This information notice is provided for pursuant to Article 13 of Regulation (EU) 2016/679 (“Regulation” or “GDPR”) to those users who browse the following website:

www.abilab.it

(the "Website")

This information notice describes how the Website is managed with reference to the processing of personal data referring to users who browse it. The information notice applies to the Website only, any website to which the user may be redirected via links that may be available on the Website is excluded.

1. WHO IS THE DATA CONTROLLER?

Consorzio ABI Lab, Centro di Ricerca e Innovazione per la Banca, with registered office in Rome (RM), Piazza del Gesù, 49 - 00186, e-mail address info@abilab.it, in the person of its legal representative pro tempore is the data controller of your personal data (“ABI Lab” or the “Data Controller”).

2. HAS ABI LAB APPOINTED A DATA PROTECTION OFFICER?

The Data Controller has appointed a data protection officer (“Data Protection Officer” or “DPO”). The DPO can be contacted by email at dpo@abilab.it.

3. WHAT IS PERSONAL DATA?

“Personal Data” means any information capable of identifying, directly or indirectly, a natural person, in this case, you that, as user, are browsing the Website (“Data”).

In particular, the Data Controller processes the following Data:

1. IP address, domain name and URL associated to the device you used;
2. browsing data;
3. browsing history;

as well as, in case you made any request through forms available on the Website:

1. your first and last name;
2. your contact details (i.e., telephone and e-mail address);
3. company and, if applicable, role;
4. any other Data you have voluntarily provided and necessary to satisfy your request.

When you visit the Website, ABI Lab may collect your Data both indirectly (e.g., by tracking the IP address and URL of your device to monitor the use of the Website) and directly (e.g., if you voluntarily enter your Data in dedicated forms or create a profile on the Website). In this second case, the processing will be either (i) governed by information notices specifically drafted and provided from time to time by the Data Controller to which you should refer for further details (e.g., in case you register to an event); or, where no additional information notice is provided, (ii) carried out for the purposes identified below as applicable from time to time.

Your Data, whether collected directly or indirectly, may be processed by the Data Controller in order to carry out activities concerning the management and administration of the Website, as well as to improve the users’ browsing experience.

In any case, the Data Controller undertakes to collect only information that is adequate, relevant, and limited to what is strictly necessary to achieve the purposes pursued from time to time, and ensures that this does not lead to a limitation or other violation of your rights and freedoms as data subject.

4. PURPOSE OF THE PROCESSING

Requests of information

By filling in the appropriate contact form available on the Website or via the following link, you can contact us to request information relating to ABI Lab (e.g., ongoing activities, services offered, etc.).

Such processing is based on the legal ground set out in Article 6, para. 1, lett. b), GDPR.

The provision of Data is voluntary; however, any failure to fill in the fields indicated as mandatory in the contact form will make it impossible to process your request.

Registration on the Web Site

By filling in the appropriate contact form available on the Website or at the following link, you can register on the Website in order to access the private area dedicated to members and access a series of contents of your possible interest.

Such processing is carried out to follow up to your request and it is therefore based on the legal ground set forth in Article 6, para. 1, lett. b), GDPR.

The provision of Data is voluntary; however, failure to fill in the fields indicated as mandatory in the registration form will make it impossible to successfully process your request.

Sending of newsletters by the Data Controller relating to its business and to the banking sector

The Data Controller may send you via e-mail information or periodic newsletters relating to events, promotional material on products and/or information-training services and editorial products of the Data Controller relating to issues relating to the banking/insurance sector, relating to innovation in the banking sector or anyhow connected to the activities of ABI Lab.

In this regard, we would like to inform you that in order to send you newsletters, communications relating to promotional material on information-training and editorial products and/or services that may be of some interest to you and invite you to take part in initiatives that you may appreciate, the Data Controller may take into consideration your preferences/characteristics (e.g., company to which you belong), as they result from the request you forwarded to the Data Controller or from the information you provided from time to time. However, this will not have consequences on your rights and freedoms as a data subject, given that you will still have the opportunity to access all the events and promotional materials on products and/or information-training and editorial services of the Data Controller and that, moreover, there is no and there will be no restriction on the basis of preferences/characteristics expressed by data subjects.

Such processing is based on the legitimate interest of the Data Controller to keep you informed about the Data Controller's events, products and/or services pursuant to Article 6, para. 1, lett. f), GDPR.

The provision of Data for this purpose is voluntary. In case of failure to provide such Data, the Data Controller will not be able to send you information relating to events, newsletters, promotional material on the Data Controller’s products and/or its information-training or editorial services.

In any case, with reference to this purpose, you may at any time exercise the right to object to the processing of your Data by writing to the addresses indicated in paragraphs 1 and 2 of this information notice or, where applicable, by clicking on the appropriate link that you will find at the end of the newsletters or electronic communications that you will receive from the Data Controller.

Compliance with legal obligations

The Data Controller may process the Data collected through the Website in order to comply with its obligations under laws, regulations, or with an order from supervisory and control bodies or other authorities legitimated to do so.

Such processing is based on the legal ground set forth under Article 6, para. 1, lett. c), GDPR.

The provision of Data for this purpose is mandatory. In case of you decide not to provide Data, the Data Controller cannot ensure the correct management of your requests.

Defense of the Data Controller’s rights

The Data Controller may process the Data to assert and defend its rights.

Where necessary, the processing will be based on the legal ground set forth under Article 6, para. 1, lett. f), GDPR.

5. COOKIE

Cookies are pieces of information sent by a web server (e.g., the website) to the user's Internet browser, which are automatically stored on the computer and automatically sent back to the server each time the website is accessed.

ABI Lab uses cookies to provide certain information to users of the Website and to obtain statistics on accesses to the Website and on how it is used.

By default, almost all browsers are set to automatically as to accept cookies. Users can set their device's browser as to accept/reject all cookies or to display a warning whenever a cookie is offered so that user can evaluate whether or not to accept them. The user can, however, change the default configuration and disable cookies (i.e., block them permanently) by setting on its browser the highest level of protection.

For any other information on the characteristics, classification, use and ways to remove, delete or disable cookies used on the Website, please refer to our specific “Cookie Policy”.

6. WHERE DO WE TRANSFER YOUR DATA?

The Website’s server is located is in Italy.

Your Data may be transferred to external companies that offer ABI Lab maintenance and development services for the Website and, in general, IT services, specifically appointed as data processors, as well as, where such communication is possible or required by law, communicated to other companies or public bodies located within the European Economic Area, which will process them for their own purposes as independent data controllers.

Your Data may also be transferred to third party companies located outside the European Economic Area that provide outsourcing technological services to the Data Controller; should such transfer be necessary, we will ensure that the recipients of your Data have adopted appropriate security measures to ensure their protection in accordance with the Regulation.

7. HOW LONG DO WE KEEP YOUR DATA?

We process your Data for the time strictly necessary to achieve the purposes above.

The retention periods of Data indirectly collected by the Data Controller through cookies are listed in the specific Cookie Policy.

In case you have directly provided us with your Data through the Website, such Data will be deleted in accordance with the terms set out in the dedicated information notices provided for by the Data Controller from time to time. Where the processing of Data directly collected is governed by this information notice and is functional to achieving the purposes set out in paragraph 4 above, depending on the purpose of processing, the retention periods provided will be the following:

1. Requests of information: Data will be processed only for the time necessary for the proper management of your request; subsequently, the data will be kept for a further 6 years from the date the request is managed, only to follow up any legal obligations or for reasons of protection of the rights of the Data Controller;
2. Registration on the Website: Data will be processed for the time necessary for the proper management of your registration request and for as long as you keep your profile on our portal; subsequently, the data will be kept for 6 years from the date of cancellation of the profile, only to follow up any legal obligations or for reasons of protection of the rights of the Data Controller;
3. Sending of newsletters and other promotional communications: your Data will be processed, depending on the case, for the time necessary to fully follow up on your request, or as long as your profile is active on the Website, and, subsequently, for a maximum of 24 months, depending on the case, from your last expression of interest or from the management of the last request you made or from the closure of your profile; in any case, your right to object to processing remains unaffected, the exercise of which precludes further processing of the Data for marketing purposes;
4. Compliance with legal obligations/defense of Data Controller’ rights: the Data will be processed during the period necessary to follow up on your request or until a profile attributable to you is active on the portal and will be kept for a further period of 6 years starting, depending on the case, from the successful management of the 'last request made by you or by closing your profile, exclusively for purposes related to the fulfillment of legal obligations or the defense of the rights of the Data Controller.

Data Controller reserves the right to retain the so-called log data for longer periods in order to be able to deal with any crimes committed against the Website (e.g., hacking).

8. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

You, as a data subject, have the right to:

• access and request copies of the Data;
• request to rectify or update the Data, where inexact or incomplete;
• request, under certain circumstances, the deletion of the Data or the limitation of the processing;
• invoke your right to portability of the Data;
• object to the processing (where applicable);
• revoke the consent, where the processing of the Data is based on that legal ground.

Lastly, you may at any time lodge a complaint before the Italian Data Protection Authority.

In order to obtain more information as to your rights, please contact the Data Controller at its e-mail address or the DPO at this email address: dpo@abilab.it.

9. FINAL PROVISIONS

The Data Controller has the right to modify and/or update this information notice.