Privacy Policy

Dear Customer,
in this document, in compliance with the regulations on data protection and privacy in the electronic communications sector, Kruso Kapital S.p.A. will provide information to help you to understand what data are collected when you browse our website and how they are used. The information provided below is based on Recommendation 2/2001 adopted by the European Data Protection Authorities on 17 May 2001, within the Working Party established by Article 29 of Directive 95/46/EC, to identify certain minimum requirements for the collection of personal data online, and, in particular, the manner, timing and nature of the information that data controllers must provide Users when they connect to web pages, regardless of the purpose of the connection.

Data Controller: Kruso Kapital S.p.A., with registered office in Milano, Largo Augusto 1/A, ang. via Verziere 13 - 20122 Milano

The Data Protection Officer (DPO) may be contacted at the:

postal address of Kruso Kapital S.p.A.: Largo Augusto 1/A, ang. via Verziere 13, 20122 Milano
email address:


Browsing Data 

The IT systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are used for the sole purpose of obtaining statistical information on the use of the site and to check its correct functioning.
These data are processed for the following purposes:

  • to fulfill the requirements dictated by national and EU regulations as well as the provisions issued by the Supervisory and Control Bodies; in this case the data processing is mandatory and consent is not required;
  • to pursue a legitimate interest of the Company or of Group companies if such interests are not in conflict with the interests or fundamental rights and freedoms of the interested parties (article 6.1 letter f of EU Regulation no. 679/2016), namely:
    • the ascertainment of responsibility in the event of hypothetical computer crimes against the site and for investigations in the event of any disputes;
    • obtain anonymous statistical information on the use of the site and to check its correct functioning, as well as for measurement purposes, improvement of the services offered and of the Site.    

The processing of personal data deriving from the installation and use of the Company's APPs is carried out to allow the use of the services distributed through this application. After downloading and installing the app, the model used as well as the type and version of the operating system used are automatically detected by the mobile device. This information helps the Company to provide the requested services and to manage the app, analyze its use, protect the app and its content from inappropriate or inappropriate use and improve the user experience. Personal data is used to make the app available, maintain and improve it, and communicate with users. Furthermore, the download of the App is used as numerical data for the sole purpose of obtaining anonymous statistical information about the number of users who download the App.

Data provided voluntarily by the user

The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site involves the subsequent acquisition of the sender's address and any other personal data included in the message. These data will be used for the sole purpose of performing the service and responding to customer requests. Specific summary information is reported or displayed on the pages of the site that may be set up for particular services on request.


The data will be processed manually, digitally and electronically using methods strictly related to the purposes for which they were collected. Specific security measures are implemented to prevent data loss, unlawful and incorrect use, and unauthorised access. This processing takes place within the limits to which you have given your voluntary consent. You have the right at any time to request the users of these solutions to delete the information collected through cookies.

Rights of Data Subjects

You may exercise your rights under Articles 15 to 23 of the GDPR at any time by contacting:

Kruso Kapital S.p.A.
Largo Augusto 1/A, ang. via Verziere 13 - 20122 Milano
Email address: compliance& 
DPO email address:

The exercise of the rights indicated in this section is not subject to any form of restriction and is free of charge. The Data Controller shall be obliged to provide information on action taken by the data subject without undue delay and within one month of receipt of the request. Extensions are permitted under Article 12(3) of the EU Regulation. You may exercise the following rights in relation to the processing described in this information notice:

  • right of access;
  • right to rectification, anonymisation or erasure of data;
  • right to withdraw the prior consent at any time, without affecting the lawfulness of processing based on the consent before its withdrawal;
  • right to restriction of processing;
  • right to data portability;
  • right to object;
  • right to object to direct marketing;
  • right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) if you believe that your rights have not been respected.

Any rectification or erasure of personal data or restriction of processing carried out upon request from the data subject - unless it proves impossible or involves disproportionate effort - shall be notified by the Data Controller to each recipient to whom the personal data have been disclosed.


The data collected may be transferred or disclosed to other companies of the Banca Sistema banking group for activities strictly related and instrumental to the operation of the service, such as the management of the IT system, or for processing carried out by other companies in the group for the same purposes. The personal data provided by users voluntarily by e-mail sent to the addresses indicated on this site are used only to perform the service or provision requested and are communicated to third parties only if this is necessary for that purpose. Apart from these cases, the data will not be communicated or granted to anyone, except for contractual provisions or explicit authorization by the subjects. No data from the web service are disclosed.