Privacy Policy
Global Banking Day 2023

Data Controller

GI GROUP HOLDING S.p.A. based in Piazza IV Novembre 5, 20124 Milan
telephone n.: +3902444111


Data Protection Officer (DPO)

Piazza IV Novembre 5, 20124 Milan (Italy), to the attention of the “Data Protection Officer”, e-mail:


Categories of Personal data

Identification and contact data, including name, surname, e-mail, job title, country and company.


Why are your personal data processed and what is the condition that makes the processing lawful?


1. To process webinar registration requests and to e – mail participants the webinar material.

Pursuant to art. 6(1)(B) of the GDPR, the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

How long do we keep your personal data?
For 30 days following the execution of the event.


2. To enable the sending of information communications regarding future editions of the event.

The legal basis applicable to the processing of personal data is the legitimate interest of the data controller pursuant to Article 6(1)(f) of the GDPR.

How long do we keep your personal data?
For 1 year following the execution of the event.


After the aforementioned retention periods have elapsed, Personal Data will be destroyed, deleted or anonymised, subject to technical deletion and backup procedures.


Processing methods

The processing of the data shall be based on the principles of fairness, lawfulness, transparency and data minimisation (privacy by design); It may be carried out either manually or by automated means, and shall take place by means of technical and organisational measures that are appropriate, insofar as reasonably necessary and in accordance with the state of the art, to ensure, among other things, the security, confidentiality, integrity, availability and resilience of the systems and services, avoiding the risk of loss, destruction, unauthorised access or disclosure or, in any event, unlawful use, as well as by means of reasonable measures to delete or rectify in a timely manner any data that are inaccurate in relation to the purposes for which they are processed.


Nature of data provision and consequences of refusal

The provision of personal data marked with an asterisk in the data collection form is compulsory; therefore, refusal to provide such personal data will not allow the Company to process requests to participate in the webinar. In particular, the e-mail address is necessary in order to enable the sending of material relating to the event (slides).


Data recipients

Personal data may only be processed by employees of the company functions authorised to process them as they are responsible for pursuing the aforementioned purposes, who have been expressly authorised to do so and have received adequate operational instructions.

Personal data may also be processed, on behalf of the Company, by third parties who provide performances or services instrumental to the purposes indicated in this information notice, to whom adequate operating instructions are given, designated as Data Processors pursuant to Article 28 of the GDPR. These subjects are included in the following categories:

  • Companies providing telecommunication services.

The list of data recipients is constantly updated and can be easily found free of charge by sending a written communication to the data controller or an e-mail to

Finally, data may be transferred to countries outside the European Union (EU) or the European Economic Area (EEA), in particular to the United States, where the above-mentioned communication service providers are established. In this case, the transfer will take place in compliance with the indications set out in Chapter V of the GDPR (e.g. Standard Contractual Clauses), taking into account that data transferred to US entities may be subject to access by local public authorities under applicable legislation.

Finally, we remind you that your personal data will not be disclosed.


Data subjects rights

You may request from the data controller access to the personal data concerning you, their rectification or erasure, the integration of incomplete personal data, the restriction of processing in the cases provided for by Article 18 GDPR, as well as the objection to processing in cases of legitimate interest of the data controller.

You also, for cases where processing is based on consent or contract and is carried out by automated means, have the right to exercise the right to data portability, i.e. to receive in a structured, commonly used and machine-readable format your personal data, as well as, if technically feasible, to transmit them to another data controller without obstruction.

At any time, you may file a complaint with the Data Protection Authority, as well as resort to the other means of protection provided for by the applicable legislation.

These rights may be exercised by sending a written communication to the data controller at the above address or by e-mail to