it | fr
Logo SimplyMobile

App SimplyMobile - PRIVACY POLICY

Auriga SpA, as data controller, hereby provides with some information on your personal data processing regarding the download and use of SimplyMobile mobile banking app (hereinafter mentioned as 'App').

  1. Data Controller

    The document (hereinafter mentioned as ‘Privacy Policy’) is issued on behalf of the Data Controller: Auriga SpA (hereinafter ‘Auriga’), a joint-stock company under Italian law, with registered office in Altamura (BA), via Selva 101, tax code and VAT no. 05566820725.
    Auriga, as Data Controller, commits to ensuring the compliance of the processing of personal data carried out by Auriga with the Community rules on personal data protection, more precisely with EU Regulation 2016/679 (General Data Protection Regulation, hereinafter mentioned as ‘GDPR’) and its principles. Auriga protects the safety, ethical conduct and transparency of all personal data processing and implements the appropriate measures to allow data subjects to exercise their rights.
    The Data Protection Officer (‘DPO’) appointed by Auriga supervises continued compliance of personal data processing with the GDPR. For any questions about this information, including questions about the User's rights under the GDPR, the User can email the DPO:
    Auriga respects the privacy of the Users (also defined as ‘Data subjects’ in the processing of data) and commits to protecting your personal data. To this end, this Privacy Policy provides the Users with all the information on how Auriga treats their personal data and therefore shares with the Users their rights in terms of privacy, which can be consulted on the website Auriga updates the Privacy Notice on a regular basis and invites the User to consult it regularly via the App or website.
    It is important that the Users’ personal data held by Auriga are accurate and up-to-date. Auriga advises the Users to inform Auriga if their personal data should change during their employment in Auriga.

  2. Purposes of processing of personal data by Auriga

    Auriga processes users’ personal data for the following purposes:

    • Current account balance and transactions (global position, cheque situation, mortgage situation, SDDs, balance history)
    • Communications (online document list, bank communications from/to the bank)
    • Payments
    • Top-ups
    • Multi-user authorizations
    • Archive (bank transfers, giro transfers, top-ups, bills, tax stamp duty, television fee, CBILL, MAV, RAV bills, bank slips, SEPA transfers)
    • Security management
    • Utility
    • Helpdesk
    • Reservations
    • Securities (securities dossier, deposit certificates, shares, VWD trading)

  3. Legal basis of the processing

    Personal data, referred to in the following art. 5, processed by Auriga, have been provided by the Users.
    Some personal data can indeed only be processed with the users’ consent pursuant to Article 6, paragraph 1, lett. a) GDPR.
    Users can withdraw their consent at any time for the future, by making a request to the following DPO Auriga email address
    Auriga processes the personal data it needs to fulfil the aforementioned purposes set out by Article 6, paragraph 1, lett. b) GDPR.
    Other personal data will be processed in accordance with Article 6, paragraph 1, lett. f) GDPR for the pursuit of the legitimate interests of Auriga—Eg. For the optimised and technically error-free provision of the Service referred to in the App.
    Furthermore, it may be required to process personal data to fulfil a legal obligation to which Auriga is subject (article 6, paragraph 1, letter c) GDPR or to protect the fundamental interests of the Users (article 6, paragraph 1, lett. d) GDPR.

  4. Data retention

    Auriga will only keep Users’ personal data for the time reasonably needed to fulfil the purposes Auriga collected them for.
    Auriga may keep Users’ personal data for an even longer period provided for by specific legal obligations or applicable legislation and therefore for compliance purposes. In any case, this is done without prejudice to data retention referred to in Article 4 for legal protection purposes provided for by applicable law. Auriga shall contemplate the following:

    • quantity, nature and sensitivity of personal data
    • potential risk of damage resulting from the unauthorised use or disclosure of Users’ personal data
    • purposes Auriga processes the Users’ personal data for and whether it can achieve these purposes through other means

    in order to set the appropriate retention period for personal data.
    It could in any case happen that the European or national legislator enforces a longer retention period. In such cases, the data will not be deleted or blocked until the corresponding retention period has expired. After this period, the data will be permanently deleted.

  5. Users’ data processed by Auriga

    Downloading and Installing the App
    When Users download the App for installation, Auriga requests consent for the use of interfaces to access functions and contents of the Users’ device in order to collect certain data, including:

    • location: access to the exact location based on GPS and network, access to the network-based approximate location;
    • camera: photo and video capture,
    • network connection information;
    • access to the contact list

    Auriga is required to acquire and process such data to fulfil the existing Contract with the Users, the legal basis is represented by Article 6, paragraph 1, lett. b) GDPR ("Processing is lawful only if and to the extent that ... it is necessary for the execution of a contract of which the data subject is a party or for the execution of pre-contractual measures adopted at the request of the data subject").
    Access to the abovementioned interfaces is required in order to provide the Users with the purposes and services of SimplyMobile App.

    Using SimplyMobile App
    Whenever Users use the App on their device, Auriga collects the so-called server log files. Such data keeps track of all requests and all accesses to the App by Users and records all error messages from an application. They include the following Technical and Usage Data

    • Identification of device used by Users
    • Operating system and version of the aforementioned device
    • Name of manufacturer and version of the device
    • GPS signal quality and phone network
    • Connection IP address and Exact GPS position while opening the App

    The legal basis for processing the aforementioned data is ruled by art. 6, paragraph 1, lett. f) GDPR. Auriga has a legitimate interest in data retention for detecting and fixing App errors, determining its use, improving and optimising its services.
    Data will be deleted when the Users exit the SimplyMobile App session.
    Auriga can also collect aggregate data
    The aggregate data may derive from personal data provided by Users, but are not considered personal data under the law as they do not reveal—either directly or indirectly—the Users’ identity.

    Using Website
    While browsing the Auriga Website, the following information may be collected and stored in the site's server (hosting) log files:

    • internet protocol (IP) address;
    • browser type;
    • device parameters used to connect to the Website;
    • internet service provider (ISP) name;
    • visit date and time;

    The legal basis of processing is ruled by art. 6, paragraph 1, lett. f) GDPR., the website operator has usually a legitimate interest in storing data for detecting and fixing website errors, determining its use, improving and optimising the services offered.
    The purpose of this type of data processing therefore results from the abovementioned legitimate interest of Auriga: detecting and fixing errors website in order to determine its use or make improvements.
    Data collected during the Website operation are kept for the time strictly necessary to take the specified actions. Upon expiry, the data will be deleted or anonymised, unless further purposes envisaged and/or required by law for their conservation arise.

  6. Disclosure of Users’ personal data

    Third party companies
    Auriga may disclose Users personal data—only when necessary for the service provision—to its professional consultants or to companies providing services and are appointed by Auriga (for example, payment service providers, may have access to personal data of Users limited to the time and purposes strictly necessary for the service provision).
    External companies process data on behalf of Auriga as Data Processors.

  7. Data security

    Website and SimplyMobile App, together with other systems, are protected by technical and organizational measures adopted against loss, destruction, access, modification or disclosure of data by unauthorized persons. To this end, Auriga has put into place adequate security measures to detect any suspected breach of personal data for which Auriga reports such breaches to the Users and to any applicable regulatory authority, where legally required.

  8. The rights acknowledged to Users

    Auriga undertakes to respect the rights that the GDPR attributes to data subjects regarding personal data protection. If Users submit a request regarding the exercise of their rights under the Privacy Law, Auriga shall respond within 30 days from the day of request receipt and, where possible, satisfy the Users’ request within such period. If the case may be, in complex cases, such period can be extended up to another 60 days.
    Users can email the DPO banca to exercise their rights as an interested party in the processing of personal data by Auriga. In particular, Users rights are:

    1. Right to be informed (the data Auriga possesses)
    2. Right to access (such data)
    3. Right to rectification
    4. Right to erasure
    5. Right to restriction of processing
    6. Right to data portability
    7. Right to object
    8. Right to lodge a complaint with the national data protection authority.

For more detailed information on the rights recognised to subjects interested in personal data processing, visit the web page of the Italian data protection authority: Italian Data Protection Authority: