Crédit Agricole Italia S.p.A. - Registered Office Via Università, 1 - 43121 Parma, Italy, in its capacity as the data controller (“CA Italia”) undertakes to protect the Personal Data, as exhaustively defined below, of its Customers. In general, all the information and data provided to CA Italia by its Customers or by third parties, within the use of CA Italia services (“Services”) as defined in Section 3 below, shall be processed by CA Italia in a lawful, fair and transparent manner. For further information about the processing of your Personal Data, please contact CA Italia Data Protection Officer at the address: dpo@credit-agricole.it
Through the Services it provides, Crédit Agricole Italia collects and processes information about its customers as individuals, whereby customers are identified or identifiable, as well as information on other persons which may be provided to CA Italia during the provision of the Services (e.g. credit transfers payees). The information that makes the customer or a third party identified or identifiable is classified as “Personal Data”. The types of Personal Data that may be processed by CA Italia through the Services are:
The Personal Data described above shall be processed for the following purposes:
a) To respond to your specific requests for assistance or information (“Response”);
b) To comply with obligations resulting from or functional to financial contracts entered into with Crédit Agricole Italia, which may include processing of so-called sensitive Personal Data or the communication or cross-referencing of Personal Data from databanks for loan application processing activities (e.g. collection of preliminary information to open current accounts or to grant credit lines, loans or mortgage loans; the issuance of debit/credit cards and the provision of related services, jointly “Services”). As better described in the “Informativa integrativa sui Sistemi di Informazioni Creditizie”, which can be found on the website or at our branches, to provide some Services (e.g. mortgage loans) the customer’s creditworthiness and any fraudulent or unlawful conducts must be assessed, in order to classify the customer in a specific risk level. This activity is performed analyzing Personal Data coming from databanks set up for credit risk assessment and for the prevention of frauds and unlawful conducts, or simply Personal Data communicated by the Customer to Crédit Agricole Italia. It is a semi-automated assessment process, as, after the IT algorithms (which are regularly updated to prevent mistakes) have collected and processed these pieces of information and delivered a score of the customer’s reliability and solvency (credit scoring), Crédit Agricole Italia always has the requested Service confirmed or denied by specialist personnel (hereinafter the provision of the Services is referred to as “Service Provision”);
c) To comply with any legal, accounting and tax obligations (e.g.: obligations for Customer Due diligence and communication of your Personal Data in compliance with the applicable legislation on anti-money-laundering and terrorist financing, obligations under the legislation on assessment and suppression of tax violations, law on usury, Central Credit Registers, as well as any future obligations laid down by the national and EU legislation ) (jointly “Compliance”);
d) To carry out direct marketing activities via e-mail for Services similar to those previously used or purchased, unless the Customer objects to said activities writing to the addresses given in Section 8 below, right at the beginning or later on upon receipt of the related messages (“Soft Spam”);
e) To make market studies, surveys and statistics; to send information and promotional material of Crédit Agricole Italia and/or of third parties or surveys aimed at improving Crédit Agricole Italia Services via mail, phone, e-mail, SMS, MMS and/or through Crédit Agricole Italia’s official pages on social networks (“Marketing”);
f) To communicate collected Personal Data to third parties operating in various business sectors (“Communication to third parties”);
g) To create a profile of the Customer enabling us to know him or her and understand his or her actual needs and habits, also consumption ones. Said needs and habits are understood observing the user and his or her use of the Services (e.g. whether he or she purchases online, whether he or she prefers to use the Mobile App or to go to his or her Branch, to make cash withdrawals at one Branch rather than at another, whether it may be interesting for him or her to apply for home loan, car loan, etc.) (jointly “Preference Analysis”). This purpose is connected to the Marketing one (e.g. to offer rebates on the purchase of train tickets only to those that travel often by train, vouchers to those that often purchase online, etc.) as well as to the Service Provision one (e.g. if the Mobile App, the Website or the Services provided by one of our Branches are to be improved).
The legal bases on which Crédit Agricole Italia processes your Personal Data, for the purposes set out in Paragraph 3 above, are the following:
Personal Data may be shared with:
Some Personal Data of Customers may be communicated to Recipients that are outside the European Economic Area (e.g. in case of credit transfers to countries outside the EEA, in foreign currencies or to non-resident payees, in which the data are transferred to the United States of America as stated by SWIFT in its information to data subjects, which can be found at www.swift.com). Crédit Agricole Italia ensures that its Customers’ Personal Data are processed by said Recipients in compliance with the applicable legislation. Indeed, data are transferred with appropriate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission or other legal instruments. Further information can be obtained writing to the Data Protection Officer at the address: dpo@credit-agricole.it
Having regard to the Response and Service Provision purposes, Personal Data shall be kept only for the time necessary for pursuing these purposes. Conversely, for Soft Spam, Marketing, Preference Analysis and Communication to third parties purposes, Personal Data shall be kept until the related consent is withdrawn (which shall be periodically renewed) or in case of objection to the exercise by Crédit Agricole Italia of its legitimate interest. In any case, the above shall apply without prejudice to any longer period required under the applicable legislation, including Article 2946 of the Italian Civil Code, and for the Compliance purpose. Further information can be obtained writing to the Data Protection Officer at the address: dpo@credit-agricole.it
The Customer has the right to obtain the following from Crédit Agricole Italia, at any time:
In addition to the above, the Customer is entitled to exercise his or her rights, including the right to object to the exercise by Crédit Agricole Italia of its legitimate interest in pursuing the Marketing, Preference Analysis and Communication to third parties purposes, also writing to Crédit Agricole Italia at the address: privacy@credit-agricole.it.
In any case, the Customer is entitled to lodge a complaint with the competent Supervisory Authority (Garante per la Protezione dei Dati Personali, the Italian Data Protection Authority).
Crédit Agricole Italia shall be entitled to amend or simply update the contents hereof, fully or in part, also subsequent to changes in the applicable legislation. Crédit Agricole Italia shall inform its Customers of any said changes as soon as they are implemented and they shall become binding as soon as they are published on its Website or communicated to its Customers in any other way (e.g. at ATMs or branches). Therefore, Crédit Agricole Italia invites its Customers to pay attention to the latest version of information to data subjects circulated via said channels in order to be always up to date with any developments