal data marked with an *, where required for fulfilment of the requested service, will make it impossible to complete the service. The non-provision, partial or inaccurate provision of optional information will only result in the impossibility of sending materials, communications or information requested by the user.

Browsing data

The IT systems and software procedures used on this website will routinely acquire certain types of personal data, the transmission of which is implicit in the use of the Internet. This information is not gathered for the purposes of matching with identified interests, but may enable the identification of the user through elaboration and matching with data held by a third party. This category of data includes IP addresses, or domain names of the user's computers, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the web server, the size of the response file, the digital code indicating the status of the response from the web server, and other parameters relating to the user's operating system and IT environment. This data is only used to gather anonymous statistical information on the use of the website and check its correct functioning. This information may be used to verify liability in the case of computer fraud against the bank's website or against other connected or linked websites. Except in such cases, data on web contracts is currently not held for more than a few days.

Data provided voluntarily by the user

The optional, voluntary sending of emails to the addresses on this website will result in the sender's address being acquired for the purposes of responding to the requests. Any personal information included in the email will also be acquired.


Click here to learn about the cookies we use and how the Bank manage them.

Call Center

The systems and procedures for the operation of the Bank's Call Centre will acquire certain information from the customers' telephone calls. This information may include the caller's remote number (if not hidden), the IVR tree browsing data (i.e. the actions/numbers keyed in by the customer to access the services), the duration of the call and, where permitted by law and after notification of the data subject, the audio recording of the call.
The above data will be used to gather anonymous statistical information about the use of the call centre, to check its proper functioning and to guarantee security, also to verify liability in the case of any offences against the Bank or its customers.

Data controller and rights of the data subject

The data controller is Banca Sistema S.p.A., head office Largo Augusto 1/A, angolo via Verziere 13 20122 Milan.
The user may exercise his/her rights under article 7 (*) of the Code, at any time, and may obtain a full list of the data coordinators, if designated, by contacting:

Banca Sistema S.p.A.
Via Romagna 25 - 00187 Roma
Tel. +39 06 3614951
Fax. +39 06 36149560
E-mail Address:

In particular, the data subject may at any time obtain confirmation of the existence of data concerning him or her, and may know the content and origin of it, verify its accuracy, request integration or updating, or rectification. The data subject may also request deletion of the information, transformation into an anonymous form or the blocking of information processed in breach of the law, and may object to processing of the information for legitimate reasons.

(*) Article 7 - Right of access to personal data and other rights

  • Every Data Subject has the right to obtain confirmation of the existence of their own personal data, even if not yet recorded, and their communication in intelligible form.
  • Every Data Subject has the right to obtain information on:
    • the origin of personal data;
    • the purposes and criteria which apply to its processing;
    • the logic applied in case of treatment with the help of electronic means;
    • the identity of data controller and processor and of the representative appointed within the Italian territory under article 5, paragraph 2 of DPC;
    • the subjects or categories of subjects to whom personal data may be communicated or who can learn about them as representative, Data Processor and or Persons Tasked with Processing.
  • Every Data Subject has the right to obtain:
    • updating, rectification or, when interested, integration of data;
    • erasure, anonymization or blocking of any data processed in breach of the law, for instance because no consent was asked for. This right may also be exercised if there is no valid reason any longer for retaining data that had been collected lawfully;
    • certification that the operations mentioned in letters a) and b) above have been notified, as also related to their contents, to those to whom the data were communicated or disseminated, except this proves impossible or requires a disproportionate effort compared to the right to be protected.
  • Every Data Subject has the right to object, in whole or in part:
    • for legitimate grounds, to the processing of their own personal data;
    • in any and all cases, to the processing of their own personal data for commercial information purposes and/or for sending advertising or direct selling materials and/or for market research purposes.

Place of data processing

The data related to the online services from this website will be processed at the head office mentioned above, and also at the office of C.S.E. Consulting Srl Via Emilia n. 272 – San Lazzaro di Savena (BO), formally appointed as Data Processor. The data will only be handled by members of the Bank's personnel authorised for the purpose , or by persons responsible for occasional maintenance operations. The personal data provided by users are used only to perform the service or provision requested and said data are disclosed to third parties only if necessary for this purpose.

Modification of user profile

The user may at any time enforce his or her rights under legislative decree 196/2003, by sending an email to or a letter by registered post addressed to Banca Sistema S.p.A., Largo Augusto 1/A, angolo via Verziere 13, 20122 Milan.


The Bank does not knowingly use its website to request information from children under 18.

Updating of Privacy Policy and the Privacy section of the website

As the current status of the automated control mechanisms does not guarantee the absence of errors or malfunctions, please note that this document containing the Privacy Policy for the bank's website will be subject to updates, in the same way as the other documents in this Privacy section, which will be amended in accordance with the laws in force from time to time, and to reflect changes in regulations, organisational requirements and technological progress.

Link to customer information required by 13 of legislative decree 196/2003 ("Privacy Code")