INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA NAVIGATION ON THE WEBSITE WWW.BCSM.SM
pursuant to Article no. 13 of Law no. 171 of 21 December 2018 Protection of natural persons with regard to the processing of personal data
Pursuant to and in compliance with the current legislation on the protection of personal data and in particular pursuant to Article no. 13 of Law no. 171 of 21 December 2018, titled Protection of natural persons with regard to the processing of personal data (hereinafter referred to as the Law for the sake of brevity) and pursuant to art. 13 of Regulation (EU) 2016/679 (hereinafter shortly referred to as GDPR), the Central Bank of the Republic of San Marino, as data controller (hereinafter shortly referred to as CBSM or Data Controller), provides you with the following information regarding the processing of your personal data (hereinafter referred to as Personal Data). Personal Data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
This information notice on privacy (hereinafter the Information Notice) relates to the processing by CBSM of the Personal Data of users of the Website https://www.bcsm.sm/ . Users do not necessarily have to provide their Personal Data in order to consult this Website, but only to access some of the services provided, through access to a special reserved area. In this case, the Personal Data collected will be processed by CBSM, as Data Controller, in compliance with applicable laws and confidentiality obligations relating to privacy, for the purposes of institutional communication activities.
Identity and Contact Details of the Data Controller
Pursuant to Article 2 of the Law, the Data Controller for the purposes set out below is the Central Bank of the Republic of San Marino, with headquarters and Directorate General in Via Del Voltone no. 120, 47890 - San Marino (Republic of San Marino).
For more information, you may contact the Data Controller by e-mail firstname.lastname@example.org or by sending a written request to the Central Bank of the Republic of San Marino, Via del Voltone no. 120, 47890 - San Marino (RSM), or by calling at the telephone number +378 0549 882325 or fax number +378 0549 882328.
Identity and Contact Details of the Data Protection Officer
Pursuant to Chapter IV of the Law, the Data Controller has appointed as Data Protection Officer (hereinafter shortly referred to as DPO, Ms. Valentina Rabitti and Mr. Nathaniel Casadei. For all matters relating to the processing of your Personal Data and/or to exercise your rights under the Law itself, as listed in the section Data Subjects Rights of this Information Notice, you may contact the DPOs at the following e-mail address email@example.com.
Identity and Contact Details of the Representative in the European Union
Pursuant to Articles 3 and 27 of the GDPR, it is hereby notified that the Data Controller has appointed as Representative in the European Union Mr. Alberto Paganini, an employee of CBSM, who can be contacted at the following e-mail address: firstname.lastname@example.org, telephone number: +378 0549 885310, or by sending a written request to the Central Bank of the Republic of San Marino with registered office in Via del Voltone no. 120, 47890, San Marino (RSM).
Place of processing
Data processing connected to this sites web services takes place at the head office of the Central Bank of the Republic of San Marino, Via del Voltone, 120, 47890, City of San Marino, Republic of San Marino. Said processing is handled only by the technical staff in charge of processing such data, or by those tasked with occasional maintenance operations. No data originating from the web service is communicated or shared.
The personal data supplied by users who ask to receive informational materials (documents, replies to questions, etc.) is used only for the purpose of providing the service or performance requested and is communicated to third parties only if necessary for the stated purpose.
Type and source of personal data processed
Navigation data The computer systems and software procedures in place for the performance of this website gather personal data in the course of their normal operation. The transmission of said data is implicit in web communication protocols. Although this data is not collected in order to be associated with identified interested parties, necessary for internet browsing, by their very nature it could allow users to be identified through processing and association with data held by third parties. In particular, this refers to:
a) IP addresses or domain names of computers used by users connecting to this website,
b) addresses in URI (Uniform Resource Identifier) notation of the requested resources,
c) time of the request,
d) method used in submitting the request to the server,
e) size of the file obtained in response,
f) numeric code indicating the status of the response given by the server (successful, error, etc.),
g) other parameters relating to the users operating system and computer environment.
This data is used for the sole purpose of collecting anonymous statistical information on the use of the site and to ensure that it is functioning properly. It is deleted immediately after it is processed. This data could be used to verify possible liabilities in case of cyber-crimes connected with this site. In all other instances, data on web contacts is not kept for more than seven days.
Data provided voluntarily by the user In order to access certain services reserved for users, it is necessary to register and enter some personal data. The provision of certain identification data is necessary in order to authenticate and verify the eligibility for access in the restricted areas by those logging into them.
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this site entails the acquisition of the senders address, which is necessary for replies, as well as of any other personal data contained in the message. This data is processed in order to reply to the messages sent and to process any related requests. Failure to provide personal data for communication with the Authority or to send any requests will prevent the processing of such requests. Data is stored for the period strictly necessary for the purposes for which it is processed.
Applications submitted by candidates (trainees, applicants for clerical work) for the purpose of establishing new employment relationships must contain authorisation to process the personal data contained therein, but in any case may be processed by CBSM in order to fulfil the request. It will be the responsibility of any person who subsequently contacts the candidate to provide them with appropriate information on the processing of personal data.
Cookies are short strings of code that websites visited by users send to the users browser (i.e. the browser programme such as Firefox or Chrome) where they are stored and then retransmitted to the same websites on subsequent visits. At the same time, you may also receive cookies on your browser from other websites (so-called third parties).
This website uses technical and third party technical cookies.
Technical cookies allow the performance of activities strictly related to the operation of the website and its improvement and can be divided into:
The installation and use of technical cookies do not require the users prior consent.
The technical cookies used by CBSM are as follows:
a) JSESSIONID (it keeps the session id, the duration is for the session only and is indispensable for the reserved area);
b) ACM-Language (established only on a few occasions, it keeps the language setting and lasts a year).
Once you have logged in to the reserved areas, the CBSM website also uses the following technical cookies (which only last for the browser session, or which are in any case deleted when the user logs out of the reserved area):
c) ACMUSER (it contains the user_id of the connected user);
d) ACMTRACK (it contains an alphanumeric identifier that enables correct navigation and session management with reference to CBSM reserved areas).
Analytical and third parties cookies
Cookies of this type are used to gather information about how the website is used. The Data Controller uses this information for statistical analysis, to improve the website and simplify its use, and to monitor its proper functioning. This type of cookies gathers anonymous information on user activity on the website, how the user came to the website and the pages visited. Cookies in this category are sent by the website itself or from third-party domains.
Such cookies, known as analytical cookies, which are used to monitor the website use by users for optimisation purposes - provided that they are used directly by the website (without, therefore, the intervention of third parties), as well as analytical cookies created and made available by third parties and used by the website for purely statistical purposes, provided that appropriate tools are used to reduce the power of identification (for example, by masking significant portions of the IP address) and the third party expressly undertakes not to cross-reference the information contained in such cookies with any other information available to it, are treated as technical cookies (and therefore, no user consent or other legal fulfilments are required for their installation).
The technical cookies used by CBSM are:
Google AdWords & Google Remarketing Cookies
How to manage cookies within your browser
The user can manage their cookie preferences directly in their browser and prevent, for example, third parties from installing cookies. Previously installed cookies can be deleted by using browser preferences. If the user disables all cookies, the functionality of this website may be impaired.
This website contains links to other websites that have their own privacy policies; these websites may install cookies when they are reached, but are external to CBSM. These privacy policies may be different from that adopted by the Data Controller, which thus is not accountable for third party websites.
The personal data processing information notices of external platforms linked through the CBSM website can be found at the following addresses:
a) Linkedln: Privacy
b) San Marino RTV: Privacy.
If a service for interaction with social networks is installed, it is possible that, even if Users do not use the service, it will collect traffic data relating to the pages on which it is installed. In order to find out what personal data is collected, where they are processed and all the details, users are requested to consult the privacy policies of the social networks involved, which can always be identified by a specific logo or wording on the pages of the website.
Purpose and legal basis of processing: Your personal data will be processed for the following purposes:
With regard to the processing carried out for the purposes listed above, the same has as its legal basis the need to implement your express requests to receive a service directly available through the website: this is the provision of data strictly necessary and related to the exercise of an interest and/or in fulfilment of legal and/or contractual obligations, which as such does not require consent.
Processing Methods. Your personal data may be processed in the following ways:
All data processing is carried out in accordance with the procedures set out in Articles 5 (Lawfulness of processing) and 33 (Security of processing) of the Law and, in particular, the data of visitors/users is processed lawfully and correctly, taking appropriate security measures to prevent unauthorised access, disclosure, modification or destruction of data. The security of Personal Data in the communication session with this website is protected by a digital certificate that uses a cryptographic presentation protocol (TLS), encrypting the information. In addition to the Data Controller, in some cases, categories of persons in charge of organising the website or external parties (such as third party technical service providers and hosting providers) may have access to the data.
In particular, on the basis of their roles and duties workers have been empowered to process Personal Data, within the limits of their spheres of authority and in accordance with the instructions issued to them by the Data Controller.
The disclosure of personal data to External Data Processors, professionals, consultancy firms, etc., will take place through the signing of an appropriate contract of appointment to ensure compliance with the principles of the Law and the applicable regulations. We are available to provide, at any time, a list of the entities to whom we disclose Personal Data and the limits of their use. This list is available at our head office.
CBSM adopts no automated decision-making process, including profiling as referred to in Article 22 of the Law.
Storage Period. Please note that, in accordance with the principles of lawfulness, purpose limitation and minimization of Personal Data, pursuant to Article 5 of the Law, the storage period of your Personal Data is:
Data Transfer Abroad
The Data Controller does not transfer Personal Data collected through the website to third countries or to international organisations.
Rights of the Data Subject
The data subject may at any time exercise vis-ŕ-vis CBSM the rights provided for by the Law, listed below, which are recognised by the regulations on the protection of Personal Data, by sending a specific request in writing to the Central Bank of the Republic of San Marino S.p.A. under one of the following procedures:
- registered letter addressed to the Central Bank of the Republic of San Marino, with registered office in Via del Voltone, 120 - 47890 San Marino (RSM);
- by sending an e-mail to the following address: email@example.com; or
- by fax to the number +378 0549 882328.
In the same way, you may at any time withdraw any consent you might have granted through this Information Notice.