In the following section of the website we would like to inform you on the activities applied by Sella Open Fintech Platform S.p.A. (defined as “SOFP” in the text that follows), as owner of the brand Fintech District and Fintech District’s website, to Personal Data processing provided by the customer, and to the data of the users collected during the browsing of the website.
- Who is the Data Controller?
- How to contact the Data Protection Officer?
- On which legal basis and for which purposes does SOFP, process your data?
- Which are the type of data that SOFP collects?
- To whom can the data be shared?
- For how long can your data be stored?
- Reasons and objectives of the Data Processing
- Details on the processing of Personal Data
- What are your rights regarding the Data Processing?
- How does profiling for marketing purposes take place?
1. Who is the Data Controller?
The Data Controller of your personal data is Sella Open Banking Platform S.p.A., with offices in Biella (BI) - 13900, Piazza Gaudenzio Sella, n. 1 - Tel. 015 35011.
2. How to contact the Data Protection Officer?
The Data Protection Officer (hereinafter also "RPD" or "DPO - Data Protection Officer") can be contacted at the following addresses: postal address of SOFP: Piazza Gaudenzio Sella n. 1, 13900, Biella; e-mail address: email@example.com or firstname.lastname@example.org.
3. On which legal basis and for which purposes does SOFP process your data?
The processing of your personal data is carried out by SOFP exclusively in the presence of at least one of the following conditions:
- implementation of legal obligations for the company;
- execution of the contract you have stipulated with Fintech District on the behalf of SOFP and pre-contractual activities;
- when you provided consent for the use of personal data for specific purposes;
- legitimate interest of SOFP in treating data.
Therefore, the processing is carried out in compliance with the lawfulness conditions established by the Regulations and it is limited to what is necessary for the execution by SOFP (and/or third parties on behalf of SOFP) of activities connected and instrumental to:
- carry out activities aimed at the continuous improvement of the service offered, such as:
- detection of the degree of satisfaction with the quality of services rendered;
- the development of studies and market research done with the intent of service improvement;
- the marketing of products and services offered by SOFP and / or third parties;
- the profiling of the users to propose customized products and services that meet the customer’s needs and preferences.
- pursue the legitimate interest of SOFP in offering products and services that best meet the needs of customers. For this activity, SOFP identifies the recipients of the commercial offer through non-invasive criteria (age, residence, etc...), then carries out an evaluation of the impact of this activity on the customer’s rights, interests and freedom of the recipients. Moreover, SOFP allows customers decide not to benefit further from this service through the possibility of cancellation from the mailing list at any time the customer get contacted.
In accordance with the purposes outlined above, both manual and digital tools that can provide the best service are used for the processing of data and for sending targeted messages.
SOFP adopts appropriate technical and organizational measures to guarantee the confidentiality and protection of customer’s personal data.
4. Which are the type of data that SOFP collects?
a) Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user's computer environment. These data are used for the sole purpose of obtaining statistical information on the use of the site and to check its correct functioning. The aforementioned data could be used to ascertain responsibility in the case of computer crimes against SOFP.
b) Data provided voluntarily by the user
The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site entails the subsequent acquisition of the sender's address, necessary to respond to requests and any other personal data included in the message. Specific summary information could progressively be reported or displayed on the pages of the website prepared for particular services on request.
5. To whom can the data be shared?
SOFP can communicate your data to third parties belonging to the following categories in order to perform optional activities to which you have given consensus:
- marketing and market research companies;
- third parties providers for the service applied by SOFP in providing its services;
- companies controlled by SOFP, or by which SOFP is controlled, subsidiaries or associates pursuant to art. 2359 c.c .
6. For how long can your data be stored?
SOFP retains the data in a form that allows the identification of customers for a period of time necessary to achieve the specific purposes of the processing, in compliance with contractual and / or regulatory obligations
For further details on storage times and methods, please contact the SOFP Privacy Office at email@example.com.
7. Reasons and objectives of the Data Processing
The Data concerning the customers are collected by the Data Controller with the sole purpose of providing its services and making improvements, in particular the processing applied is aimed at allowing the following specific activities: Analytics, Contacting the Customers, Contact Management, Profiling.
8. Details on the processing of Personal Data
SOFP collects data on whom, among the recipients of the messages and newsletters sent by the Fintech District team, actually reads such messages and newsletters, and on which specific content drives the major attention of the customers by calculating the click-through rate of the links included into the communications.
This analysis is done with the aim of aligning the right content to the customers’ main preferences and needs.
Contact the customer via direct mailing and newsletter
By registering to the mailing list or the newsletter, the customer's email address is automatically added to a list of contacts to which SOFP sends messages containing information, including commercial and promotional information, related to its service or those of third parties in accordance with the consensus given.
The customer's personal data shared could also be added to this list as a result of registering with this site or after making a purchase.
Personal Data collected: name, surname, email address, domicile or residence address, zip code, city, country, job title and name of the employer.
This type of service allows SOFP to manage a database of customers personal data used to communicate with them.
Such services may also allow SOFP to collect data relating to the date and time the messages are received and read by the customer, as well as to the customer's interaction with them, such as information on clicks on the links inserted in the messages.
For this service, SOFP makes use of an external provider, MailChimp (The Rocket Science Group, LLC.). MailChimp is an address management and email message service provided by The Rocket Science Group, LLC.
Personal Data collected: name, surname, phone number, company name.
9. What are your rights regarding the Data Processing?
We would like to inform customers that, being directly involved in the processing of their data, they can exercise specific data protection rights, listed below:
- right of access: the right to obtain from the Data Controller confirmation that personal data is being processed and, if that is the case, to obtain access to the personal data registered and detailed information regarding the origin, purposes, categories of data processed, recipients of communication and/or data transfer and more;
- right of rectification: right to obtain from the Data Controller the correction of incorrect personal data without unjustified delay, as well as the integration of incomplete personal data, also by providing an additional declaration from the customers;
- right to cancellation ("oblivion"): the right to obtain from the Data Controller the complete deletion of personal data without undue delay in the event that:
- the personal data provided are no longer necessary for providing the service;
- the consent on which the processing is based is revoked and there is no other legal basis for the treatment;
- personal data have been processed unlawfully;
- personal data must be deleted to fulfill a legal obligation;
- right to deny the processing: the right deny at any time the processing of personal data which have as their legal basis a legitimate interest of the Data Controller and / or processing for marketing purposes, including profiling. In case of opposition to marketing processing, personal data are no longer available for these purposes; in case of denial, the Data Controller have the right to terminate the provision of the service;
- right to limit the scope of the processing: the right to obtain from the Data Controller the limitation of processing, in cases where the accuracy of personal data is contested (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the treatment is illicit and/or the interested party has opposed the processing;
- the right to data portability: the right to receive personal data in a structured, commonly and automatically readable format, and to transmit such data to another Data Controller only for cases where the processing is based on consent and only for data processed by electronic means;
- the right to provide a claim to a supervisory authority: the customer who considers that the treatment concerning his/her data is in violation of the Regulation has the right to lodge a complaint with the State control authority Member in which he resides or works habitually, or the State in which the violation has occurred.
We also inform the customers that they have the right to withdraw at any time the consent given to specific optional activities, without prejudice to the processing carried out prior to the revocation.
To exercise their rights, customers can forward their request to the following addresses:
- postal address of Sella Open Banking Platform S.p.A .: Piazza Gaudenzio Sella n. 1, Biella (BI) - 13900 - Privacy Office;
- email addresses: firstname.lastname@example.org; email@example.com
SOFP provides customers answer on the action taken regarding their request without undue delay and at the latest within one month of receiving the claim.
10. How does profiling for marketing purposes take place?
The profiling of customers, aimed at customizing the services and/or products that we offer (events, news, ...), relates to personal data that you provides us directly and/or indirectly, including information related to your participation in initiatives organized by SOFP and on site navigation. These data are processed according to customer’s consensus given to the Data Controller and to evaluate customer’s propensity to purchase a product of SOFP or of third parties and to offer customers, consequently, products and services that meet their preferences and needs.
We also inform customers that their personal data are being processed for profiling activities for direct marketing for a period not exceeding 12 months from their registration.
This treatment takes place to the extent that you have given your optional consent. You have the right to oppose at any time the profiling for the personalization of the commercial offer. In the event of opposition, your personal data will no longer be processed for this purpose.
10. How does profiling for marketing purposes take place?
Cookies are small text files sent by the browser that allow this website to remember the preferences of users. Cookies are not all the same and differ according to the function performed.
The user can disable or accept cookies by adequately configuring their browser. Depending on this, navigation may not be easy and some sections or features of the site may be unavailable.
Our website makes use of the following types of Cookies:
- Session cookies;
- Persistent cookies or static cookies;
- Profiling cookies;
- Third-party cookies.
Session Cookies are cookies that are not stored permanently on the computer and disappear when the browser is closed. This type of cookie allows the transmission of session identification data (consisting of random numbers generated by the server) and allows optimal use of www.fintechdistrict.com. In particular, the website uses:
- JSESSIONID: technical cookie necessary for running the website.
Persistent cookies or static cookies:
These are cookies used only anonymously to obtain statistical data on the unambiguous identification of visits to the website. It is also possible that these types of cookies are associated with the user data for anti-fraud purposes. In particular, the website uses:
- visitedCookieLanding: technical cookie necessary for the website to run;
- gali, _ga, _gat: technical cookies for data collection for statistical purposes;
- pk_ses.c, pk_id.c: technical cookies for data collection for statistical purposes;
- visitz, _nvis_cl5: technical cookies for data collection for statistical purposes.
These are cookies that, according to the current Directive on Electronic Communications, can only be traced after consent. This type of cookie is used to remember the User's choices and automate some procedures. Commercial cookies allow us to optimize the site in such a way as to improve the content referred to individual Users and customize the commercial information based on the interests of those who browse the website.
In particular, the website uses:
- 121ac: commercial cookie for the purpose of personalizing the commercial offer on www.fintechdistrict.com;
- ACTemp: commercial cookie for the purpose of personalizing the commercial offer on www.fintechdistrict.com.
Third parties that use profiling cookies:
The commercial cookies used have a variable duration. The information will be kept for a period of time consistent with the purposes for which the same are treated and in any case in compliance with the law.
Cookie Configuration / Disabling:
For the correct operation of the website www.fintechdistrict.com we recommend keeping cookies enabled. In case you want to disable cookies you can do it via the browser configuration.
For information on how to make these settings, please select your browser from the list below:
Chrome - Firefox - Internet Explorer - Opera - Safari
We inform you that if you choose to disable cookies, we do not guarantee the correct functioning of all the components of our site.
Third-party cookies are saved by the browser through social widgets, applications that offer a preview of the contents of our Facebook and Twitter pages on the website www.fintechdistrict.com. These services are not activated automatically, but require explicit authorization from the User for the processing of personal data.
This category of data includes IP addresses or domain names of the personal computer used by users connecting to the website; the addresses in the Uniform Resource Identifier (URI) notation form of the requested resources; the time of the request; the method used to submit the request to the server; the size of the file obtained in response; the numerical code indicating the status of the response given by the server (success, error, etc.); and other parameters relating to the operating system and the user's computer environment. In particular, the website uses:
GENERAL INFORMATION PURSUANT TO ART. 13 OF THE 2016/679 EU REGULATION
Glossary on the Personal Data Protection regulation
Authority for the Protection of Personal Data (Autorità Garante per la protezione dei dati personali): independent administrative authority established by law n. 675 of December 31, 1996 responsible for overseeing compliance with data protection legislation.
Personal data: pursuant to art. 4, paragraph 1, n.1 of the Regulation 679/16, this definition involves "any information concerning an identified or identifiable natural person ("interested"); an identifiable natural person can be identified, either directly or indirectly, with particular reference to specific characteristics such as a name, an identification number, location data, an online ID or one or more characteristic elements of his physical identity, physiological, genetic, psychological, economic, cultural or social. "
Profiling: pursuant to art. 4, paragraph 1, n. 4 of the Regulation, it involves "any form of automated processing of personal data consisting in the use of such personal data to evaluate certain personal aspects of a natural person related to analyze or predict aspects concerning professional performance, its financial wealth, health, personal preferences, interests, reliability, behavior, location or movement of that physical person. "
Regulations: EU Regulation 2016/679 of 27 April 2016, concerning the protection of natural persons with regard to the processing of personal data, as well as the free circulation of such data and repealing Directive 95/46 / EC.
Data processor: pursuant to art. 4, paragraph 1, n. 8 of the Regulations, this is the "natural or legal person, public authority, service or other body that processes personal data on behalf of the Data Controller."
Data Protection Officer (DPO): figure introduced by the Regulation, whose main duties are to inform and provide advice to the Data Controller, Responsible or appointed for the data protection; monitor compliance and accordance with the Regulation; provide opinions on the impact assessment on data protection; cooperate with the supervisory authority.
Data Controller: pursuant to art. 4, paragraph 1, n. 7 of the Regulation, this is the "natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of processing personal data [...]."
Processing of personal data: pursuant to art. 4, paragraph 1, n. 2 of the Regulation, it is "any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, registration, organization, structuring, the conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, deletion or destruction."