BANCOMAT ENTERS THE FIELD WITH LEGHE FANTACALCIO AS JERSEY SPONSOR

Interview with Fabrizio Burlando “With an Italian secure digital payment circuit” — MoltoEconomia, Il Messaggero

DIGITAL PAYMENTS THE MOVES OF BANCOMAT & CO. AGAINST THE US OLIGOPOLY

Multilateral Interbank Fees Update

BLOOMBERG: Southern European Payment Systems Group in Talks to Add Partners

“We are buyers.” BANCOMAT drives the fintech soul.

Revenue Agency reporting information

INFORMATION ON THE PROCESSING OF PERSONAL DATA OF INDIVIDUAL MERCHANTS FOR THE REPORTING SERVICE TO THE REVENUE AGENCY (so-called “Tax Credit”) PROVIDED IN COLLABORATION WITH PagoPA S.p.A. PURSUANT TO AND FOR THE PURPOSES OF ARTICLES 13 AND 14 OF THE 2016/679 EU REGULATION “GENERAL DATA PROTECTION REGULATION” (“PRIVACY INFORMATION”)

We would like to inform you that Regulation (EU) 2016/679 (“GDPR”) and the related Italian legislation of reference pro tempore in force, i.e. Legislative Decree no. 196/2003, as amended by Legislative Decree no. 101/2018, (together with the GDPR, “Privacy Policy”) - including the provisions issued by the Guarantor Authority for the Protection of Personal Data (“Guarantor”) - dictate rules relating to the protection of individuals with regard to the processing of personal data, protecting their fundamental rights and freedoms and, in particular, the right to the protection of personal data. Pursuant to articles 13 and 14 of the GDPR, we inform you below of the methods and purposes with which BANCOMAT S.p.A., with its sole office in Piazzale Luigi Sturzo 15, 00144, Rome, as data controller (“ATM” or “Data Controller”), will process the personal data (“Data”) of the subjects who market products and services (“Merchants” or “Interested Parties”) as part of the verification and control activities carried out by the Revenue Agency (“AdE”) pursuant to Legislative Decree no. 124 of October 26 2019 (art. 22, paragraph 5, as supplemented by art. 5-novies of Legislative Decree no. 146 of 21 October 2021), converted with amendments by Law no. 157 of 19 December 2019. The AdE carries out the above-mentioned checks using the necessary information that is transmitted to it by the Payment Service Providers (“Members”) through the platform owned by the company PagoPA (“PagoPA”), also through BANCOMAT.

The Data Controller processes the data of individual Merchants (“Data”) for the sole purpose of allowing them, where they are interested, to enjoy the benefits associated with the tax credit on electronic payment commissions governed by the Order of the AdE of 30 June 2022, issued in implementation of the above-mentioned art. 22, paragraph 5, of Legislative Decree no. 124/2019 (“Tax Credit Service”).

The creation of this Service requires that legitimate entities communicate to PagoPA the information relating to the Merchants who want to benefit from the Tax Credit Service and the total data (number and total amount) of the daily transactions carried out using payment cards or other traceable electronic tools carried out at the terminals of the Merchants themselves.

The process of retrieving the information identified above is carried out by the Acquirer Members and their delegated structures and, if the Members themselves do not provide it independently, through the collaboration of BANCOMAT, acting as Governance Authority of the circuits (“Circuits”) on which the PagoBancomat® and BANCOMAT Pay® brand cards (“Cards”) operate and the related transactions are monitored, with the task - on the basis of specific agreements with PagoPA and with the Members affiliated with PagoPA - of facilitating PagoPA, as well as Merchants, in relation to the provision and use of the Service indicated above.

The Data processed by the Data Controller are, specifically, the Data of Merchants individuals who intend to benefit from the Tax Credit Service (C.F. and/or VAT number transmitted from ATM to PagoPA), as well as daily transactions (aggregated by Merchant and relevant terminal) PagoBancomat® (received by the Members and stored in the databases owned by BANCOMAT Pay®) and BANCOMAT Pay® (stored within the BANCOMAT Pay® platform) necessary for determining the amount of the tax credit (i.e.: type, date of transmission by the party of the payment service provider; accounting date; total daily amount and daily number of electronic transactions carried out by the Merchant).

Data processing is necessary, since, in case of non-communication of the same to PagoPA - where the Members do not provide it directly and independently - it will not be possible to allow PagoPa to provide the Service itself and the Interested Parties to use it, which also involves the involvement of BANCOMAT as manager of the Circuits on which the Cards operate in accordance with current legislation and the commitments signed with PagoPA, as an issue of the Public Administration.

The legal basis for the processing of the data indicated above is necessary: i) to fulfill the legal and regulatory obligations established by the current legislation to which BANCOMAT is held, as well as to comply with requests and measures of the Public Administration and/or other Public Authorities involved, pursuant to art. 6, paragraph 1, letter c) of the GDPR; ii) the execution of the existing Agreement between the Data Controller and PagoPA and, at the same time, the execution of a contract to which the interested party is a party pursuant to art. 6 paragraph 1, letter b) GDPR; iii) as well as to achieve BANCOMAT's legitimate interest in defending itself in court in the event of any disputes, pursuant to art. 6 paragraph 1, letter f) GDPR.

In any case, BANCOMAT expressly excluded any marketing and/or marketing purpose profiled in the context of the treatments in question.

The Data will be processed with automated and non-automated tools, by specifically authorized and specially trained personnel. Adequate security measures are observed to prevent the loss of Data, illegal or incorrect use and unauthorized access

The duration of the processing is closely related to the purposes pursued by the Data Controller. Therefore, generally speaking, the termination of the processing will take place: i) at the end of the Service, the timing of which will be announced from time to time by decrees or other equivalent measures issued by the competent authorities, without prejudice to the administrative time required to manage the closure of the Service; ii) at a time before the conclusion of the Service, in relation to the shorter duration of the involvement of the Data Controller in the context of government initiatives and/or for the withdrawal of the Agreement stipulated between the Data Controller and PagoPA; iii) at a time before the conclusion of the Service, in relation to the exercise of the rights referred to in articles 17 and/or 21 of the GDPR by the interested party.

Data that is no longer necessary or for which the legal basis for storage has ceased to exist may be irreversibly anonymized by BANCOMAT and used for statistical purposes only or securely deleted.

Data processed to fulfill any contractual obligation may be kept even after the termination of the contract itself and, in any case, no longer than the next 10 (ten) years, for the purpose of fulfilling the legal obligations established by the civil code and tax laws concerning the storage of business documents, without prejudice to any extensions due to interrupting the legal prescription, including litigation or the exercise of the right referred to in art. 17 of the GDPR in cases provided for by law.

The employees and collaborators of BANCOMAT who are responsible for the management of the Service may become aware of the Data collected. In addition, the following categories of subjects may become aware of them, who - as external suppliers appointed for this purpose as data processors pursuant to art. 28 of the GDPR or, where the conditions provided for by current legislation exist, of data controllers - provide BANCOMAT with services instrumental to carrying out its business: the) IT service providers (including the supplier of the BANCOMAT Pay® platform — NEXI Payments S.p.A. — in charge of managing the same and the supplier of the system of storage of transactions — Jakala S.P.A. S.B. — in charge of managing the same); ii) providers of management services, administrative services, external professionals and consultants; iii) external auditing firm, whose updated name can always be requested from BANCOMAT at the addresses indicated below.
Notwithstanding the above, the Data will not be disclosed to third parties except in the context of the obligations established by the relevant legislation and will not be subject to “dissemination”, meaning dissemination or transmission to unspecified parties, except for the execution of any legal obligations.

In particular, the Data may be communicated to the following third parties who will process them as independent controllers of the respective treatments:

  • to PagoPA and/or the Revenue Agency within the terms provided for the operation of the Service as described above;
  • to the competent authorities in tax and tax matters, in accordance with the provisions of the law;
  • to the judicial authority or to police forces, in the event that it is necessary to report a crime or, in any case, to pursue their legitimate interest in exercising or defending a right in court;
  • to lawyers and/or consultants, if necessary to pursue their legitimate interest in exercising or defending a right in court and out of court.

Each interested party retains the right to exercise, in cases permitted by law, at any time, free of charge and without formalities, the rights referred to in articles 15 to 21 of the GDPR, including: the right to request access to personal data; the correction or cancellation of the same; the limitation of processing, as well as the right to data portability. Each interested party also has the right to object, at any time, for reasons related to their particular situation, to the processing of personal data concerning them pursuant to art. 6, paragraph 1, letter f) of the GDPR

Requests relating to the exercise of the rights described above for the processing of which BANCOMAT S.p.A. is the owner should be addressed to BANCOMAT S.p.A., with sole office in Piazzale Luigi Sturzo 15, 00144, Rome; e-mail: privacy@bancomat.it.

In response to this request, the Data Protection Officer appointed by BANCOMAT pursuant to articles 37 et seq. of the GDPR is appointed by the Data Protection Officer, who can be contacted at the above-mentioned e-mail address.

The interested party who believes that the processing of their personal data contemplated by this information occurs in violation of the provisions of the Regulation has the right to lodge a complaint with the Guarantor Authority for the protection of personal data, as required by art. 77 of the Regulation itself, or to take appropriate legal action (art. 79 of the Regulation).

The Owner

BANCOMAT S.p.A.

BANCOMAT hub

The companyBrand manifestoLeadershipPress releasesEvents & newsPassionWork with us

documents & support

Contact usPrivacy PolicyEthics, Compliance and TransparencyTerms and conditions

Stay Connected

BANCOMAT S.p.A.

Registered Office: Piazzale Luigi Sturzo 15, 00144, Roma
Offices in Milan: Piazza Vetra, 17, 20123, Milano
Tax code 04949971008 - Partita IVA 09591661005

Iscrizione al Registro delle imprese di Roma
REA n. 1210597

Share capital € 36.917.523,00 i.v.

The security of BANCOMAT Cards haas been tested by the Polytechnic University of Turin. Download technical report

Patent registered by BANCOMAT at national level

© 2025 BANCOMAT S.p.A. - Tutti i diritti riservati.