Wait for the messages to upload…

Which language would you rather talk?

Italian

English

Confirm

I've found a solution!

Does this answer meet your needs?
Click Yes to continue talking to Widdy.
Click NO to send your email.

No

SI

Why wait when I can give you the answers you need?


To speak with me, click YES

You're connecting to an operator…

Oops! Something went wrong. Please try again later.

Oops! Something went wrong. Please try again later.

All operators are busy at the moment


If you want, you can book an appointment or ask Widdy

Oops! Something went wrong. Please try again later.

Done! You have sent your request.

Are you sure you wish to finish the conversation?

Are you sure you wish to finish the conversation?

Thanks for contacting us!

Loading ...

Ciao, this is Widdy!
Assistenza WISE

mc_hello_msg_chat

Leave the chat

Would you like to talk to Widdy? If you confirm, your conversation with the operator will be interrupted.

Your useful numbers

Toll-free number

From Italy: 800 22 55 77

From abroad: +39 06 45560210

Da lunedì a venerdì dalle 8:30 alle 22. Il sabato dalle 9 alle 17.

Chiamaci dal tuo cellulare certificato e inserisci la tua password call center.


Block debit and pre-paid card

From Italy: 800 822 056

From abroad: +39 02 60843768

Active 24h


Block credit card

From Italy: 800 992 100

From abroad: +39 02 3498 0176

Active 24h


Credit Card Support

From Italy: 800 955 981

From abroad: +39 02 349 80147

The service is active:
for Classic Credit Cards, from Monday to Friday, from 8:00 to 22:00,
For Gold Credit Cards, 24/7.

Change language

Oops!

Error

Quit transaction

Error

Are you sure you want to quit this transaction?
The data you have entered will not be saved.

Privacy Statement and Policy

Glossary

Party Concerned: the person whose data is processed by Banca Widiba, that is YOU

(art. 4, L.D. 196/2003- the natural person to whom the personal data refers)

Personal Data:the set of data by which it is possible to identify you, such as: first name, last name, tax code, home address, mobile number, mailbox, internet IP address

(art. 4, L.D. 196/2003 - any information concerning a natural person who may be identified or identifiable, even indirectly, by making reference to any other information, including a personal identification number)

Sensitive data: data about you from which it is possible to determine your racial or ethnic origin, your religious beliefs, your political opinions, your state of health or your sexual orientation. For example, if a bank transfer is made in favour of a philosophical association

(Art. 4, Legislative Decree 196/2003 - personal data revealing racial or ethnic origin, religious, philosophical or other beliefs, political opinions, or membership in parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, as well as personal data disclosing information on state of health or sexual orientation)

Processing: any operation performed by Banca Widiba or by the Montepaschi Group involving your data.

(art. 4, L.D. 196/2003 - any operation or set of operations, carried out also without the aid of electronic instruments, concerning the collection, recording, organization, storage, consultation, elaboration, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, erasure and destruction of data, also if not registered in a database)

Data Controller: Banca Widiba S.p.A

(art. 4, L.D. 196/2003 - the natural person, legal person, public administration or any other body, association or organization responsible, also jointly with another data controller, for decisions regarding the purposes and methods of processing personal data and the tools used, including the security profile)

Data Processor: Mr. Paolo Abbo - Privacy and Security Office - Milan, via Messina 38, Torre D

(art. 37 General Data Protection Regulation)

Privacy Statement

Privacy Policy

In accordance with the General Data Protection Regulation (GDPR - Regulation (EU) 2016/679, hereinafter the "GDPR"), Widiba S.p.A. (hereinafter "Widiba") invites you to read the following information. This will help you express your consent, where requested, to the processing of your personal data within the framework of the contract (hereinafter the "Contract") for the provision of banking, investment and accessory services by Widiba.


  1. Definitions (under GDPR art. 4)


    The Data Controller is Banca Widiba S.p.A., with registered offices in Via Messina, 38 - Torre D, Milan.


    The Data Protection Officer (hereinafter "DPO") is the pro-tempore manager of the DPO and Privacy Compliance staff of Banca Monte dei Paschi di Siena S.p.A. with registered offices in Piazza Salimbeni n. 3, Siena, Italy, certified and ordinary email addresses:
    responsabileprotezionedeidati@postacert.gruppo.mps.it; responsabileprotezionedati@mps.it.


    Personal Data is a set of information through which you can be identified, and includes: name, surname, tax code, residence, mobile phone number, email, website, account balance, website credentials.


    Sensitive Data is data from which it is possible to determine your racial and ethnic origin, your religious beliefs, your political opinions, as well as biometric data allowing your unique identification (see paragraph 4 relating to special categories of personal data and judicial data), and data relating to your health and sexual orientation.


    Processing is any automatic or manual transaction involving your personal/sensitive data.


  2. Source of Personal Data


    You provide your personal data to Widiba through use of the website, at the time of commencing the relationship, or while using the services offered by the Bank. You can also provide data with the aid or by means of the following:


    • The network of Financial Advisors;
    • The network of AXA Agents;
    • Credit or debt transactions arranged by other parties;
    • Data acquired from external companies for commercial purposes, market surveys, direct offers of products and services.

  3. Categories of personal data


    The personal data processed by the Bank includes, for example:


    1. identification and personal details collected within the scope of the banking relationship;
      • name, surname, date and place of birth, residence;
      • contact information (e.g. landline and mobile number, email and mail address, certified email);
      • family situation (e.g. marital status, number of family members, relationship with other clients);
      • tax data: tax code/vat number, matrimonial property regime;
      • information on education (e.g. level of education) and employment (e.g. profession and business sector, remuneration, seniority, etc.);
      • data related to identity documents (e.g. number, place and date issued, issuing authority);
      • information relating to the type of digital equipment used for Digital Banking, smartphones/ tablets (e.g. IP address, serial number, UUID device, IMSI, IMEI, WIFI interface MAC address, SIM ICCID);
      • classification as politically exposed person or connected to politically exposed person;s

    2. information relating to products and services intermediated by the Bank, owned or used by the client or towards which the client has expressed interest;
      • types of products owned, services used (e.g. current account, investment account);
      • information on the use of products and services (e.g. current account or payment card balance and transactions);
      • information on equity, income and financial position (e.g. value of property, securities/funds portfolio, policies, tax returns, mortgage and rent expenses, debt position with other intermediaries, origin of funds);
      • data related to methods of interaction with the Bank and use of the contact channels made available ( e.g. branches, Financial Advisors, websites, apps, social pages, meetings, calls, chats, emails, interviews, telephone conversations);

    3. information about your behaviour in relations with the financial services sector;
      • information about events (e.g. protesting, foreclosure, etc.) and relations with third party intermediaries (e.g. non-performing loans, overdrafts, etc.);
      • summary assessments (e.g. credit scoring) issued by third parties (e.g. Crif S.p.A., CERVED, Experian Italia S.p.A. etc.);

    4. information about expectations, knowledge, habits, preferences and behaviours, detected by means of: i) questionnaires required by law (e.g. Mifid, KYC), (ii) sample surveys, iii) analysis of the use of products and services intermediated by the bank or by third parties; (iv) access to databases;
      • data revealing tastes, preferences, life consumption and saving habits provided in response to questionnaires;
      • satisfaction ratings (e.g. relating to products and services offered, physical and digital channels, public relations managers);
      • macro needs (e.g. insurance coverage linked to sporting activities or health risk management, life projects to understand which products may be useful over time);
      • behaviour (e.g. hobbies, use of digital channels, use of the services of other financial intermediaries);
      • session cookies on the Bank’s websites;

    5. videos;s
      • images taken by the video surveillance systems installed by the Bank to protect the safety of persons, goods and assets.

    6. Geolocation data
      • information that allows you to confirm your presence in a certain place at a precise moment, for example by analysing the places from which you have made withdrawals and payments.

    Data categories for associated banks


    The PSD2 directive on payments allows for the sharing of data between the various players in the banking ecosystem. Banca Widiba offers its clients the opportunity to access the information of other banking intermediaries (e.g. IBAN, balance, transactions, cards) through a shared Open Banking platform, by entering the internet/mobile banking credentials issued by the Bank or the payment service providers with which they have an account. Clients may access the service subject to providing explicit consent in their restricted area.


  4. Categories of sensitive and judicial data


    Sensitive data


    >As a result of specific operations or services requested by you (e.g. taking out life insurance policies, making ongoing payments through standing orders or deducting trade union and political party membership fees from the salary), the Bank may come into possession of data referred to as “ssensitive” insofar as it makes it possible to infer whether you belong to such groups and information relating to your state of health, your racial or ethnic origin, your religious beliefs and your sexual orientation.


    Sensitive data also includes biometric data, i.e. data obtained by technological means relating to the physical, physiological or behavioural characteristics of a natural person enabling his or her unambiguous identification; such data is collected by the Bank only with your specific consent.


    Judicial data

    • Data retrieved from court-based and other registries (e.g. real estate charges and burdens, mortgages/judicial foreclosures)
    • Antimafia criminal record office

  5. Purposes of data processing


    Some of your personal data is processed as part of Widiba’s normal business activities for the following purposes:


    1. Purposes closely connected with and instrumental to managing and implementing the obligations arising from the contractual and precontractual relationship established with Widiba, including all necessary preliminary checks involving the data communicated. Such checks are carried out by communicating your personal data to third parties; any refusal to consent would prevent Widiba from concluding and executing the contract. For such purposes, the legal basis for processing data is the need to execute a contract or to follow up specific requests, also of a precontractual nature. Providing data is not mandatory but any refusal to do so, even in part, would make it impossible for the Bank to carry out the operations and provide the services requested;
    2. To fulfil the obligations provided for by laws, regulations, EU legislation (e.g. anti-money laundering and anti-terrorism legislation, supervisory provisions for banks, FATCA, etc.). For such purposes, the legal basis for processing data, which in some cases may include profiling, is the need to avail of personal data to fulfil a legal obligation to which the Data Controller is subject;
    3. To protect your image and to secure the identity of clients and assets. The aim of these purposes is to fight continuous fraud and embezzlement attempts by fraudsters. For such purposes, the Bank will analyse information relating to some of your connection data and your transaction habits. For such purposes, the legal basis for processing data, which may also envisage the use of profiling techniques, is the legitimate interest of the Bank, against which you may exercise your right to object to your data being processed within the limits of art. 21 of the GDPR;
    4. Client profiling for commercial purposes, carried out by Widiba to analyse your consumer choices and habits and to offer you a more personalised service. For such purposes, the Bank will analyse information relating to your relationship with Widiba, identifying your consumption propensities in a general manner (e.g. the branch nearest to your residence, or the simple possession and balance of a credit or prepaid card, etc.). The legal basis for processing data, also by means of profiling techniques, is the legitimate interest of the Bank, against which you may exercise your unconditional right to object to your data being processed, requesting immediate interruption of such data processing without prejudice to the establishment, continuation and management of your contractual relations with the Bank;
    5. Market research, statistical studies and assessments of the degree of satisfaction with the products and services of Widiba and of the Monte dei Paschi di Siena Banking Group;
    6. Commercial purposes, such as sending newsletters, and the promotion or sale of the products and/or services of Widiba, of the Monte dei Paschi di Siena Banking Group or of third party companies;
    7. Client profiling for commercial purposes, carried out by Widiba to analyse your browsing experiences and your attention to communications, if the data that can be used for such purposes reveals particularly sensitive information about your private sphere and your behavioural habits (e.g. an analysis of the descriptions of your bank transfers, etc.);
    8. Public relations, carried out through social networks, chats and e-mails, as well as invitations to participate in events;
    9. Activities involving advanced identification techniques and the processing of biometric data, for example:
      • how devices are used (PC, Tablet, smartphone);
      • identification of devices used for site navigation;
      • location of devices used when operating the website;
      • voice issuance, when a vocal password is recorded;
      • use of a handwritten signature, when this is recorded.


    The legal basis for processing data, also by means of profiling techniques, is the free provision of your informed consent, which consent may be withdrawn at any time without prejudice to the establishment, continuation and management of your contractual relations with the Bank.


  6. Processing methods


    All the processing, whether automatic or manual, described in point 3 is carried out by Widiba for the above-mentioned purposes.


    Processing for commercial purposes may be carried out directly by Widiba or by third party companies using both traditional systems (paper mail or operator calls) and automated systems (calls with no operator, e-mail, fax, SMS, MMS, etc.).


    As regards identifying the habits and consumption propensities of clients, cookies may also be used, in accordance with the guarantees and necessary measures laid down by the GDPR.


    Widiba does not have its own commercial network of branches, but you can contact a Monte dei Paschi di Siena branch directly. Consequently, your Personal Data may be processed by the Bank to allow you to execute a number of banking transactions. These transactions are:


    • “face-to-face” identification to open a contract;
    • withdrawals and payments of money in cash;
    • issuing bank drafts;
    • executing cash transfers and direct debits (SCT - SEPA Credit Transfer);
    • payment of F23 and F24 tax forms;
    • other banking transactions requested by you at the counter.

  7. Processing duration


    Based on the various aims and purposes for which your data was collected, this will be stored for the period of time prescribed by the relevant legislation, or for the time strictly required to achieve said purposes (e.g. the Consolidated Banking Law lays down 10 years following closure of the contract and that, for special client orders and instructions or for telephone banking services, Widiba can record telephone conversations, which may be used as proof and to safeguard its rights in the event of disputes). With regard to the purposes of commercial profiling and direct marketing, your data will be used for a maximum of twelve months and twenty-four months respectively.


  8. Parties or categories of parties to whom personal data may be communicated or who may become acquainted with same in their capacity as Data Processing Officers or as Persons in charge of data processing


    To fulfil the purposes described in point 5 above, the Bank may communicate data to certain subjects, including foreign ones (in this regard, see the following chapter on the transfer of data abroad), belonging to the following categories who use the data received in their capacity as independent Data Controllers or Data Processors in accordance with art. 28 of the GDPR. A complete and up-to-date list containing, among other things, their full names may be requested, free of charge, from the DPO and Privacy Compliance staff, at the addresses given in paragraph 1):


    1. To parties to whom said communication must be made to fulfil obligations laid down by laws, regulations or EU legislation. In particular, Widiba is obliged to communicate your data to the Centrale dei Rischi (Central Credit Register) of the Bank of Italy. The Central Credit Register provides information on financial risks and, by collecting information from banks on the risks associated with their clients, informs said banks of any debt position in relation to the banking system. This reporting requirement exists as from EUR 30,000.00 for all risks, whether direct (cash and non-cash loans) or indirect (personal guarantees issued to other subjects). Non-performing debts must be reported regardless of the amount;
    2. To financial intermediaries belonging to the Monte dei Paschi di Siena Banking Group, in accordance with the provisions of art. 46, paragraph 4 of Legislative Decree no. 231 of 21 November 2007, which provides the option to communicate such reports to other financial intermediaries belonging to the same group, also in third party countries (in compliance with the provisions of the GDPR), with consequent processing by same;
    3. To companies belonging to the Monte dei Paschi di Siena Banking Group, or subsidiaries or associate companies within the meaning of art. 2359 of the Italian Civil Code (also those abroad), or companies subject to joint control for all purposes of an administrative-accounting nature or to fulfil specific provisions of law;
    4. To agencies or branches of Banca Monte dei Paschi di Siena.

    Moreover, to fulfil the purposes described in point 3 above, Widiba may communicate your personal data to external companies, bodies or consortia, in Italy or abroad, belonging to the following categories:


    1. companies or bodies that offer banking and financial services;
    2. service companies for the acquisition, registering and processing of data deriving from documents or media supplied or originating from clients and having as their object the massive processing of payments, notes, cheques and other securities;
    3. companies that print, transmit, envelope, transport and sort communications to/from clients;
    4. companies that perform logistics services to deliver products requested by clients;
    5. companies that archive documentation relating to relations with clients;
    6. companies that process and transmit data;
    7. private credit registers;
    8. companies specialised in collecting and processing financial data;
    9. parties who carry out market research to detect the degree of client satisfaction with the quality of services and activities carried out by the bank, and parties who promote and sell the products/services of the Bank and of the other companies of the Monte dei Paschi di Siena Banking Group;
    10. companies that manage national and international systems to control fraud against banks and financial intermediaries (“Centrale di Allarme Interbancaria”, or Interbank Register of Bad Cheques and Payment Cards);
    11. companies or professionals specialised in debt and asset recovery;
    12. insurance companies, with regard to policies directly or indirectly related to transactions with clients;
    13. companies engaged in assistance, advertising and sale to clients (e.g. call centres);
    14. other companies engaged in services related and instrumental to managing client relationships (e.g. consultancy and legal firms);
    15. rating or auditing companies;
    16. affiliated companies and organisations;
    17. companies on behalf of which the Bank acts as an intermediary to sell their products and/or services, detect the degree of client satisfaction, perform market surveys and commercial activities, etc.

    Finally, within the context of processing data for the fulfilment of obligations, personal data may be notified to persons belonging to the following categories, suitably appointed by Widiba to the role of Data Processing Officers or “Persons authorised to perform data processing”:


    1. employees of or persons seconded to the bank;
    2. interns;
    3. professional consultants;
    4. financial consultants and agents operating payment services;
    5. employees of companies appointed as Data Processing Officers.

    Finally, if you own the stock of listed companies, please note that, unless you provide explicit refusal:


    • pursuant to art art.83-duodecies of Legislative Decree 58/98 (Consolidated Law on Finance), Widiba shall communicate your identification data (e.g. name, surname and address) and the number of stocks deposited with Widiba to any Italian listed company that requests this information through a centralised management company (for example Monte Titoli);
    • pursuant to art.136 of Consob resolution 11971/99 (Regulations for Issuers), Widiba shall communicate your identification data (e.g. name, surname and address) and the number of stocks deposited with Widiba to any proxy solicitors that request this information.

    In the absence of an express prohibition, you will receive the proxy solicitor’s privacy policy at one of the addresses used for communications relating to investment accounts. You will be free to decide, case by case, whether or not to confer your proxy or to exercise your right to vote as deemed appropriate. In both cases, rest assured that you will not incur additional costs, obligations or duties as a result of communicating your identification data to third parties.


  9. Transferring data abroad


    Some data processing operations carried out by Widiba for the purposes listed above may involve your personal data being transferred abroad, either within and/or outside the European Union. In this case, Widiba guarantees observance of the GDPR, in particular as regards the provisions of art. 45, whereby transfers will only be towards countries that ensure adequate levels of protection.


  10. Rights of data subjects (artt. 15-22 GDPR)


    The GDPR focuses on the protection of individuals, and to this end provides a series of rights that may be exercised with respect to Widiba (the Data Controller):


    Right of Access – the right to obtain confirmation as to whether or not personal data concerning you is being processed,the origin of any such data, the logic and purpose of the processing, the recipients or categories of recipients to whom said data may be communicated, and the period for which said personal data will be stored, where this can be defined.


    Right to rectification – the right to obtain the rectification of your own data from Widiba. To exercise this right, it may be enough to access the Widiba website, using your credentials, and use the various features offered to exercise this right (e.g. change residence address, mobile phone number, password). To rectify any data other than that mentioned in this paragraph, please write to us using the above contact details.


    Right to erasure (Right to be forgotten) – the right to get Widiba to erase your personal data if it is no longer necessary in relation to the purposes for which it was collected. In some cases provided for by the law that regulates the banking sector (see Consolidated Banking Law, Circular 285 of the Bank of Italy), Widiba will be unable to enforce this right (e.g. if such data is necessary for the establishment, exercise or defence of legal claims).


    Right to restriction of processing – the right to obtain from Widiba restriction of processing by all those who have a service contract or an employment contract with the Bank. In some cases, the Bank reserves the right to allow access to a restricted number of persons for the purpose of ensuring the security, integrity and fairness of said data.


    Right to data portability – the right to receive from Widiba the personal data concerning you in a structured, commonly used format. The data can be sent to a portable device (USB stick, USB disk, PC) or to another Data Controller. To exercise this right, simply access the Widiba website, using your credentials, and use the relevant feature.


    Right to object – the right to object to data processing for reasons related to your particular situation, including the right to withdraw consent to data processing for the sending of advertising material or newsletters, for direct sales, for carrying out market research, for detecting the degree of satisfaction, and for profiling purposes. The right to object shall be deemed to be extended to the receipt of promotional communications made either by traditional or by automated means, without prejudice to the possibility of expressing your consent exclusively for the receipt of communications by traditional means.


    To exercise the above rights where no online provision has already been made, and anyway in any case, you can email your requests to privacy@widiba.it or to the certified email address privacy@widipec.it.


    To lodge a formal complaint, contact the Data Protection Supervisory Authority (Piazza Venezia no. 11 – 00187 Rome; garante@gpdp.it; phone + 39 06 69677.1; fax + 39 06 69677.3785) or the Judiciary directly.


  11. Accessing, amending your Consent and Data


    Through specific sections of your restricted area, accessed exclusively with your credentials, Widiba gives you the possibility to:


    • access all your personal data as described in point 9;
    • change any optional consent whenever you wish;
    • edit any other personal data relating to you (change your residence/correspondence address, email address, mobile number, password).

    INFORMATION ON THE PROTECTION OF PERSONAL DATA WITHIN THE FRAMEWORK OF S.W.I.F.T. FUND TRANSFERS


    To carry out financial transactions (for example cross-border bank transfers) and certain specific national transactions requested by clients, an international messaging service is required. The service is managed by the "Society for Worldwide Interbank Financial Telecommunication" (SWIFT), based in Belgium. The Bank provides SWIFT (owner of the SWIFTNet Fin system) with the data required to perform the transactions, such as the names of the remitter, the beneficiary and their respective banks, the bank details and the amount. At present, Banks cannot carry out the above transactions without using this interbank network and without communicating the above data. However, you should know that:


    • All client data used to execute financial transactions is currently - for operational security reasons - duplicated, transmitted and stored temporarily as backup copies by Swift, in a company server located in the United States of America;
    • The data stored in this server can be used in the US in accordance with local legislation. Competent US authorities (in particular the Department of the Treasury) have had access to it or could access same again on the basis of further measures deemed adoptable according to US legislation on the fight against terrorism.
    • The data subject retains his rights under the GDPR (for the privacy policy, see: http://www.swift.com).

  12. Disclosure under the “Code of Conduct applying to information systems managed by private entities with regard to consumer credit, reliability, and timeliness of payments” (hereinafter the “Code of Conduct”), approved by the Data Protection Supervisory Authority with Measure No. 163 of 12/09/2019


    In addition to the above, the Bank intends to provide the data subject, also on behalf of the credit information systems, with appropriate information under art. 6 of the Code of Conduct applying to information systems managed by private entities with regard to consumer credit, reliability, and timeliness of payments (September 2019 Measure of the Data Protection Supervisory Authority).


    Please note that, in order to respond to client requests with regard to granting credit, we will be processing some personal data concerning you. This is information that you yourself give us or that we obtain through a number of databases. Such databases (Credit Information Systems or CIS) containing information about data subjects are consulted to evaluate, take on or manage credit risks, assessing the reliability and payment punctuality of data subjects, and are managed by private entities and owned by private undertakings belonging to the categories stated in the disclosures provided by CIS managers. This information will be stored at the bank; some of the information clients provide, together with information arising from their payment behaviour throughout the relationship, may be communicated to CISs periodically. This means that those belonging to the aforementioned categories, upon considering whether or not to establish a relationship with a client, will be able to know whether those same clients have submitted a request to the bank and whether they pay regularly. The processing and communication of data are necessary requirements for signing a contract. Without this information, the bank may not be able to respond to the request received. Retaining this information in databases is based on the lawful interest of the Data Controller to consult CISs.


    Client data will not be transferred to a non-EU third country or to international organisations. According to the terms, methods and within the limits of applicability established by current law, clients are entitled to obtain confirmation as to whether or not personal data concerning them is being processed and to exercise the various rights related to its use (the right to have it rectified, updated, cancelled, to limit or object to its processing, etc.). Clients may lodge a complaint with the Data Protection Authority (www.garanteprivacy.it), or resort to the other means of protection provided for by applicable law. The bank stores client data care of our company for the time required to manage the contractual relationship and to fulfil all legal obligations (for example, as provided for in art. 2220 of the Italian Civil Code concerning the retention of accounting records).


    The credit information systems used by Widiba are managed by:


    • CRIF S.p.A. with registered offices in Bologna - Public Relations Office: Via Zanardi 41, 40131 Bologna. Fax: +39 051 6458940, Tel: +39 051 6458900, website: www.consumatori.crif.com
    • •EXPERIAN-CERVED INFORMATION SERVICES S.p.A. - Registered Offices: Piazza dell’Indipendenza, 11/B, 00185 Rome, Italy, phone 199.183.538, website http://www.experian.it/

    In order to better assess credit risk, reliability, and timeliness of payments, the Bank communicates certain personal data (personal details, also of any joint debtor, type of contract, credit amount, reimbursement method) to Credit Information Systems, which are governed by the relevant Code of Conduct (Code of Conduct applying to information systems managed by private entities with regard to consumer credit, reliability, and timeliness of payments) and act as independent Data Controllers.


    Data relating to clients is regularly updated with new information acquired throughout our relationship (payment position, debt exposure, credit status). Within the context of CISs, client data will be processed by means of organisation, comparison and elaboration operations considered strictly necessary to pursue the purposes described above. Such processing will be carried out either manually or using IT and online tools, in any case guaranteeing the security and confidentiality of the data, also in the case of using remote communication tools. Client data will be processed statistically to generate a summary assessment or score on your degree of reliability and solvency (your so-called credit scoring), taking into account the following main factors: number and characteristics of existing credit lines, evolution and history of ongoing or completed payments, presence and characteristics of any new credit requests, history of credit lines paid off. Additional information may be provided to you in the event of rejecting a credit request.


    You have the right to access your data at any time, by contacting both Widiba and the CIS operators at the addresses specified above.


    Similarly, you may also ask for your data to be amended, updated, corrected or completed and to have any data processed in violation of the law be cancelled or blocked, or to oppose its use for legitimate reasons to be specified in the request (articles 15 to 21 of the GDPR; art. 9 of the code of ethics).


Period of data retention in credit information systems:


funding request6 months if the investigation so requires, or 1 month in the event of the request being rejected or withdrawn
remedied delay of two instalments or two months12 months from the time of settlement
longer delays remedied even by arrangement24 months from the time of settlement
unremedied adverse events (e.g. late payments, serious defaults, non-performing loans)36 months from the date of contractual expiry of the relationship or from the date in which the last update proved necessary (in the case of subsequent agreements or other significant events concerning repayment)
relationships that have performed positively (without delays or other negative events)36 months in the presence of other relationships with negative events that have not been settled. In the remaining cases, in the first phase of implementation of the code of ethics, the period shall be 36 months from the date of termination or expiry of the agreement, or from the first update carried out in the month following said date

Privacy Policy

Widiba places great importance on protecting the personal data of its users.
This notice is given pursuant to art. 13 of Legislative Decree no. 196 of 30 June 2003 (hereinafter referred to as the Data Protection Act) and relates to the processing of personal data of users who make use of the Widiba web services. This information does not relate to other websites accessed via any links.
The information note is also based on the Recommendation no. 2/2001 that the European authorities for the protection of personal data, grouped by art. 29 of directive no. 95/46/EC, adopted on May 17, 2001 to determine some minimum requirements for the online collection of personal data, and, in particular, methods, times and nature of the information that the data controllers must give the users when they connect to web pages, regardless of the purposes of such connection.

Who is the Data Controller?
is Banca Widiba SpA in the person of its pro-tempore legal representative domiciled for the office at the company's headquarters in Milan, via Messina 38, Torre D.

How is logistical data processed?
Access to and use of the online services foresees the processing of data relating to individuals identifiable by means of authentication systems and procedures. The mere consultation of the website, without access to the online services, foresees the collection of information the transmission of which is implicit in the use of Internet communication protocols, as well as information on the computer used to connect to the internet.
Data collected in connection with this site's web services is processed at the Banca Widiba offices exclusively by persons in charge of data processing or by persons in charge of occasional maintenance tasks. No personal data deriving from these web services is disclosed. If necessary, the data connected with these web services can be processed by Banca Monte Paschi di Siena and by the MPS Group Operating Consortium (the first in its capacity as independent Data Controller, and the second in its capacity as specially appointed Data Processor in accordance with Article 29 of the Data Protection Act), at the offices of the said companies. The personal data of users who access and use the online services may be disclosed to third parties to fulfil specific legal, regulatory and supervisory obligations. In addition, to enable the fulfilment of "logistical" activities pertaining to the web services offered to clients, the processing of some data may be delegated to third parties especially appointed for the purpose.
Banca Widiba regularly reviews its privacy and security policies and, where appropriate, updates them in accordance with regulatory or organizational changes, or prompted by technological evolution. Any amendments to these policies will be published on this website.

What type of data is processed?

Personal data provided voluntarily by the user
The explicit and voluntary insertion of personal data by the user in the registration forms of this website involves the acquisition of the data provided, which is necessary in order to provide the service requested. Specific information pursuant to art. 13 of the Data Protection Act, also in summarised form, will be reported or displayed case by case in contractual documents or in the pages of the website designated for special services upon request.

Navigation data
The computer systems and software procedures relating to the normal operation of this website acquire personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified parties, but by their very nature could, through processing and associations with data held by third parties, lead to the identification of users.
This category of data includes IP addresses or domain names of computers used by users connecting to the site, URIs (Uniform Resource Identifiers) ​​of requested resources, the time of requests, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the user's operating system and computer environment.
This data is used solely for the purpose of:
- obtaining anonymous statistical information regarding use of the site;
- checking the correct operation of the site;
- carrying out monitoring activities to ensure the safety of the service.
The data could be stored and used to ascertain responsibility in case of hypothetical computer crimes against the site or its users.

Cookies
Widiba uses cookies for several purposes. A cookie is a set of information that can be stored on the hard disk of a computer of a client connected to the widiba.it website.
Banca Widiba uses two types of cookies:
Static cookies - saved on the hard drive of the client's PC, these cookies contain information concerning the characteristics of said PC; they are used to identify the device for the purpose of fighting computer fraud
Temporary cookies - these cookies are only used for the duration of the session and contain information related to said session; their purpose is the proper and efficient processing of requests made by the customer.

Conferring data
Except for what has been specified for navigation data, the user is free to provide the personal information stated on request forms or indicated during contacts with the Office to further the dispatch of information material or of other communications. Non conferral of said data may make it impossible to fulfil the request.

Processing methods
Personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which it is collected. Specific security measures are observed to prevent the loss of data, illegal or incorrect use and unauthorized access.

Data subjects' rights
Data subjects have the right, at any time, to obtain confirmation as to whether or not personal data concerning them exists, to know its content and source, to verify its accuracy or to demand its integration, updating or rectification (Art. 7 of the Data Protection Act). In accordance with said Article, data subjects have the right to ask for the erasure, the anonymization or the blocking of data that has been processed unlawfully, and, furthermore, to object on legitimate grounds, to the processing of same.

For more information
Anyone wishing to obtain more information or to offer suggestions or complaints about the privacy policies, can do so by writing to the following e-mail address: privacy@widiba.it.

Rights of data subjects

The GDPR protects individuals through the following rights:

Right of Access
Data subjects have the right to obtain confirmation as to whether or not personal/sensitive data concerning them are being processed. To exercise this right, simply log onto the Widiba website with your credentials and view/download the information you require.

Right to rectification
Data subjects have the right to obtain from Banca Widiba the rectification of inaccurate personal data concerning them. To exercise this right, simply log onto the Widiba website with your credentials and use the various features provided (e.g. change residence address, mobile number, password).

Right to erasure (‘right to be forgotten’)
Data subjects have the right to obtain from Banca Widiba the erasure of personal data concerning them whenever said data are no longer necessary in relation to the purposes for which they were collected. In some cases, envisaged by the regulations governing the banking sector (see the Italian Consolidated Banking Act, Circular no. 285 of the Bank of Italy), Banca Widiba is entitled to deny this right, for example when the aforementioned data are required to assess, exercise or defend a right in court.

Right to restriction of processing
Data subjects have the right to obtain from Banca Widiba restriction of access to personal data by those parties who have a service contract or an employment contract with the Bank. In some cases, the Bank reserves the right to grant access to a limited number of people in order to guarantee the safety, integrity and correctness of said data.

Right to data portability
Data subjects have the right to receive the personal data concerning them, which they have provided to Banca Widiba, in a structured, commonly used format. Said data can be provided on a portable device (USB stick, USB disk, PC) or forwarded to another Data Controller. To exercise this right, simply log onto the Widiba website with your credentials and use the features provided.

Right to object
Data subjects have the right to object to processing of personal data concerning them by Banca Widiba. In this case, two scenarios are possible:

a. data is processed in connection to the fulfilment of a contract, in which case it is not possible to exercise this right except by terminating said contract;
b. data is processed for commercial and/or profiling purposes, in which case you may exercise this right simply by logging onto the Widiba website with your credentials and and changing the consent previously provided.

Right to lodge a complaint
Data subjects have the right to lodge a complaint with the Supervisory Authority whenever they consider that their data have been processed in violation of the law. The procedures for lodging a complaint are described on the website of the Italian Data Protection Authority.

To exercise the aforementioned rights in the absence of the internet or if you are not yet our customer, you can send a request by email to privacy@widiba.it or by certified email to privacy@widipec.it.

Cookies

Cookie Policy

The purpose of this policy is to describe the types of cookies used by the Banca Widiba website.
A cookie is that a small text file stored on your device when you visit a website, acting as a “reminder” and allowing the website to recognise you on subsequent visits. Cookies allow the website to offer users personalised experiences by storing some information about them. This policy uses the term “cookies” to refer both to actual cookies and to similar technologies covered by law.
Information collected through cookies, although in itself anonymous, could potentially lead to the identification of users/visitors by association with and by processing unique identifiers and data held by third parties (such as IP address, domain names of the computers used by persons connecting to the website.)

This document forms an integral and substantial part of the Privacy Policy issued, among other things, to comply with articles 13 and 14 of Regulation (EU) 2016/679. We suggest you read your Privacy Policy as well.

What cookies are used for

Cookies perform various functions: they allow users to browse efficiently from page to page, remembering their preferences and, more generally, improving their experience; they also help to ensure that the advertisements displayed while browsing are of interest to the user and that the marketing activities are relevant to their preferences.
When browsing on a website, users may receive “first” and “third party” cookies on their computer, based on the party that has actually sent them. The fact of a cookie being a “first”' or “third party” cookie is closely connected to the website or domain using that cookie. “First party” cookies are essentially cookies sent by the website being visited, i.e. the website displayed in the URL window: in our case, cookies sent by the Data Controller’s website. “Third party” cookies are cookies that are sent by a domain other than the one being visited by the user, i.e. cookies sent by websites other than the Data Controller’s website. If a user visits a website (like this one) and a third-party company sends a cookie through this website, that specific cookie is known as a “third party” cookie.

Types of cookies

  • a. Technical cookies
    Technical cookies make it possible to conduct essential activities for the running of the website, for example ensuring that the content of a page is loaded quickly and effectively, distributing the workload across different computers, or ensuring security. Without them, the website would not be able to function properly.
    Although not strictly necessary, “Technical cookies” also include the following two categories of b) functional cookies and c) analytical cookies (only if they meet the requirements listed at the relevant point).
  • b. Functional cookies
    Functional cookies make it possible to save information that changes the way the website acts or is displayed. For example, they are usually used in response to a request for a service, like when you set your privacy preferences, log in, or fill out forms; they also make it possible to store the language selected by the user or the preferred geographic region. If you do not enable these cookies, all or part of these services will not function properly.
  • c. Analytical cookies
    Analytical cookies allow websites to count the number of visitors and monitor traffic sources in order to measure and improve the website’s performance. For example, they identify the most viewed content and the most common tasks performed by users.
    Analytical cookies are only treated as functional cookies if:


    • they are used solely to produce aggregated statistics and in relation to a single website or mobile application;
    • at least the fourth portion of third-party IP addresses is masked;
    • third parties refrain from combining these cookies with other processed data (e.g. customer files or statistics of visits to other websites) and from transmitting them to third parties.

    Otherwise, analytical cookies are treated as profiling cookies and require consent.
  • q. Profiling and advertising cookies
    Profiling (or promotional) cookies are discretionary and are used to create profiles relating to the user. They are used to send advertisements in line with the preferences shown while browsing the web. This type of cookie requires your prior consent.

Consenting to the use of cookies

The user’s consent must be obtained before installing profiling cookies and analytical cookies that process data not in an anonymous or aggregated form. For this reason, upon accessing the website a banner appears informing users and allowing them to provide their informed consent to receiving such cookies. By clicking on the banner, users will be brought to a dashboard where they can express their specific consent to the installation of each category of cookie.
Consent to using cookies may be revoked at any time, in the same way as it is provided, but revoking same may affect the website’s functionality.
Users may set the browser to notify them when cookies are going to be installed, allowing them to decide whether or not to accept them. Users can also automatically reject all cookies through the browser's opt-out page.
Every browser provides instructions in this regard.

For information on how to change your cookie settings, click on the link relating to the browser you are using:
Chrome https://support.google.com/chrome/answer/95647?hl=it
Firefox https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
Internet Explorer http://windows.microsoft.com/it-it/internet-explorer/delete-manage-cookies#ie=ie-11
Opera http://help.opera.com/Windows/10.00/it/cookies.html
Safari https://support.apple.com/it-it/HT201265

Cookies we use

To learn more about the individual profiling cookies we use and how to recognise them, please see below.

  • aam_uid - Used in Audience Manager to distinguish users (30 days)
  • dextp – Used to identify the time of access (6 months)
  • mc – Used to identify the browser and browsing history for advertising purposes (13 months)
  • d - Used to distinguish between advertising messages (3 months)
  • IDE - Used to identify the user and deliver targeted advertising messages (18 months)
  • RUL - Used to ensure advertising is correctly displayed (1 year)
  • MUID – Used to distinguish between users (13 months)
  • fr - Used to deliver targeted advertising messages (3 months)
  • _gat – Used to throttle the request rate (1 minute)
  • visitor_info1_live - Used to deliver video content (1 year)
  • vuid – Used to deliver video content (2 years)
  • _fbp - Used to deliver targeted advertising messages (3 months)
  • pxl - Used to deliver targeted advertising messages (90 months)
  • _kuid_ - Used for users' unique identifier (6 months)
  • _gcl_au - Used to test the efficiency of advertising on websites (3 months)
  • anj - Used to identify a returning user's device (3 months)
  • audience - Used to determine if video ads were properly viewed on the website (13 months)
  • c - Used to synchronize user identification with data exchange between various advertising services (1 year)
  • CMID - Used to collect data on user visits to the site (1 year)
  • CMPRO - Used to collect data to serve interest-relevant advertisements (3 months)
  • CMPS - Used to collect data on user visits to the site (3 months)
  • eud - Used to collect user data for the purpose of optimizing ad display (13 months)
  • euds - Used to collect anonymised user data (session)
  • rud - Used to collect user data for the purpose of optimizing ad display (13 months)
  • ruds - Used to collect user data for the purpose of optimizing ad display (session)
  • tuuid - Used to know if the user has consented or not consented to the use of cookies (1 year)
  • tuuid_lu - Used to learn about user behavior across multiple websites to propose relevant content (1 year)
  • uuid2 - Used to identify a returning user's device (3 months)
  • _gcl_aw - Cookie utilizzato per funzionalità di retargeting (3 mesi)
  • _gcl_dc - Cookie utilizzato per funzionalità di retargeting (3 mesi)
  • _li_ss - Questo cookie è utilizzato per marketing e pubblicità (30 giorni)
  • data-rk - Cookie utilizzato per registrare la tua attività di navigazione, allo scopo di visualizzare annunci mirati (1 anno)
  • did - Utilizzato per mostrare ai visitatori del sito annunci mirati (3 mesi)
  • didts - Utilizzato per fornire annunci più pertinenti agli interessi dell'utente (3 mesi)
  • dpm - Cookie per offrire la pubblicazione di annunci o il retargeting (6 mesi)
  • i - Utilizzato per erogare messaggi pubblicitari targettizzati (openx.net)
  • KRTBCOOKIE_18 - Utilizzato per raccogliere dati utili a presentare pubblicità pertinenti agli interessi (3 Mesi )
  • lidid - Utilizzato per raccogliere dati utili a presentare pubblicità pertinenti agli interessi (30 giorni)
  • nnls - Utilizzato per la pubblicità mirata (30 giorni)
  • pp1095 - Utilizzato per identificare l’utente ed erogare messaggi pubblicitari targettizzati (30 giorni)
  • pxrc - Utilizzato per analizzare come l'utente interagisce con il sito per ottimizzare gli annunci che gli vengono mostrati (90 giorni)
  • rlas3 - Utilizzato per raccogliere dati anonimi relativi alle visite dell'utente al sito web, come il numero di visite, il tempo medio trascorso sul sito web e quali pagine sono state caricate, allo scopo di visualizzare annunci mirati (1 anno)
  • sd-session-id - Cookie utilizzato per raccogliere in modo anonimo informazioni demografiche (13 mesi)
  • zync-uuid - Cookie per servire i visitatori con pubblicità pertinenti (13 mesi)
  • lms_ads - Targeting/Adversiting. Utilizzato per erogare messaggi pubblicitari targettizzati (1 mese)


Previously set cookies
If users have disabled one or more cookies, from that moment onwards we will cease to use the cookies that have been disabled to collect further information.

Cookie-like technologies
The website uses cookie-like technologies that provide us and our suppliers with information on how the website and its content are used by visitors. They help us identify whether the connected computer or device has visited our or other websites in the past.

Contacts

For any information regarding the use of cookies and the processing of personal data, please email the Data Controller at: responsabileprotezionedeidati@postacert.gruppo.mps.it; responsabileprotezionedati@mps.it

Changes and updates
This Policy may be subject to change, also as a result of changes in the regulations. The Cookie Policy will be kept up to date at all times on this website.
Policy updated June 2021.

Privacy

Security and Technology

Transparency

Accessibility

Complaints

FAQ

Company details & copyright

MiFID