COSTUMERS
1. CATEGORIES OF PERSONAL DATA AND SOURCE OF DATA
Personal details (name, surname, tax code), as well as the special categories of data referred to in art.9 of the GDPR, for example, are among the Personal Data processed by GAC.
The personal data of Subscribers classified as natural persons or of all the persons authorised to act, as well as the legal representatives or persons authorised to act if Subscribers are classified as legal persons, is usually collected directly from Subscribers at the time of stipulation of the agreement and, occasionally, may be acquired from Family Offices or from third parties (for example, insurance), in the performance of tasks and contractual roles.
2. PURPOSES OF THE PROCESSING AND LEGAL BASIS
The personal data acquired by SGR will be processed exclusively for the following purposes:
1. asset management services, including, for the same purpose, all notifications of personal data to third parties, due to operational or organisational requirements, essential for the performance of the Agreement, operating as the legal basis for the processing of the data contained therein;
2. the fulfilment of legal or regulatory requirements, or those deriving from provisions set forth by the Public Authorities authorised to do so by law and by supervisory and control bodies;
3. the marketing and promotion of new products, subject to the consent of the data subject.
The legal basis of the processing consists of:
1. for the purposes stated in (a) above, the performance of the agreement to which the data subject is party, and in particular the by-laws and regulations of SGR;
2. for the purposes stated in (b) above, the fulfilment of legal obligations;
3. for the purposes of (c) above, the express consent given by the data subject;
The granting of the personal data of the subscriber, as well as its notification to the categories of parties indicated in para. 6 is not mandatory, but any refusal on the part of the data subject to provide his/her ordinary data and/or to give his/her consent to the processing of special categories of personal data will result in the objective impossibility for SGR to provide the services connected to the subscription and/or to be able to fulfil the legal obligations related to the operations of SGR.
The consent to the processing of personal data, when required, is optional, unless it is required under specific laws, such as, for example, anti-money laundering laws. Nevertheless, any refusal to provide the aforesaid data for the pursuit of the stated purposes, will have the following effects:
1. for the purposes referred to in (a) and (b) above, the impossibility for SGR to perform the Agreement, since the requested data is strictly necessary for the establishment and continuation of the contractual relationship;
2. for the purposes referred to in (c) above, the impossibility for the Subscriber to receive business information, without prejudice to the conclusion and performance of the Agreement (the data requested for the aforesaid purposes is not strictly necessary for the establishment and continuation of the contractual relationship).
In any case, SGR acknowledges the right of the data subject to withdraw his/her consent at any time without this affecting the lawfulness of the processing based on consent before its withdrawal.
If Green Arrow Capital SGR wishes to further process the personal data for purposes other than those for which it has been collected, as described above, prior to this further processing it must provide the data subject with information on this other purpose and all other relevant information in this regard.
3. PROCESSING METHODS
Personal data may be processed using manual tools, as well as with the assistance of electronic and computerised means and will be processed pursuing the logics strictly connected to the purposes referred to in point 3 above, with the intention of ensuring the security and confidentiality of the personal data. In any event, similar protection will be ensured if innovative tools leading to remote contact with clients are implemented.
In the event of electronic and non-electronic processing and processing with the use of management and storage systems with state-of-the-art hardware and software, the SGR may make use of third-party service companies that will be made aware of their responsibilities with the notification of the requirement to appoint a Data Processor under art.28 of the GDPR.
4. STORAGE PERIOD OF THE DATA
SGR fixes the storage period of the data according to the legal provisions in force and according to the purposes for which it has been collected and processed.
The personal data collected by the SGR will be processed for the entire length of the existing contractual relationship and, subsequently, for the period envisaged by the laws in force.
The personal data processed for marketing purposes will be stored by SGR until the data subject withdraws his/her consent.
5. CATEGORIES OF PARTIES TO WHOM THE DATA MAY BE COMMUNICATED
If it is instrumental to the pursuit of the indicated purposes, the personal data may be communicated to the companies belonging to the same group of SGR (parent, subsidiary and associated companies), to the Depositary and to the Public Authorities, in compliance with the laws and regulations in force. The personal data may also be communicated to third parties for the provision of IT services, legal, tax and financial assistance and consultancy, mailing and shipping services, optical and paper archiving, disaster recovery services and, more generally, for the performance of the activities connected or instrumental to the business of SGR.
The parties to whom the data may be communicated will process and use the data, depending on the circumstances, as the Data Processors expressly nominated by the Data Controller in accordance with the laws in force, or as autonomous Data Processors.
Green Arrow Capital SGR appoints as “authorised parties” all its employees pro tempore and partners, including occasional partners, that perform tasks involving the processing of personal data.
The list of the names of the parties, to whom the data of the data subjects can be communicated, is at the disposal of the data subjects and may be requested from the Data Controller by sending a specific request.
6. TRANSFER OF PERSONAL DATA OUTSIDE THE EU
The personal data may be transferred by GAC outside the EU if the servers on which the personal data of subscribers is stored is located outside the territory of the European Union (for example, in the case of cloud storage). In this case, the Data Controller henceforth ensures that the data will be transferred outside the EU in compliance with the provisions of the applicable laws in force.
7. CONTACT DATA
Green Arrow Capital SGR has appointed a data protection officer, who can be contacted by the data subjects and by third parties (for example, joint owners) that have provided their personal data as potential beneficiaries of the signed agreement at the email address: privacy@gacsgr.com. The name of the data protection officer can be consulted at the offices of the Data Controller.
8. RIGHTS OF THE SUBSCRIBER
In compliance with the provisions of article 15 of the GDPR, the Subscriber, in his/her capacity as the data subject, will be entitled to exercise specific rights, by sending a request to the data protection officer, including:
• to request the Data Controller for access to the data, its erasure, the rectification of inaccurate data, the integration of incomplete data and the restriction of the processing of the data in the cases laid down in art.18 of the GDPR;
• to object , at any time, fully or in part, the processing of the data necessary for the legitimate pursuit of the interest of the Data Controller;
• if the conditions exist for the exercising of the right to portability referred to in art.20 of the GDPR, to receive the data provided to the Data Controller in a structured, commonly used and machine-readable format, as well as, if technically feasible, to send it to another Data Controller without hindrance;
• to withdraw consent given at any time;
• to lodge a complaint with the competent supervisory authority.
9. METHODS FOR EXERCISING THE RIGHTS
The subscriber may at any time exercise his/her rights by sending a registered letter with return receipt to Green Arrow Capital SGR, for the attention of the Data Protection Officer, via Parigi 11 – 00185 Rome, or an email to the address: privacy@gacsgr.com.
10. DATA CONTROLLER AND DATA PROCESSOR
The Data Controller is Green Arrow Capital SGR, with registered office in Rome, via Parigi 11, represented by its Chief Executive Officer.
The updated list and the names of the Data Protection Officer and the Data Processors are kept at the registered office of the Data Controller.