Privacy Policy and Legal Notices

COMPANY DATA
Crédit Agricole Italia
Company Name: Crédit Agricole Italia S.p.A
Registered Office: Via Università, 1 - 43121 Parma, Italy
Tax ID, VAT Code No. and entry number in the Parma Company Register 02113530345
Share capital: Euro 979.232.509 i.v. fully paid-up.
ABI (Italian Banking Association) Code: 6230.7
Entry number in the Italian Register of Banks: 5435
Member of the Interbank Deposit Protection Fund and of the National Guarantee Fund, Parent Company of  Crédit Agricole Italia Banking Group, entered in the Register of Banking Groups with no. 6230.7, Subject to the management and coordination of Crédit Agricole S.A.
Crédit Agricole FriulAdria
Company Name: Crédit Agricole FriulAdria S.p.A.
Registered Office: Piazza XX Settembre, 2 - 33170 Pordenone, Italy
Tax ID, VAT Code No. and entry number in the Company Register of Pordenone 01369030935
Share capital: Euro 120,689,285.00 fully paid-up.
ABI (Italian Banking Association) Code: 5336
Entry number in the Italian Register of Banks: 5391
Member of the Interbank Deposit Protection Fund and of the National Guarantee Fund, Parent Company of  Crédit Agricole Italia Banking Group, entered in the Register of Banking Groups with no. 6230.7, Subject to the management and coordination of Crédit Agricole S.A.

Privacy policy for applicants

1. DATA CONTROLLER AND DATA PROTECTION OFFICER

Crédit Agricole Italia S.p.A. (CA Italia), with Registered Office in Via Università 1 - 43121 Parma (PR),  Parent Company of Crédit Agricole Italia Banking Group (Group).
You can contact the Data Protection Officer (DPO) of the Group at: DPO@credit-agricole.it

 2. PERSONAL DATA SUBJECT TO PROCESSING

Pursuant to Regulation EU 679/2016, we inform you that CA Italia will process your Personal Data, which may consist in an identifier such as your name, an identification number, an online identifier or one or more characteristic elements of your physical, physiological, psychological, economic, cultural or social identity used to uniquely identify you (Personal Data).
The Personal Data processed by CA Italia are:

a. Applications

When registering to submit your application through our website, you will be asked to complete a form (Application) where you provide professional/work details (e.g. university, foreign languages, professional qualifications, applicant's expectations and desired work location, links to your professional profiles on social networks, etc.) and to upload your CV and cover letter through a special function.
Upon receiving your application, CA Italia may evaluate your professional profiles on publicly accessible social networks (e.g. Linkedin) or professional websites, even if not indicated in your application, to obtain  further information that will help us assess your compatibility with the position for which you are applying.

b. Special categories of personal data

In the website, you will be asked whether you belong to any protected categories, in order for us to comply with current applicable regulations. The form also includes empty fields where you can provide CA Italia with more information, which could include Personal Data. 
You will not be asked to provide data that reveal racial or ethnic origin, political opinion, religious or philosophical beliefs, trade union membership, genetic and biometric data that enable unique identification of a physical person or the sexual life or sexual orientation of the data subject. Therefore, you are not allowed to enter such data (which will not be used) and you will be liable for any consequences of the failure to comply with this rule.

c. Data supplied voluntarily by the applicant

As already mentioned, the website allows you to enter contents, visible to CA Italia, which may refer to the Personal Data of other subjects (e.g. reference contacts).
In this case, you become the data controller and assume all the obligations and responsibility provided by the law. In this respect, you hold CA Italia harmless against any complaint, claim, compensation for damage caused by processing, etc. received from third persons whose Personal Data has been processed through your use of the website functions in breach of applicable data protection regulations. At any rate, should you provide or otherwise process Personal Data of third parties during use of our website, you hereby guarantee - and assume all associated responsibility - that you have obtained the consent of such third parties or that there is a lawful basis that makes the processing of said information legitimate.

d. Browsing data

The information systems and software procedures required for the proper functioning of this Website will acquire, during normal operation, some Personal Data, the transmission of which is implicit in the use of Internet communication protocols. This information is not collected to be associated with specific individuals, but by their own nature they could enable identification of the users, through processing and associations with data held by third parties. This category includes IP addresses or domain names of the computers used by the users connecting to the Website, the URL (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code for status of the response from the server (successful, error, etc.) and other parameters relating to the user's operating system and the information environment. These data are used only to obtain anonymous statistical information on website use and to check that it is functioning properly, to identify problems and/or violation, and are immediately deleted after processing. Data could be used to ascertain  responsibility in case of computer fraud against the website or third parties: otherwise, data on web contacts will not be retained for more than seven days.

e. Cookies

Information on the use of cookies present in the website may be viewed in the special section of this website.

3. PURPOSE OF DATA PROCESSING

CA Italia will use your Personal Data, collected through this website, for the following purposes:
• examine applications with a view to a possible contact by CA Italia or another company of the Group ("Recruitment and selection");
• comply with legal obligations that require CA Italia to collect and/or process certain types of Personal Data  ("Compliance");
• prevent or identify instances of violation in the use of the Website, or any fraudulent activity and thus enable CA Italia to protect their position in court  (“Violation/Fraud”).

4. LAWFUL BASIS OF PROCESSING AND MANDATORY NATURE

The lawful bases used by CA Italia in the processing of your Data, in accordance with the purposes specified in paragraph 3 herein, are:
• Recruitment and selection: processing for this purpose is used by CA Italia to take your Application into consideration and is therefore necessary to start the selection process with the aim of possibly offering you a position. Providing your Personal Data to CA Italia for this purpose is not mandatory, but failure to do so will make it impossible for us to consider your Application. If you wish to provide special categories of Personal Data (e.g. relating to health, religion, etc.), CA Italia will need to have your specific consent.
• Compliance: processing for this purpose is necessary in order for CA Italia to comply with any applicable legal obligations. When your provide Personal Data to CA Italia, they will be processed in accordance with applicable regulations, which may involve retention and disclosure to Authorities for accounting obligations, tax requirements or other obligations.
• Violations/Fraud: the information collected for this purpose will be used exclusively to prevent and/or identify any fraudulent activities or violations in the use of the Website and to enable CA Italia to protect their position in court.

5. RECIPIENTS OF PERSONAL DATA:

Your Personal data may be shared with the following subjects (“Recipients”):
• subjects typically acting as data processors, i.e. i) persons, companies or professional firms providing assistance and advice to CA Italia on accounting, administrative, legal, tax-related and financial issues as well as on other matters;
• subjects with whom it is necessary to interact for website operation (e.g. hosting providers or providers of email delivery platforms);
• subjects in charge of carrying out technical maintenance (including maintenance of network devices and of electronic communication networks);
• persons authorised by CA Italia to process Personal Data needed to carry out activities on behalf of CA Italia, provided that they have committed to confidentiality or that they have an adequate legal obligation to confidentiality (e.g. CA Italia employees);
• companies in the roup for internal administration purposes or for Recruitment and Selection purposes;
• subjects, agencies or authorities who have the obligation of disclosing your Personal Data for compliance, violation or fraud purposes, or by order of authorities.

6. TRANSFER OF PERSONAL DATA

Considering that the Group is present internationally, some of your Personal Data are shared with Recipients who could be located in other countries in the European Economic Area.
CA Italia guarantees that your Personal Data will be processed by these Recipients in compliance with applicable regulations.

7. RETENTION OF PERSONAL DATA

The Personal Data processed for Recruitment and selection purposes will be retained by CA Italia for the entire period of time during which the position you applied for is open. Your online profile will be erased  24 months after the last change you made. CA Italia reserves the right to contact applicants before such period expires to request an extension of the period of retention of their Personal Data or to request that they be updated. If no reply is received, CA Italia will eliminate the Personal Data collected.
Personal Data processed for Compliance purposes will be retained by CA Italia for the period of time set out by specific legal obligations or by applicable regulations.
Personal Data processed to prevent violations/frauds will be retained by CA Italia for the time strictly needed for such purpose and therefore up to the time required for CA Italia to protect their position in court and to disclose said data to the relevant authorities.

8. RIGHTS OF THE DATA SUBJECT

You have the right to request from CA Italia, at any time:
• access to your Personal Data (or a copy of such Personal Data), as well as further information on the processing being carried out;
• rectification or updating of your Personal Data processed by CA Italia, if incomplete or not up-to-date;
• erasure of your Personal Data from CA Italia's databases;
• restriction of processing of your Personal Data by CA Italia;
• a copy of the Personal Data concerning you in a widely used, structured format that may be read on an automatic device;
you may also:
• deny processing of your Personal Data by CA Italia;
• revoke your consent to processing of Special Categories of Personal Data provided for Recruitment and selection purposes.
Please note that you can modify most of the Personal Data that you have provided to CA Italia by accessing the personal account you have created on the website.
To exercise your rights, write to: privacy@credit-agricole.it
In any case, you always have the right to lodge a complaint with the relevant Supervisory Authority (Italian Data Protection Authority) if you believe that processing of your Personal Data does not comply with current regulations.

9. AMENDMENTS

The effective date of this Privacy Policy is 25 May 2018. CA Italia reserves the right to amend or simply update its content, in part or fully, including as a result of amendments to Applicable Regulations. CA Italia  shall notify such changes as soon as they are introduced and they shall be binding as soon as published on the website. Therefore, CA Italia  invites you to regularly visit this section to view the most recent, updated version of the Privacy Policy in order to have up-to-date information on the data collected and on the use made by CA Italia.
________________________________________________________________________________________________

Privacy policy on processing of personal data (pursuant to Articles 13 and 14 of Regulation EU 2016/679)

1. DATA CONTROLLER AND DATA PROTECTION OFFICER

Crédit Agricole Italia S.p.A - Registered Office Via Università, 1 - 43121 Parma in its capacity as data controller (“CA Italia”) undertakes to protect their clients' Personal Data, as better defined below.
In general, all the information and data provided to CA Italia by their clients or third parties during the use of CA Italia services ("Services") as better defined in Section 3 below, will be processed by CA Italia in a lawful, fair and transparent way.
For further details on processing of your Personal Data, you can contact the Data Protection Officer of CA Italia at the following address: dpo@credit-agricole.it.

2. TYPES OF DATA SUBJECT TO PROCESSING

Through the Services offered, CA Italia collects and processes information relating to the client, intended as an individual, that identify them or make them identifiable, as well as information relating to other persons, supplied to CA Italia for the provision of services (e.g. recipients of bank transfers).  The information that identifies a client or a third party or that makes them identifiable is classified as "Personal Data".
The types of Personal Data that may be processed by CA Italia through their Services are:
• Personal contact data: which include, inter alia, name, surname, tax ID, mobile phone number, email address, as well as their ID document data and image.
• Sensitive personal data: these are special categories of Personal Data such as data related to health, racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership that may be provided (knowingly or not) through the client's use of our services (e.g. payment by bank transfer or credit/debit cards to religious associations, parties, trade unions or by completing questionnaires relating to insurance policies signed with third parties where CA Italia serves as mere data controller).
• Personal data of third parties: these are Personal Data provided by clients by referring to other individuals (e.g. telephone number or email address of spouse who is not a client). With respect to these data, the client becomes an independent data controller, i.e. takes on all the obligations and legal responsibility, thereby fully releasing of liability for any complaint, claim, compensation for damage due to processing, etc. that may be received by CA Italia by third parties whose Personal Data have been processed during the use of our Services in breach of applicable personal data protection regulations. At any rate, if a client provides Personal Data of third parties during the use of our Services, he/she hereby guarantees - and takes on all connected liability - that this specific instance of processing is based on a suitable lawful basis that makes processing of such information by CA Italia legitimate (e.g. consent) .
• Personal Data from databases: these are Personal Data exchanges with third parties, better specified below, authorised to provide credit information required for the provision of specific Services (e.g. consumer credit services).

3. PURPOSE OF DATA PROCESSING

The above described Personal Data will be processed for the following purposes:
• responding to your specific requests for assistance or information ("Response");
• complying with obligations associated with financial contracts entered into by the client and CA Italia, which may include processing of sensitive Personal Data or disclosure and cross checking of Personal Data from databases for loan application processing (e.g. collection of information required for opening a current account, granting credit lines or loans; issuing of debit/credit cards or connected services, collectively "Services"). As better described in the "Note to privacy policy on credit information systems" available on our website or at your local branch, the provision of some Services (e.g. loans) requires an assessment of the client's creditworthiness and possible fraudulent or unlawful conduct in order to determine the client's specific risk level. This activity involves an analysis of Personal Data from databases established to assess credit risk, prevent fraud, unlawful conduct or simply Personal Data provided by the client to CA Italia. This is done through a semi-automated assessment process; once the algorithms (which are regularly adjusted to prevent errors) have collected and processed this information resulting in a summary rating or score for the client's degree of creditworthiness and solvency (referred to as credit scoring), CA Italia will always have a qualified member of staff confirm or reject provision of the requested Service (provision of Services is collectively defined below as "Service Provision");
• comply with any legal, accounting and tax-related requirements (e.g. obligations relating to proper verification of clients and disclosure of Personal Data in compliance with regulations on money laundering and terrorism financing, obligations relating to regulations on checking and preventing tax violations, usury law, Credit Register as well as any future obligations deriving from national and European regulations) (collectively "Compliance").

4. LAWFUL BASIS OF PROCESSING AND MANDATORY NATURE

The lawful bases used by CA Italia in the processing of your Personal Data, in accordance with the purposes specified in paragraph 3 herein, are:
• Response and Service Provision: processing for these purposes is based on the need to provide a response or service to clients. When Service Provision involves sensitive data, processing is alternatively based on the need to provide a service (e.g. bank transfer to trade union) or on consent (e.g. when, in its capacity as data controller, CA Italia asks the client to complete a questionnaire prepared by a third party). When, on the other hand, Service Provision concerns Personal Data from databases, processing is based on legitimate interest and consent, if requested by applicable regulations in force at the relevant time (at present, only for retention of a client's positive credit information in databases). Provision of Personal Data to CA Italia for these purposes is not mandatory but will make it impossible to provide you the Service or Response.
• Compliance: processing for this purpose is necessary in order for CA Italia to comply with any applicable legal obligations. In this context, the Personal Data provided by the client to CA Italia, may be disclosed to the authorities listed in Paragraph 5 for accounting, tax-related or other obligations.
• Soft Spam: processing for this purpose is based on the interest of CA Italia to send clients marketing messages by email regarding services similar to the ones they have already used. The client can opt out of these email messages from the beginning or at a later time.

5. RECIPIENTS AND TRANSFER OF PERSONAL DATA

Personal Data can be shared with:
• physical persons authorised by CA Italia to process Personal Data upon signing of a confidential agreement (e.g. staff and system administrators of CA Italia);
• subjects typically acting as data processors, including, inter alia, companies providing help desk services, consultants, email and post service providers, etc.);
• subjects, agencies or authorities to which it is mandatory to disclose Personal Data related to Service Provision (e.g. credit information service providers, SWIFT system to which data must be disclosed for bank transfers to foreign countries, in a foreign currency or if the recipient is not a resident and which acts as independent data controller (further details on www.swift.com) or in connection with legal provisions, orders of authorities with respect to Compliance requirements (e.g. CONSAP -Italian Concessionaire for Public Insurance Services, Tax Register, Judiciary, US authorities in the event of disclosure to the SWIFT system);
• companies of the Crédit Agricole Italia Banking Group for administration and accounting purposes;
• subjects for the purpose of Disclosure to third parties (collectively "Recipients").

6. TRANSFER OF PERSONAL DATA

Some Personal Data of clients may be shared with Recipients that could be located outside the European Economic Area (e.g. in the event of bank transfers to foreign countries, in a foreign currency or with a non-resident recipient, where a transfer is made to the USA as indicated by SWIFT in their privacy policy (available on www.swift.com).
CA Italia guarantees that the client's Personal Data will be processed by these Recipients in compliance with applicable regulations. Suitable guarantees must be provided before performing a transfer, such as verifying their adequacy, ensuring that contract clauses are approved by the European Union or implementing other legal instruments. Further information may be obtained by writing to the Data Protection Officer at: dpo@credit-agricole.it.

7. RETENTION OF PERSONAL DATA

For Response and Service Provision purposes, Personal Data will be retained only for the time needed to attain these purposes.  For the purpose of Soft Spam, Marketing, Preference Analysis and Disclosure to third parties, Personal Data are retained until consent is revoked (renewed at regular intervals) or if the client has denied CA Italia use of legitimate interest. This is without prejudice to additional retention granted by applicable regulations such as the one provided for by art.2946 of the Italian Civil Code and those for Compliance purposes. Further information may be obtained by writing to the Data Protection Officer at: dpo@credit-agricole.it.

8. CLIENT'S RIGHTS

The client has the right to request from CA Italia, at any time:
• access to their Personal Data (or a copy of such Personal Data), as well as further information on the processing being carried out;
• rectification or updating of  their Personal Data processed by CA Italia, if incomplete or not up-to-date;
• erasure of their Personal Data from the databases of CA Italia in the cases set out by regulations in force at the relevant time;
• restriction of processing of their Personal Data by CA Italia;
• obtaining Personal Data concerning them in a widely used, structured format that may be read on an automatic device;
the client may also:
• object to processing of their Personal Data by CA Italia (e.g. Soft Spam);
• revoke consent for purposes of Marketing, Preference analysis and disclosure to third parties or deny use of legitimate interest by CA Italia;
• In addition to the above, the client may exercise his/her rights, including the right to deny CA Italia use of legitimate interest for purposes of Marketing, Preference analysis and Disclosure to third parties, by writing to CA Italia at: privacy@credit-agricole.it.
In any case, the client will always have the right to lodge a complaint with the relevant Supervisory Authority (Italian Data Protection Authority).

9. AMENDMENTS

CA Italia reserves the right to amend this privacy policy or to simply update its content, in part or fully, including as a result of amendments to Applicable Regulations. CA Italia will inform clients of any amendments introduced and they will become binding as soon as they are published on its website or otherwise notified to clients (e.g. at automatic tellers or branches). Therefore, CA Italia invites clients to view the latest version of the privacy policy through the above channels in order to obtain up-to-date information on the data collected and on the use made by CA Italia.