Privacy Policy e Cookie Policy

INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA – NAVIGATION ON THE WEBSITE WWW.BCSM.SM

pursuant to Article no. 13 of Law no. 171 of 21 December 2018 “Protection of natural persons with regard to the processing of personal data”

 

Preliminary Statements
Pursuant to and in compliance with the current legislation on the protection of personal data and in particular pursuant to Article no. 13 of Law no. 171 of 21 December 2018, titled “Protection of natural persons with regard to the processing of personal data” (hereinafter referred to as the “Law” for the sake of brevity) and pursuant to art. 13 of Regulation (EU) 2016/679 (hereinafter shortly referred to as “GDPR”), the Central Bank of the Republic of San Marino, as data controller (hereinafter shortly referred to as “CBSM” or “Data Controller”), provides you with the following information regarding the processing of your personal data (hereinafter referred to as “Personal Data”). Personal Data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

This information notice on privacy (hereinafter the “Information Notice”) relates to the processing by CBSM of the Personal Data of users of the Website https://www.bcsm.sm/ . Users do not necessarily have to provide their Personal Data in order to consult this Website, but only to access some of the services provided, through access to a special reserved area. In this case, the Personal Data collected will be processed by CBSM, as Data Controller, in compliance with applicable laws and confidentiality obligations relating to privacy, for the purposes of institutional communication activities.

 

Identity and Contact Details of the Data Controller
Pursuant to Article 2 of the Law, the Data Controller for the purposes set out below is the Central Bank of the Republic of San Marino, with headquarters and Directorate General in Via Del Voltone no. 120, 47890 - San Marino (Republic of San Marino).

For more information, you may contact the Data Controller by e-mail privacy.titolare@bcsm.sm or by sending a written request to the Central Bank of the Republic of San Marino, Via del Voltone no. 120, 47890 - San Marino (RSM), or by calling at the telephone number +378 0549 882325 or fax number +378 0549 882328.

 

Identity and Contact Details of the Data Protection Officer
Pursuant to Chapter IV of the Law, the Data Controller has appointed as “Data Protection Officer” (hereinafter shortly referred to as “DPO”, Ms. Valentina Rabitti and Mr. Nathaniel Casadei. For all matters relating to the processing of your Personal Data and/or to exercise your rights under the Law itself, as listed in the section “Data Subject’s Rights” of this Information Notice, you may contact the DPOs at the following e-mail address privacy.dpo@bcsm.sm.

 

Identity and Contact Details of the Representative in the European Union
Pursuant to Articles 3 and 27 of the GDPR, it is hereby notified that the Data Controller has appointed as Representative in the European Union Mr. Alberto Paganini, an employee of CBSM, who can be contacted at the following e-mail address: privacy.rappresentanteue@bcsm.sm, telephone number: +378 0549 885310, or by sending a written request to the Central Bank of the Republic of San Marino with registered office in Via del Voltone no. 120, 47890, San Marino (RSM).

 

Place of processing
Data processing connected to this site’s web services takes place at the head office of the Central Bank of the Republic of San Marino, Via del Voltone, 120, 47890, City of San Marino, Republic of San Marino. Said processing is handled only by the technical staff in charge of processing such data, or by those tasked with occasional maintenance operations. No data originating from the web service is communicated or shared.

The personal data supplied by users who ask to receive informational materials (documents, replies to questions, etc.) is used only for the purpose of providing the service or performance requested and is communicated to third parties only if necessary for the stated purpose.

 

Type and source of personal data processed
Navigation data – The computer systems and software procedures in place for the performance of this website gather personal data in the course of their normal operation. The transmission of said data is implicit in web communication protocols. Although this data is not collected in order to be associated with identified interested parties, necessary for internet browsing, by their very nature it could allow users to be identified through processing and association with data held by third parties. In particular, this refers to:

a)  IP addresses or domain names of computers used by users connecting to this website,
b)  addresses in URI (Uniform Resource Identifier) notation of the requested resources,
c)  time of the request,
d)  method used in submitting the request to the server,
e)  size of the file obtained in response,
f)  numeric code indicating the status of the response given by the server (successful, error, etc.),
g)  other parameters relating to the user’s operating system and computer environment.

This data is used for the sole purpose of collecting anonymous statistical information on the use of the site and to ensure that it is functioning properly. It is deleted immediately after it is processed. This data could be used to verify possible liabilities in case of cyber-crimes connected with this site. In all other instances, data on web contacts is not kept for more than seven days.

 

Data provided voluntarily by the user – In order to access certain services reserved for users, it is necessary to register and enter some personal data. The provision of certain identification data is necessary in order to authenticate and verify the eligibility for access in the restricted areas by those logging into them.
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the acquisition of the sender’s address, which is necessary for replies, as well as of any other personal data contained in the message. This data is processed in order to reply to the messages sent and to process any related requests. Failure to provide personal data for communication with the Authority or to send any requests will prevent the processing of such requests. Data is stored for the period strictly necessary for the purposes for which it is processed.
Applications submitted by candidates (trainees, applicants for clerical work) for the purpose of establishing new employment relationships must contain authorisation to process the personal data contained therein, but in any case may be processed by CBSM in order to fulfil the request. It will be the responsibility of any person who subsequently contacts the candidate to provide them with appropriate information on the processing of personal data.

 

Cookies
Cookies are short strings of code that websites visited by users send to the user’s browser (i.e. the browser programme such as Firefox or Chrome) where they are stored and then retransmitted to the same websites on subsequent visits. At the same time, you may also receive cookies on your browser from other websites (so-called “third parties”).
This website uses technical and third party technical cookies.

Technical cookies
Technical cookies allow the performance of activities strictly related to the operation of the website and its improvement and can be divided into:

• Navigation cookies, to store navigation preferences and improve site navigation. These cookies do not collect information for commercial purposes, but are necessary to provide certain services.
• Statistical cookies, which are used to collect, in an anonymous and aggregate form, statistical information on how users browse the site (e.g. number of pages visited and accessed, time spent on the website).
• Functionality cookies, which are used to provide specific site services (e.g. choice of Italian/English language). Information is collected anonymously.

The installation and use of technical cookies do not require the user’s prior consent.
The technical cookies used by CBSM are as follows:

a)  JSESSIONID (it keeps the session id, the duration is for the session only and is indispensable for the reserved area);
b)  ACM-Language (established only on a few occasions, it keeps the language setting and lasts a year).

Once you have logged in to the reserved areas, the CBSM website also uses the following technical cookies (which only last for the browser session, or which are in any case deleted when the user logs out of the reserved area):

c)  ACMUSER (it contains the user_id of the connected user);
d)  ACMTRACK (it contains an alphanumeric identifier that enables correct navigation and session management with reference to CBSM reserved areas).

Analytical and third parties cookies
Cookies of this type are used to gather information about how the website is used. The Data Controller uses this information for statistical analysis, to improve the website and simplify its use, and to monitor its proper functioning. This type of cookies gathers anonymous information on user activity on the website, how the user came to the website and the pages visited. Cookies in this category are sent by the website itself or from third-party domains.

Such cookies, known as “analytical cookies”, which are used to monitor the website use by users for optimisation purposes - provided that they are used directly by the website (without, therefore, the intervention of third parties), as well as analytical cookies created and made available by third parties and used by the website for purely statistical purposes, provided that appropriate tools are used to reduce the power of identification (for example, by masking significant portions of the IP address) and the third party expressly undertakes not to “cross-reference” the information contained in such cookies with any other information available to it, are treated as technical cookies (and therefore, no user consent or other legal fulfilments are required for their installation).

The technical cookies used by CBSM are:
a)  Google Analytics (https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage). These cookies provide statistics to measure and analyse the performance of the website, use IP masking (https://support.google.com/analytics/answer/2763052?hl=it) and therefore only serve to generate statistics on aggregate data and not to identify the user. As such, although they are third-party cookies, they are equated to technical cookies. For the information notice of Google Analytics, please refer to http://www.google.com/intl/en/analytics/privacyoverview.html. For Google’s privacy policy, please refer to http://www.google.com/intl/it/privacy/privacy-policy.html.
Google AdWords & Google Remarketing Cookies
This website may use the Google AdWords advertising service and Google Remarketing technology. Both are managed by Google Inc. Even the tracking function which monitors conversions for AdWords uses cookies. To help us keep track of these conversions, a cookie is added to the user’s computer when the user clicks on an advertisement. This cookie lasts 30 days and neither collects nor tracks information which could personally identify a user. Users can disable tracking cookies for Google conversions in their internet browser settings. In a few cases, cookies can cause problems when accessing or navigating within your AdWords account. When that happens, the best way to remedy the problem is to clear your cache and delete the cookies saved to your Internet browser.  Lastly, the user can disable Google Analytics cookies by downloading a specific browser plug-in from the following URL https://tools.google.com/dlpage/gaoptout.
How to manage cookies within your browser
The user can manage their cookie preferences directly in their browser and prevent, for example, third parties from installing cookies. Previously installed cookies can be deleted by using browser preferences. If the user disables all cookies, the functionality of this website may be impaired.

Third-party websites
This website contains links to other websites that have their own privacy policies; these websites may install cookies when they are reached, but are external to CBSM. These privacy policies may be different from that adopted by the Data Controller, which thus is not accountable for third party websites.
The personal data processing information notices of external platforms linked through the CBSM website can be found at the following addresses:
a)  Linkedln: Privacy
b)  San Marino RTV: Privacy.

If a service for interaction with social networks is installed, it is possible that, even if Users do not use the service, it will collect traffic data relating to the pages on which it is installed. In order to find out what personal data is collected, where they are processed and all the details, users are requested to consult the privacy policies of the social networks involved, which can always be identified by a specific logo or wording on the pages of the website.

Purpose and legal basis of processing: Your personal data will be processed for the following purposes:

1. performance of operations that are strictly necessary in order to provide the services you may have requested, including the implicit request consisting in your navigation through the pages of the website. The acquisition of the data necessary for the provision of services explicitly requested by you takes place exclusively in the reserved area of the website. This website has a purely informational function and nowhere on it, apart from the reserved areas, you will be required to provide personal data;
2. to provide members with institutional services rendered by the Central Bank, as well as the management of the reserved area of the Website, etc.;
3. performance of activities required by laws, regulations or orders;
4. to provide registered users with personalised information in the reserved area;
5. to acquire any information flows pursuant to laws, regulations or orders.

With regard to the processing carried out for the purposes listed above, the same has as its legal basis the need to implement your express requests to receive a service directly available through the website: this is the provision of data strictly necessary and related to the exercise of an interest and/or in fulfilment of legal and/or contractual obligations, which as such does not require consent.

Processing Methods. Your personal data may be processed in the following ways:

• by means of computers using software systems managed by third parties;
• by temporary processing in Anonymous Form.

All data processing is carried out in accordance with the procedures set out in Articles 5 (Lawfulness of processing) and 33 (Security of processing) of the Law and, in particular, the data of visitors/users is processed lawfully and correctly, taking appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of data. The security of Personal Data in the communication session with this website is protected by a digital certificate that uses a cryptographic presentation protocol (TLS), encrypting the information. In addition to the Data Controller, in some cases, categories of persons in charge of organising the website or external parties (such as third party technical service providers and hosting providers) may have access to the data.
In particular, on the basis of their roles and duties workers have been empowered to process Personal Data, within the limits of their spheres of authority and in accordance with the instructions issued to them by the Data Controller.
The disclosure of personal data to External Data Processors, professionals, consultancy firms, etc., will take place through the signing of an appropriate contract of appointment to ensure compliance with the principles of the Law and the applicable regulations. We are available to provide, at any time, a list of the entities to whom we disclose Personal Data and the limits of their use. This list is available at our head office.
CBSM adopts no automated decision-making process, including profiling as referred to in Article 22 of the Law.

Storage Period. Please note that, in accordance with the principles of lawfulness, purpose limitation and minimization of Personal Data, pursuant to Article 5 of the Law, the storage period of your Personal Data is:

• determined for a period of time not exceeding the performance of the services provided;
• determined for a period of time not exceeding the fulfilment of the purposes for which it is collected and processed and in compliance with the mandatory time limits prescribed by law;
• in any case no longer than seven days, except for its subsequent use to ascertain possible liability in the event of cyber-crimes connected with this website.

 

Data Transfer Abroad
The Data Controller does not transfer Personal Data collected through the website to third countries or to international organisations.

Rights of the Data Subject
The data subject may at any time exercise vis-à-vis CBSM the rights provided for by the Law, listed below, which are recognised by the regulations on the protection of Personal Data, by sending a specific request in writing to the Central Bank of the Republic of San Marino S.p.A. under one of the following procedures:

- registered letter addressed to the Central Bank of the Republic of San Marino, with registered office in Via del Voltone, 120 - 47890 San Marino (RSM);

- by sending an e-mail to the following address: privacy.titolare@bcsm.sm; or

- by fax to the number +378 0549 882328.

In the same way, you may at any time withdraw any consent you might have granted through this Information Notice.

 

1. Right of access
   You shall have the right to obtain from CBSM confirmation as to whether or not your Personal Data is being processed and, where that is the case, access to your Personal Data and the information required by Article15 of the Law by being notified, by way of example, of the purposes pursued by the Data Controller, the categories of personal data concerned, the recipients to whom the data may be transmitted, the envisaged period for which the personal data will be stored and the existence of automated decision-making processes.
2. Right to rectification
   You shall have the right to obtain from CBSM without undue delay the rectification of inaccurate Personal Data concerning you, as well as the right, taking into account the purposes of the processing, to have incomplete personal data completed, by providing a supplementary statement.
3. Right to erasure
   You shall have the right to obtain from the Data Controller the erasure of your Personal Data if one of the reasons set forth in Article17 of the Law applies, including, without limitation, if the Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed or if the consent on which the processing of your Personal Data is based has been withdrawn by you and there is no other legal ground for the processing. It is understood that withdrawal of consent will not affect the lawfulness of processing carried out up to that point. Please note that CBSM may not erase your Personal Data if the processing of your Personal Data is necessary, for example, to comply with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
4. Right to restriction of processing
   You shall have the right to obtain the restriction of processing of your Personal Data where one of the cases provided for in Article18 of the Law applies, including but not limited to: if you dispute the accuracy of your Personal Data being processed or if your Personal Data is necessary for the establishment, exercise or defence of legal claims, even though CBSM no longer needs it for the purposes of processing.
5. Right to object
   You shall have the right to object at any time to processing of your Personal Data if the processing is carried out for the performance of an activity in the public interest or in the pursuit of a legitimate interest of the Data Controller (including profiling activities), within the limits set out in Article 21 of the Law. If you decide to exercise your right to object as described herein, CBSM will no longer process your personal data, unless there are compelling legitimate grounds for processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
6. Right to submit a complaint to the Data Protection Authority
   Notwithstanding your right to appeal in any other administrative or jurisdictional venue, if you believe that the processing of your Personal Data by the Data Controller is in breach of the Law and/or applicable regulations, you may lodge a complaint with the competent Data Protection Authority.