Information notice on the processing and protection of personal data pursuant to the articles 13 and 14 of general regulation on the protection of personal data (“gdpr”)
The following information notice is intended to provide an overview of the use of your personal data and your rights pursuant to the General Data Protection Regulation - Regulation (EU) 2016/679 (hereinafter also GDPR) (and in accordance with 152-FZ “On personal data” FOR RUSSIAN EMPLOYEES ONLY) carried out by UniCredit S.p.A. and all other UniCredit Legal Entities where you are an employee, which act as Autonomous Data Controllers for the 360 feedback (hereinafter also “Data Controllers”. For the full list of UniCredit Legal Entities, that act as Data Controllers, please see the Annex 1 of this information notice).
01 · DATA CONTROLLER AND DATA PROTECTION OFFICER
The Data Controller is UniCredit S.p.A., with registered office in Milan, Piazza Gae Aulenti n. 3, Tower A, 20154 Milan, as well as all other UniCredit Legal Entities that act as autonomous Data Controllers, since they might be in charge or anyway involved of the above mentioned 360 feedback for the data processing of their own employees (for the Data Controllers full list see Annex 1).
You can contact the UniCredit S.p.A. Data Protection Officerat:
- UniCredit S.p.A.
- Data Protection Office,
- Piazza Gae Aulenti n. 1, Tower B, 20154 Milano,
- E-mail: Group.DPO@unicredit.eu PEC: Group.DPO@pec.unicredit.eu
02 · PURPOSE AND LEGAL BASIS OF PROCESSING
The Data Controllers process the personal data of their employees in its possession, collected either directly from the data subject, or from third parties for the following purposes:
In order to comply with the Delegations of Authority defined by UniCredit Board of Directors for the decision making process related to the 360 feedback your personal data - name, surname, corporate e-mail address, as well as any other data related to your employment with a Legal Entity belonging to the UniCredit Group, are transmitted, stored, managed and processed by UniCredit S.p.A— as Holding Company — as well the UniCredit Legal Entities (for the data processing of their own employees).
The 360 feedback is a development tool where the involved population is requested to answer - anonymously - a set of questions based on the UniCredit Values.
The legal basis for the processing of personal data is your consent, which you are free to give or not and which you may, however, revoke at any time. The provision of data necessary for these purposes is not mandatory, but without your personal data it will be not possible for you to participate in the aforementioned process related to the 360 feedback.
03 · CATEGORIES OF PERSONAL DATA
The Data Controllers process personal data collected directly from you, or from third parties, which include, but are not limited to, personal data (e.g. name, surname, e-mail address) as well as your data related to your employment relationship.
04 · RECIPIENTS OR RECIPIENTS’ CATEGORIES OF PERSONAL DATA
Your data may be communicated to the natural and legal persons in their capacity as “Data Processors” as specified in the list available on the websites of the corresponding Data Controller, as well as in the quality of persons authorized to process personal data, in relation to the data necessary for the performance of the duties assigned to him, the natural persons belonging to the following categories:
- employees or temporary employees or trainees assigned to the Data Controllers HR Function, consultants and other natural persons occasionally assigned to the Data Controllers HR Function;
- employees, temporary workers, interns and consultants of external companies appointed as Data Processors
Would you need any additional info, you can refer to the dedicated email address: UniCredit - Group - Data Privacy Recruiting dataprivacy.recruiting@unicredit.eu.
05 · DATA PROCESSING MODALITIES
The processing of personal data involves the use of manual, IT and ICT instruments with rationale closely connected with the purposes defined above and, in any case, in such a way as to guarantee the security and confidentiality of the data.
FOR RUSSIAN EMPLOYEES ONLY data localization requirements in respect of transmitted personal data (e.g. name, surname, e-mail address) as well as your data related to your employment relationship have already been fulfilled by AO Unicredit Bank.
06 · DATA SUBJECT RIGHTS
GDPR* grants and assures specific rights, including the right to know what data concerning you are held by the Data Controllers (right of access), as well as how they are used, and the right to obtain, under certain conditions, the copy, the erasure, as well as the update, the rectification or, if interested, the data integration, the restriction of processing, the right to object to processing, as well as the right to data portability.
*FOR RUSSIAN EMPLOYEES ONLY 152-FZ “On personal data”.
07 · DATA RETENTION PERIOD AND RIGHT TO ERASURE
UniCredit processes and stores your personal data for all the time of the employment relationship, to execute the related and connected obligations as well as for its own defensive purposes or those of third parties until the expiration of the longest mandatory retention period provided by the applicable law starting from the date of termination of the employment relationship.
At the end of the applicable mandatory retention period, your personal data will be erased or kept in a form which does not permit your identification (e.g. irreversible anonymization), unless the further processing is necessary for one or more of the following purposes: i) for resolution of pre-litigation and/or litigation, started before the expiration of the mandatory retention period; ii) to follow up with investigations/inspections by internal control functions and/or external authorities, started before the expiration of the mandatory retention period; iii) to follow up with requests from the Italian and/or foreign public authorities received/notified, started before the expiration of the mandatory retention period.
08 · PROCEDURE TO EXERCISE THE RIGHTS
To exercise the rights described above, you can refer to: UniCredit - Group - Data Privacy Recruiting - dataprivacy.recruiting@unicredit.eu.
The deadline for the reply is one (1) month*, that may be extended by two (2) further months in cases of particular complexity; in these cases, the Data Controllers inform you about such extension within one (1) month of receipt of the request.
FOR RUSSIAN EMPLOYEES ONLY The deadline for the reply is 10 working days in accordance with 152-FZ “On personal data” that may be extended no longer than to 15 working days.
FOR RUSSIAN EMPLOYEES ONLY Personal data can’t be transferred to any other countries than the following countries by the UniCredit S.p.A. and/or Unicredit Group or the 360 vendor: Austria, Bulgaria, Bosnia and Herzegovina, Croatia, Czech Republic, Great Britain, Hungary, Germany, Italy, Luxembourg, Romania, Serbia, Singapore, Slovakia, Slovenia, United States of America.
The exercise of rights is, in principle, free of charge. The Data Controllers reserve the right to ask for a contribution in case of manifestly unfounded or excessive requests (also repetitive).
09 · COMPLAINT OR REPORTING TO THE DATA PROTECTION AUTHORITY
You have the right to appeal to the Judicial Authority or else to lodge a complaint with or make a report to your Local Data Protection Authority.
ANNEX 1 - Data Controllers
- UniCredit S.p.A., with registered office in Piazza Gae Aulenti n. 3, Tower B, 20154 Milan, Italia;
- UniCredit Factoring S.p.A., with registered office in Livio Cambi, 5, 20151, Milan, Italia;
- UniCredit Leasing S.p.A., with registered office in Via Livio Cambi, 5, 20151 Milan, Italia;
- UniCredit Leased Asset Management S.p.A. (“UCLAM”), with registered office in Via Livio Cambi 5, 20151 Milan, Italia;
- Cordusio Società Fiduciaria per Azioni, with registered office in via Manzoni 9, 20121 Milano, Italia;
- UniCredit Subito Casa S.p.A., with registered office in via Livio Cambi 5, 20151 Milano, Italia;
- UniCredit myAgents S.r.l., with registered office in Piazza Gae Aulenti 3, 20154 Milano, Italia;
- UniCredit Bank AG - Milan Branch, with registered office in Piazza Gae Aulenti, 4 - Torre C, 20154 Milano, Italia;
- UniCredit Bank AG, with registered office in Arabellastraße 12, 81925 München;
- UniCredit Bank Austria AG, with registered office in Rothschildplatz 1, 1020 Vienna, Austria;
- Ao Unicredit Bank with registered office in 9, Prechistenskaya emb., Mosca, 119034, Russian Federation;
- Unicredit Bank Czech Republic And Slovakia, A.S. with registered office in Želetavská 1525/1, 140 92 Prague, Czech Republic;
- Zagrebacka Banka D.D. with registered office in Trg bana Josipa Jelačića 10, 10000 Zagreb, Croatia;
- Unicredit Bank S.A. with registered office in sectorul 1, b-dul expoziţiei, nr. 1f, 012101 Bucharest, Romania;
- Unicredit Bulbank Ad with registered office in pl. "Sveta Nedelya" 7, 1000 Sofia Center, Sofia, Bulgaria;
- Unicredit Bank Hungary Zrt with registered office in Szabadság tér 5-6, 1054 Budapest, Hungary;
- Unicredit Bank Serbia Jsc with registered office in Rajiceva 27-29, 11000 Belgrade, Serbia;
- Unicredit Bank D.D. with registered office in Kardinala Stepinca bb, 88000 Mostar, Bosnia ed Erzegovina;
- Unicredit Banka Slovenija D.D. with registered office in Ameriška ulica 002, 1000 Ljubljana, Slovenia;
- Unicredit Leasing Cz A.S. with registered office in Želetavská 1525/1, 140 10 Praga, Czech Republic;
- Unicredit Consumer Financing Ead with registered office in zh.k. Serdika, ul. Gyueshevo 1, 1303 Sofia, Bulgaria;
- Unicredit Leasing Corporation Ifn S.A. with registered office in sectorul 1, b-dul expoziţiei, nr. 1f, 012101 Bucharest, Romania;
- Unicredit Leasing Ead with registered office in ul. Gyueshevo No. 14, 1303 Sofia, Bulgaria;
- Factorbank Aktiengesellschaft with registered office in Rothschildplatz 1, A-1020 Vienna, Austria;
- Ooo Unicredit Leasing with registered office in Bolshay Dmitrovka 5/6,2 Mosca, Russian Federation;
- Unicredit Leasing Gmbh with registered office in Rothschildplatz 4, 1020 Vienna, Austria;
- Unicredit Leasing Croatia D.O.O. Za Leasing with registered office in Ulica Damira Tomljanovića Gavrana 17, 10000 Zagreb, Croatia;
- Card Complete Service Bank Ag with registered office in Lassallestraße 3, 1020 Vienna, Austria;
- Unicredit Leasing Slovakia A.S. with registered office in Šancová 1/A, 814 99 Bratislava, Slovak Republic;
- Unicredit Consumer Financing Ifn Sa with registered office in Bulevardul Expozitiei, 012101 Bucuresti-Sectorul 1, Romania;
- Unicredit Bank A.D. Banja Luka with registered office in M. Bursać 7, 78000 Banja Luka, Bosnia and Herzegovina;
- Unicredit International Bank (Luxembourg) Sa with registered office in 8-10, Rue Jean Monnet, L-2180 Luxembourg;
- Unicredit Leasing Finance Gmbh with registered office in Nagelsweg 53, 20097 Hamburg, Germany;
- Unicredit Leasing Hungary Zrt with registered office in Szabadság tér 5-6, 1054 Budapest, Hungary;
- Unicredit Mobilien Und Kfz Leasing Gmbh with registered office in Rothschildplatz 1, 1020 Vienna, Austria;
- Unicredit Factoring Czech Republic And Slovakia, A.S. with registered office in Želetavská 1525/1, 140 00 Praha 4, Czech Republic;
- Leasfinanz Gmbh with registered office in Fuhlsbüttler Straße 437, 22309 Hamburg, Germany;
- Baca Hydra Leasing Gmbh with registered office in Rothschildplatz 1, 1020 Vienna, Austria;
- Unicredit Leasing Srbija D.O.O. Beograd with registered office in Rajiceva 27-29, 11000 Belgrade, Serbia;
- Unicredit Techrent Leasing Gmbh with registered office in Rothschildplatz 4, 1020 Vienna, Austria;
- Unicredit Leasing (Austria) Gmbh with registered office in Rothschildplatz 4, 1020 Vienna, Austria;
- Unicredit Services Gmbh with registered office in Rothschildplatz 1, 1020 Vienna, Austria;
- Legato Leasing Gesellschaft Mbh with registered office in Rothschildplatz 1, 1020 Vienna, Austria;
- UniCredit Bank AG - London Branch with registered office in Moor House, 120 London Wall, EC2Y 5ET, London, United Kingdom;
- UniCredit S.p.A. - Madrid Branch with registered office in Miguel Angel 11, 3 planta. 28010 Madrid, Spain;
- UniCredit Bank AG - New York Branch with registered office in 150 East 42nd Street, 10017 New York, United States of America;
- UniCredit S.p.A. - Paris Branch with registered office in 117 Avenue Des Champs Elysees, 75008 Paris, France;
- UniCredit S.p.A. - München Branch Arabellastr. 14, 81925 München;
- UniCredit Bank AG - Vienna Branch with registered office in Rothschildplatz 1 - 1020 Vienna, Austria;
- UniCredit S.p.A. - Praga Branch with registered office in Želetavská 1525/1 - 140 92 Praha 4 - Michle;
- UniCredit S.p.A. - Bratislava Branch with registered office in Svätopluková č. 31 - 821 08 Bratislava, Slovakia;
- UniCredit S.p.A. - Polonia Branch with registered office in oddzial w Pólsce ul. 1 Maja 38/39, 71-627 Szczecin, Polonia;
- UniCredit S.p.A. - Bucarest Branch with registered office in Str. Ing. George Constantinescu nr.4B si Str. George Constantinescu nr. 2-4, Cladirea C, etaj 7 - spatiu 1, etaj 8 si 9, sector 2, Bucuresti, Romania;
- UniCredit S.p.A. - Budapest Branch with registered office in Róbert Károly krt. 61-65, Magyarországi Fióktelepe, 1134 Budapest, Hungary;
- UniCredit S.p.A. - Shangai Branch Unit 2401, Jin Mao Tower, 88 Century Boulevard, 200121 Pudong Shanghai, P.R. China.
Annex 2 -Data Protection Officer
- UniCredit S.p.A., UniCredit Leasing S.p.A., UCLAM, Cordusio Società Fiduciaria per Azioni, UniCredit Factoring S.p.A., UniCredit Subito Casa S.p.A. and UniCredit myAgents S.r.l. at:
- UniCredit S.p.A.
- Data Protection Office,
- Piazza Gae Aulenti n. 1, Tower B, 20154 Milano,
- E-mail: Group.DPO@unicredit.eu PEC: Group.DPO@pec.unicredit.eu
- UniCredit Bank AG - Milan Branch at:
- Data Protection Office,
- Compliance
- Piazza Gae Aulenti n. 4, Tower C, 20154 Milano, Italy
- privacy.unicreditbankag.uc@unicredit.eu
- UniCredit Bank AG at:
- Datenschutzbeauftragter,
- Postfach
- 80311 München
- E-mail:DatenschutzHVB@unicredit.de
- UniCredit Bank Austria AG at:
- Data Protection Office,
- Rothschildplatz 1, 1020 Vienna, Austria
- E-mail: datenschutz@unicreditgroup.at
- UniCredit Bulbank AD at:
- Data Protection Office
- 7 Saint Nedelya Sq., 1000, Sofia, Bulgaria
- email address: DPO@UniCreditGroup.BG
- UniCredit Banka Slovenija d.d. at:
- Data Protection office
- Ameriška ulica 2, 1000 Ljubljana
- e-mail address: dpo@unicreditgroup.si
- Unicredit Bank S.A. at:
- Data Protection Office,
- sectorul 1, b-dul Expoziţiei, nr. 1f, 012101 Bucharest, Romania
- Email: dpo@unicredit.ro
- Unicredit Consumer Financing Ifn S.A. at:
- Data Protection Office,
- sectorul 1, b-dul Expoziţiei, nr. 1f, 012101 Bucharest, Romania
- Email: roucfindpo@unicredit.ro
- Unicredit Leasing Corporation Ifn S.A. at:
- Data Protection Office,
- sectorul 1, b-dul Expoziţiei, nr. 1f, 012101 Bucharest, Romania
- Email: dpo@unicreditleasing.ro