Cookie Policy ENG

Cookie Policy

Foreword

This document describes how cookies and other possible tracking tools are used by the website bancone.ai (hereinafter also referred to as the “Site”).

This cookie policy covers both the main domain www.bancone.ai and the subdomains, including but not limited to app.bancone.ai, aml.bancone.ai and any other domain configured for single-tenant use, unless otherwise stated.

Cookies are managed in compliance with Italian and European legislation on the protection of personal data, with particular reference to Article 122 of Legislative Decree no. 196 of 30 June 2003 (“Personal Data Protection Code”, hereinafter “Privacy Code”) and Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”). This policy is drafted in compliance with the “Cookies and other tracking tools guidelines” adopted by the Italian Data Protection Authority on 10 June 2021 (hereinafter the “Authority’sGuidelines”). Explicit adherence to these Guidelines from the outset underlines the Data Controller’s commitment to full regulatory compliance and protection of user privacy. The Site undertakes to make the information contained herein clear, formulated in plain language and accessible to all users, including those who, due to disabilities, require assistive technologies or special configurations, in line with the requirements of the Garante.

1. Data Controller

The Data Controller of personal data collected through the website is:

RE:LAB S.r.l.

Via Monti Urali, 13, 42122 Reggio Emilia (RE) – Italy

Email address for privacy issues: support@bancone.ai

Any other contacts: +39 (0) 522 1409350

2. What are cookies and other tracking tools

Cookies are, as a rule, small text strings that websites visited by the user (so-called “publishers” or “first parties”) or different websites or web servers (so-called “third parties”) place and store – directly, in the case of publishers, and indirectly, i.e. via the latter, in the case of “third parties” – in a terminal device available to the user (e.g. computer, tablet, smartphone).

Cookies perform various functions, including session tracking, storing information on specific configurations of users accessing the server, facilitating the use of online content, and speeding up the loading of web pages.

In addition to cookies, there are other tracking tools that, while using different technologies, enable similar processing. These include, for example, ‘passive identifiers’ such as fingerprinting, a technique that allows the user’s device to be identified by collecting information about its specific configuration. It is important to note that while cookies (‘active identifiers’) can often be managed or removed by the user directly from their browser, passive identifiers offer more limited control to the user, depending more on the actions of the site owner.

Cookies may have a variable duration:

Session cookies: These are automatically deleted when the browser is closed.
Persistent cookies: They remain stored on the user’s device for a set period of time, even after the browser is closed.

3. Types of cookies and other tracking tools used by this Site and purposes

The classification of cookies and other tracking tools responds primarily to the purpose for which they are used, distinguishing mainly between technical cookies and profiling cookies. This distinction is fundamental as it determines the applicable legal regime, in particular as regards the need or otherwise to acquire the user’s prior consent.

Criteria for encoding identifiers: In line with the recommendations of the Garante, which highlighted the lack of a universally accepted system of semantic encoding of cookies, this Site adopts internal criteria for classifying the identifiers used (e.g. based on the function performed, the provider, the duration and the need for consent). This practice aims to guarantee the greatest possible transparency towards users and the Control Authority, making the principles guiding the management of these tools manifest. This approach responds to the need for clarity and allows an easier understanding of the technologies used and their privacy implications.

3.1. Technical Cookies

Definition: Technical cookies are those used for the sole purpose of ‘carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the contracting party or user to provide such a service’ (cf. Art. 122(1) of the Privacy Code).

Consent: The user’s prior consent is not required for the use of technical cookies. Their installation is, in fact, a prerequisite for the proper functioning of the Site or for the provision of services requested.

Examples for bancone.ai:

Consent management cookies: A technical cookie is used to store the user’s preferences regarding consent to the use of non-technical cookies (e.g. to remember whether the user has closed the banner or made analytical choices), thus avoiding the repetition of the request on each subsequent visit, within the time limits provided for by the legislation.

Table: Technical Cookies Used by bancone.ai

This table provides a detailed list of the technical cookies used by the Site, specifying their provider, purpose and duration. This transparency is also required for cookies that do not require prior consent.

Cookie Name	Provider (Cookie Domain)	Purpose	Duration (approximate)
pressidium_cookie_consent	.bancone.ai	Store the user’s consent preferences.	About 12 months
wp_consent_functional	bancone.ai	Store consent preferences for functional cookies.	About 12 months
wp_consent_marketing	bancone.ai	Store consent preferences for marketing cookies.	About 12 months
wp_consent_preferences	bancone.ai	Store consent preferences for preference cookies.	About 12 months
wp_consent_statistics	bancone.ai	Store consent preferences for statistical cookies.	About 12 months
wp_consent_statistics-anonymous	bancone.ai	Store consent preferences for anonymous statistical cookies.	About 12 months

3.2. Analytical Cookies (equivalent to Technical Cookies)

Definition: Analytical cookies are used to collect information, in aggregated and anonymous form, on the number of users and how they visit the site (e.g. pages visited, time spent), in order to improve its functioning.

Conditions of the Italian Data Protection Authority (Autorità Garante Italiana per la Protezione dei Dati Personali) for equating technical cookies (exemption from prior consent):

They are only used to produce aggregate statistics and in relation to a single site or mobile application.
For those of third parties (such as Google Analytics), at least the fourth component of the IP address is masked. This measure significantly reduces the identifying power of the IP address.
Third parties providing the service (e.g. Google) contractually refrain from combining the analytics cookies, thus minimised, with other processing (e.g. customer files or statistics of visits to other sites) or passing them on to other third parties. However, third parties are permitted to produce statistics with data from several domains, websites or apps that can be traced back to the same publisher or business group.
A site owner who carries out purely statistical processing of data relating to several domains, websites or apps that can be traced back to him may also use unencrypted data, subject to the purpose constraint.

Google Analytics

This Site uses the Google Analytics service provided by Google LLC. For this service, measures have been taken to anonymise users’ IP addresses by masking the fourth component of the IP address for IPv4 addresses before any processing or storage by Google. The data collected through Google Analytics are only used for the purpose of compiling aggregate and anonymous statistics about the use of the Website by visitors. These data will not be cross-referenced by Google with any other information in its possession, nor will they be transmitted by Google to third parties, in accordance with the conditions established by the Data Protection Authority for the assimilation of these analytical cookies to technical cookies. Therefore, for the use of these specific analytical cookies thus configured, the prior consent of the user is not required. The precision in describing these measures is crucial, given the particular attention of the Garante and the European authorities towards US service providers and data transfers.

Table: Analytical Cookies (equivalent to Technical) Used by bancone.ai

Cookie Name	Provider (Cookie Domain)	Purpose	Duration (approximate)	IP Anonymization	Provider’s Privacy Policy Link	Provider’s Opt-Out Form Link
_ga	.bancone.ai (Google LLC)	Google LLC. Main Google Analytics cookie, used to distinguish users (anonymous form).	Approximately 2 years	Yes, masking of the fourth IP component.	https://policies.google.com/privacy	https://tools.google.com/dlpage/gaoptout
_ga_LB59ST3PGS	.bancone.ai (Google LLC)	Google LLC. GA property-specific cookie, used to distinguish users and maintain session state (anonymous form).	Approximately 2 years	Yes, masking of the fourth IP component.	https://policies.google.com/privacy	https://tools.google.com/dlpage/gaoptout

Note on International Transfers for Google Analytics: Despite the anonymisation measures taken in accordance with the Garante’s indications to equate Google Analytics cookies with technical cookies, the user is informed that the data collected may be technically processed by Google LLC. in the United States of America. The Data Controller has configured the service to minimise the processing of personal data and has checked the guarantees offered by Google. However, users are advised to read Google’s privacy policy and to consider the general regulatory context regarding transfers of personal data between the European Union and the United States.

3.3. Profiling cookies (and other non-technical tracking tools)

Definition: Profiling cookies are used to link specific actions or recurring behavioural patterns in the use of the offered functionalities (patterns) to specific identified or identifiable subjects in order to group the different profiles within homogeneous clusters of different sizes. This enables the owner, among other things, to modulate the provision of the service in an increasingly personalised manner, as well as to send targeted advertising messages, i.e. in line with the preferences expressed by the user when surfing the web.

Consent: The use of profiling cookies and other non-technical tracking tools requires the prior, informed, specific and unambiguous consent of the user. Such consent must be obtained through mechanisms that comply with the Guidelines issued by the Italian Data Protection Authority.

Currently, the bancone.ai Site does not use profiling cookies, either first-party or third-party. Should the Site decide to use such tools in the future, this section of the policy will be promptly updated and the necessary procedures for acquiring consent will be implemented.

4. Legal basis for processing and provision of data

The legal basis for the processing of personal data collected via cookies varies according to the type of cookie:

Technical and anonymised analytical cookies (equivalent to technical cookies): The processing of data by means of technical cookies is necessary to ensure the proper functioning of the Site and to provide the services requested by the user. The legal basis lies in Article 122(1) of the Privacy Code, which exempts such cookies from the requirement of prior consent, as they are strictly necessary for the transmission of a communication or to provide an explicitly requested service. In terms of the GDPR, this can be traced back to the performance of a service requested by the user (Art. 6.1.b GDPR) or, for certain functional aspects not strictly related to the direct request but to the improvement of navigation, to the legitimate interest of the Data Controller (Art. 6.1.f GDPR) to provide an efficient and functional website, always respecting the rights and freedoms of users. The provision of data via these cookies is, in fact, necessary for browsing the Site. Disabling them via the browser settings (described below) may make it impossible to use certain features of the Site correctly.
Profiling cookies (and other non-technical tracking tools): As indicated, the Site currently does not use profiling cookies. Should they be implemented, the legal basis for their processing would be exclusively the specific, free, informed and unequivocal consent of the user (Art. 6(1)(a) of the GDPR and Art. 122 of the Privacy Code). The provision of data through these cookies would be optional and refusal of consent would not prevent navigation of the Site.

5. Modalities of expression and revocation of consent

In accordance with the Guarantor’s Guidelines, the methods for managing consent for non-technical cookies (if used in the future) are as follows:

Acquisition of Consent:
- Information Banner: The first time the user accesses any page of the Site, an appropriately sized banner containing a short information notice is immediately displayed. Such banner:
  - specifies that the Site uses technical cookies and that, subject to the user’s consent, it may also use profiling cookies or other tracking tools, indicating their purpose.
  - contains the warning that closing the banner by selecting the appropriate command marked with an X (usually placed at the top right inside the banner itself) entails the continuation of the default settings and therefore the continuation of navigation in the absence of cookies or other tracking tools other than technical ones.
  - includes a link to this full Cookie Policy (extended policy), accessible with one click.
  - Presents a command to allow the user to accept the installation of all non-technical cookies.
  - provides a link to a dedicated area where users can choose in an analytical and granular manner the functionalities, third parties and individual cookies to which they wish to give consent. In this area, in order to respect the principle of privacy by default, all options relating to non-technical cookies are preset to “denied”, requiring a positive action by the user for activation.
Withdrawal of Consent and Modification of Choices: You have the right to change your choices or withdraw your previously given consent for non-technical cookies at any time, in a simple, immediate and intuitive way. To this end, there is a permanent link in the footer of each page of the Site that allows you to access the cookie preference management panel again.

6. How to disable cookies via browser configuration

The user can manage the cookie preferences directly via the browser settings. Almost all browsers allow to:

View installed cookies and delete them individually or completely.
Block third-party cookies.
Block cookies from specific sites.
Block the installation of all cookies.
Delete all cookies when closing the browser. It is important to note that disabling all cookies from your browser, including technical cookies, may affect the proper functioning of certain sections of the Site or prevent access to certain services. Below we provide links to the support pages of the main browsers with instructions on how to manage cookies:
Google Chrome: https://support.google.com/chrome/answer/95647?hl=it
Mozilla Firefox: https://support.mozilla.org/it/kb/Eliminare%20i%20cookie
Microsoft Edge: https://support.microsoft.com/it-it/windows/gestire-i-cookie-in-microsoft-edge-visualizzare-consentire-bloccare-eliminare-e-usare-168dab11-0753-043d-7c16-ede5947fc64d
Apple Safari (macOS): https://support.apple.com/it-it/guide/safari/sfri11471/mac
Apple Safari (iOS): https://support.apple.com/it-it/105082

7. Rights of data subjects

In relation to the processing of their personal data collected via cookies, users (as ‘data subjects’) may exercise their rights under the GDPR in Articles 15 to 22, and in particular:

Right of access (Art. 15 GDPR): To obtain confirmation as to whether or not personal data concerning them are being processed and, if so, to obtain access to personal data and specific information.
Right to rectification (Art. 16 GDPR): To obtain the rectification of inaccurate personal data concerning them without undue delay.
Right to erasure (so called ‘right to be forgotten’, Art. 17 GDPR): Obtain the deletion of personal data concerning them without undue delay, under certain conditions.
Right to restriction of processing (Art. 18 GDPR): Obtain the restriction of processing when certain conditions are met.
Right to data portability (Art. 20 GDPR): To receive in a structured, commonly used and machine-readable format personal data concerning them provided to a data controller and the right to transmit such data to another data controller without hindrance in certain cases.
Right to object (Art. 21 GDPR): To object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them pursuant to Article 6(1)(e) or (f) of the GDPR (legitimate interest).
Right to withdraw consent (Art. 7 GDPR): For processing based on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to the withdrawal. Requests for the exercise of these rights may be addressed to the Data Controller using the contact details indicated in Section 1 of this Policy. Data subjects who believe that the processing of personal data relating to them carried out through this Site is in breach of the provisions of the GDPR have the right to lodge a complaint with the Garante per la Protezione dei Dati Personali, as provided for by Art. 77 of the GDPR itself, or to take legal action (Art. 79 of the GDPR). The contact details of the Guarantor are: Piazza Venezia n. 11 – 00187 Roma; Telephone switchboard: (+39) 06.696771; E-mail: garante@gpdp.it; Certified mail: protocollo@pec.gpdp.it; Website: www.gpdp.it or www.garanteprivacy.it.

8. Communication and Dissemination of Data

Personal data collected through cookies installed by the Site are not subject to dissemination. They may be communicated to:

Subjects that typically act as Data Processors pursuant to Article 28 GDPR, i.e.: persons, companies or professional firms that provide assistance and consultancy to the Data Controller in accounting, administrative, legal, tax, financial matters; subjects with whom it is necessary to interact for the provision of the Services (e.g. hosting providers, CMS platform providers); providers of statistical analysis services such as Google for Google Analytics.
Persons, bodies or authorities to whom personal data must be communicated under legal provisions or orders of the authorities.
Persons authorised by the Data Controller to process personal data necessary to carry out activities strictly related to the provision of the Services, who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality (e.g. employees and collaborators of the Data Controller). An up-to-date list of Data Processors can be requested from the Data Controller at the contact details indicated. Transparency about the recipients of the data is a key element of the information required by the Italian Data Protection Authority

9. Transfer of Personal Data outside the EU

Some personal data collected via cookies (specifically those related to Google Analytics) may be transferred to and processed in countries outside the European Economic Area (EEA), in particular the United States of America, by Google LLC.

The Data Controller shall ensure that any transfer of data outside the EEA takes place in compliance with the applicable legal provisions, by entering into agreements ensuring an adequate level of protection, if necessary, and/or by adopting the standard contractual clauses provided by the European Commission, or by verifying the existence of an adequacy decision by the European Commission for the third country of destination. For transfers to the US, we take into account the applicable legal framework (including the EU-US Data Privacy Framework, where applicable and subject to necessary verification) and the assessments of European data protection authorities. Users may request more information on the safeguards adopted for such transfers by contacting the Data Controller.

10. Data Retention Period

Personal data collected via cookies are stored for no longer than is necessary for the purposes for which they have been collected and processed, in accordance with the requirements of the legislation and the Guidelines issued by the Italian Data Protection Authority.

Technical Cookie:
- Technical session cookies (if any) are deleted when the browser is closed.
- The persistent technical cookies used to store consent (pressidium_cookie_consent, wp_consent_*) have a lifetime specified in the table for technical cookies (currently up to about 1 year, e.g. pressidium_cookie_consent until 30/06/2026, the others until 05/07/2025). The technical cookie that stores the user’s choice of consent to non-technical cookies (or its refusal) has a shelf life such that the banner does not need to be re-presented before 6 months, with the exceptions provided for.
Anonymised Analytical Cookies (equated to technical):
- The duration of these cookies is defined by the service provider (Google Analytics). For example, the _ga cookie and _ga_LB59ST3PGS have a lifetime of up to approximately 2 years (e.g. 10/07/2026). User and event level data retention settings in Google Analytics can be configured by the Data Controller for shorter periods. Please refer to the specific table.
Profiling Cookies:
- Currently not used by the Site.

11. Updates to this Cookie Policy

This Cookie Policy may be subject to changes and updates, e.g. as a result of new legislation, the updating or provision of new services or technological innovations. Users are encouraged to regularly consult this page to check for the most up-to-date version. The date of the last update will always be indicated at the beginning or at the end of the document. Use of the Site after the date of publication of the changes will constitute acceptance of these changes.

Update date: 18 June 2025