Privacy policy


Privacy policy

General introduction

The purpose of this Privacy Policy is to describe how the website is managed, with reference to the processing of personal data of users who consult it.

This information is provided pursuant to the EU Regulation on the protection of personal data, n. 2016/679 and the Italian legislation in force on the subject to those who interact with the website, which belongs to CA Autobank. This information notice is provided only for the website and not for other websites that may be consulted by the user through links.


1)    Data Controller

The Data Controller is CA Auto BankCA Auto Bank S.p.A., having registered office at Turin, Corso Orbassano 367, VAT 08349560014

2) Type of data processed and purposes of processing

2.1) Data provided voluntarily by the user

You have the right, after reading this statement, to release your personal data on the web page to access the application for the Digital Factory initiative promoted by CA Auto Bank S.p.A.

The data processing will always take place:

1. in full compliance with existing legislation, on the basis of the information provided and in a fair and transparent manner;

2. collecting a minimum number of Data and in any case collecting only the Data necessary for the services covered by the contract;

3. in a precise and updated manner;

4. keeping the Data only for the time necessary to perform the services covered by the contract.


2.2) Navigation Data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses, type of browser, operating system, domain name and website addresses from which access or exit has been made, information on the pages visited by users within the site, access time, stay on the single page, internal path analysis and other parameters relating to the operating system and the user's computer environment. Such technical/informatics data are collected and used in an aggregate and anonymous way for the sole purpose of:

1. improve the quality of the service and optimise the functionality of the site;

2. understand the behaviour of users in order to improve online communication;

3. to prepare statistical information regarding the use of the site.

This data may also be used:

a) to comply with requirements dictated by national regulations and communicate as well as with provisions issued by Supervisory and Control Bodies, also in relation to the monitoring obligations of operational and credit risks at Banking Group level, as well as

b) to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the site and for investigations in the event of any litigation.

The conferment of the data described above is necessary for navigation on the Web page, and any refusal to provide them makes it impossible to carry out this activity.

The data provided will be processed for the time necessary to carry out the operations described herein.

This web page makes use of technical and analytical cookies to allow the correct use of the site and improve your browsing experience. To learn more about the cookies used and possibly disable them, please access the Cookie Policy.


3) Purpose

The personal data collected when filling out the online form will be processed to manage your registration to the Digital Factory initiative and for pre-contractual purposes necessary for the execution and participation in the call for proposals indicated on the web page. The provision of the requested data for the purposes referred to in this point is necessary for the contact you requested, and any refusal to provide them will make it impossible to carry out the activities of contact and participation in the call.


4) Recipients of Personal Data

For the various purposes described above, the Data Controller may communicate his or her data, always in compliance with the rights and guarantees provided for by current legislation, to

- companies of the CA Auto Bank, or in any case subsidiary or associated companies;

- subjects providing support, organisation and tender management services;

- subjects providing services for the management of the Data Controller’s information system and telecommunications networks (including electronic mail);

- subjects that carry out transmission, enveloping, transport and sorting of communications with the interested party;

- subjects carrying out documentation archiving and data entry activities;

- subjects that carry out customer assistance activities (e.g.: call centers, customer services, etc.);

- subjects that carry out control, auditing and certification of the activities carried out by the Data Controller.

Where required, the subjects indicated will be adequately appointed as Data Processors in the forms required by current legislation.


5) Processing methods

Data processing is carried out using automated and/or manual methods for the time strictly necessary to achieve the purposes for which the data is collected, in compliance with the regulations in force. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorised access.

The provision of personal data by minors under 16 years of age is also expressly forbidden.


6) Data Protection Officer

For any direct contact - formal and urgent, other than the exercise of the rights provided for in paragraph 7) - you may contact the Data Protection Officer using the following contact details:

·       Email:;

·       Phone: +39 011.4488.203 – an operator from our Customer Care will answer and redirect your call to the Data Protection Officer;

·       Traditional mail: CA Auto Bank S.p.a., Orbassano 367 10137 Turin, Italy, indicating “For the attention of the Data Protection Officer”.


7) Data subjects Rights

In relation to the processing of personal data listed above you may request:

- confirmation as to whether or not personal data concerning you are being processed and, if so, to obtain access to such data as well as the source of such data, the purposes, methods of processing and the logic applied in the case of processing carried out with the aid of electronic instruments;

- the updating, integration, rectification, erasure or transformation into anonymous form of personal data concerning you;

- to limit or oppose the processing of personal data concerning you;

- to receive in a structured format, in common use and readable by automatic device, the personal data concerning you or the transmission of the same to another data controller (so-called right to portability);

- certification that the requested operations have been brought to the attention of those to whom the data have been communicated or disseminated.

You have the right to exercise your rights by contacting the Customer Care of CA Auto Bank S.p.A. at the following addresses:

Telephone: 011.4488.203;


The Data Controller shall reply to your requests within 30 (thirty) days of their receipt, unless extended by 60 (sixty) days in view of their complexity and number; once the above mentioned terms have expired, you have the right to lodge a complaint with the Data Protection Authority in the forms and manner provided for by current legislation.

FCA Bank may make changes to this policy and it is your responsibility to check it regularly.


8) Data transfer outside the European Economic Area

Your data will not be transferred by us to a third country outside the EU or to an international organisation, except in exceptional and strictly necessary cases. If necessary, for technical or operational reasons the same data may be processed in countries outside the European Union, provided that an adequate level of protection is guaranteed. Any transfer of your personal data to non-EU countries, in the absence of an adequacy decision by the European Commission, will only be possible if adequate guarantees of a contractual or contractual nature, including standard contractual clauses on data protection, are provided by the Data Controller and Data Processor involved. The transfer of your data to third countries outside the European Union, in the absence of an adequacy decision or other appropriate measures as described above, will be made only where strictly necessary.


9) Data retention

As a general rule, we keep your data at the Company only for the time necessary to achieve the purposes listed above in compliance with the principle of proportionality and necessity provided for by the legislation on the protection of personal data. In determining the period of retention, we rely on the laws applicable to the activities and sectors in which the Company operates, as well as the information provided by the Data Protection Authority through applicable measures.

Once the retention period has expired, we will delete or transform the data into anonymous form.


10) Updates of this Privacy Policy

This Policy in case of changes or as a result of any updates or changes is provided through periodic communications or can be found on the website in the section dedicated to the protection of personal data and at your request.