Privacy Policy

Privacy Policy

GDPR Reg. EU 679/2016 – Website Privacy Policy

We would like to inform you that the processing of your personal data will be carried out in compliance with current privacy legislation and will be based on the principles of fairness, lawfulness, transparency and data protection. To this end, in accordance with the provisions of Article 13 of the European Regulation 2016/679 (GDPR), we indicate below the general information regarding the processing of personal data carried out through this website.

1. Who the Data Controller and the Data Protection Officer (DPO) are.

The Data Controller of the processing of personal data is Cherry Bank S.p.A. based in Padua (Pd), Via San Marco 11, 35129 Padua.
The Data Controller has appointed a Data Protection Officer (“Data Protection Officer” or “DPO”), whom you may contact, writing to:

  • Cherry Bank based at Via San Marco 11, 35129 Padova, “Data Protection Officer”
  • By sending an e-mail to:
  • By sending a certified e-mail message to the PEC address:

In order to exercise your rights, listed in point I below of this Notice, as well as for any other request, you may contact the “Privacy & Data Protection” Function at the following address:

  • Cherry Bank with head office in via San Marco 11, 35129 Padova, “Data Protection Officer”
  • By sending an e-mail to the address:
  • By sending a certified e-mail message to the PEC address:

2. Methods of data processing on this website

2.1. Navigation data
The computer systems and procedures that manage this Web site acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. For example, such data include. the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters relating to the operating system to the hardware used by the user. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, nevertheless allow it to be able to identify users. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes caused to this site.

2.2. Cookies
Il sito fa uso di cookie per migliorare l’esperienza di navigazione dell’utente. I cookies sono di regola stringhe di testo che i siti web visitati dall’utente ovvero i siti di terze parti, posizionano e archiviano all’interno al dispositivo utilizzato dall’utente per la navigazione. Il sito utilizza cookies tecnici ove possibile soggetti ad anonimizzazione; questi sono necessari per il corretto funzionamento di un sito web e per permettere la navigazione dell’utente; senza di essi l’utente potrebbe non essere in grado di visualizzare correttamente le pagine oppure di utilizzare alcuni servizi. Il sito utilizza inoltre cookie statistici, chiamati anche cookie analytics, utilizzati unicamente per produrre statistiche aggregate in relazione al singolo sito internet visitato. Viene fatto uso di cookie di sessione (non persistenti), in modo strettamente limitato a quanto necessario per la navigazione sicura ed efficiente dei siti.
Go to Cookie Policy.

2.3. Purpose and legal basis
The data you provide may be processed for:

  1. Purpose: the performance of necessary operations aimed at providing the services and/or information that you may have requested such as browsing through the pages of the site, registration to restricted areas, assistance and re-contact, request for information via e-mail, etc. Legal Basis: the need to respond to your request for information or execute your requests to receive a service directly available through the site.
  2. Purpose: The provision of technological services such as mailing-list, newsletters, remote or local support and maintenance, etc.. Such service is also related to that provided by specifically authorized third parties. Legal Basis: the need to respond to your request for information or execute your requests to receive a service directly available through the site.
  3. Purpose: activity arising from obligations of laws, regulations or measures from time to time in force and applicable to the services and services offered through the site. Legal Basis: the need to fulfill a legal obligation.
  4. Purpose: statistical processing of aggregate data in relation to site performance. Legal Basis: this is anonymized data, i.e., data from which it is not possible to re-identify a natural person.
  5. Purpose: Evaluations regarding the use of the Bank’s site. Legal Basis: consent.
  6. Purpose: to optimize the commercial offer. Legal Basis: consent.
  7. Purpose: to send advertising and/or commercial proposals based on the interests you have expressed by accessing the pages and using the services available on this site. Legal Basis: consent.

3. Data provided voluntarily

In order to access some restricted services (such as Home Banking,App systems), it is mandatory to register and enter some personal data. The provision of some identifying data is necessary in order to authenticate and verify the legitimacy of access, in the different levels of the reserved areas, to the individuals who access them.

4. Transfer of data outside the EU

The Data Controller may transfer your personal data, to the categories of recipients listed above, both to EU and non-EU countries (in the latter case, this will be exclusively to countries that guarantee an adequate level of protection in accordance with the GDPR or to Third Parties that guarantee the proper processing of data in compliance with the European legislation in force by virtue of Standard Contractual Clause).

5. Categories of Recipients of Personal Data

Depending on the operation or service requested, customer/user data may be communicated by the owner to third party companies entrusted with tasks of a technical and organizational nature that will process the data as an autonomous owner or as an external manager (e.g. site maintenance company, manager of the reserved section, manager of the Internet Banking\Digital Banking platform, app manager). The data may also be communicated to those third parties in order to fulfill an obligation provided for by law or in case of a measure of the Authority.

6. Processing methods, security measures, and retention times

Personal data are processed by automated means for the time strictly necessary to achieve the purposes for which they were collected and stored digitally. Specific security measures are in place to prevent data destruction or loss, unauthorized access, or unlawful use.

Rights of the data subject under EU Regulation 679/2016.

In relation to the processing operations described in this Notice, as a data subject you may, under the conditions provided by the GDPR, exercise the rights enshrined in Articles 15 to 22 of the GDPR and, in particular, the following rights:

  • Right of access – art.15 EU Regulation 679/2016.
  • Right of rectification – art.16 EU Regulation 679/2016.
  • Right of deletion – art.17 EU Regulation 679/2016.
  • Right to restriction of processing – art.18 EU Regulation 679/2016.
  • Obligation to notify in case of rectification or erasure of personal data or restriction of processing – art.19 EU Regulation 679/2016.
  • Right to data portability – art.20 EU Regulation 679/2016.
  • Right to object – art.21 EU Regulation 679/2016.
  • Right not to be subject to automated decision making – art.22 EU Regulation 679/2016.

The exercise of your rights as a data subject is free of charge under Article 12 GDPR. However, in the case of requests that are manifestly unfounded or excessive, including due to their repetitiveness, the Data Controller may charge a reasonable fee, in light of the administrative costs incurred in handling your request, or deny satisfaction of your request. In any case, you may exercise your rights by contacting the mailbox attaching a copy of your ID. In any case, you will always have the right to lodge a complaint with the competent supervisory authority (Garante per la Protezione dei Dati Personali), in accordance with Article 77 GDPR, if you believe that the processing of your data is contrary to the current Privacy Regulations.

Distressed Credit