Cookie Policy pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”)

In this document (“Cookie Policy”), the Data Controller, as defined below, wishes to inform you of the methods and purposes of the processing of your personal data resulting from the use of cookies and other tracking tools on the site (hereinafter collectively referred to as the “Site”), in compliance with the order issued by the Privacy Authority on 8 May 2014, “Identification of the simplified procedures for the policy and the acquisition of consent for the use of cookies” and subsequent clarifications and updates, art. 122 of Legislative Decree no. 196 of 30 June 2003, (“Privacy Code”) and Article 13 of the GDPR.

1. Data Controller and Data Protection Officer 

The Data Controller is Ersel Banca Privata S.p.A., with registered office in Piazza Solferino, 11 - 10121 Turin, in the person of its legal representative pro tempore (hereinafter “Ersel” or the “Data Controller”).
To exercise your rights, listed in Article 7 below, as well as for any other request relating to them and/or to this Policy, you may contact the Data Controller at the following addresses:

The Data Controller has appointed a Data Protection Officer (“DPO”) pursuant to Article 37 of the GDPR, whom you may contact to exercise your rights and receive any other information relating to your rights and/or this Policy, by writing to

2. What cookies are and what they are used for

Cookies are small text strings, usually consisting of letters and/or numbers, that websites visited by the User send and place on his/her terminal equipment (usually through the browser), where they are stored and archived, in order to be then re-transmitted to the same websites that generated them upon the same User's next visit, thus keeping a record of his/her previous interaction with the Site. 
The information encoded by cookies includes personal data (e.g., IP address, user name, e-mail address, etc.) or non-personal data, such as language settings or information about the kind of device used by the User to navigate the Site. 
Cookies therefore perform various functions and allow the Site to be navigated efficiently, remembering the User's preferences and improving the User's navigation experience. For example, cookies are used to store electronic authentications, the User's preferred language or other information or preferences regarding specific configurations, to monitor sessions, to facilitate and make more efficient the use of online content, to show the User advertisements that may be of interest to him/her, etc.

3. General categories of cookies 

Depending on the criterion considered, cookies can be classified into various categories.
For example, depending on who installs cookies on the User's terminal, a distinction is made between: (a) “first-party cookies”, installed directly by the operator of the website visited by the User and visible only to the User; and (b) “third-party cookies” installed by the operator of another website, through the operator of the website visited. 

Depending on the duration of the processing, a distinction can be made between: (a) “session cookies”, which are stored temporarily during the navigation session and are automatically deleted from the User's terminal after the browser is closed; and (b) “persistent cookies”, which instead remain on the User's terminal until a predetermined expiry date or until they are deleted.

The classification that best meets the rationale of the data protection legislation is the one that distinguishes cookies into two general categories:

  • “technical cookies”, i.e. cookies strictly necessary for the proper functioning of the website or for its operation on the basis of the navigation choices made by the User. This category includes “navigation cookies”, which ensure normal navigation and use of the website (allowing, for example, the regular display of pages or their scrolling, etc.), as well as “functionality cookies”, which allow the User to navigate the website according to the criteria selected by him/her (e.g. language, products selected for a purchase) in order to improve the service requested. The technical storage of and access to information contained in technical cookies do not require the User's consent;
  • “profiling cookies”, which analyse and record the User's recurring actions or behavioural patterns when using the Site's functionalities in order to (i) create a profile of the User, (ii) classify him/her within the various profiles grouping homogeneous groups of users and (iii) for the ultimate purpose of sending the User targeted advertising messages in line with the preferences expressed by the User when navigating the Web. The technical storage of and access to the information contained in technical cookies are conditional on the User's consent. 

In addition to the two general categories mentioned above, there are “analytical cookies”, used to process statistical analyses, such as analyses aimed at (i) assessing the effectiveness of the services rendered through the Site, (ii) designing the Site, or (iii) measuring its “traffic”, i.e. the number of visitors, possibly classified according to the characteristics of interest (e.g. geographical area, time slot, etc.). 
The processing of data collected by analytical cookies does not require the User's consent where such data is used only to produce aggregate statistics in relation to a single site or mobile application and, for data collected by “third party” analytical cookies, only if (a) the structure of the “third party” analytical cookie is such that it reasonably prevents the identification of the User and if (b) the “third party” refrains from taking any action on the data (e.g. combining, enrichment etc.) to identify the User. Under these specific conditions, analytical cookies (both first- and third-party) may be classified as technical cookies.

4. Types of cookies used by this Site, purposes and legal basis

Without prejudice to the general categories described above, the Data Controller has deemed it appropriate here to adopt a different classification of the cookies present on the Site, distinguished according to the legal basis justifying the processing of personal data collected through cookies, in accordance with the provisions of the GDPR and Article 122 of the Privacy Code. 

In particular, the Data Controller has divided the cookies present on the Site into the following types:


5. How to manage your cookie preferences: the privacy preference centre

When accessing the Site for the first time, the User will see an immediate pop-up banner containing the short cookie policy, the link to this extended cookie policy and a set of functionalities for managing preferences regarding the cookies to be installed on his/her device. 
In particular, through the functions contained in the banner, the User will be able to: (i) accept all cookies on the Site, including those for targeted advertising, by giving his/her consent; (ii) refuse the installation of all cookies on the Site other than those strictly necessary for the proper functioning of the Site (i.e. “Necessary cookies”); (iii) access, through a special link, the “Privacy preference centre”, where more information can be obtained on the specific cookies present on the Site, grouped by homogeneous categories, and, where applicable, give or revoke consent or oppose processing with reference to the categories of cookies to be enabled or disabled on his/her device; (iv) close the cookie banner by clicking on the appropriate icon and continue navigating the Site while maintaining the default settings. 


The Data Controller clarifies that the “default” cookie setting implies the installation of all those cookies that do not require the User's consent, i.e. Necessary cookies and Performance cookies.
At any time, the User may change the choices on cookies made when first accessing the Site, by accessing the Privacy preference centre, through the link contained at the bottom of the Site's homepage and using the relevant functionalities. 
The User can also manage his or her cookie preferences through the settings of the browser used, which allow him or her to delete/remove all or some cookies or block the sending of cookies or limit them to certain sites.
Below are the instructions and the links to guides for managing cookies for the main desktop browsers:

For browsers other than those listed above, you have to consult the relevant guide to find out how to manage cookies. For instance, if you use a mobile device, you should refer to the relevant instruction manual to find out how to manage cookies.

6.    Transfer of personal data outside the EU

The User's personal data collected using cookies (e.g. third-party cookies) may be transferred to countries outside the EU: such transfers are in any case legitimate, as they are guaranteed by the existence of adequacy decisions issued by the European Commission and/or by the prior signing of Standard Contractual Clauses adopted on the basis of the European Commission's templates pursuant to Article 46(2)(c) and (d) of the GDPR.
The User may request a copy of the guarantees adopted by writing to the Data Controller at the addresses indicated in Article 1 of this Cookie Policy. 


7. Recipients of personal data

The User's personal data may be made known to employees, assimilated personnel and contractors of the Data Controller assigned to pursue the above-mentioned purposes, who will operate in their capacity as entities authorised to process personal data and who will have received adequate operational instructions.
Furthermore, for the pursuit the purposes set out in the preceding par. 4, the User's personal data may be processed by third parties belonging, by way of example, to the following categories:

  • providers of technical support services for the management and maintenance of the Site;
  • advertising agencies;
  • providers of statistical processing services on the use of the Site;companies that provide management and maintenance services for the Data Controller's information systems;
  • business partners;
  • companies owning social media sites; 
  • companies offering e-mail dispatch services or other providers of external telematic platforms for sending communications;
  • supervisory and control authorities and bodies and, in general, public or private entities with public functions entitled to request the data in accordance with the provisions of current national and European legislation;
  • companies, associations or professional firms providing assistance and advice.

The entities belonging to the above-mentioned categories operate, in some cases, as data controllers specifically appointed by the Data Controller in compliance with Article 28 of the GDPR, and in other cases completely autonomously as separate data controllers, it being understood that, in the latter case, the communication of your personal data to such autonomous data controllers would take place solely to pursue the purposes set out in the preceding paragraph 4.
The complete, updated list of the entities to which your personal data may be disclosed can be requested by contacting the Data Controller at the address indicated in Section 1 of this Cookie Policy.
Data collected using cookies will not be disseminated.


8.    Data subject's rights

In relation to the processing described in this Policy, as data subject, you may, under the conditions set out in the GDPR, exercise the rights set out in Articles 15 - 21 of the GDPR, in particular: 

  • right of access: the right to obtain confirmation as to whether or not personal data concerning you are being processed and, if so, to obtain access to your personal data – including a copy thereof – and communication of, inter alia, the information referred to in Article 15 of the GDPR;
  • right of rectification: the right to obtain, without undue delay, the rectification of inaccurate personal data concerning you and/or the integration of incomplete personal data pursuant to Article 16 of the GDPR; 
  • right to erasure (right to be forgotten): the right to obtain, without undue delay, the erasure of personal data concerning you, in the cases referred to in Article 17 of the GDPR; the right to erasure does not apply to the extent that the processing is necessary for the performance of a legal obligation or for the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims;
  • right to restriction of processing: the right to obtain restriction of processing, in the cases indicated in Article 18 of the GDPR;
  • right to data portability: the right to receive, in a structured, commonly used and machine-readable format, personal data concerning you provided to the Data Controller and the right to transmit them to another data controller without hindrance, where the processing is based on consent and is carried out by automated means, in accordance with Article 20 of the GDPR. Furthermore, the right to have your personal data transmitted directly by the Data Controller to another data controller if this is technically feasible;
  • right to object: the right to object to the processing of personal data concerning you, unless there are legitimate grounds for the Data Controller to continue the processing, pursuant to Article 21 of the GDPR; 
  • right to revoke consent at any time without prejudice to the lawfulness of the processing based on the consent given before revocation;
  • right to lodge a complaint with the Personal Data Protection Authority, Piazza Venezia n. 11, 00187, Rome (RM).

The above-mentioned rights may be exercised vis-à-vis the Data Controller by contacting the points of contact indicated in Article 1 above. The Data Controller will take charge of your request and provide you with information on the action taken in respect of your request without undue delay and, in any event, no later than one month after receipt thereof.
The exercise of your rights as data subject is free of charge pursuant to Article 12 of the GDPR. However, in the case of requests that are manifestly unfounded or excessive, including by reason of their repetitiveness, the Data Controller may charge you a reasonable fee, in the light of the administrative costs incurred in handling your request, or refuse to grant your request. 
Finally, please be advised that the Data Controller may request further information necessary to confirm the identity of the data subject. 


The Holder
Ersel Banca Privata S.p.A.


Questa schermata consente al tuo monitor di consumare meno energia quando il computer resta inattivo.

Clicca in qualsiasi parte dello schermo per riprendere la navigazione.