Policy regarding cookie files

Policy of cookies and other tracking technologies used by the Bank (collectively also "cookies")

Privacy protection principles

Bank Millennium S.A. ("Bank" or "Bank Millennium") ensures data security to its Clients. Any and all information delivered by our Clients is protected with use of modern technologies, in accordance with effective legal norms, security requirements and confidentiality principles. The Bank actively develops its privacy protection and Client safety systems implementing new both organisational and technical security measures. The Bank shall inform Clients of changes to the applied confidentiality protection principles by means of its website or other communication channel agreed with the Client.

Cookies

The Bank Millennium website uses cookies saved in the memory of terminal device (e.g. computer, tablet, phone), used by the user when browsing the website. In majority of cases it is necessary for the proper functioning of the website or for the provision of services provided by the Bank by electronic means. The Bank also uses cookies and other tracking technologies that are considered optional, i.e. marketing and analytics. These cookies make it possible, i.a. to personalize the website, which allows us to decide on, for example, the order in which certain elements are displayed or the matching of advertisements in third-party advertising environments.

If you agree, cookies and other tracking technologies are also used by tools that analyse website traffic. Statistical analyses performed with use of such tools constitute one of sources of improvement of the Bank Millennium website quality.

We may combine the data we obtain from cookies with other data about the Customer that we already have, in order to prepare an offer of products or services that are best suited to the user. You can read more about it on the website in the Data protection and privacy policy tab.

What cookies and other technologies does Bank Millennium use?

Depending on the purpose for which the Bank collects cookies, a distinction is made between essential, always-on cookies and optional, i.e. requiring the user's consent, analytical and marketing cookies, including tracking technologies.
Essential cookies – are necessary to ensure proper operation of website (app) or to deliver services rendered by the Bank through electronic channels, as required by the user. They can be installed provided that the user expresses relevant consent by use of software setting on his or her device.

The Bank is using them for the following purposes:
- Ensuring security, including security of transactions or to detect abuse in the area of authentication within a website;
- Ensuring appropriate website display (depending on the type of device used);
- Supporting user session on applications, forms, questionnaires and in the transaction system (cookies are used to identify user session in Millenet). Such cookies help increase security by ensuring that all calls to server are originated on the Client's computer. Cookies and the IP address of the computer from which the user connects are validated on the server. In case of attempt to impersonate user's session from another computer, the session will be interrupted;
- Memorising user selected settings and user interface personalisation in terms of e.g. selected language or region of the user, font size, appearance of the website.
In mobile apps, the mobile device ID is used. Device ID is a series of numbers and letters that allows you to identify each mobile device (tablet, smartphone) and is stored in that device. Mobile device identifiers are used in mobile apps to ensure performance of many processes. Device ID is necessary for processes connected with: mobile app activation, authorisation of payment transactions, virtualisation of payment card and payment with use of mobile device, BLIK transactions and purchase of city transport tickets, adding and displaying loyalty cards in mobile app or configuration and displaying additions before login.

In addition, InstanceID is also used for purpose of device identification – it is an identifier generated in the process of registration/activation of mobile app. InstanceID of mobile app is valid until next activation of the app. The Bank also uses identifiers allowing login as well as communication with the device after login.

In mobile apps there are also cookies used, which are not used for analytics or marketing. Instead, they are used for the functions using Webview technology in the mobile app. This technology allows to display selected screens from websites inside the mobile app with help of mobile app interface. Cookies for hybrid processes are created by mobile app and their objective is to keep client identification / authorisation information to enable opening of a specific website with specific functionality without the need for user to log in again. These cookies are not saved in the phone after mobile app is switched off.
Analytical cookies – are used to ensure monitoring of the correct functioning of the Bank's website and to collect statistical information on its use, including:
- Collection of information on the way the Bank website is used i.e. collection of traffic statistics and its sources;
- Detection of various types of abuses, e.g. artificial web traffic generated by bots;
- Bank website improvement;
- Execution of settlements with business partners.
When using analytical cookies, we also take into account information obtained from so-called tracking technologies provided by external partners. A description of these technologies and how to use them can be found below.
- Google Analytics – Google Analytics technology collects basic information anonymously on user activities on the Bank's website and is used for reporting traffic sources and analysing user behaviour on the website. For more information go to the privacy policy of Google Ireland Limited link opens in a new window
- Partner pixels – on our website there are pixels, i.e. tracking codes of our business partners, which help us settle accounts for business cooperation.
Marketing cookies – used to analyse the results of marketing campaigns and profiling advertisements displayed on external websites and to improve products and services offered by the Bank.

The Bank uses them to profile advertisements displayed on external websites and on the Bank's website:
- Google advertising – our website contains tracking codes for measuring conversions, reporting advertising campaigns and events in Google Marketing Platform and Google Ads. Google’s cookies may be used for personalized advertising, e.g. to match our communication to a specific group of recipients. For more information see the privacy policy of Google Ireland Limited link opens in a new window
- Analysis using technologies similar to cookies – in order to better understand user behaviour and optimise the operation of websites, Bank Millennium may anonymously collect and process information about user activity on the Bank's websites, including forms, even if they have not been submitted. Thus, Bank Millennium may deliver to users of its websites better designed and intuitive solutions.
Mobile applications sometimes also use mobile device identifiers for marketing purposes, which are provided by the operating system of the mobile device and can be reset by the user. Typical ID of ad displays are AdID (Android) and IDFA Identity For Advertisers, iOS). The Bank does not use such identifiers in the Mobile Application. Detailed information on the use of identifiers and the rules for displaying advertisements in the Mobile Application can be found in "Mobile Application Privacy Policy".

How long will the Bank store cookies / mobile device Ids in my device?

Depending on the time for which the Bank stores cookies, cookies are divided into session and permanent cookies.

Session (temporary) cookies – are stored in user device until software is switched off or browser session ends (until the browser is closed). These are, mainly, essential cookies.

Persistent (fixed) cookies – are stored in the user device after switching software off or after session is finished (closed) for the time specified in parameters or until they are deleted by user by way of software settings.

Who uses cookies installed on my device?

Depending upon entity using cookie files, the following can be distinguished:

First party cookies – cookies that are placed by and accessed exclusively by the Bank.

Third party cookies – cookies that are placed and accessed by third parties. The Bank only allows cookies from these third parties that enable website analytics and the adaptation of advertising to the user's preferences. Such cookies are optional, i.e. analytical or marketing cookies, which means that the Bank may use them if the user agrees to them.

Information transmitted in cookies to entities other than the Bank is encrypted in such a way that no user data of the Bank's websites is transmitted.

Cookie name	Category	Description	Validity period	Owner
XSRF-Token	necessary	Cookie used to prevent Cross-Site Request Forgery attacks.	session	Bank Millennium
x_bm_tabid	necessary	Cookie used to identify the browser window.	session	Bank Millennium
x_bm_login_auth_myid	necessary	Cookie used for authorization purposes and the proper functioning of Millenet.	6 minutes	Bank Millennium
x_bm_login_auth	necessary	Cookie used for authorization purposes and the proper functioning of Millenet.	session	Bank Millennium
x_bm_dcte_id	necessary	Cookie used to transfer information between system components.	session	Bank Millennium
x_bm_auth_ret	necessary	Cookie used for authorization purposes and the proper functioning of Millenet.	session	Bank Millennium
x_bm_auth_myid	necessary	Cookie used for authorization purposes and the proper functioning of Millenet.	5 minutes	Bank Millennium
x_bm_auth_expiry	necessary	Cookie informing when the authorization token has timed out.	session	Bank Millennium
x_bm_auth	necessary	Cookie used for authorization purposes.	session	Bank Millennium
x-ub-sg	necessary	Cookie containing a signature used to confirm that the x-ub-mc file was delivered by the server and not forged by a user.	session	Bank Millennium
x-ub-mc	necessary	Cookie containing data used for diagnostic purposes.	session	Bank Millennium
x-bm-portal-soho	necessary	Used to maintain an API session on a SOHO account application to process queries within a single user.	session	Bank Millennium
x-bm-portal-cashloan	necessary	Used for maintaining a session with the API on a cash loan application in order to process queries within a single user.	session	Bank Millennium
x-bm-portal-caonlineretail	necessary	Used for maintaining a session with the API on a personal account application in order to process queries within a single user.	session	Bank Millennium
WebformsSessionId	necessary	Session identifier for handling government applications.	session	Bank Millennium
uuid-user-audit	necessary	Cookie used to audit consents for optional cookies.	13 months	Bank Millennium
userContext	necessary	Cookie required for communication between system components to provide services by the Bank.	session	Bank Millennium
test_cookie	analytics	Indicates whether the website user's browser supports cookies.	stały	Google
SOCS	marketing	Used by Google to store information about the user's cookie decision.	6 months	Google
smartbanner-closed	necessary	Stores information about closing the mobile application banner.	14 days	Bank Millennium
receive-cookie-deprecation	analytics	Collects information about user activity on other websites, which is used to optimize advertising.	180 days	Google
PSESSIONID	necessary	Cookie required to maintain session.	session	Bank Millennium
promotion-bar-disabled	necessary	Cookie used for serving additional content on the Millenet home page.	4 months	Bank Millennium
NID	marketing	Used to show Google ads in Google services for signed-out users.	6 months	Google
Necessary_consent	necessary	Cookie which stores the user's necessary cookie decision.	13 months	Bank Millennium
millenet	necessary	Cookie is used to persist (maintain) the connection with the backend server.	session	Bank Millennium
Marketing_consent	necessary	Cookie which stores the user's marketing cookie decision.	13 months	Bank Millennium
LB_bank_cookie	necessary	Cookie required to maintain session.	session	Bank Millennium
JSESSIONID	necessary	Cookie used for authorization purposes and the proper functioning of Millenet.	session	Bank Millennium
IDE	marketing	Cookie used to personalize the displayed ads in Google.	13 months	Google
HomeBankingAuthForms	necessary	Cookie used for authorization purposes and the proper functioning of Millenet.	session	Bank Millennium
govapp-cookie	necessary	Session identifier for handling government applications.	session	Bank Millennium
GCL_AW_P	marketing	Stores information about users' clicks on Bank ads and actions they took on our site.	90 days	Google
DV	marketing	Used by Google to deliver advertising or remarketing within Google Ads.	session	Google
dtSa	necessary	Cookie used by the system diagnostic tool.	session	Bank Millennium
dtPC	necessary	Cookie used by the system diagnostic tool.	session	Bank Millennium
dtLatC	necessary	Cookie used by the system diagnostic tool.	session	Bank Millennium
dtCookie	necessary	Cookie used by the system diagnostic tool.	session	Bank Millennium
CurrentUser	necessary	Cookie used for for identification purposes.	session	Bank Millennium
CF-XSRF-TOKEN	necessary	Cookie used to prevent Cross-Site Request Forgery attacks on contact forms.	session	Bank Millennium
C_TYPE	marketing	Stores information about the type of bank client, the offers presented on the bank's website depend on it.	14 months	Bank Millennium
bms	necessary	Stores a user ID that allows you to distinguish between visits.	60 minutes	Bank Millennium
bmp	necessary	Stores the user identifier allowing for grouping.	2 years	Bank Millennium
BIGipServer*	necessary	Group of cookies required to maintain user's session.	session	Bank Millennium
ASP.NET_SessionId/Single	necessary	Cookie used for authorization purposes and the proper functioning of Millenet.	session	Bank Millennium
ASP.NET_SessionId	necessary	Cookie used for authorization purposes and the proper functioning of Millenet.	session	Bank Millennium
ar_debug	analytics	Helps troubleshooting issues with ads served by Google.	stały	Google
Analytics_consent	necessary	Cookie which stores the user's analytical cookie decision.	13 months	Bank Millennium
AEC	analytics	Used to check whether requests during a page visit are made by the user and not by other websites	6 months	Google
_TransferVerification	necessary	Cookie with stored timestamp used to detect malware scripts in Millenet.	session	Bank Millennium
_mmta	necessary	Cookie used for browser identification especially for trusted browsers mechanism.	1 year	Bank Millennium
_gcl*	marketing	Group of cookies which storee information about users' clicks on Bank ads and actions they took on our site.	90 days	Google
_ga_DJ889NM8HM	analytics	Google Analytics cookie used to retention of the information of the current session.	12 months	Google
_ga	analytics	Google Analytics cookie used to distinguish users and report statistics for the website.	12 months	Google
_Bank Millennium.widgets.webchat.state.session	necessary	Cookie required for client communication with a consultant.	session	Bank Millennium
_Bank Millennium.widgets.webchat.state.session	necessary	Cookie required for client communication with a consultant.	session	Bank Millennium
_Bank Millennium.widgets.webchat.state.ping	necessary	Cookie required for client communication with a consultant.	session	Bank Millennium
_Bank Millennium.widgets.webchat.state.open	necessary	Cookie required for client communication with a consultant.	session	Bank Millennium
_Bank Millennium.widgets.webchat.state.keys	necessary	Cookie required for client communication with a consultant.	session	Bank Millennium
_Bank Millennium.widgets.webchat.state.index	necessary	Cookie required for client communication with a consultant.	session	Bank Millennium
_Bank Millennium.widgets.webchat.metaData	necessary	Cookie required for client communication with a consultant.	session	Bank Millennium
_Bank Millennium.widgets.app.autoLoadList	necessary	Cookie required for client communication with a consultant.	session	Bank Millennium
__RequestVerificationToken_XXX	necessary	Cookie used to verify HTTP requests.	session	Bank Millennium
bmprodcdPersisted	necessary	Used to identification user session in browser window.	150 days	Bank Millennium
bmprodcdSession	necessary	Used to identification user session in browser window.	session	Bank Millennium
bmprodpersisted	necessary	Used to identification user session in browser window.	150 days	Bank Millennium
bmprodsession	necessary	Used to identification user session in browser window.	session	Bank Millennium
bmprodinitialsessioncookietest	necessary	Used to determine whether browser supports session cookies. Only present for a fraction of a second.	session	Bank Millennium
bmprodinitialpersistedcookietest	necessary	Used to determine whether browser supports persistent cookies. Only present for a fraction of a second.	persisted	Bank Millennium
bmprodSF	necessary	Data collection for current session has been shutdown due to an error.	session	Bank Millennium
bmprodP3P	necessary	Specifies the status of the visitor.	persisted	Bank Millennium
AWSALB	necessary	Used to maintain stickiness for user sessions, ensuring that subsequent requests from the same client are routed to the same target instance within the load balancer's pool.	7 days	Bank Millennium
AWSALBCORS	necessary	Supports cross-origin resource sharing (CORS) requests. It's included in the response alongside the AWSALB cookie to allow browsers to handle CORS requests properly.	7 days	Bank Millennium

Is it necessary to accept cookies?
Essential cookies do not require users' consent, but acceptance of optional cookies and other tracking technologies is voluntary. You can choose not to allow analytics or marketing cookies and tracking technologies to be installed. You can withdraw your consent at any time on the Cookie Policy page, as well as by using the Banner Cookies link in the footer of the website. Withdrawal of the consents granted does not affect the lawfulness of the processing of your data obtained by the Bank, which has already been made on the basis of these consents until their withdrawal.

By using the Bank Millennium website, you can opt out of the use of analytical and marketing cookies and other tracking technologies. This will not affect the basic functioning of the website. In some cases, the lack of consent to the use of analytical cookies may affect the optimization of the Bank's website. On the other hand, if you do not consent to marketing cookies, you may not receive the Bank's advertising tailored to your preferences. This means that the ads displayed on your device can be general, contextual (i.e. they will be displayed based on population – similar to how ads in magazines work) – both on the Bank's website and on other websites you visit.

Change relative to consent
- Analytics cookies and other tracking technologies
  
  I agree that Bank Millennium S.A. ("Bank") uses analytical cookies and tracking technologies saved on this device when I use the Bank Millennium website. I agree that the Bank will use them, i.a., to monitor the correctness of the operation of its websites, settle accounts for cooperation with partners and detect various types of abuse, e.g. artificial Internet traffic.
  
  You can withdraw your consent at any time by deleting cookies from your device or by using the consent change button below, as well as by using the Banner Cookies link in the footer of the website. Withdrawal of the consents granted does not affect the lawfulness of the processing of your data obtained by the Bank, which has already been made on the basis of these consents until their withdrawal.
- Marketing cookies and other tracking technologies
  
  I agree that Bank Millennium S.A. ("Bank") may use marketing cookies and tracking technologies stored on this device when I use the Bank's website. I, hereby, express my consent for the Bank to provide me with matching marketing information and show personalised products and services. In addition, the Bank may combine information collected on this basis with other data held by the Bank to prepare tailor-made offer of products and services.
  
  You can withdraw your consent at any time by deleting cookies from your device or by using the consent change button below, as well as by using the Banner Cookies link in the footer of the website. Withdrawal of the consents granted does not affect the lawfulness of the processing of your data obtained by the Bank, which has already been made on the basis of these consents until their withdrawal.

Switching-off cookie files

Currently, most web browsers on the market accept the storing of cookies by default. Every user has an option to define conditions of use of these files by appropriate internet browser setup. This means that you can, for example, partially (e.g. temporarily) limit or completely disable the possibility of storing cookies – in the latter case it might, however, have impact upon certain functionalities e.g. login to Millenet will not be possible, applications cannot be used including application for account opening.
You can also delete the cookies stored in your browser at any time. Detailed information on how to change the cookie settings and how to delete cookies yourself in the most popular web browsers is available in the help section of your browser and on the following pages:

Deactivation of mobile device ID

The IDs used by the Bank are necessary for the proper provision of services and, unlike advertising IDs, cannot be changed or reset by the user. It is not possible for the user to change or reset the Device ID.

For more on the rules for accessing information in the mobile application, please refer to the Mobile Application Privacy Policy.

If you do not agree with the Mobile Application Privacy Policy, including disagreement with the terms of use of information stored on your device, you should not install the mobile app or, if installed, uninstall it.

Cookies and mobile device IDs and personal data

Internet IDs such as IP addresses, mobile device IDs, cookie identifiers - may constitute personal data for the Bank. At the same time, information available in cookies to entities other than the Bank is encrypted in such a way that no data of the Bank websites users are transmitted. For information about the Bank's processing of personal data, including the purposes, length and basis of processing, as well as the transfer of information to third parties in countries outside the European Economic Area (EEA), please see the Privacy Policylink opens in the new window.

The website is administered by Bank Millennium S.A. with its registered office in Warsaw:

address: ul. Stanisława Żaryna 2A, 02-593 Warszawa,
telephone: (+48) 801 331 331 or (+48) 22 598 40 40 – for mobiles and calls from abroad (cost of connection as per operator tariffs)
e-mail: kontakt@bankmillennium.pl

Personal data processing in the Bank is supervised, for correctness, by the Data Protection Officer:

address: Data Protection Officer, Bank Millennium S.A., ul. Stanisława Żaryna 2A, 02-593 Warszawa,
e-mail: iod@bankmillennium.pl.

Additional information

The Bank's websites may contain links to other websites. On Bank internet sites you might find links to other WWW sites. The Bank shall not be liable for the use of cookies on such sites nor for compliance with privacy protection rules on these sites. Users are recommended to learn, when entering other websites, the read Privacy Policy and Cookie Policy regarding Cookie Files. Principles stipulated in this Policy Regarding Cookie Files and Similar Technologies apply solely to Bank websites or apps.

Useful links

Bank's privacy policy and information clauses: Data Protection.
Mobile application privacy policy: Mobile App Privacy Policy.

Policy of cookies and other tracking technologies used by the Bank (collectively also "cookies")

Privacy protection principles

Cookies

How long will the Bank store cookies / mobile device Ids in my device?

Who uses cookies installed on my device?

Detailed information on cookies

Is it necessary to accept cookies?

Change relative to consent

Switching-off cookie files

Deactivation of mobile device ID

Cookies and mobile device IDs and personal data

Additional information

Useful links

Bottom navigation

Call to us

Privacy protection principles

Cookies

What cookies and other technologies does Bank Millennium use?

How long will the Bank store cookies / mobile device Ids in my device?

Who uses cookies installed on my device?

Detailed information on cookies

Is it necessary to accept cookies?

Change relative to consent

Switching-off cookie files

Deactivation of mobile device ID

Cookies and mobile device IDs and personal data

Additional information

Useful links

Call to us