(version effective from 6.10.2025)

The information contained in this cookie policy ("Cookie Policy") is provided by the Data Controller (as defined below) as a supplement to the information on personal data processing, always available on this website ("Website"): www.unicredit.be/be-en/ 

Personal Data Controller and Data Protection Officer

1. The Data Controller is UniCredit NV/SA with its registered office in Brussels (Belgium), at: Sq. Victoria Régina 1, 1210 Saint-Josse-ten-Noode, registered in the Crossroads Bank for Enterprises under number 403.199.306 ("Data Controller").
2. The Data Protection Officer can be contacted at: privacy@unicredit.be

Scope of the Policy: This policy applies to:

1. The website www.unicredit.pl, hereinafter referred to as the "Website"
2. The UniCredit mobile application, hereinafter referred to as the "Application"

What are cookies and similar technologies?

1. Cookies and similar technologies (e.g., SDK, mobile device identifiers) are data stored on the user's device. They enable the proper functioning of services, facilitate the use of functionalities, and allow for content and advertising personalization.
2. The Data Controller informs that this Website and Application use, in combination with each other and in accordance with applicable regulations, the types of cookies described below. They are classified in line with guidance of the Belgian Data Protection Authority (APD), the European Data Protection Board (EDPB) and other competent authorities.

What types of cookies do we use?

Depending on their lifecycle, cookies can be divided into:

1. Session - temporary files stored in the user's browser cache to maintain the user's connection session and the operation of the website's functions;
2. Persistent - files saved in the user's device memory that can be used after closing and reopening the browser

Based on the purpose of cookie processing, we divide them into:

1. Technical cookies

They ensure the proper functioning of the website and application (e.g., authentication, session maintenance, form handling, transmission security). Their use does not require user consent.

• Purpose: Ensuring proper functioning, traffic analysis, content optimization, ensuring security.
• Legal basis: Legitimate interest of the administrator (Art. 6 sec. 1 lit. f GDPR) consisting in ensuring the proper operation of the Website and its security.
   

2. Analytical cookies

These are cookies used to collect information, on an aggregated and strictly anonymous basis, for internal research regarding the number of users and how they visit the Website and Application.

• The purpose of these cookies is solely to improve the service provided by the Data Controller to all users and to improve the Website and Application.
• In accordance with applicable law, these types of cookies may be stored on the device without the need for prior user consent.
• Purpose: Ensuring proper functioning, traffic analysis, content optimization, ensuring security.
• Legal basis: Legitimate interest of the administrator (Art. 6 sec. 1 lit. f GDPR) consisting in ensuring the proper operation of the Website and its security.
   

3. Preference cookies

Preference cookies allow the Website or Application to remember choices made by the user (e.g., language, region, interface appearance). Thanks to them, using our services is more convenient and personalized.

• However, they are not essential for using the basic functions of the Website or Application – therefore, their use requires your explicit consent. Lack of consent will not limit access to basic content or functionalities.
   

4. Marketing cookies

These are cookies used to send advertising messages consistent with user preferences. After you give your consent to the installation of marketing cookies, we will be able to present you with advertisements and offers better suited to your preferences. These cookies are stored on the user's device by other entities ("Third Parties").

• The requirement to obtain such consent arises in particular from the Belgian Law of 13 June 2005 on Electronic Communications, as amended, and the Act of 12 July 2024 on Electronic Communications, which transpose and implement the ePrivacy Directive (2002/58/EC). Under these provisions, consent is required to store information or gain access to information already stored in the user's end device, except where strictly necessary for the provision of an explicitly requested service.

 

Marketing cookies installed by Third Parties: Third Parties act as independent Data Controllers

This Website and Application install cookies managed by Third Parties, who act as independent data controllers.

• Purpose: Analysis of your use of third-party websites, including understanding behavior, interests, and demographic characteristics to tailor content and improve user experience.
• Legal basis: Your consent (Art. 6 sec. 1 lit. a GDPR) expressed through the consent banner. Data processing takes place only after explicit consent is given.

Types of cookies

Website: www.unicredit.be/be-en/  website uses browser localStorage to store:

1. User language preferences
2. Information about consent to use Google Analytics

This data is not transferred to external servers and remains solely in the user's browser.

Cookie Name	Category	Type	Purpose	Provider	Provider Information
_ga	Analytical	Persistent (2 years)	Used to distinguish users in Google Analytics 4.	Google	https://support.google.com/analytics/answer/11397207?hl=pl
_ga_	Analytical	Persistent (2 years)	Stores user session data in GA4 (e.g., duration, source).	Google	https://support.google.com/analytics/answer/11397207?hl=pl
_gid	Analytical	Persistent (24 hours)	Registers a unique identifier to generate statistics in GA4.	Google	https://business.safety.google/adscookies/
_gat	Analytical	Session (1 minute)	Limits the number of requests to Google Analytics.	Google	https://business.safety.google/adscookies/
_gcl_au	Marketing	Persistent (90 days)	Used by Google Ads to experiment with ad effectiveness.	Google	https://business.safety.google/adscookies/
_fbp	Marketing	Persistent (90 days)	Used by Facebook to deliver ads after visiting the page.	Facebook	https://www.facebook.com/privacy/policies/cookies/?subpage=subpage-1.3
fr	Marketing	Persistent (90 days)	Used to display ads and measure their effectiveness (Facebook).	Facebook	https://www.facebook.com/privacy/policies/cookies/?subpage=subpage-1.3
test_cookie	Functional	Session (1 day)	Used to check if the user's browser supports cookies.	Google	https://business.safety.google/adscookies/
IDE	Marketing	Persistent (1 year)	Used by Google DoubleClick to report user actions after viewing an ad.	Google	https://business.safety.google/adscookies/
FLC	Marketing	Persistent (10 days)	Used for remarketing in Google services (Campaign Manager 360).	Google	https://business.safety.google/adscookies/
ANID	Marketing	Persistent (13 months)	Enables ad personalization in Google services.	Google	https://business.safety.google/adscookies/
NID	Marketing	Persistent (6 months)	Contains a unique identifier to remember user preferences (e.g., language, ads).	Google	https://business.safety.google/adscookies/
__gpi	Marketing	Persistent (13 months)	Used to measure ad effectiveness (Google Marketing Platform).	Google	https://business.safety.google/adscookies/
_dc_gtm	Analytical	Session (1 minute)	Used by Google Tag Manager to load and manage tags.	Google	https://business.safety.google/adscookies/
CookieConsent	Analytical	Persistent (12 months)	Stores user consent for the use of cookies on the website (preferences register)	Usercentrics / Cookiebot	https://www.cookiebot.com/en/privacy-policy/
_uc_settings	Analytical	Persistent (12 months)	Maintains user choices regarding cookie categories	Usercentrics / Cookiebot	https://www.cookiebot.com/en/privacy-policy/

Application
 

Name / Type	Category	Type / Period	Purpose	Provider	Provider Information
CookieConsent	Technical	Persistent (12 months)	User consent register in the Application	Usercentrics / Cookiebot	https://usercentrics.com/privacy-policy/
_uc_settings	Technical	Persistent (12 months)	Maintaining user choices	Usercentrics / Cookiebot	https://usercentrics.com/privacy-policy/
adid / gps_adid	Marketing	Resettable	Android advertising identifier	Google	https://business.safety.google/adscookies/
IDFA	Marketing	Resettable	iOS advertising identifier	Apple	https://www.apple.com/legal/privacy/en-ww/
adjust_session	Analytical	Persistent (24 months)	Installation and session analysis	Adjust	https://www.adjust.com/terms/privacy-policy
adjust_event	Analytical	Persistent (24 months)	Monitoring events in the Application	Adjust	https://www.adjust.com/terms/privacy-policy
_fbp (SDK)	Marketing	Persistent (3 months)	Tracking advertising campaigns in the Application	Facebook	https://www.facebook.com/privacy/policies/cookies
Firebase Analytics (app_instance_id)	Analytical	Persistent (24 months)	Event statistics in the Application	Google Firebase	https://policies.google.com/privac

 

Managing and deleting cookies

You are free to manage your preferences regarding marketing cookies. You can do this by:

Managing cookies on the website

1. You can withdraw your consent at any time by clicking this LINK, as well as by using the "Cookie Settings" button located in the footer of the page. Withdrawing consent is as easy as giving it, and does not affect the lawfulness of processing before withdrawal.
2. By configuring the browser you are using. Please note that preferences expressed through the browser will only take effect from the user's first connection after changing their preferences.

• Chrome: https://support.google.com/chrome/answer/95647?hl=pl;
• Opera: https://help.opera.com/en/latest/web-preferences/#cookies.
• Microsoft Edge: https://support.microsoft.com/en-us/windows/manage-cookies-in-microsoft-edge-view-allow-block-delete-and-use-168dab11-0753-043d-7c16-ede5947fc64d
• Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
• Safari: https://support.apple.com/en-us/105082

Regardless of the above, you can also activate the "Do Not Track" option available in most browsers. In this case, from the first access to the Website after activating this option, the Website will remember your choice and stop collecting certain navigation data.

1. By contacting the Data Controller at:privacy@unicredit.be

Opting out of Google Analytics:

You can opt out of Google Analytics by:

1. Withdrawing consent in the banner
2. Installing the Google Analytics Opt-out Add-on: https://tools.google.com/dlpage/gaoptout
3. Disabling cookies in your browser settings

Managing cookies in the Application

1. You can adjust your consents when you first launch the Application. If you want to change your preferences during use, you can go to the "Cookie Settings" tab and make changes.
2. System settings for iOS and Android devices:

• Android: https://policies.google.com/technologies/ads?hl=en
• iOS: https://support.apple.com/en-us/guide/iphone/iphefb3daa42/26/ios/26

1. By contacting the Data Controller at: privacy@unicredit.be

Security:
The Data Controller applies appropriate technical and organizational measures to ensure the security of processed personal data, including protection against:

• Unauthorized access
• Accidental or intentional loss
• Destruction, alteration or disclosure
• Unauthorized processing

What are your rights and how can you exercise them?
In accordance with applicable regulations, you have the following rights:

• To access: you can obtain information regarding the processing of your personal data and a copy of all personal data that we process.
• To rectification of data: if you believe that your personal data is inaccurate or incomplete, you can request that such personal data be appropriately modified or supplemented.
• To erasure of data: you can request the erasure of your personal data. However, we are not always able to do this and are not always obliged to agree to it, for example, if legal provisions require us to store your personal data for a longer period.
• To restriction of processing: you can request the restriction of processing of your personal data if:
  • you believe that your personal data is incorrect;
  • you believe that we process your personal data unlawfully or you have objected to the processing;
  • we want to destroy your personal data while you still need it (e.g., after the retention period).
• To object: you can object to the processing of your personal data for reasons related to your particular situation. You have an absolute right to object to the processing of your personal data for direct marketing purposes, including profiling related to such direct marketing.
• To data portability: where legally permissible, you have the right to request that the personal data you have provided to us be returned to you or, if technically feasible, transferred to a third party.
• To withdraw consent: if you have given your consent to the processing of your personal data, you have the right to withdraw your consent at any time.
• To request that we do not make our decision solely based on automated processes, including profiling. Despite your objection, we will be able to continue processing your personal data provided that we demonstrate the existence of valid legitimate grounds for processing, overriding your interests, rights and freedoms, or grounds for establishing, pursuing or defending claims.

Purpose, legal basis of processing and categories of processed data

1. With your prior, free and informed consent, the Data Controller will process information collected through its own marketing cookies for the purposes of promoting and selling "dedicated" products and services of the Data Controller, UniCredit Group companies or third-party companies, specifically identified by developing and analyzing, also using automated techniques or systems, information regarding preferences, habits, consumer choices, aimed at dividing users into homogeneous groups based on specific behaviors or characteristics. These purposes will be achieved solely through navigation data collected via the aforementioned cookies, and not by analyzing or enriching such information with various data already available to the Data Controller.
2. Detailed information regarding the processing of personal data, including the purposes and legal bases of processing, by the Data Controller is available on the website www.unicredit.be/be-en/ 

Final provisions
This Cookies Policy has been prepared in accordance with:


• Regulation (EU) 2016/679 (GDPR),

• Belgian Data Protection Act of 30 July 2018,

• Belgian Electronic Communications Law (implementing the ePrivacy Directive).



In matters not regulated herein, relevant provisions of Belgian and EU law shall apply.