When carrying out its supervisory functions as regards the banking and financial system, the Bank of Italy processes personal data in compliance with Regulation (EU) 2016/679 on general data protection (GDPR) and with Legislative Decree 196/2003 (privacy code), as amended by Legislative Decree 101/2018.

The Bank of Italy publishes information on its website about on the methods and purposes of data treatment to make it available to interested parties, in line with Article 14 of the GDPR.

Specifically, it provides information on: the Data Controller; the legal basis for data processing and how data is collected; the categories of personal data obtained; data storage periods and subjects to whom the data may be communicated; how to exercise data protection rights; and the contact details for the Data Controller and the Data Protection Officer.

Data processing is necessary for the purposes of supervising the banking and financial system and is therefore carried out in the public interest or in connection with the exercise of institutional powers; according to the current legislation, it is therefore not necessary to have the consent of interested parties.

To protect the parties involved, the Bank of Italy has adopted technical and organizational measures suitable for ensuring the confidentiality of personal data and for preventing unlawful access to such data by third parties or non-authorized personnel.

Any updates to this information will be made available promptly through the appropriate channels and any processing purpose other than those for which the data were collected will be communicated.