Privacy Policy pursuant to Art. 13 of Regulation (EU) 2016/679

Welcome to the website (the "Site").

In this document (“Policy”), the Data Controller (as defined below) intends to inform you of the purposes and methods of the processing of your personal data collected when you consult the Site and of your rights under Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“GDPR”). 


1. Data Controller and Data Protection Officer 

The Data Controller is Ersel Banca Privata S.p.A., with registered office in Piazza Solferino, 11 - 10121 Turin, in the person of its legal representative pro tempore (hereinafter “Ersel” or the “Data Controller”). To exercise your rights, listed in Article 7 below, as well as for any other request relating to them and/or to this Policy, you may contact the Data Controller at the following addresses:

The Data Controller has appointed a Data Protection Officer (“DPO”) pursuant to Article 37 of the GDPR, whom you may contact to exercise your rights and receive any other information relating to your rights and/or this Policy, by writing to


2. Personal data processed, purpose of processing and legal basis

For the purposes set out below, the Data Controller may process your personal data, as specified for each purpose of processing, directly provided by you when using the Site according to your navigation choices.
In particular, the Data Controller will process your personal data for the following purposes.


2.1. Site navigation


During navigation, the computer systems and software procedures used to operate the Site acquire certain personal data, the transmission of which is implicit in the use of Internet communication protocols, such as, for example, the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) notation addresses of the resources requested, the time of the request, and other parameters relating to the user's operating system. While such information is not collected to be associated with specifically identified data subjects, by its nature it could nonetheless be used to identify users through further processing and association with data held by third parties.

These data, necessary for the navigation of the Site, are also processed to:

  1. enable you to access and use the Site;

  2. monitor the proper functioning of the services offered;

  3. ascertain responsibility in the event of hypothetical computer crimes against the Site or third parties. 

The legal basis for the processing of your data for the purpose referred to in this paragraph is the pursuit of a legitimate interest of the Data Controller, pursuant to Article 6(1)(f) of the GDPR, identifiable with the reasonable expectation on your part that the processing of this specific type of personal data of a technical nature is necessary in order to enable you to navigate the Site. Consequently, your refusal to provide such data would make it impossible for you to consult the Site. Navigation data are processed for the time strictly necessary to achieve the intended purpose, after which they are stored for a period of 7 days, at the end of which they are deleted (unless a longer storage period is necessary for the investigation of possible crimes).


2.2. Newsletter subscription

The optional completion of the data collection form in the special section of the Site dedicated to subscription to Ersel's Newsletter service implies the processing of the personal data provided therein. In this regard, please refer to the specific policy prepared for the provision of this service and available at the following link.


2.3. Access to the reserved “Customer Area”

If the user has a contractual relationship with the Data Controller, he/she will be allowed access to certain online services dedicated to Ersel's customers within the reserved “Customer Area”.  In this regard, please refer to the specific policy prepared for the provision of services and available at the following link.


2.4. Submission of spontaneous applications

The optional sending of one's curriculum vitae through the special link in the “Work with Us” section of the Site entails the processing of the personal data provided by the user for participation in the personnel selection process. 
In this regard, please refer to the specific policy prepared for the provision of this service and available at the following link.


2.5. User information or contact requests

The optional, explicit and voluntary sending of messages to the Data Controller's contact addresses in the Contacts, Media Contacts and FAQ sections entails the acquisition of the user's contact data, which are necessary to reply, as well as all personal data included in the above-mentioned communications. The legal basis for the processing of your data for this purpose is identifiable in the legitimate interest of the Data Controller, within the meaning of Article 6(1)(f) of the GDPR, identifiable in your reasonable expectation that the data you voluntarily provide will be processed by the Data Controller in order to respond to your requests. The provision of your personal data for the above-mentioned purpose is optional. However, a decision by you not to provide your personal data will prevent you from obtaining the information you need. For this purpose, personal data will be stored for the time necessary to process the request, after which it will be deleted within 30 days.


2.6. Cookies

This Site uses cookies: for information on the processing of personal data, please refer to the relevant Cookie Policy.


3. Use of Social Media

Please note that on some pages of the Site there are links that redirect to telematic platforms (e.g. Internet sites, social media) operating under the responsibility of third parties and/or organisations other than the Data Controller and over which the Data Controller has no control. In this respect, the Data Controller makes no warranties or assumes any responsibility for the accuracy or any other aspect of the processing of personal data conducted through such third-party platforms, since the link to a third-party site cannot be understood as a validation, either by the Data Controller or by that third party, of the lawfulness of the processing of personal data conducted there. 
Users are therefore invited to carefully examine the data protection policy governing third-party sites linked to the Site for a complete overview of the possible use of their personal data by those sites:

  • Youtube widget
    YouTube is a video content sharing service managed by Google Inc. that allows this website to integrate such content into its pages.
    Privacy Policy (
  • Tweet button
    The Tweet button and Twitter social widgets are interaction services for the social network Twitter (from 2023 known as X), provided by Twitter, Inc.
    Privacy Policy (

  • LinkedIn button
    The LinkedIn button and social widgets are interaction services for the social network LinkedIn, provided by LinkedIn Corporation.
    Privacy Policy (

  • Facebook button 
    The Facebook button and social sharing widgets are interaction services for the social network Facebook, provided by Facebook, Inc.
    Privacy Policy  (


4. Processing methods

Processing is carried out in compliance with the requirements of the GDPR, according to the principles of fairness, lawfulness and transparency and the protection of your rights as described therein. The personal data shall be processed through the use of electronic, telematic and paper media, subject to security measures suited to ensuring the privacy of the personal data and preventing undue access by unauthorised entities. The data controller shall not make use of automated processes, including profiling, to achieve the purposes set out in this Policy.


5. Disclosure of data

For the pursuit of the purposes described in paragraph 2 above, the personal data processed will be known to the employees, assimilated personnel and contractors of the Data Controller, who will act as authorised entities for the processing of personal data. Furthermore, your personal data may be processed by third parties belonging, by way of example, to the following categories:

  • technical support service providers for computer system management, logistics providers, advertising agencies, communication and event support agencies or other service providers;
  • authorities and supervisory and control bodies and, in general, public or private entities with public functions;
  • providers of external telematic platforms for sending communications;
  • other companies belonging to the same corporate group as the Data Controller.

The entities belonging to the above-mentioned categories operate, in some cases, as data controllers specifically appointed by the Data Controller in compliance with Article 28 of the GDPR, and in other cases completely autonomously as separate data controllers, it being understood that, in the latter case, the communication of your personal data to such autonomous data controllers would take place solely to pursue the purposes set out in Article 3 above. The complete and updated list of the entities to which your personal data may be disclosed can be requested by contacting the Data Controller at the address indicated in Article 1 of this Policy. Your personal data will not be disseminated.


6. Transfer of personal data outside the European Union

The Data Controller does not intend to transfer your personal data outside the European Union. Should such a circumstance become necessary for technical and organisational reasons, such a transfer will in any case be preceded by prior verification of satisfaction of the conditions of legitimacy and of the appropriate guarantees prescribed by Articles 44 et seq. of the GDPR. In such a circumstance, you may request information from the Data Controller about the transfer of your personal data outside the European Union and obtain a copy of the protection measures adopted by making a specific request to the Data Controller via the email address


7. Data subjects' rights

In relation to the processing described in this Policy, as data subject, you may, under the conditions set out in the GDPR, exercise the rights set out in Articles 15 - 21 of the GDPR, in particular: 

  • right of access: the right to obtain confirmation as to whether or not personal data concerning you are being processed and, if so, to obtain access to your personal data – including a copy thereof – and communication of, inter alia, the information referred to in Article 15 of the GDPR;
  • right of rectification: the right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and/or the integration of incomplete personal data pursuant to Article 16 of the GDPR; 
  • right to erasure (right to be forgotten): the right to obtain, without undue delay, the erasure of personal data concerning you, in the cases referred to in Article 17 of the GDPR; the right to erasure does not apply to the extent that the processing is necessary for the performance of a legal obligation or for the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims;
  • right to restriction of processing: the right to obtain restriction of processing, in the cases indicated in Article 18 of the GDPR;
  • right to data portability: the right to receive, in a structured, commonly used and machine-readable format, personal data concerning you provided to the Data Controller and the right to transmit them to another data controller without hindrance, where the processing is based on consent and is carried out by automated means, in accordance with Article 20 of the GDPR. Furthermore, the right to have your personal data transmitted directly by the Data Controller to another data controller if this is technically feasible;
  • right to object: the right to object to the processing of personal data concerning you, unless there are legitimate grounds for the Data Controller to continue the processing, pursuant to Article 21 of the GDPR; 
  • right to revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given before revocation; right to lodge a complaint with the Personal Data Protection Authority, Piazza Venezia n. 11, 00187, Rome (RM).

The above-mentioned rights may be exercised vis-à-vis the Data Controller by contacting the points of contact indicated in Article 1 above. The Data Controller will take charge of your request and provide you with information on the action taken in respect of your request without undue delay and, in any event, no later than one month after receipt thereof. The exercise of your rights as data subject is free of charge pursuant to Article 12 of the GDPR. However, in the case of requests that are manifestly unfounded or excessive, including by reason of their repetitiveness, the Data Controller may charge you a reasonable fee, in the light of the administrative costs incurred in handling your request, or refuse to grant your request. Finally, please be advised that the Data Controller may request further information necessary to confirm the identity of the data subject. 

Policy statements



The Holder
Ersel Banca Privata S.p.A




Questa schermata consente al tuo monitor di consumare meno energia quando il computer resta inattivo.

Clicca in qualsiasi parte dello schermo per riprendere la navigazione.