As Data Controller, illimity Bank S.p.A.(in the following also “illimity” or the "Company") places the utmost attention on confidentiality and the protection and security of the personal data of the individuals with whom it comes into contact.

Users browsing this website are therefore firstly invited to read all the sections of this document, where they will find a description of the ways in which cookies are managed as far as the treatment of their personal data is concerned. This information is provided pursuant to Regulation (EU) 216/679 and national legislation applicable to all data subjects interacting with the web services of illimity accessible on the internet at the address:

This information statement only holds for illimity's website and not also for any other websites that may be consulted by the user via links included in the above website. illimity has no control over these websites or over the procedures used by them to comply with data confidentiality; we therefore recommend that users should always consult the confidentiality standards of all the companies they come into contact with before communicating any personal information.

Categories of data processed

The Personal Data Controller is illimity Bank S.p.A., registered office via Soperga 9, 20127, Milan, Italy

The Data Protection Officer can be contacted by written communication sent to via Soperga 9, 20127, Milan, Italy or by email by writing to

The Personal Data Controller is illimity Bank S.p.A., registered office via Soperga 9, 20127, Milan, Italy – email address; certified email (PEC) address

Purpose of the processing and legal basis

The personal data which come into illimity's possession are exclusively those you provide while browsing on the website by way of the optional, explicit and voluntary despatch of the forms to be found on this site or of emails to the addresses stated on this site. The failure to provide the data may lead to the impossibility for the Company to provide the requested service. The legal basis on which this processing is performed is the following:

  1. (i) your consent to the processing and
  2. (ii) compliance by the Company with legal requirements.

Your personal data may be processed both electronically and in paper form.

Categories of data processed

illimity processes personal data collected directly at the customer's premises, or at those of third parties, including, by way of example, personal details and information relating to the device used (e.g. operating system installed, etc.).

Means of processing

Personal data are processed using both manual and electronic means with the aim of achieving the purposes for which they have been collected. Specific security measures are implemented in order to prevent data loss, the unlawful or improper use of data or unauthorised access.

Categories of recipients of the personal data

Natural and legal persons appointed by the Data Controllers as well as authorised persons may become aware of personal data in respect of the data required to perform the duties assigned to them. In addition, the data may be communicated to other parties as part of the performance of legal requirements. A list can be obtained by sending an email to the Data Protection Officer at

Transfer of data to other countries

Personal data may also be transferred to countries that are not members of the European Union or the European Economic Area ("third countries") but recognised by the European Commission as having a suitable level of protection for personal data; if such is not the case, personal data will only be transferred if a suitable level for the protection of the data, compared to that of the Europe Union, is contractually guaranteed (e.g. by the signing of the standard contractual clauses envisaged by the European Commission).

Data retention period

The Company only retains customer data for the period required to achieve the specific purposes of the processing, in compliance with contractual and legislative requirements.

The rights of data subjects

Pursuant to articles 15 to 21 of Regulation (EU) 216/679, data subjects can exercise the following rights:

  1. 1. right of access: right to obtain confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data, including a copy of such.
  2. 2. right of rectification: right to obtain without undue delay, the rectification of inaccurate personal data concerning him or her and/or the right to have incomplete personal data completed.
  3. 3. right of erasure ("right to be forgotten"): right to obtain the erasure of personal data concerning him or her without undue delay.
  4. 4. right to restriction of processing: right to obtain the restriction of processing, where one of the following applies:
    • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of such data;
    • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
    • the data subject requires the personal data for the establishment, exercise or defence of legal claims;
    • the data subject has objected to processing pursuant to article 21 of the GDPR pending verification as to whether the legitimate grounds of the controller override those of the data subject.
  5. 5. right to data portability: right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance, if the processing is based on consent and carried out by automated means. In addition, the right to have his or her personal data transmitted directly by the Company to another controller, where technically feasible.
  6. 6. right to object: right to object, on grounds relating to his or her particular situation, at any time, to the processing of personal data concerning him or her which is based on the lawfulness of the legitimate interest or the performance of a task carried out in the public interest or in the exercise of official authority, unless the controller demonstrates legitimate grounds to continue the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  7. 7. the right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or judicial remedy, a data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes the Regulation.

Requests should be sent in one of the following two ways:

  • by ordinary mail sent to the Company's operational headquarters: illimity Bank S.p.A. – via Soperga 9 – 20127 Milan, Italy
  • by electronic mail to the email address:

The contents of the website – script code, graphics, text, tables, images, sounds and all other information in any form whatsoever – are protected pursuant to current intellectual property legislation. Any companies and products mentioned on this website are identified by their respective trademarks, which are or may be protected by patents and/or copyrights granted or registered by the competent authorities. Unless specifically stated, the software products and information content may only be downloaded or utilised for personal use, and in any case not for commercial purposes, quoting the source.