Our Solutions

Unique and integrated solutions to manage payments in all shapes and forms in all online channels.

Privacy Policy

On this page, we provide you with information on the processing of your personal data (for example but not limited to your name, surname, details and copy of your ID, telephone, email address) by Axerve S.p.A. (“Axerve”).

1. Who is the Data Controller?

The Data Controller with respect to your personal data is Axerve S.p.A., with registered office in Biella (BI) - 13900, Piazza Gaudenzio Sella, no. 1 - Tel. 015 2526511.

2. How can I contact the Data Protection Officer?

The Data Protection Officer (“DPO”) may be contacted at:

  • Axerve S.p.A. postal address: Piazza Gaudenzio Sella n. 1, 13900, Biella;
  • e-mail address:

3. On what legal grounds and for which purposes does Axerve process your data?

Your personal data are processed by Axerve exclusively if at least one of the following conditions are met:

  1. fulfilment of legal obligations;
  2. performance of the agreement you have entered into with Axerve and precontractual activities;
  3. consent for specific purposes;
  4. legitimate interests of Axerve.

Therefore, the processing is performed with respect for the conditions of lawfulness set forth in the Regulation and is limited to what is necessary for Axerve and/or third parties on its behalf to perform activities connected and instrumental to:

  1. meeting legal tax, accounting, anti-money laundering, anti-fraud, etc. obligations;

  2. performing the agreement and precontractual measures, including the management of judicial and out-of-court disputes and authorisations to carry out transactions on relationships in the name of other parties;

  3. if you have given your consent to activities aimed at the continuous improvement of the service offered to you, such as:

    • surveying the degree of satisfaction with the quality of the services rendered;

    • developing market studies and research;

    • marketing its own products and services as well as those of Sella Group companies and/or third parties;

    • profiling activities to offer you personalised products and services that meet your needs;

  4. pursuing the legitimate interests of Axerve in offering products and services that best meet customer needs. For this activity, Axerve identifies the addressees of the commercial offer through non-invasive criteria (e.g., age, residence, etc.). Axerve first evaluates the impact of this activity on the rights, interests and freedoms of the addressees. In addition, Axerve allows them to choose to no longer benefit from this service by providing the option of deletion from the list during each contact.

To the extent of the specific purposes set forth above, your personal data are processed using manual, IT and electronic tools.

Axerve adopts adequate organisational and technical measures to guarantee the security and confidentiality of your personal data.

4. To whom may my data be disclosed?

Axerve may disclose your data to third parties belonging to the following categories:

  1. for the fulfilment of legal obligations:

    • public parties within the scope of communications required by regulations (e.g., Italian Revenue Agency);

    • companies that provide fraud prevention report;

    • other financial intermediaries belonging to the Sella group if your transactions are deemed “suspicious” pursuant to the Anti-Money Laundering regulation (articles 35 and 39 of Italian Legislative Decree 90 of 25 May 2017), in compliance with the requirements pursuant to the General Measure of the Personal Data Protection Authority of 10 September 2009 named “Measures relating to communications between financial intermediaries belonging to the same group with respect to anti-money laundering”;

    • archive established at the Ministry of Economy and Finance (“MEF”), pursuant to arts. 30-ter, paragraphs 7 and 7-bis, and 30-quinquies, of Italian Legislative Decree no. 141 of 13 August 2010, exclusively for identity theft prevention purposes. The outcomes of the procedure for confirming data authenticity will not be disclosed, but may be communicated to the supervisory and control authorities and bodies;

  2. for the performance of the agreement to which you are party and precontractual activities you have requested from us:

    • parties that manage debt collection or provide professional consulting and tax and legal support services;

    • parties that support credit screening, assessment, disbursement, collection and insurance activities;

  3. to carry out optional activities that you consent to:

    • marketing and market research companies;

    • companies in the Sella group, subsidiaries or associates pursuant to art. 2359 of the Italian Civil Code.

5. Can my data be transmitted to countries located outside the European Union?

Axerve may disclose your data to the Sella India Software Services Pvt Ltd., on the basis of standard contractual clauses approved by the European Commission to guarantee the adequacy of data protection, for the following activities of:

  • profiling, pursuant to paragraph 8;
  • technical support, intended to analyse and resolve anomalous situations, reported by Customers or Employees of Axerve;
  • testing of applications, in order to deploy them.

The data transferred are not stored at the foreign branch, but are subject to remote access while continuing to be stored in the Bank’s IT system.

6. How long are the data saved?

Axerve stores the data in a form that allows for the identification of the data subjects for the period of time required to achieve the specific purposes of the processing, in compliance with contractual and/or regulatory obligations (e.g., on anti-money laundering, investment services, tax monitoring).

For details on storage times, it is possible to contact one of the addresses provided in point 2.

7. What are my rights?

We hereby inform you that you, as the data subject, may exercise specific rights on data protection, set forth in the list below:

  1. Right of access

    Right to obtain confirmation from the Data Controller whether processing of your personal data is under way and in that case, to obtain access to the personal data and detailed information regarding the origin, purposes, the categories of data processed, the recipients of communications and/or transfers of data and more.

  2. Right to rectification

    Right to have the Data Controller adjust inaccurate personal information without undue delay, as well as supplement incomplete personal information, also by providing a supplementary declaration.

  3. Right to erasure (“right to be forgotten”)

    Right to have personal data deleted by the Data Controller without undue delay if:

    • the personal data are no longer required in light of the purposes of the processing;

    • the consent on which the processing is based is revoked and there is no other legal basis for the processing;

    • the personal data were processed unlawfully;

    • the personal data need to be deleted to meet a legal obligation.

  4. Right to object to processing

    Right to object at any moment to the processing of personal data that has as its legal basis the legitimate interest of the Data Controller and/or processing for marketing purposes, including profiling. If you object to processing for marketing, your personal data will no longer be processed for these purposes.

  5. Right to restriction of processing

    Right to have the Data Controller restrict processing in cases in which the accuracy of the personal data is contested (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the processing is unlawful and/or the data subject objects to the processing.

  6. Right to data portability

    Right to receive the personal data in a structured, commonly used machine readable format and to transmit such data to another Data Controller, only for cases in which the processing is based on consent or on the contract and only for data processed with electronic instruments. Right to lodge a complaint with a supervisory authority.

  7. Right to lodge a complaint with a supervisory authority

    Without prejudice to all other administrative or jurisdictional recourse, data subjects who believe that the processing of their data violates the Regulation are entitled to lodge a complaint with the supervisory authority of the Member State in which they reside or regularly work, or the State in which the alleged violation occurred.

Please also note that you are entitled to revoke your consent provided to specific optional activities at any time, without prejudice to the lawfulness of the processing performed prior to such revocation.

To exercise your rights, you may send your request to the following addresses:

  • Axerve S.p.A. postal address: Piazza Gaudenzio Sella n. 1, 13900, Biella;
  • e-mail address:

Axerve will provide you with information relating to the action taken with regard to your request without undue delay and at the latest within one month of receipt.

8. How is profiling activity performed for marketing?

Profiling, in order to personalise the services and/or products we offer to you, regards the personal data that you provide to us directly and/or indirectly, as well as those available on social networks, websites, external databases (e.g., credit information systems) and public archives (e.g., ISTAT data). These data are processed in pseudonymised form (therefore, without the identification of the data subject) to evaluate your propensity towards purchasing a product of Axerve or a Sella group company or of third parties and to offer you on this basis products and services that meet your needs.

Profiling activities are performed in part by Sella India Software Services Pvt Ltd. located at TS – 140, Rajiv Gandhi Salai, Taramani, Chennai – 60113 – Tamil Nadu, India.

Please also note that your personal data are processed for profiling activities for direct marketing for a period not exceeding 12 months from when they are registered.

This processing takes place to the extent to which you have provided your optional consent. You are entitled to object to profiling for the customisation of commercial offers at any time. If you object, your personal data will no longer be processed for this purpose.

9. Personal data protection glossary

Italian Data Protection Authority: independent administrative authority established by Italian Law no. 675 of 31 December 1996 responsible for supervising compliance with data protection legislation.

Personal data: pursuant to art. 4, paragraph 1, no. 1 of the Regulation, means “any information relating to an identified or identifiable natural person («data subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 

Profiling: pursuant to art. 4, paragraph 1, no. 4 of the Regulation, means “any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.”

Regulation: Regulation EU 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Data Processor: pursuant to art. 4, paragraph 1, no. 8 of the Regulation, means the “natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller.”

Data Protection Officer (DPO): figure introduced by the Regulation, whose main tasks are to inform and offer advice to the Data Controller, Data Processors and Persons in charge of Data Processing; to monitor compliance with the Regulation; to provide opinions on the data protection impact assessment; to cooperate with the supervisory authority.

Data Controller: pursuant to art. 4, paragraph 1, no. 7 of the Regulation, means the “natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data […].”

Personal Data Processing: pursuant to art. 4, paragraph 1, no. 2 of the Regulation, means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”

Last update on 28/04/2022