CONTROLLER AND DATA PROTECTION OFFICER
The Controller is UniCredit S.p.A. with registered office at Piazza Gae Aulenti n. 3, Tower A, 20154 Milan (the Bank or UniCredit).
TheData Protection Officermay be contacted at UniCredit S.p.A.,Data Protection Office, Piazza Gae Aulenti n. 1, Tower B, 20154 Milan, e-mail:Group.DPO@unicredit.eu, certified e-mail:Group.DPO@pec.unicredit.eu.

THE COOKIES USED BY THIS SITE
Cookies are short strings of text sent to the browser of the user's device (PC, Notebook, Smartphone, Tablet, etc.) when they visit a website. They are stored there and then sent back to the same website the next time the user visits.
UniCredit S.p.A. informs you that this website uses the types of cookies described below, also combined, which are classified based on rulings and indications of the Data Protection Authority, the European Data Protection Board (EDPB), Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR) and Legislative Decree no. 101 of 10 August 2018.

PERSISTENT COOKIES
These are cookies that are saved on your device and are not deleted automatically when you close your browser session. For some of these cookies, a random unique identifieris generated, which enables web analyticsprocedures to identify a user that returns to a UniCredit website.

FIRST-PARTY COOKIES
These are cookies created by UniCredit's website and only this website can read and process them.

TECHNICAL COOKIES
These are cookies which are essential in order to be able to:
 browse and use the website (for example "browsing or session cookies"); without these cookies, some operations could not be possible or would be less secure.
 browse according to a series of selected criteria (for example, language, "functionality cookies") and thus improve the service provided and optimise the site. These cookies are collected on an aggregate and anonymous basis.
These technical cookies are installed directly by UniCreditand, as they are not used for purposes other than those strictly necessary to send a communication via an electronic communication networkor toprovide a service specifically requested by the user, they can be saved in the device without requesting the prior consent of the user accessing UniCredit's website.

ANALYTICS COOKIES
These are cookies used to gather information, on an aggregate and strictly anonymous basis, for internal research on the number of users and how they visit the site. The purpose of these cookies is solely toimprove the service provided by UniCredit to all users and to optimise and improve the site.
For analytics cookies, UniCredit uses a mechanism to encryptthe entireIP address(the address assigned to the user's device which is necessary to browse the Internet), and additional personal data, in order to derecognisethe user and prevent a user being identified on the sole basis of their IP address.
These types of cookies can be saved in the device without requesting the prior consent of the user accessing UniCredit's website..

PROFILING COOKIES
These are cookies used to send advertising messages in line with user preferences. These cookies are saved in the user's device directly by the Controller, UniCredit S.p.A., or by other entities ("Third Parties").
Consent from the user accessing the website is necessary to save these cookies in the device.
The user can opt not to accept all profiling cookies being saved, via the banner displayed when they first visit the website, or the buttons at the end of this policy, which is also available via the specific links on UniCredit's website.

FIRST-PARTY PROFILING COOKIES:CONTROLLER - UNICREDITS.p.A.
These are cookies used to send advertising messages in line with user preferences, and according to the purposes indicated. These cookies are installed directly by the Controller The user can opt to not accept these profiling cookies being saved, via the banner displayed when they first visit the website, or via the functions indicated in this policy, which is also available via the specific links on UniCredit's website.
All profiling cookies installed directly by the Controller UniCredit S.p.A. have a maximum validity of 6 (six) months.

THIRD-PARTY PROFILING COOKIES:CONTROLLERS - COMPANIES INDICATED
Cookies managed by third-party companies other than UniCredit S.p.A., that act in a capacity as autonomous (data) controllers are also installed via this website.
The user can opt to not accept these profiling cookies being saved, via the banner displayed when they first visit the website, or via the functions indicated in this policy, which is also available via the specific links on UniCredit's website.
The links indicated below are to the web page of each third-party company, where users can view the policyand information about processing, provided by the company, and where they can give or not give theirconsent.
As you have read the privacy notice about cookies, please indicate whether you consent to the installation of the profiling cookies described above:
* I consent 
* I do not consent 
Profiling cookies are NOT ENABLED 
You can give your consent to only install UniCredit S.p.A. profiling cookies:
* I consent 
* I do not consent 
Unicredit profiling cookies are NOT ENABLED 
Cookie Name
Holder
Purpose
Duration
UP
UniCredit
Used in the Data Management Platform to distinguish users
30 days
UE
UniCredit
Used in the Data Management Platform to distinguish users
180days
UT
UniCredit
Contains information about advertisements viewed by users of the Data Management Platform
30days
__UCGdfsn
UniCredit
Used in the Data Management Platform to define the browsing session
30 minutes
__UCGdfm
UniCredit
Used in the Data Management Platform to optimize the number of calls to server
7days
UO
UniCredit
Save opt-out preference from user tracking in the Data Management Platform
60days
You can give your consent to only install third-party profiling cookies:
* I consent 
* I do not consent 
Third-party profiling cookies are NOT ENABLED 
Cookie Name
Holder
Purpose
Duration
Info Link
UUID2 (.adnxs.com)
Xandr
Utilizzato per identificare in modo univoco il browser o il dispositivo dell'utente tramite un ID
90days
https://www.xandr.com/privacy/cookie-policy/
ANJ (.adnxs.com)
Xandr
Utilizzato per la sincronizzazione degli ID con i partner.
90days
https://www.xandr.com/privacy/cookie-policy/
MANAGING AND DELETING COOKIES BY CONFIGURING THE BROWSER USED
UniCredit S.p.A. informs you that, in addition to the above, website users can express or modifytheir cookie choices and options via the additional settings of their device browser.
The user candelete or disable any cookie directly,at any time, via the settings and functions of the browser used in their PC, Notebook, Smartphone or Tablet.
The options selected via browser settings will only work from the first time the user connects to UniCredit's websiteafter having changed these settings, for choices made directly on this website.
For further details, see the information and operating procedures for settings, provided by the supplier of the user's browser.

PURPOSE, LEGAL BASIS FOR PROCESSING AND CATEGORY OF PROCESSED DATA
UniCredit S.p.A.will only process personal data gathered from the use of first-party profiling cookiesfor the followingpurpose:
The promotion and sale of "dedicated" products and services of the Bank, of UniCredit Group Companies or third-party companies specifically identified through processing and analysis, also using automated techniques or systems, of information relative to preferences, habits, consumer choices, aimed at dividing data subjects into groups that are uniform based on behaviour or specific characteristics.
For UniCredit customers only, that access the Bank's internet banking service using their authentication credentials, the data and information gathered from first-party profiling cookies may be connected with the data and information the bank already has, but only based on consent already provided by customers.
The legal basis allowing for this processing is consent, that the user accessing UnitCredit's website in a capacity as a data subject is free to give or not giveand if given, can withdraw at any time.
Providing data necessary for these purposes is not mandatory, and not giving these data will not have any negative effect for the user, nor prevent them from browsing UniCredit's website, apart from them not being able to receive dedicated commercial information.

WITHDRAWING OR CHANGING CONSENT TO THE INSTALLATION OF COOKIES
UniCredit S.p.A. informsusers that access the websitethat they can change their options about storing cookies, at any time,by accessing the"Cookies Policy" on the website.

RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The natural and legal persons on the list which may be consulted at Bank premises open to the public and on the websitemay become aware of the user's personal data, in their capacity as Processors, as well as thepersons authorised to process personal data, in relation to the data necessary to carry out the tasks assigned to them, belonging to the following categories: employees of the Bank or seconded to the Bank, temporary workers, persons on work placements, consultants and employees of external companies appointed as the Processors.
Data may be communicated to:
a) entities to whom such communication must be made to in order to comply with an obligation of law, regulations or EU law. Further information can be found in the notice for customers published in the "Privacy" section of thewww.unicreditgroup.euwebsite;
ii) financial intermediaries of the UniCredit Group, based on anti-money laundering regulations (see Article 39, paragraph 3 of Legislative Decree no. 90/2017), which provide for the possibility for personal data relative to suspicious activity reporting to be communicated among financial intermediaries of the UniCredit Group;
iii) companies belonging to the UniCredit Group, and namely subsidiaries or affiliates pursuant to Article 2359 of the Italian Civil Code (also located abroad), to whom such communication is permitted as a result of Italian Privacy regulations or a legal requirement.
The detailed list of subjects to whom the data may be communicated can be consulted in the "Privacy" section of thewww.unicreditgroup.euwebsite.

TRANSFER OF DATA TO THIRD COUNTRIES
UniCredit informs you that Personal Data may be transferred to countries outside the EU or European Economic Area (Third Countries), only if recognised by the European Commission as having an adequate level of protection and if the exercise of the rights of data subjects is ensured at all times. Further information can be requested by writing toGroup.DPO@unicredit.eu.

RIGHTS OF DATA SUBJECTS
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR), gives natural persons, individual companies and/or the self employed ("Data subjects") specific rights, including the right to have their personal data held by the Bank recognised and how said data are used (Right of access), the right to have their dataupdated,rectifiedor, if there is an interest,supplemented, as well as have their dataerased,anonymisedorrestricted.
Data subjects may, at any time, withdraw consent, if given, to cookies being saved on their device, and to the processing of personal data resulting from the use of the cookies, according to the terms indicated above, or accessing the "Cookies policy" on the website.
UniCredit informs you that withdrawing consent will only have an effect in the future.

DATA STORAGE PERIOD AND RIGHT TO ERASURE ("RIGHT TO BE FORGOTTEN")
UniCredit will process personal data gathered with thefirst-party profiling cookiesindicated in this policy, for amaximum period of 6 months.
Some data referred to session cookies will instead be kept only for the duration of the session.
At the end of this storage period,, the personal data ofdata subjectswill beerasedorkept in a manner that does not allow for the identification of thedata subject (e.g.irreversible anonymisation), unless further processing is necessary for one of the following reasons:i)to settlepre-litigation and/or litigationstarted before the end of the storage period;ii)to continueinvestigations/inspectionsof internal control functions and/or external authorities started before the end of the storage period;iii)to follow up requests fromItalian and/or foreign public authoritiesreceived by/notified to the Bank before the end of the storage period.
If a user connects to UniCredit's website after the maximum time that cookies can be stored, the banner requesting consent will be displayed again.

HOW TO EXERCISE YOUR RIGHTS
You can exercise your rights as a data subject, indicated in the previous paragraph, by contacting:
UniCredit S.p.A.,Claims, Via Del Lavoro n. 42, 40127 Bologna, tel. +39 051.6407285, fax +39 051.6407229, e-mail address:diritti.privacy@unicredit.eu.
The deadline for replying isone (1) month, extendible totwo (2) monthsin cases of particular complexity; in these cases, the Bank will provide at least initial communication withinone (1) month.
The exercise of rights is, in principle, free; the Bank reserves the right to ask for a contribution in case of requests that are evidently without grounds or excessive (also recurrent).
The Bank may request information necessary to identify the requesting party.

COMPLAINTS OR REPORTS TO THE ITALIAN DATA PROTECTION AUTHORITY
The Bank informs you that you may file complaints or report to theData Protection Authorityor alternatively file a complaint with the Judicial Authorities. The contacts of theData Protection Authorityare available fromhttp://www.garanteprivacy.it.
Having read this Cookies Policy, pleaseexpress your preference, giving or not giving your consentto profiling cookies being saved on your device.
For this purpose,you can accept or not acceptall profiling cookiesfrom the buttons below orconsent or not consentto each single type of profiling cookie being installed, from the next buttons.
Below, you can disable or enable the installation of analytics cookies:
