This information notice is provided for pursuant to Article 13 of Regulation (EU) 2016/679 (“Regulation” or “GDPR”) to those users who browse the following website:

and its subdomains

(collectively, the "Website")

This information notice describes how the Website is managed with reference to the processing of personal data referring to users who browse it. The information notice applies to the Website only, any website to which the user may be redirected via links that may be available on the Website is excluded.


Consorzio ABI Lab, Centro di Ricerca e Innovazione per la Banca, with registered office in Rome (RM), Piazza del Gesù, 49 - 00186, e-mail address, in the person of its legal representative pro tempore is the data controller of your personal data (“ABI Lab” or the “Data Controller”).


The Data Controller has appointed a data protection officer (“Data Protection Officer” or “DPO”). The DPO can be contacted by email at


Personal Data” means any information capable of identifying, directly or indirectly, a natural person, in this case, you that, as user, are browsing the Website (“Data”).

In particular, the Data Controller processes the following Data:

  1. IP address, domain name and URL associated to the device you used;
  2. browsing data;
  3. browsing history;

as well as, in case you made any request through forms available on the Website:

  1. your first and last name;
  2. your contact details (i.e., telephone and e-mail address);
  3. company and, if applicable, role;
  4. any other Data you have voluntarily provided and necessary to satisfy your request.

When you visit the Website, ABI Lab may collect your Data both indirectly (e.g., by tracking the IP address and URL of your device to monitor the use of the Website) and directly (e.g., if you voluntarily enter your Data in dedicated forms or create a profile on the Website). In this second case, the processing will be either (i) governed by information notices specifically drafted and provided from time to time by the Data Controller to which you should refer for further details; or, where no additional information notice is provided, (ii) carried out for the purposes identified below as applicable from time to time.

Your Data, whether collected directly or indirectly, may be processed by the Data Controller in order to carry out activities concerning the management and administration of the Website, as well as to improve the users’ browsing experience.

In any case, the Data Controller undertakes to collect only information that is adequate, relevant, and limited to what is strictly necessary to achieve the purposes pursued from time to time, and ensures that this does not lead to a limitation or other violation of your rights and freedoms as data subject.


  • Management of requests made through the Website

  • Your Data, if necessary, may be processed by the Data Controller in order manage the requests you might have made through any forms or links available on the Website.

    Such processing is based on the legal ground set out under Article 6, para. 1, lett. b), GDPR.

  • Compliance with legal obligations

  • The Data Controller may process the Data collected through the Website in order to comply with its obligations under laws, regulations, or by supervisory and control bodies or other authorities legitimated to do so.

    Such processing is based on the legal ground set out in Article 6, para. 1, lett. c), GDPR.

    The provision of Data for this purpose is mandatory. In case of you decide not to provide Data, the Data Controller cannot ensure the correct management of your requests.

  • Defense of the Data Controller’s rights

  • The Data Controller may process the Data to assert and defend its rights.

    Where necessary, the processing will be based on the legal ground set out in Article 6, para. 1, lett. f), GDPR.

    5. COOKIES

    Cookies are pieces of information sent by a web server (e.g., the website) to the user's Internet browser, which are automatically stored on the computer and automatically sent back to the server each time the website is accessed.

    ABI Lab uses cookies to provide certain information to users of the Website and to obtain statistics on accesses to the Website and on how it is used; the Data Controller may also use cookies for advertising and promotional purposes.

    By default, almost all browsers are set to automatically as to accept cookies. Users can set their device's browser as to accept/reject all cookies or to display a warning whenever a cookie is offered so that they can consider whether to accept it. The user can, however, change the default configuration and disable cookies (i.e., block them permanently) by setting on its browser the highest level of protection.

    For any other information on the characteristics, classification, use and ways to remove, delete or disable cookies used on the Website, please refer to the specific cookie policies:


    The Website’s server is located is in Italy.

    Your Data may be transferred to external companies that offer ABI Lab maintenance and development services for the Website and, in general, IT services, specifically appointed as data processors, as well as, where such communication is possible or required by law, communicated to other companies or public bodies located within the European Economic Area, which will process them for their own purposes as independent data controllers.

    Your Data may also be transferred to third party companies located outside the European Economic Area that provide outsourcing technological services to the Data Controller; should such transfer be necessary, we will ensure that the recipients of your Data have adopted appropriate security measures to ensure their protection in accordance with the Regulation.


    We process your Data for the time strictly necessary to achieve the purposes above.

    The retention periods of Data indirectly collected by the Data Controller through cookies are listed in the specific Cookie Policy.

    In case you have directly provided us with your Data through the Website, such Data will be deleted in accordance with the terms set out in the dedicated information notices provided for by the Data Controller from time to time. Where the processing of Data directly collected is governed by this information notice and is functional to achieving the purposes set out in paragraph 4 above, depending on the purpose of processing, the retention periods provided will be the following:

    1. Management of the requests you made through the Website: Data will be processed only for the time necessary for the proper management of your request; afterwards, Data will be kept for further 6 years from the date in which the request has been satisfied, to comply with any legal obligation or for reasons of protection of the Data Controller’s rights only;
    2. Compliance with legal obligations/defense of Data Controller’ rights: Data will be processed during the period necessary to manage your request and, thereafter, will be kept for further 6 years from the date of the last request you presented, exclusively for purposes related to the compliance of legal obligations or to defend Data Controller’s rights.

    Data Controller reserves the right to retain the so-called log data for longer periods in order to be able to deal with any crimes committed against the Website (e.g., hacking).


    You, as a data subject, have the right to:

    • access and request copies of the Data;
    • request to rectify or update the Data, where inexact or incomplete;
    • request, under certain circumstances, the deletion of the Data or the limitation of the processing;
    • invoke your right to portability of the Data;
    • object to the processing (where applicable);
    • revoke the consent, where the processing of the Data is based on that legal ground.

    Lastly, you may at any time lodge a complaint before the Italian Data Protection Authority.

    In order to obtain more information as to your rights, please contact the Data Controller at its e-mail address or the DPO at this email address:


    The Data Controller has the right to modify and/or update this information notice.

    [version updated on November 2021]