This policy takes into consideration all the pertinent rules on the matter, with particular reference to:
The Data controller is IFIS FINANCE Sp. z o.o., with registered offices in ul. Wspólna 70, 00-687 Warsaw, Poland.
Type of data processed and purposes of processing
1) Data provided voluntarily by users
The voluntary sending of email to the email addresses indicated on the aforementioned website leads to the subsequent acquisition of the sender’s email address, which is necessary for responding to requests, as well as any other personal data included in the communication. This is also the case with the handling of complaints sent by users and the answering of the same. The data provided in these situations are processed by the Data controller for the time necessary for completion of the purposes for which they have been communicated and they will be cancelled as soon as these operations have been completed.
The user is furthermore free to provide their own personal data via online forms and contact forms, to request the sending of newsletters, information and/or advertising material, as well as other periodical or occasional communications, and to create and manage an account: the use of these data for the purposes mentioned by the Data controller can take place solely with the permission of the sender and until said permission is retracted by the user themselves. On the basis of said permission, the Data controller may propose that users participate in surveys aimed at assessing the quality of the services offered. Any information provided by the users will be processed exclusively in relation to the survey itself and will be cancelled once this processing is complete. Consent may be revoked at any time, without affecting the legality of any processing previously carried out.
Users who make use of forums or other methods for publishing personal content on the Data controller’s website must be aware of the fact that published information may be read, gathered or used by third parties who do not have any relationship with the Data controller, also for the sending of unsolicited messages. The Data controller will not be held responsible for the use that said third parties may make of the personal data that the users choose to publish with these means.
2) Navigation data
The computer systems used for the operating of the website, during standard operation, and for the sole duration of the connection, acquire various forms of personal data, the transmission of which is implicit in using internet communication protocols. This is information which is not gathered in order to be associated to identified persons, but which, for its very nature, could allow the identification of the user through processing of, and association with, data held by third parties. This category of data includes: IP addresses or the names of computers used by the users who connect to the website, addresses in URI (Uniform Resource Identifier) notation for the requested resources, the time of the requests, the method used to make the requests to the server, the size of the file received in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.), the characteristics of the browser used for navigation, the size of the window in which the browser is running on the device in use, as well as other parameters relative to the operating system and the user’s computing environment. These data are used solely to gather anonymous statistical information regarding the use of the website and in order to monitor its correct functioning and are cancelled immediately after being processed. The data may be used to ascertain responsibility in the case of a hypothetical information technology crime committed against the website, but even in this case, the contact data are not held for more than seven days.
Cookies are small strings of text that the website sends and saves in the user’s device, to then be used by the same website when the user returns. During navigation, the user may also receive cookies on their device which have been sent by other websites or servers (belonging to so-called “third parties”) which may contain some elements (such as, for example, images, maps, sounds, specific links to pages in other domains) present on the website visited. Cookies are used for various purposes such as, for example, computer authentication, session monitoring, and the saving of information regarding specific configurations concerning the users accessing the server.
Cookies can be either technical or for profiling.
For information on how to modify the settings regarding cookies, please refer to the instructions below, according to the browser that is being used.
|Browser||Link to cookie management|
|Microsoft Internet Explorer||https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies|
Below is a list of the cookies that we use on our website.
|Third party||Cookie type||Cookie||Conservation||Description||Extended policy|
|–||Technical cookie||cc_bancaifisimpresa_adwords, cc_bancaifisimpresa_marketing, cc_bancaifisimpresa_facebook, cc_bancaifisimpresa_socialnetwork||1 year||These cookies allow the loading of site monitoring scripts, in order to improve their management.||–|
|Adform||Profiling cookie||cid||2 months||This cookie optimizes the display of ads based on the movement of the combined user and the various offers of advertisers for the display of user announcements.||https://site.adform.com/privacy-policy-opt-out/|
|Technical cookie||uid||2 months||This cookie is used to give site users a unique user ID that recognizes the user during return visits|
|Bing||Technical cookie||_uetsid||30 minutes||This cookie allows you to interact with a user who has already visited the website.||https://privacy.microsoft.com/it-it/privacystatement|
|Technical cookie||MUID||13 months||Bing Ads uses the Microsoft user identifier (MUID) to allow valid clicks to be counted.|
|Profiling cookie||MUIDB||13 months||This cookie is a third-party analysis service that links data from the Bing advertising network with actions performed on the website|
|Profiling cookie||fr||3 months||This cookie is used by Facebook to track Facebook users with a cookie used for advertising purposes. It contains the encrypted Facebook user ID e Browser ID.||https://www.facebook.com/policies/cookies/|
|Google Universal Analytics||Technical cookie||_ga||2 years||This cookie is used to identify individual users by assigning a number generated randomly as a client id. It is included in every website and is used to calculate the number of visitors and data used to produce analysis reports||https://policies.google.com/privacy|
|Technical cookie||_gat||1 minute||A cookie used to limit the request speed, limiting the gathering of data on websites subject to intense traffic|
|Technical cookie||_gid||24 hours||This cookie is used to identify individual users by assigning a number generated randomly as a client id|
|Webtrekk||Technical cookie||wteid_814599373069108||6 months||This cookie is used to recognise the web browser||https://www.webtrekk.com/en/legal/opt-out-webtrekk/|
|WordPress||Technical cookie||wp_session||30 minutes||Session cookie required by WordPress in order to identify the individual sessions of a user||https://automattic.com/privacy/|
Methods of processing of personal data and conservation times
The personal data gathered by the Data controller’s website are processed by automatic instruments for the time strictly necessary in accordance with the purposes for which they were collected. At the end of said period, the data will be cancelled or made anonymous, save for when further conservation is necessary to meet legal obligations or to comply with orders from Public Authorities and/or Supervisory Bodies. Where necessary, the processing carried out by the Data Controller on personal data collected from the Data Controller’s websites / blogs may be based on automated decision-making processes that produce legal effects or that significantly affect the person concerned, such as, for example, treatments carried out by the use of profiling cookies.
Appropriate measures of organisational and technical security are observed in order to prevent both material or immaterial damage (e.g. the loss of control over personal data or restriction of rights, discrimination, theft or usurpation of identity, financial loss, unauthorised deciphering of pseudonymisation, damage to reputation, loss of confidentiality of personal data protected by professional secrecy, or any other significant economic or social damage).
No data deriving from web services will be subject to diffusion.
Categories of subjects to which personal data may be communicated or who may become aware of said data
For the pursuit of the purposes described, or in cases in which it is strictly necessary or required by law or by authorities charged with the relative right to request, the Data controller reserves the right to communicate the data to recipients in the following categories:
The Data may also, in accordance with the carrying out of the tasks assigned, be brought to the attention of the Data controller’s personnel, including apprentices, interim staff, consultants, and employees of companies other than the Data controller, all specifically authorized to process personal data..
Transferring of data to non-EU countries/organisations
When necessary for the purposes mentioned, the data of the party involved may be transferred abroad, to non-EU countries/organisations which guarantee a level of protection of personal data which is deemed to be suitable by the European Commission either through autonomous deliberation or on the basis of other suitable guarantees, such as – for example – the Standard Contract Terms adopted by the European Commission. A copy of any Data transferred abroad, as well as the list of non-EU countries/organisations to which the Data have been transferred, can be requested from the Data controller by presenting a request to the organisational body charged with responding to data subjects, via standard mail sent to the headquarters of the Data controller or via email to firstname.lastname@example.org.
Rights of data subjects
Pursuant to articles 15 to 22, the Regulation grants data subjects the opportunity to exercise specific rights. In particular, data subjects may obtain: a) confirmation of the existence of personal data processing which concerns them and, in this case, the access to said data; b) the correction of incorrect personal data and the integration of incomplete personal data; c) the cancellation of personal data which concern them, when permitted by the Regulation; d) the limiting of processing, in the cases provided for by the Regulation; e) the communication to recipients of the personal data of requests made by data subjects for the correction/cancellation of personal data and the limiting of processing of the same, save for cases in which this is impossible or which would require an unreasonable level of effort; f) the reception, in a structured format which is of common use and legible by an automatic device, of the personal data provided to the Data controller, as well as the transmission of the same to another Data controller, at any time, even on termination of any relationship established with the Data controller. Data subjects also have the right to oppose, at any time, the processing of personal data which concern them: in this case, the Data controller is obliged to abstain from any further processing, save for the purposes allowed by the Regulation. Data subjects also have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal repercussions which concern them or which, in a similar manner, has a significant effect on their person, save for when said decision is: a) necessary for the conclusion or execution of a contract between data subjects and the Data controller; b) authorised by Union law or by the laws of the Member state to whose jurisdiction the Data controller is subject; c) based on the explicit consent of data subjects. In the cases specified in points a) and c) above, data subjects have the right to obtain human intervention form the Data controller, to express their opinion and to appeal against the decision.
Requests may be presented to the organisational body charged with responding to data subjects via standard mail sent to the headquarters of the Data controller or via email to email@example.com.
Data subjects also have the right to file a complaint with the Data Protection Authority.