Web Privacy Policy


Pursuant to articles 13 and 14 of Regulation (EU) 2016/679 (“Regulation”), we are writing to inform users of the methodology and purposes of the processing of personal data belonging to those who interact with our website. The present Web Privacy Policy has been prepared for the website https://www.ifis.pl/, which is managed by IFIS FINANCE Sp. z o.o., and not for other websites which may be consulted by the user via links published on the aforementioned website.

This policy takes into consideration all the pertinent rules on the matter, with particular reference to:

  • Recommendation no. 2/2001 Group Art. 29, regarding the minimum requirements for the online gathering of data within the EU;
  • Directive 2009/136/EC, amending Directive 2002/58/EC (the so-called e-Privacy Directive), regarding the processing of personal data and the protection of privacy in the electronic communications sector;

The Data controller is IFIS FINANCE Sp. z o.o., with registered offices in ul. Wspólna 70, 00-687 Warsaw, Poland.

Type of data processed and purposes of processing

1) Data provided voluntarily by users

The voluntary sending of email to the email addresses indicated on the aforementioned website leads to the subsequent acquisition of the sender’s email address, which is necessary for responding to requests, as well as any other personal data included in the communication. This is also the case with the handling of complaints sent by users and the answering of the same. The data provided in these situations are processed by the Data controller for the time necessary for completion of the purposes for which they have been communicated and they will be cancelled as soon as these operations have been completed.

The user is furthermore free to provide their own personal data via online forms and contact forms, to request the sending of newsletters, information and/or advertising material, as well as other periodical or occasional communications, and to create and manage an account: the use of these data for the purposes mentioned by the Data controller can take place solely with the permission of the sender and until said permission is retracted by the user themselves. On the basis of said permission, the Data controller may propose that users participate in surveys aimed at assessing the quality of the services offered. Any information provided by the users will be processed exclusively in relation to the survey itself and will be cancelled once this processing is complete. Consent may be revoked at any time, without affecting the legality of any processing previously carried out.

Users who make use of forums or other methods for publishing personal content on the Data controller’s website must be aware of the fact that published information may be read, gathered or used by third parties who do not have any relationship with the Data controller, also for the sending of unsolicited messages. The Data controller will not be held responsible for the use that said third parties may make of the personal data that the users choose to publish with these means.

2) Navigation data

The computer systems used for the operating of the website, during standard operation, and for the sole duration of the connection, acquire various forms of personal data, the transmission of which is implicit in using internet communication protocols. This is information which is not gathered in order to be associated to identified persons, but which, for its very nature, could allow the identification of the user through processing of, and association with, data held by third parties. This category of data includes: IP addresses or the names of computers used by the users who connect to the website, addresses in URI (Uniform Resource Identifier) notation for the requested resources, the time of the requests, the method used to make the requests to the server, the size of the file received in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.), the characteristics of the browser used for navigation, the size of the window in which the browser is running on the device in use, as well as other parameters relative to the operating system and the user’s computing environment. These data are used solely to gather anonymous statistical information regarding the use of the website and in order to monitor its correct functioning and are cancelled immediately after being processed. The data may be used to ascertain responsibility in the case of a hypothetical information technology crime committed against the website, but even in this case, the contact data are not held for more than seven days.

3) Cookies

Cookies are small strings of text that the website sends and saves in the user’s device, to then be used by the same website when the user returns. During navigation, the user may also receive cookies on their device which have been sent by other websites or servers (belonging to so-called “third parties”) which may contain some elements (such as, for example, images, maps, sounds, specific links to pages in other domains) present on the website visited. Cookies are used for various purposes such as, for example, computer authentication, session monitoring, and the saving of information regarding specific configurations concerning the users accessing the server.

Cookies can be either technical or for profiling.

  • Technical cookies: technical cookies can be subdivided into session cookies (which guarantee standard navigation and use of the website) and permanent cookies (cookie analytics, used to collect information in an aggregated form regarding the number of users and how they visit the website, and function cookies, which allow the user to navigate according to a series of selected criteria, such as, for example, language etc.). The installation of these categories of cookies does not require the prior consent of the users. Technical cookies are installed in the user’s device in order to identify the user when they log in to the websites, to analyse navigation with a view to continuous optimisation, and to carry out analyses aimed at improving the aspect, the functionality and the level of security of the website. Furthermore, this website uses technical cookies which allow for personalised navigation, according to a series of criteria selected on the website by the user.
  • Profiling cookies: profiling cookies are aimed at creating user profiles and are employed to send advertising messages in line with the preferences demonstrated by the same during navigation online. In order for these cookies to be installed, regulations require for the user to provide their consent. Profiling cookies can be used for remarketing / retargeting activities, in order to present users with advertising constructed on other websites, according to the way the users make use of the website. The website can also use tag pixels / web beacons, which are images incorporated into the website with the aim of measuring and analysing use. Lastly, use can also be made of third party widgets / multimedia plug-ins allowing for the use of social networks and sharing of content with relative accounts. Said interactive programmes are operated from our servers, and gather information regarding the IP addresses of users and the page visited on our website, as well as configuring cookies to allow the correct functioning of widgets / plug-ins. The operations carried out by means of the widgets / plug-ins are regulated by the privacy policy of the third-party companies that provide them, and not by the present policy.

The user can avoid the use of cookies by the Data controller through the appropriate settings in the web browser. However, users who choose to eliminate technical cookies from their device, or to block their storage, may not have access to all the functions of the service. Furthermore, even with cookies deactivated, the browser will continue to save a small amount of information which is necessary for the basic functioning of the website.

For information on how to modify the settings regarding cookies, please refer to the instructions below, according to the browser that is being used.

Browser Link to cookie management
Chrome https://support.google.com/chrome/answer/95647?hl=en
Microsoft Internet Explorer https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
Safari https://support.apple.com/kb/PH19255?locale=it_IT&viewlocale=en_US
Mozilla Firefox https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences


Below is a list of the cookies that we use on our website.

Third party Cookie type Cookie Conservation Description Extended policy
Technical cookie cc_bancaifisimpresa_adwords, cc_bancaifisimpresa_marketing, cc_bancaifisimpresa_facebook, cc_bancaifisimpresa_socialnetwork 1 year These cookies allow the loading of site monitoring scripts, in order to improve their management.
Adform Profiling cookie cid 2 months This cookie optimizes the display of ads based on the movement of the combined user and the various offers of advertisers for the display of user announcements. https://site.adform.com/privacy-policy-opt-out/
Technical cookie uid 2 months This cookie is used to give site users a unique user ID that recognizes the user during return visits
Bing Technical cookie _uetsid 30 minutes This cookie allows you to interact with a user who has already visited the website. https://privacy.microsoft.com/it-it/privacystatement
Technical cookie MUID 13 months Bing Ads uses the Microsoft user identifier (MUID) to allow valid clicks to be counted.
Profiling cookie MUIDB 13 months This cookie is a third-party analysis service that links data from the Bing advertising network with actions performed on the website
DoubleClick Ad Services Profiling cookie test_cookie 15 minutes DoubleClick uses cookies to serve ads on third-party websites. This cookie publishes ads relevant to potential customers and collects information on how and if they interact with these ads. http://www.google.com/intl/en/policies/privacy/
Facebook Profiling cookie fr 3 months This cookie is used by Facebook to track Facebook users with a cookie used for advertising purposes. It contains the encrypted Facebook user ID e Browser ID. https://www.facebook.com/policies/cookies/
Google Universal Analytics Technical cookie _ga 2 years This cookie is used to identify individual users by assigning a number generated randomly as a client id. It is included in every website and is used to calculate the number of visitors and data used to produce analysis reports https://policies.google.com/privacy
Technical cookie _gat 1 minute A cookie used to limit the request speed, limiting the gathering of data on websites subject to intense traffic
Technical cookie _gid 24 hours This cookie is used to identify individual users by assigning a number generated randomly as a client id
Webtrekk Technical cookie wteid_814599373069108 6 months This cookie is used to recognise the web browser https://www.webtrekk.com/en/legal/opt-out-webtrekk/
WordPress Technical cookie wp_session 30 minutes Session cookie required by WordPress in order to identify the individual sessions of a user https://automattic.com/privacy/


Methods of processing of personal data and conservation times

The personal data gathered by the Data controller’s website are processed by automatic instruments for the time strictly necessary in accordance with the purposes for which they were collected. At the end of said period, the data will be cancelled or made anonymous, save for when further conservation is necessary to meet legal obligations or to comply with orders from Public Authorities and/or Supervisory Bodies. Where necessary, the processing carried out by the Data Controller on personal data collected from the Data Controller’s websites / blogs may be based on automated decision-making processes that produce legal effects or that significantly affect the person concerned, such as, for example, treatments carried out by the use of profiling cookies.

Appropriate measures of organisational and technical security are observed in order to prevent both material or immaterial damage (e.g. the loss of control over personal data or restriction of rights, discrimination, theft or usurpation of identity, financial loss, unauthorised deciphering of pseudonymisation, damage to reputation, loss of confidentiality of personal data protected by professional secrecy, or any other significant economic or social damage).

No data deriving from web services will be subject to diffusion.

Categories of subjects to which personal data may be communicated or who may become aware of said data

For the pursuit of the purposes described, or in cases in which it is strictly necessary or required by law or by authorities charged with the relative right to request, the Data controller reserves the right to communicate the data to recipients in the following categories:

  • subjects who carry out banking, financial and insurance services;
  • Supervisory and monitoring authorities and bodies and, in general, public and private subjects performing a public role (e.g. the Judicial Authorities, in any case solely within the limits of the conditions established by the applicable regulations);
  • other companies from the group to which the IFIS Finance Sp. z o.o. belongs, or parent, subsidiary or associated companies, pursuant to the applicable laws, including article 2359 of the Italian Civil Code (also situated abroad);
  • subjects carrying out services for the gathering, processing and elaboration of data;
  • subjects providing services for the managing of the IFIS Finance Sp. z o.o. ’s computer system and telecommunication networks (including mailing services – based on user consents if required by applicable law);
  • subjects carrying out documentation archiving and data-entry services;
  • subjects carrying out support services for data subjects;
  • professional firms or companies operating in the field of assistance and consultancy;
  • subjects carrying out market research, aimed at surveying the level of client satisfaction with regards to the quality of services and the activities carried out by the IFIS Finance Sp. z o.o. ;
  • subjects carrying out analyses of the activities of visitors to the website and of the performance of online campaigns aimed at improving content and services. The IFIS Finance Sp. z o.o. may allow said service providers to use cookies and other technology to supply said services on its behalf;
  • subjects carrying out tasks of monitoring, auditing and certification of the activities set up by the IFIS Finance Sp. z o.o. – according to applicable regulations.

The Data may also, in accordance with the carrying out of the tasks assigned, be brought to the attention of the Data controller’s personnel, including apprentices, interim staff, consultants, and employees of companies other than the Data controller, all specifically authorized to process personal data..

Transferring of data to non-EU countries/organisations

When necessary for the purposes mentioned, the data of the party involved may be transferred abroad, to non-EU countries/organisations which guarantee a level of protection of personal data which is deemed to be suitable by the European Commission either through autonomous deliberation or on the basis of other suitable guarantees, such as – for example – the Standard Contract Terms adopted by the European Commission. A copy of any Data transferred abroad, as well as the list of non-EU countries/organisations to which the Data have been transferred, can be requested from the Data controller by presenting a request to the organisational body charged with responding to data subjects, via standard mail sent to the headquarters of the Data controller or via email to odo@ifis.pl.

Rights of data subjects

Pursuant to articles 15 to 22, the Regulation grants data subjects the opportunity to exercise specific rights. In particular, data subjects may obtain: a) confirmation of the existence of personal data processing which concerns them and, in this case, the access to said data; b) the correction of incorrect personal data and the integration of incomplete personal data; c) the cancellation of personal data which concern them, when permitted by the Regulation; d) the limiting of processing, in the cases provided for by the Regulation; e) the communication to recipients of the personal data of requests made by data subjects for the correction/cancellation of personal data and the limiting of processing of the same, save for cases in which this is impossible or which would require an unreasonable level of effort; f) the reception, in a structured format which is of common use and legible by an automatic device, of the personal data provided to the Data controller, as well as the transmission of the same to another Data controller, at any time, even on termination of any relationship established with the Data controller. Data subjects also have the right to oppose, at any time, the processing of personal data which concern them: in this case, the Data controller is obliged to abstain from any further processing, save for the purposes allowed by the Regulation. Data subjects also have the right not to be subject to a decision based solely on automated processing, including profiling, that has legal repercussions which concern them or which, in a similar manner, has a significant effect on their person, save for when said decision is: a) necessary for the conclusion or execution of a contract between data subjects and the Data controller; b) authorised by Union law or by the laws of the Member state to whose jurisdiction the Data controller is subject; c) based on the explicit consent of data subjects. In the cases specified in points a) and c) above, data subjects have the right to obtain human intervention form the Data controller, to express their opinion and to appeal against the decision.

Requests may be presented to the organisational body charged with responding to data subjects via standard mail sent to the headquarters of the Data controller or via email to odo@ifis.pl.

Data subjects also have the right to file a complaint with the Data Protection Authority.


According to the Italian D.Lgs. 196/2003, I declare that i have read the Web Privacy Policy. The provided data will be used exclusively to fulfill your request