Policy regarding cookie files

Policy regarding cookie files and similar technologies (jointly „cookies”)

Privacy protection principles

Bank Millennium S.A. („Bank” or „Bank Millennium”) ensures data safety to its Clients. Any and all information delivered by our Clients is protected with use of modern technologies, in accordance with applicable legal norms, safety requirements and confidentiality principles. The Bank actively develops its privacy protection and Client safety systems by implementing new both organisational and technical security measures. Bank informs Clients of changes in applied confidentiality protection principles by means of its website or any other communication channel agreed with the Client.

Cookie files

The Bank Millennium website is using cookie files (cookies) stored in the memory of an end device (e.g. computer, tablet, phone), used by the user while browsing the website. In majority of cases, this is necessary to ensure proper operation of the website. Cookies enable personalisation of websites, which allow users to decide e.g. on the sequence of displaying certain elements or adjusting ads. Cookie files are also used by website traffic analysing tools. Statistical analyses carried out using these tools are one source for improving the quality of the Bank Millennium website. If a user expresses consent for marketing cookies, Bank Millennium may combine information collected this way with other Client data held by the Bank to prepare customised product or service offers for users.

How long will the Bank store cookie files on my device?

Conditional upon the time the Bank stores cookie files, cookies are divided into session (temporary) and permanent cookie files.

Session (temporary) cookies – are stored on user device until software is switched off or browser session ends (until session is closed). These are, mainly, necessary cookie files.

Persistent cookie files – are stored on the user device after switching software off or after session is terminated (closed) for the time specified in parameters or until they are deleted by user via the software settings.

Bank Millennium does not store marketing cookies longer than for the time of 3 (three) years from installation.

Who uses cookies installed on my device?

Depending upon entity using cookie files, the following can be distinguished:

First party cookies – cookies placed by and accessed exclusively by the Bank.

Third party cookies – cookies placed and accessed by third parties. Bank allows cookies of exclusively those third parties which support adjustment of ads to meet user preferences. Such cookies are listed among marketing cookies i.e. the Bank may use them if you have given your consent.

The information transmitted in cookies to entities other than the Bank is encrypted in such a way that user data of the Bank’s websites is not transferred.

Cookie name	Description/how it works
1P_JAR	A Google cookie containing the date and last user interaction. Type: marketing cookie.
AID	A Google cookie that associates the user's actions with other devices on which the user has previously logged in through a Google Account. Based on this previous activity, the display of ads on the user's devices is coordinated and conversion events are measured. Type: marketing cookie.
ANID	A cookie used to display ads on the web, saved under the domain google.comlink otwiera się w nowym oknie. Type: marketing cookie.
APISID	A Google cookie used to build a profile of the visitor's interests and to display relevant advertisements. This cookie works by uniquely identifying the user's browser and device. Type: marketing cookie.
CONSENT	Google Maps cookie. Allows the Google map to work on the page. This cookie also stores information about the user’s preferences. Type: necessary cookie
ASP.NET_SessionId	A cookie of the domain www.bankmillennium.pllink otwiera się w nowym oknie, necessary for authentication and thus for the performance of the service. It also allows you to verify the effectiveness of marketing campaigns. Type: analytical, necessary cookie
bmp	The ClickStream cookie stores the user ID for a period of 2 years from the last user action. This cookie allows users to be linked and segmented (grouped). Type: analytical: necessary or marketing cookie.
bms	The ClickStream cookie stores the user ID for a period of 1 hour from the last user action. This cookie allows to distinguish visits and determine the frequency of visits to the pages (functions sought, offers). Type: analytical: necessary or marketing cookie
C_TYPE	A cookie that stores the marking of content for the user when redirected to the correct login page, depending on the type of retail/corporate. Type: necessary cookie.
COOKIE-INFO	A cookie of the domain www.bankmillennium.pllink otwiera się w nowym oknie, storing the user's decision regarding cookies. Type: necessary cookie.
CurrentUser	A cookie of the domain www.bankmillennium.pllink otwiera się w nowym oknie, used to identify the user, active after logging in. Determines whether the session is correct. Type: necessary cookie.
_dc_gtm_UA-XXXXXXXX-X	A Google cookie, used by Google to limit the amount of data recorded by Google on high-traffic pages. Type: analytical cookie.
DEFAULT_SEGMENT	A cookie used to recognise settings for a business client. Type: necessary cookie.
dtCookie	Dynatrace cookie used to detect whether a given browser has previously been used to access the Bank's website. Used as an analytical tool to monitor errors. Type: analytical cookie.
dtLatC	A Dynatrace session cookie that measures server latency to monitor performance. Enables Millenet to function properly. Type: necessary cookie.
dtPC	Dynatrace cookie used to monitor the overall performance of the website. Required to determine the appropriate endpoints for signal transmission; contains the session ID necessary to establish correlation. Type: analytical, necessary cookie.
dtSa	Dynatrace cookie used to monitor the overall performance of the website. Type: necessary, session cookie.
_ga	A cookie used to distinguish unique users by assigning a randomly generated number as a customer ID. It is included in every page request on the site and used to calculate visitor, session, and campaign data for site analytics reports. It is used to identify the user and aggregate data. Type: analytical (necessary to solve user problems related to the processes performed through the site, error control) or marketing cookie.
_gaexp	Cookie for A/B tests. It remembers which version of the page the user has seen. Type: analytical, necessary cookie.
_ga_DJ8B9NM8HM	A cookie used by Google Analytics to collect data on the number of visits to the website by the user and the date of the first and last visit. Type: analytical cookie.
clientchoice	A cookie that stores information about the type of user's device (desktop / mobile / tablet), which is transmitted when applying for an account / contact forms along with customer data. Type: necessary cookie.
_gat_UA-XXXXXXXX-X	Cookie used to limit the speed of sending requests - limits the collection of data on high-traffic pages. Contains the ID of the Bank's Google Analytics tool. The purpose of this cookie is to maintain the operation of Google Analytics (supports the operation of other cookies), it does not collect data about users. Type: analytical cookie.
_genesys.widgets.app.autoLoadList	Cookie supporting the tool for conducting user / client chats – with a consultant on the Bank's website. Type: necessary cookie.
_genesys.widgets.webchat.metaData	Cookie supporting the tool for conducting user / client chats – with a consultant on the Bank's website. Type: necessary cookie.
_genesys.widgets.webchat.state.index	Cookie supporting the tool for conducting user / client chats – with a consultant on the Bank's website. Type: necessary cookie.
_genesys.widgets.webchat.state.keys	Cookie supporting the tool for conducting user / client chats – with a consultant on the Bank's website. Type: necessary cookie.
_genesys.widgets.webchat.state.open	Cookie supporting the tool for conducting user / client chats – with a consultant on the Bank's website. Type: necessary cookie.
_genesys.widgets.webchat.state.ping	Cookie supporting the tool for conducting user / client chats – with a consultant on the Bank's website. Type: necessary cookie.
_genesys.widgets.webchat.state.session	Cookie supporting the tool for conducting user / client chats – with a consultant on the Bank's website. Type: necessary cookie.
_gcl_au	A cookie used to remember the user's device (element of applications and contact forms) and to associate a click on an advertisement with filling out a contact form or submitting an application for a Bank's product. Type: analytical.
_gcl_dc	A Google Analytics cookie that combines a click on an ad with a conversion. Used for conversion measurement. Type: analytical.
_gid	Google Analytics cookie, used to distinguish users. Type: analytical cookie.
DSID	Google Analytics cookie, used to distinguish users. Type: analytical cookie.
HomeBankingAuthForms	Existing authentication token. Type: necessary cookie.
HSID	A Google cookie for security purposes, used by Google to authenticate users, prevent unauthorised use of login credentials, and protect user data from unauthorised action. Type: necessary Google cookie.
IDE	A Google cookie that contains a unique code to determine which ads have been displayed on the particular device. Type: marketing cookie.
JSESSIONID	Default, session cookie. Type: analytical, marketing cookie.
LANGUAGE	A cookie of the domain www.bankmillennium.pllink otwiera się w nowym oknie that stores the language selected by the user. Type: necessary cookie.
LB_bank_cookie	A cookie needed to maintain a session from the front-end. Type: necessary cookie.
NID	A cookie that contains a unique identifier that Google uses to remember user preferences and other information – for example, on the preferred language, the number of search results displayed on a page (e.g., 10 or 20), and turning SafeSearch on or off. Type: marketing cookie.
millenet	A cookie supporting the operation of the WebTrends tool, used to analyse traffic on the Bank's pages before and after logging in. Type: analytical, necessary.
PSESSIONID	Session cookie supporting the operation of the portal backend. Type: necessary cookie.
S	Google cookie. Type: marketing cookie.
SAPISID	Google uses HSID, SSID, APISID and SAPISID cookies to collect information for the Google search engine contained on the website. Cookies can also be used to authenticate users, prevent fraudulent use of login data and protect user data from unauthorised persons. Type (depending on the purpose): marketing, analytical Google Analytics cookie.
SEARCH_SAMESITE	The SameSite cookie prevents the browser from sending a cookie along with cross-site requests. The main goal is to reduce the risk of information leakage and support protection against cross-site request forgery attacks. Type: analytical, necessary cookie.
SID	A cookie saved by the Google domain, allowing the blocking of hacker attacks, e.g. attempts to intercept content from forms filled out in Google services. Type: necessary cookie.
SIDCC	A cookie used by Google to display personalised ads on Google sites based on recent searches and previous interactions. Type: analytical, marketing cookie.
SSID	A cookie used by Google to display personalised ads on Google sites based on recent searches and previous interactions. Type: analytical, marketing cookie.
__Secure-3PAPISID	A Google cookie, creates a profile of the interests of website visitors to display relevant and personalised advertisements through retargeting. Type: marketing cookie.
__Secure-3PSID	A Google cookie, used for targeting purposes, to create a profile of the interests of a website visitor in order to display relevant and personalised Google ads. Type: marketing cookie.
__Secure-APISID	A Google cookie, used for targeting purposes, to create a profile of the interests of a website visitor in order to display relevant and personalised Google ads. Type: marketing cookie.
__Secure-HSID	A cookie saved by the Google domain, allowing the blocking of hacker attacks, e.g. attempts to intercept content from forms filled out in Google services. Type: necessary cookie.
__Secure-SSID	A Google cookie, used for targeting purposes, to create a profile of the interests of a website visitor in order to display relevant and personalised Google ads. Type: marketing cookie.
__RequestVerificationToken_XXX	A cookie of the domain www.bankmillenium.pl used to prevent counterfeiting (CSRF attacks). Type: necessary cookie.
userContext	Cookie required to communicate with older Millenet components in order to provide services by the Bank. Type: necessary cookie.
_TransferVerification	A cookie containing a timestamp, a timestamp used to detect malware scripts in Millenet. Type: necessary cookie.
WT_FPC	A system cookie is used to track users, i.a. to detect errors and analyse traffic. Type: analytical.
WT_ID	A cookie that stores an id that identifies the user as a web browser (persists until the user expires, deletes cookies or for the private mode of the browser until it is closed). The ID from this cookie is attached to the logs collected by the tool and serves the possibility of linking logs from the user's visit to the bank's website between the portal part before logging on and the Millenet pages after logging on). Type: analytical.
x_bm_auth_ret	Cookie used for the purposes of authorisation and proper functioning of Millenet. Type: necessary cookie.
XSRF-Token	A cookie used to prevent Cross-Site Request Forgery (XSRF/CSRF) attacks. Type: necessary cookie.
x-unblu-clientdata	A functional cookie, required by Unblu in order to provide services by the Bank. Type: necessary cookie.
x_bm_auth	Cookie used for authorisation purposes, without it some functions of the Millenet system are corrupted. Type: necessary cookie.
x_bm_auth_expiry	A cookie used to periodically refresh the necessary x_bm_auth token for authorisation. Type: necessary cookie.
x_bm_dcte_id	A cookie used to transfer information between the old and new Millenet websites. Type: necessary cookie.
x-ub-mc	A cookie containing data transmitted to Unblu for diagnostic purposes. Type: analytical, session cookie.
x-ub-sg	A cookie containing a signature used to confirm that the x-ub-mc file was delivered by the server and not falsified by the user. Type: necessary, analytical cookie.
x-unblu-device	A functional cookie, used to identify the browser and device, necessary for the provision of services by the Bank using Unblu. Type: necessary cookie.
x-unblu-recorder-session	A functional cookie, necessary for the proper provision of services by the Bank using Unblu. Used when there is an active session with the Unblu Collaboration Server. Type: necessary cookie.
x-unblu-session	A functional cookie, necessary for the proper provision of services by the Bank using Unblu. Used when there is an active session with the Unblu Collaboration Server. Type: necessary cookie.
_fbp	A cookie from the Facebook social network, used by Facebook for marketing purposes, e.g. advertising products from third-party advertisers. Type: marketing cookie.
fr	The "fr" cookie is used to deliver, measure the effectiveness and increase the relevance of advertisements with an uptime of 90 days. Type: analytical, marketing cookie.
.DDMMUI-PROFILE	A Google cookie, generated to show ads to the user that are in line with his preferences. Type: marketing cookie.
{ASP.NET_SessionId}/Single example: 02f0j1yr22jkf10g0u35v3x2/Single	Cookie used by the archived version of Milledesk on the Bank's WebForms websites. Type: necessary cookie.
sfbShellAppLaunched

Is it necessary to accept cookies?

Accepting cookies is voluntary. You can (1) deactivate the installation or delete cookies via your own browser settings on your device or (2) refuse to give consent for installation of cookies for marketing purposes.

In the first case, it may have an impact upon performance of certain functionalities of Bank websites, e.g. prevent you from logging in to the internet banking service or interfere with its correct operation.

Using Bank Millennium web site you may refuse to give consent for using cookies for marketing purposes. However, this will result in the Bank’s advertisements not being adjusted to your preferences. This means that if you are or were interested in the Bank’s offer, you will not see information on the Bank’s services or promotions you might be interested in and ads displayed on the screen of your device will be generic, contextual in nature (i.e. they will be displayed on the basis of population – similar to how ads are placed in magazines) – both on Bank’s websites and other sites you might visit.

Change in consent

I agree that Bank Millennium S.A. (“Bank”) uses marketing cookies stored on this device when I use Bank Millennium services. I want the Bank to provide me with tailored marketing information and also show me personalized products and services. Additionally, the Bank may combine the data collected in this way with my other data held by the Bank in accordance with the information provided on the Data protection and privacy policy page.

You can withdraw your consent at any time by deleting cookies from your device or by clicking the button to revoke your consent, in accordance with the information provided on the Data protection and privacy policy page.

select an option inactive consent active consent

Switching-off cookie files

Currently, most web browsers on the market accept the storing of cookies by default. Every user has an option to define conditions of use of these files by appropriate internet browser setup. This means that you can, for example, partially (e.g. temporarily) limit or completely disable the possibility of storing cookies – in the latter case it might, however, have impact upon certain functionalities e.g. login to Millenet will not be possible, applications cannot be used including application for account opening.
You can also delete the cookies stored in your browser at any time. Detailed information on how to change the cookie settings and how to delete cookies yourself in the most popular web browsers is available in the help section of your browser and on the following pages:

Deactivation of mobile device ID

The IDs used by the Bank are necessary for the proper provision of services and, unlike advertising IDs, cannot be changed or reset by the user. It is not possible for the user to change or reset the Device ID.

For more on the rules for accessing information in the mobile application, please refer to the Mobile Application Privacy Policy.

If you do not agree with the Mobile Application Privacy Policy, including disagreement with the terms of use of information stored on your device, you should not install the mobile app or, if installed, uninstall it.

Cookies and mobile device IDs and personal data

Internet IDs such as IP addresses, mobile device IDs, cookie identifiers - may constitute personal data for the Bank. At the same time, information available in cookies to entities other than the Bank is encrypted in such a way that no data of the Bank websites users are transmitted. For information about the Bank's processing of personal data, including the purposes, length and basis of processing, as well as the transfer of information to third parties in countries outside the European Economic Area (EEA), please see the Privacy Policylink opens in the new window.

The website is administered by Bank Millennium S.A. with its registered office in Warsaw:

address: ul. Stanisława Żaryna 2A, 02-593 Warszawa,
telephone: (+48) 801 331 331 or (+48) 22 598 40 40 – for mobiles and calls from abroad (cost of connection as per operator tariffs)
e-mail: kontakt@bankmillennium.pl

Personal data processing in the Bank is supervised, for correctness, by the Data Protection Officer:

address: Data Protection Officer, Bank Millennium S.A., ul. Stanisława Żaryna 2A, 02-593 Warszawa,
e-mail: iod@bankmillennium.pl.

Additional information

The Bank's websites may contain links to other websites. On Bank internet sites you might find links to other WWW sites. The Bank shall not be liable for the use of cookies on such sites nor for compliance with privacy protection rules on these sites. Users are recommended to learn, when entering other websites, the read Privacy Policy and Cookie Policy regarding Cookie Files. Principles stipulated in this Policy Regarding Cookie Files and Similar Technologies apply solely to Bank websites or apps.

Useful links

Bank's privacy policy and information clauses: Data Protection.
Mobile application privacy policy: Mobile App Privacy Policy.