Privacy Policy

This page describes the method used to process the personal data of individuals using the website.

This privacy policy is provided pursuant to article 13 of Regulation (EU) 2016/679 (hereinafter GDPR) to individuals interacting with the website starting from the address:

The privacy policy is provided for the aforementioned website only, not for any other websites that may be viewed by the user via links starting from this one.

For the sake of transparency, the privacy policy describes the method, timescales and nature of the information that must be supplied by the data controllers to users when they access the web pages, regardless of the purpose for accessing them.


The personal data of identified or identifiable individuals may be processed after they view this website.

The Data Controller is Compagnia di San Paolo, with registered office at Corso Vittorio Emanuele II, 75 10128 Torino (TO) – email:


The data processing associated with this website’s web services takes place at the aforesaid registered office and is carried out:

  • by data processors, both internal to the undersigned organization, and external, who perform specific tasks and operations (website administration and/or maintenance, analysis of browsing data, traffic, management of emails and forms sent voluntarily by the user, etc.);
  • in the cases and in respect of the subjects established by law.

No data derived from the web service are communicated or disseminated outside the undersigned organisation unless otherwise required by law or after they are made anonymous.


The personal data held by the undersigned organisation are collected directly from the interested parties. This site also does not collect personal data belonging to particular categories of data, i.e. any data likely to reveal racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of unions, religious, philosophical, political or trade union associations or organisations, state of health and sex life.

Browsing data

Our organisation has read the Measure issued by the Autorità Garante per la Protezione dei dati personali [Italian data protection authority] entitled “Individuazione delle modalità semplificate per l’informativa e l’acquisizione del consenso per l’uso dei cookie” [Identification of simplified methods for providing information and obtaining consent regarding the use of cookies] of 8 May 2014 – [web doc. no. 3118884] (Published in the Gazzetta Ufficiale [Official Journal of the Italian State] no. 126 of 3 June 2014).
During normal operation, the IT systems and software procedures used to operate the website collect some personal data the transmission of which is implicit in the use of Internet communication protocols. While this information is not collected to be associated with identified data subjects, by its very nature, it could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use being made of the site and to verify that it is operating correctly. They are deleted immediately after processing. The data could be used to ascertain responsibility in the event of cybercrime offences affecting the site.

Profiling data

Profiling data regarding the consumer habits or choices of the interested party are not collected directly. However, it is possible that, either via links or the inclusion of third party elements, such information may be collected by independent or separate subjects. See the Third Party Cookies section for further details.


Like others, this website saves cookies in the browser used by the user concerned to send personal information and to enhance the experience.

“Cookies” are small files stored by the browser on your computer or mobile device. They allow websites to store some information, such as user preferences, the type of device used and other information, ensuring more efficient operation of the site, enriching the browsing experience and providing information to the website owners.
Some cookies (known as session cookies) are automatically deleted at the end of the session, while others (persistent cookies) remain stored on computer terminals.

As explained below, it is possible to choose whether and which cookies to accept, bearing in mind that refusing their use can affect the ability to perform certain actions on the website, or the accuracy and adequacy of some of the customisable contents offered or the ability to recognise the user between one visit and the next. If no choice is made in this respect, the default settings will be applied and all cookies will be activated: however any decisions in this respect can be communicated or changed at any time.

The website uses cookies to improve the operation of the website, enrich the user experience and compile statistics on the use of the website itself.

A visit to one or more pages of the website may generate the following types of cookies:

Site performance cookies:session cookies are used which are not stored permanently on the user’s computer and disappear when the browser is closed and the use of which is strictly limited to sending session identifiers (consisting of random numbers generated by the server) needed to allow the secure and efficient browsing of the website and which avoid the use of other information technology methods that are potentially detrimental to browsing confidentiality and do not allow personal data identifying the user to be obtained.

Anonymous analysis cookies:these are defined as anonymous as they cannot be used to identify specific individuals. They help determine how visitors interact with the contents of the website, collecting information (geographical and web origin, technology used, language, entry pages, pages visited, exit pages, length of visits, etc.) and generating website usage statistics without personally identifying individual visitors.

Third-party cookies:on some pages that connect to other multimedia applications, third-party cookies (independent and for which the Controller has no responsibility) are set in order to track and improve the operation and customisation of their applications. For the policies relating to the cookies of other applications associated with the website, view the individual privacy policies at:


Given the type of cookies used, browsing the website implies acceptance of the conditions of use, including the functions related to cookies, which can be disabled using the specific options available in the various types of browsers and illustrated in the next paragraph.


All browsers can be set to prevent cookies being accepted; by changing the preferences of the Internet browser used, you can accept all of them, accept only some of them, or reject all of them. However, disabling them permanently can lead to browsing difficulties or, sometimes, the inability to use some features and services offered on the websites. Another function available on some browsers is the incognito mode, in which all cookies created are deleted after closing.

Below are the methods for disabling cookies for the most frequently used browsers. To change the settings in browsers other than those listed, refer to the support documentation provided by the browser producer.

See the following instructions for managing cookies in the respective browsers:

To change the settings in browsers other than those listed, refer to the support documentation provided by the browser producer.


Personal data are processed (ref. art. 6(b) of the GDPR):

a) to allow browsing of the website;

b) to allow the Data Controller to provide its services or the service requested in the context of the activity performed by the undersigned organisation;

c) for statistical purposes and interaction with external platforms, to collect aggregate information on the number of users and how they visit the website.

Additionally, all the personal data can be processed:

d) for purposes related to legal obligations, as well as provisions issued by authorities permitted to do so by law (ref. articles 6 (c) and 9 (b, g, h) of the GDPR);

e) for the assessment, exercise or defence, in court and out of court (legitimate interest), of a right held by the undersigned organisation (ref. articles 6 (f) and 9 (f) of the GDPR);


  • marketing
  • subscription to newsletter services
  • communicating data to third parties

The types of personal data used for each purpose are stated in the specific sections of this document.


Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected and the processing takes place on the server in Italy or the EU.

Specific security measures are taken to prevent data loss, illicit or incorrect use and unauthorised access.


The optional, explicit and voluntary sending of e-mails to the addresses stated on this website results in the recipient subsequently obtaining the sender’s address, which is needed to respond to requests, as well as any other personal data included in the message.

Specific summary information will be entered or displayed from time to time on the pages of the site set up for particular services provided on request.


Apart from the specified browsing data, users are free to provide the personal data contained in any information request forms. Failure to provide this data may make it impossible to obtain what is requested.


The subjects to whom the personal data refer have the right at any time to obtain confirmation of the existence or otherwise of the same data and to know its content and origin, verify its accuracy or request that it be supplemented, updated or rectified (articles15-22 of European regulation 679/2016).

Pursuant to the same article, data subjects are entitled to request the deletion, transformation into anonymous form or blocking of data processed in violation of the law, and to object in any case, for legitimate reasons, to their processing.

Requests must be addressed:

– by email to:

– or by post to: Compagnia di San Paolo – Richieste Privacy, Corso Vittorio Emanuele II, 75 10128 Torino

Privacy policy format

This privacy policy statement can be viewed automatically using any internet browser

However, please report any difficulties encountered in viewing this information so that alternative means may be provided if necessary.

This document at
constitutes the Privacy Policy of this website and will be updated if necessary.