On this page, we provide you with information on the processing of your personal data (for example but not limited to your name, surname, details and copy of your ID, telephone, email address) by Axerve S.p.A. (“Axerve”). Specifically, information is provided here about:
The Data Controller with respect to your personal data is Axerve S.p.A., with registered office in Biella (BI) - 13900, Piazza Gaudenzio Sella, no. 1 - Tel. 015 2526511.
How can I contact the Data ProThe Data Protection Officer (“DPO”) may be contacted at:
Your personal data are processed by Axerve exclusively if at least one of the following conditions are met:
Therefore, the processing is performed with respect for the conditions of lawfulness set forth in the Regulation and is limited to what is necessary for Axerve and/or third parties on its behalf to perform activities connected and instrumental to:
meeting legal tax, accounting, anti-money laundering, anti-fraud, etc. obligations;
performing the agreement and precontractual measures, including the management of judicial and out-of-court disputes and authorisations to carry out transactions on relationships in the name of other parties;
if you have provided consent:
saving the documentation of precontractual activities (e.g., estimates, request for products and services) which were not concluded with the signing of the contract;
performing activities aiming for the continuous improvement of the service offered, such as:
urveying the degree of satisfaction with the quality of the services rendered;
developing market studies and research;
marketing its own products and services as well as those of Sella Group companies and/or third parties;
profiling activities to offer you personalised products and services that meet your needs;
pursuing the legitimate interests of Axerve in offering products and services that best meet customer needs. For this activity, Axerve identifies the addressees of the commercial offer through non-invasive criteria (e.g., age, residence, etc.). Axerve first evaluates the impact of this activity on the rights, interests and freedoms of the addressees. In addition, Axerve allows them to choose to no longer benefit from this service by providing the option of deletion from the list during each contact.
To the extent of the specific purposes set forth above, your personal data are processed using manual, IT and electronic tools.
Axerve adopts adequate organisational and technical measures to guarantee the security and confidentiality of your personal data.
Axerve may disclose your data to third parties belonging to the following categories:
for the fulfilment of legal obligations:
parties that handle auditing and the certification of the financial statements;
supervisory authorities and bodies (Bank of Italy, MEF, CONSOB, EBA, etc.);
public parties within the scope of communications required by regulations (e.g., Italian Revenue Agency);
companies that provide fraud prevention report;
other financial intermediaries belonging to the Sella group if your transactions are deemed “suspicious” pursuant to the Anti-Money Laundering regulation (articles 35 and 39 of Italian Legislative Decree 90 of 25 May 2017), in compliance with the requirements pursuant to the General Measure of the Personal Data Protection Authority of 10 September 2009 named “Measures relating to communications between financial intermediaries belonging to the same group with respect to anti-money laundering”;
archive established at the Ministry of Economy and Finance (“MEF”), pursuant to arts. 30-ter, paragraphs 7 and 7-bis, and 30-quinquies, of Italian Legislative Decree no. 141 of 13 August 2010, exclusively for identity theft prevention purposes. The outcomes of the procedure for confirming data authenticity will not be disclosed, but may be communicated to the supervisory and control authorities and bodies;
for the performance of the agreement to which you are party and precontractual activities you have requested from us:
parties that manage debt collection or provide professional consulting and tax and legal support services;
parties that support credit screening, assessment, disbursement, collection and insurance activities;
marketing and market research companies;
marketing and market research companies;
companies in the Sella group, subsidiaries or associates pursuant to art. 2359 of the Italian Civil Code.
A detailed list of the parties to which your data may be disclosed may be consulted at https://www.sella.it/banca-online/privacy/privacy.jsp.
Axerve may disclose your data to the Banca Sella Chennai Branch in India, on the basis of standard contractual clauses approved by the European Commission to guarantee the adequacy of data protection, for the following activities of:
The data transferred are not stored at the foreign branch, but are subject to remote access while continuing to be stored in the Bank’s IT system.
Axerve stores the data in a form that allows for the identification of the data subjects for the period of time required to achieve the specific purposes of the processing, in compliance with contractual and/or regulatory obligations (e.g., on anti-money laundering, investment services, tax monitoring).
For details on storage times, it is possible to contact one of the addresses provided in point 2.
We hereby inform you that you, as the data subject, may exercise specific rights on data protection, set forth in the list below:
Right to obtain confirmation from the Data Controller whether processing of your personal data is under way and in that case, to obtain access to the personal data and detailed information regarding the origin, purposes, the categories of data processed, the recipients of communications and/or transfers of data and more.
Right to have the Data Controller adjust inaccurate personal information without undue delay, as well as supplement incomplete personal information, also by providing a supplementary declaration.
Right to have personal data deleted by the Data Controller without undue delay if:
the personal data are no longer required in light of the purposes of the processing;
the consent on which the processing is based is revoked and there is no other legal basis for the processing;
the personal data were processed unlawfully;
the personal data need to be deleted to meet a legal obligation.
Right to object at any moment to the processing of personal data that has as its legal basis the legitimate interest of the Data Controller and/or processing for marketing purposes, including profiling. If you object to processing for marketing, your personal data will no longer be processed for these purposes.
Right to have the Data Controller restrict processing in cases in which the accuracy of the personal data is contested (for the period necessary for the Data Controller to verify the accuracy of such personal data), if the processing is unlawful and/or the data subject objects to the processing.
Right to receive the personal data in a structured, commonly used machine readable format and to transmit such data to another Data Controller, only for cases in which the processing is based on consent or on the contract and only for data processed with electronic instruments. Right to lodge a complaint with a supervisory authority
Without prejudice to all other administrative or jurisdictional recourse, data subjects who believe that the processing of their data violates the Regulation are entitled to lodge a complaint with the supervisory authority of the Member State in which they reside or regularly work, or the State in which the alleged violation occurred.
Please also note that you are entitled to revoke your consent provided to specific optional activities at any time, without prejudice to the lawfulness of the processing performed prior to such revocation.
To exercise your rights, you may send your request to the following addresses:
Axerve will provide you with information relating to the action taken with regard to your request without undue delay and at the latest within one month of receipt.
Axerve does not ask you to provide your specific data (for example but not limited to, personal data that reveal your racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, data relating to your health or sex life or sexual orientation). However, Axerve may incidentally process them to fulfil your specific requests for services and transactions (e.g., request for the payment of membership fees to political/union organisations, bank transfers to religious associations, etc.). Therefore, pursuant to art. 9 of the Regulation, the Data Controller is required to request your specific consent to the processing of such data. Axerve only processes this information exclusively to meet legal obligations and/or to perform the contract.
Profiling, in order to personalise the services and/or products we offer to you, regards the personal data that you provide to us directly and/or indirectly, as well as those available on social networks, websites, external databases (e.g., credit information systems) and public archives (e.g., ISTAT data). These data are processed in pseudonymised form (therefore, without the identification of the data subject) to evaluate your propensity towards purchasing a product of Axerve or a Sella group company or of third parties and to offer you on this basis products and services that meet your needs.
Profiling activities are performed in part by Banca Sella Chennai Branch, a branch of the Bank located at TS – 140, Rajiv Gandhi Salai, Taramani, Chennai – 60113 – Tamil Nadu, India.
Please also note that your personal data are processed for profiling activities for direct marketing for a period not exceeding 12 months from when they are registered.
This processing takes place to the extent to which you have provided your optional consent. You are entitled to object to profiling for the customisation of commercial offers at any time. If you object, your personal data will no longer be processed for this purpose.
Personal Data Protection Authority
Independent administrative authority established by Italian Law no. 675 of 31 December 1996 responsible for supervising compliance with regulations on data protection.
Pursuant to art. 4, paragraph 1, no. 1 of the Regulation, this means “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Pursuant to art. 4, paragraph 1, no. 4 of the Regulation, this means “any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.”
Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
Pursuant to art. 4, paragraph 1, no. 8 of the Regulation, this means “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.”
Data Protection Officer (DPO)
Figure introduced by the Regulation, with the main duties of informing and providing consulting to the Data Controller and Data Processors with respect to data protection; supervising observance of the Regulation; providing opinions on the data protection impact assessment; cooperating with the supervisory authority.
Pursuant to art. 4, paragraph 1, no. 7 of the Regulation, this means “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data [...].”
Personal data processing
Pursuant to art. 4, paragraph 1, no. 2 of the Regulation, this means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”