Home Privacy Policy

Privacy Policy for Website and Mobile App (Cherry Bank and Cherry face to face)

We inform you that your personal data will be processed in compliance with current privacy legislation and will be based on principles of correctness, lawfulness, transparency and data protection. To this end, in accordance with Article 13 of Regulation (EU) 2016/679 (GDPR), we hereby provide you with general information regarding the processing of personal data carried out through this website and for the mobile apps (Cherry Bank and Cherry face to face) referred to in paragraph 7.

1. Who the Data Controller and the Data Protection Officer (DPO) are.

The Data Controller of the processing of personal data is Cherry Bank S.p.A. based in Padua (Pd), Via San Marco 11, 35129 Padua.
The Data Controller has appointed a Data Protection Officer (“Data Protection Officer” or “DPO”), whom you may contact, writing to:

  • Cherry Bank based at Via San Marco 11, 35129 Padova, Att.ne “Data Protection Officer”
  • By sending an e-mail to: dpo@cherrybank.it

In order to exercise your rights, listed in point 8 of this Policy, or for any other request, you may contact the Privacy & Data Protection Department at the following address:

  • Cherry Bank, with registered office at Via San Marco 11, 35129 Padua, to: ‘Privacy & Data Protection’
  • By sending an e-mail to: privacy@cherrybank.it
  • By sending a certified email to the certified email address: privacy@pec.cherrybank.it

2. Methods of data processing on this website

2.1. Navigation data

The computer systems and procedures that manage this website acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. For example, this data includes: the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters relating to the operating system and hardware used by the user. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and is deleted after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against this site.

2.2. Cookies

The website uses cookies to improve the user’s browsing experience. Cookies are usually text strings that the websites visited by the user or third-party websites place and store on the device used by the user for browsing. The website uses technical cookies where possible subject to anonymisation; these are necessary for the proper functioning of a website and to allow the user to browse; without them, the user may not be able to view the pages correctly or use certain services. The site also uses statistical cookies, also known as analytics cookies, which are used solely to produce aggregate statistics in relation to the individual website visited. Session cookies (non-persistent) are used, strictly limited to what is necessary for the safe and efficient navigation of the sites.
Go to Cookie Policy.

2.3. Purpose and legal basis

The data you provide may be processed for:

  • Purpose: to carry out the necessary operations aimed at providing the services and/or information you may request, such as browsing the pages of the website, registering for restricted areas, assistance and follow-up, requesting information via email, etc. Legal basis: the need to respond to your request for information or to fulfil your requests to receive a service directly available through the website.
  • Purpose: the provision of technological services such as mailing lists, newsletters, remote or local assistance and maintenance, etc. This service also relates to that provided by specifically authorised third parties. Legal basis: the need to respond to your request for information or to execute your requests to receive a service directly available through the website.
  • Purpose: activities arising from legal obligations, regulations or measures in force from time to time and applicable to the services and performances offered through the website. Legal basis: the need to comply with a legal obligation.
  • Purpose: statistical processing of aggregated data relating to website performance. Legal basis: this data is anonymised, i.e. it is not possible to re-identify a natural person from it.
  • Purpose: evaluations regarding the use of the Bank’s website. Legal basis: consent.
  • Purpose: to optimise the commercial offer. Legal basis: consent.
  • Purpose: to send advertising and/or commercial offers based on the interests you have expressed by accessing the pages and using the services available on this website. Legal basis: consent.

3. Data provided voluntarily

In order to access certain restricted services (such as Home Banking systems and apps), you must register and enter certain personal data. The provision of certain identification data is necessary in order to authenticate and verify the legitimacy of access, at various levels of the restricted areas, to those who access them.

4. Transfer of data outside the EU

The Data Controller may transfer your personal data to the categories of recipients listed above, both within the EU and outside the EU (in the latter case, this will only be to countries that guarantee an adequate level of protection in accordance with the provisions of the GDPR or to third parties that guarantee the correct processing of data in compliance with current European legislation under the Standard Contractual Clauses).

5. Categories of Recipients of Personal Data

Depending on the operation or service requested, customer/user data may be disclosed by the data controller to third-party companies entrusted with technical and organisational tasks, which will process the data as independent data controllers or external data processors (e.g. website maintenance companies, managers of the reserved section, managers of the Internet Banking/Digital Banking platform, app managers). The data may also be disclosed to third parties for the purpose of fulfilling a legal obligation or in the event of a measure taken by the Authority.

6. Processing methods, security measures, and retention times

Personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which it was collected and stored digitally. Specific security measures have been put in place to prevent the destruction or loss of data, unauthorised access or unlawful use.

7.Mobile App (Cherry Bank and Cherry face to face)

7.1 Who the Data Controller and the Data Protection Officer (DPO) are.

See point 1 of this Policy.

7.2 Type of data processed

We wish to inform you that we have products/services that use mobile applications available for download on the main marketplaces (Google Play Store, Apple App Store and Huawei AppGallery). Specifically, these applications are Cherry Bank and Cherry face to face. These applications are developed, updated and maintained by third parties with whom the Bank has entered into specific supply contracts with specific appointment as External Processors pursuant to Article 28 of the GDPR. Personal data is processed by the Data Controller to allow you to use all the features provided by the above applications and to ensure their proper functioning. Once installed, the App may ask you to access certain information and features on your Device, such as:

  • Personal information, such as your name, email address, user ID, address and telephone number (e.g. for the app to function)
  • Camera (e.g. to enable you to use QR code-based services)
  • Files and documents (e.g. to enable you to save or open documents)
  • Contacts (e.g. so you can save your contact details in the App)
  • Device ID (e.g. for the operation of the App)
  • Authentication system (depending on your device model, the App may optionally ask you for permission to use your device’s fingerprint or facial recognition to facilitate authentication. Our application does not save any of your biometric data but only verifies that the fingerprint or face belongs to the same person authorised to use the Device)
  • Crash logs and other diagnostic data (to be sent to developers for the purpose of analysing App malfunctions)

 

Also :

  • The Apps do not share user data with other organisations or companies.
  • Data is encrypted in transit.
  • Data is transferred via a secure connection.

7.3 Purpose of the processing:

The purposes of the processing on the App object of this paragraph are:
  • Purpose directly connected to the correct functioning of the App
  • Purpose connected to the obligations established by law, by regulations, by legislation community, as well as by provisions issued by the competent Authorities.

7.4 Legal basis

The legal basis on the Apps covered by this paragraph are:
  • Fulfillment of a contractual obligation
  • Fulfillment of a legal obligation
  • Legitimate interest

7.5 Retention and Deletion of Data

The personal data processed will be stored in a form that allows the identification of the data subjects for a period of time not exceeding the achievement of the purposes for which they are processed (e.g. 10 years from the transaction for administrative/accounting purposes), without prejudice to the need to store them for a different period following requests from the competent authorities for the prevention and prosecution of crimes or, in any case, to assert or defend a right in court. accounting purposes), without prejudice to the need to store them for a different period following requests from the competent authorities for the prevention and prosecution of crimes or, in any case, to assert or defend a right in court or as required by specific regulations applicable in relation to the data processed and the related purposes.
For further information regarding the storage and deletion of data on the device, please refer to the manufacturers of the operating systems used. The data subject may, in any case, consult the privacy information made available on the following websites:

 

We invite you to read the privacy information relating to the apps referred to in this paragraph on the Google Play Store, Apple App Store and Huawei AppGallery pages for Cherry Bank and Cherry face to face. For any further information, we also invite you to read the information relating to the device you are using, available on your device, and the specific information available in the MarketPlace relating to the applications. You may terminate the processing described herein carried out through the Bank’s applications at any time by uninstalling them from your device.

8. Rights of the data subject pursuant to Regulation (EU) 2016/679

In relation to the processing described in this Policy, as a data subject, you may, under the conditions set out in the GDPR, exercise the rights set out in Articles 15 to 22 of the GDPR and, in particular, the following rights:

  • Right of access – Article 15 of
  • Regulation (EU) 2016/679.
  • Right to rectification – Art. 16 Regulation (EU) 2016/679.
  • Right to erasure – Art. 17 Regulation (EU) 2016/679.
  • Right to restriction of processing – Art. 18 Regulation (EU) 2016/679.
  • Right to data portability – Art. 20 Regulation (EU) 2016/679.
  • Right to object – Art. 21 Regulation (EU) 2016/679.
  • Right not to be subject to automated decision-making – Art. 22 Regulation (EU) 2016/679.

 

The exercise of your rights as a data subject is free of charge pursuant to Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, including those that are repetitive, the Data Controller may charge a reasonable fee, in light of the administrative costs incurred in handling your request, or refuse to comply with your request. In any case, you may exercise your rights by contacting the addresses indicated in point 1 of this Policy, attaching a copy of your identity document. In any case, you will always have the right to lodge a complaint with the competent supervisory authority (Garante per la Protezione dei Dati Personali), pursuant to Article 77 of the GDPR, if you believe that the processing of your data is contrary to the Privacy Policy in force.

To view related documentation, visit the section Other useful information and documentation Privacy on the page – Privacy Policy (available only in Italian version).
logo Cherry Bank

You are being directed to the English version of the Cherry Bank website.

A shortened version of the website with the main information is available in English (all documents are available in Italian only).

The full version of the Cherry Bank website including corporate information, product/services, documents is available in Italian only.

Go Back
Next

Cosa stai cercando?