Privacy Policy

Data controller

This information notice describes how the website is managed as regards processing of the personal data of the users consulting it.

This information notice is provided, also pursuant to art. 13 of Legislative Decree no. 196/2003 – Personal Data Protection Code – to those interacting with the web services of the Bank, accessible electronically from the website:
This document also takes into consideration Recommendation no. 2/2001 adopted by the European data protection authorities regarding certain minimum requirements for collecting personal data on-line.

The information notice is provided solely for the  website and not for any other websites that the user may access via links.

The Data Controller is Banca IMI S.p.A., Largo Mattioli 3, 20121 Milano.


Data and methods of processing

Processing connected with the web services of this website is performed only by technical personnel of the office in charge of treatment. No data deriving from the web services are communicated or circulated.
Personal information provided by users who request documentation is used for the sole purpose of  providing services or satisfying their request and is communicated to third parties only if necessary to this end.

Means of treatment
Personal information is treated with automated instruments for the sole time strictly necessary to achieve the purposes for which it has been collected.
Specific security measures are complied with to prevent the loss of information, illicit or unfair uses and unauthorised accesses.

Navigation information
ICT systems and software procedures which are responsible for the functioning of this website acquire, as part of their normal exercise and for the sole period of connection, personal information whose transmission is implicit in the use of Internet communication protocols.

Such information is not collected to be associated to identified parties, but which for its very nature may, via processing or association with information held by third parties, permit the identification of users.

This category includes the IP addresses or domains of computers used by surfers who access the site, the Uniform Resource Identifier addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the number code indicating the state of the reply given by the server (ok, error, etc.) and the other parameters relative to the operating system and the user's IT environment.

Such information may be  used:

  • to comply with the prescriptions of domestic and European laws and provisions issued by Supervisory and Control Authorities, including in relation to the obligations to monitor the operating and credit risks at the Banking Group level;
  • to ascertain responsibilities should hypothetical IT crimes be committed to damage the site and for investigations in the case of disputes.

Without prejudice to this case, as things currently stand, the information on web contacts ( gathered  both via website and apps) persists on the servers  for a period of twelve months.

This information is also used for the purpose of obtaining anonymous statistics on the use of the site and to check its correct functioning.

Information provided by user on a voluntary basis
The optional, explicit and voluntary forwarding of e-mails to the addresses indicated on this website entails the subsequent acquisition of the address of the sender, necessary to reply to the requests, and of any other personal data that may be included in the communication.

The use of the personal data to forward advertising material, commercial information and for the sale of products and services by the Bank can only take place after the sender has given explicit consent by ticking the appropriate box.

Specific synthetic information notices will be progressively recorded or displayed on the pages of the website devoted to particular services on request.


Cookie policy
Cookies are small strings of text exchanged between a server and a web client. They are used for automatic authentication, session tracking and storage of specific information about users accessing the server.

This site uses the following type of cookies:

Technical Cookies (do not require consent under current regulations)
Some operations cannot be completed without the use of cookies, which in some cases are therefore technically necessary. For example, accessing services protected by authentication would be much more complex and less secure without the use of cookies to enable user identification and to save their identification during the session.

In a word the Bank uses the cookies to optimise users’ navigation. These technologies do not, in any case, permit the storage of the data or credentials of the users or other information on the device, to ensure that the security level of the website is maintained intact.

The Bank may also use Cookies to save your navigation preferences and optimise your browsing experience. These cookies may include language and currency settings, or cookies for the management of aggregate and anonymous statistics by the site owner.

Technical Cookies also covers the so-called “Web Analytics”, which are used to collect aggregate and anonymous statistics on site use by visitors.

Managing cookies from browser settings
This website works best if cookies are enabled. Using your browser settings you can, however, disable the use of cookies on your computer.

For information on how to change your cookie settings, you can refer to the website of the browser manufacturer you are using.

If you completely disable cookies, you may disable some functionalities of the site.

Even with all cookies disabled, your computer will continue to store a small quantity of information, which is necessary for the basic functioning of the site.

Exercise of right of access  

The data subjects whose personal information is treated have the right at any time to obtain confirmation as to whether or not personal data concerning them exist, to be informed of the contents and source and check the accuracy of the same and obtain the updating, rectification or, integration of the data. (art. 7 of Legislative Decree 196/2003).

Pursuant to the same article data subjects have the right to request the cancellation, transformation in anonymous form or blockage of information treated in violation of the law, as well as to oppose, in any case, for legitimate reasons, to its treatment.

Requests must be sent to: or sent to: Banca IMI S.p.A.- Largo Mattioli 3, 20121 Milano.