This page provides you with information about how Axerve S.p.A. (hereinafter Axerve) processes your personal data (including but not limited to: name, surname, details and copy of passport/ID, telephone, email address). In particular, the following information is provided to you:
The Data Controller in charge of processing your personal data is Axerve S.p.A., with registered office in Biella (BI) - 13900, Piazza Gaudenzio Sella, 1 – Tel. 015 2526511.
Your personal data will be processed by Axerve only if at least one of the following conditions is met:
compliance with legal obligations;
performance of the contract you have entered into with Axerve and pre-contractual activities;
consent for specific purposes;
Axerve’s legitimate interest.
We ensure that your data are processed in compliance with the conditions of lawfulness set forth in the Regulation and only to the extent necessary for Axerve and/or third parties acting on its behalf to carry out activities connected to and necessary for:
complying with legal obligations in relation to tax, accounting, anti-money laundering, anti-fraud, etc.;
performing the contract and the pre-contractual measures, including the management of disputes in and out of court;
if you have given your consent to activities aimed at the continuous improvement of the service offered to you, such as:
measurement of satisfaction levels regarding the quality of services provided;
market studies and surveys;
marketing of own products and services and of those of Sella group companies and/or third parties;
profiling activities to offer you customised products and services that meet your needs.
pursuing Axerve’s legitimate interest in offering products and services that best meet Customers’ needs. For this activity, Axerve uses non-invasive criteria (e.g. age, residence, etc.) to identify the recipients of its commercial offer. Axerve assesses beforehand the impact that this activity has on recipients’ rights, interests and freedoms. Furthermore, Axerve allows recipients to no longer benefit from this service by giving them the option to be removed from the list whenever contacted.
Within the limits of the specific purposes mentioned above, your personal data will be processed using manual, computerised and telematic tools.
Axerve adopts appropriate organisational and technical measures to guarantee the security and confidentiality of your personal data.
Axerve may disclose your data to third parties belonging to the categories listed below:
for compliance with legal obligations:
public entities for communications required by law (e.g. Revenue Agency);
companies supporting the prevention of fraud;
other financial intermediaries belonging to the Sella group should your transactions be considered “suspicious” under the Anti-Money Laundering Regulation (articles 35 and 39 of Italian Leg. Decree 90 of 25 May 2017), in compliance with the provisions of the General Measure of the Italian Data Protection Authority of 10 September 2009 entitled “Anti-money laundering measures relating to communications between financial intermediaries belonging to the same group”;
archive at the Ministry of Economy and Finance (hereinafter “MEF”), pursuant to articles 30-ter, paragraphs 7 and 7-bis, and 30-quinquies, of Italian Leg. Decree no. 141 of 13 August 2010, exclusively for the purposes of preventing identity theft. The outcome of the procedure verifying data authenticity will not be disseminated but may be disclosed to the authorities and to supervisory and control bodies;
for performance of the contract which you are a party to:
Sella group companies, subsidiaries or associated companies pursuant to art. 2359 of the Italian Civil Code;
parties whose activity is strictly related to the provision of the service covered by the contract.
Axerve may disclose your data to the Group company - “Sella India Software Services Pvt Ltd” based in India, on the basis of standard contractual clauses, approved by the European Commission, to ensure adequate data protection, for the following activities:
• technical assistance, with the aim of examining and resolving anomalous situations reported by Customers or Axerve Employees;
• testing of applications aimed at their implementation.
The data to be transferred are not stored at the foreign company, but are accessed remotely and continue to reside in the Bank’s information system.
Axerve stores data in a form that allows data subjects to be identified for as long as necessary to achieve the specific processing purposes, in compliance with contractual and/or regulatory obligations (e.g. anti-money laundering, tax monitoring).
For details on storage periods, please use one of the contact options provided under point 2.
We inform you that, as data subject, you are entitled to specific data protection rights that are listed below:
The right to obtain from the Data Controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to your personal data and to detailed information regarding the origin, purposes, categories of personal data processed, the recipients to whom the personal data have been or will be disclosed and/or transferred, etc.
The right to obtain from the Data Controller the rectification of inaccurate personal data concerning you without undue delay, as well as the right to have incomplete personal data completed, including by means of providing a supplementary statement.
The right to obtain from the Data Controller the erasure of personal data concerning you without undue delay, where one of the following grounds apply:
the personal data are no longer necessary in relation to the purposes for which they were processed;
the consent on which the processing is based has been withdrawn and there is no other legal ground for the processing;
the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation.
The right to object at any time to processing of personal data having as a legal basis the Data Controller’s legitimate interest and/or to processing for marketing purposes, including profiling. If you object to processing for marketing purposes, your personal data shall no longer be processed for such purposes.
The right to obtain from the Data Controller restriction of processing where the accuracy of the personal data is contested (for a period enabling the Data Controller to verify the accuracy of the personal data), if the processing is unlawful and/or the data subject has objected to processing.
The right to receive the personal data in a structured, commonly used and machine-readable format and to transmit those data to another Data Controller only where the processing is based on consent or on a contract and only for data processed using automated means.
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the Regulation.
We also inform you that you have the right to withdraw at any time your consent to specific optional activities, without prejudice to the lawfulness of the processing carried out prior to withdrawal.
Axerve S.p.A. shall inform you about the action taken with regard to your request without undue delay, at the latest within one month of its receipt.
Profiling aimed at customising the services and/or products we offer to you, concerns the personal data that you provide us with directly and/or indirectly, as well as those available on social networks, websites, external databases (e.g. credit information systems) and public archives (e.g. ISTAT data). These data are processed to assess your propensity to purchase an Axerve product or a product of Sella group companies or third parties, and so to offer you products, services and content that meet your needs.
Profiling is performed internally by Axerve S.p.A. We also inform you that your personal data will be processed for direct marketing profiling activities for no longer than 12 months from their registration.
This processing takes place if you have given your optional consent. You have the right to object at any time to profiling for the customisation of commercial offers. If you object, your personal data will no longer be processed for this purpose.
Italian Data Protection Authority: independent administrative authority established by Italian Law no. 675 of 31 December 1996 responsible for supervising compliance with data protection legislation.
Personal data: pursuant to art. 4, paragraph 1, no. 1 of the Regulation, means “any information relating to an identified or identifiable natural person («data subject»); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Profiling: pursuant to art. 4, paragraph 1, no. 4 of the Regulation, means “any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.”
Regulation: Regulation EU 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Data Processor: pursuant to art. 4, paragraph 1, no. 8 of the Regulation, means the “natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller.”
Data Protection Officer (DPO): figure introduced by the Regulation, whose main tasks are to inform and offer advice to the Data Controller, Data Processors and Persons in charge of Data Processing; to monitor compliance with the Regulation; to provide opinions on the data protection impact assessment; to cooperate with the supervisory authority.
Data Controller: pursuant to art. 4, paragraph 1, no. 7 of the Regulation, means the “natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data […].”
Personal Data Processing: pursuant to art. 4, paragraph 1, no. 2 of the Regulation, means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”