PRIVACY AND COOKIES INFORMATION
Personal data protection notice pursuant to articles 13 and 14 of European Regulation 2016/679- the General Data Protection Regulation (“GDPR”)
Kairos Partners SGR S.p.A. (the “company”) believes in the fundamental importance of safeguarding the confidentiality of its clients’ data. This is why it has always been careful to process and store the personal data disclosed to it with full transparency and in compliance with current regulations and the highest security standards.
In accordance with the GDPR, the company informs you that the personal data you provide shall be processed in compliance with the law and the principles of confidentiality.
The Data Controller is Kairos Partners SGR S.p.A., based in Milan, Via San Prospero 2, and legally represented by its CEO.
The Data Protection Officer, as defined in the GDPR, is Ecoconsult S.r.l., based in Milan, Via C. Goldoni 1 – email: email@example.com.
The Internal Data Treatment Officer for compliance issues and replies to data subjects is the Internal Audit Officer, domiciled for the purposes of this office with the Data Controller – email: firstname.lastname@example.org.
Purposes of data processing
The personal data indicated above shall be processed within the scope of the company’s normal operations and for the purposes indicated below:
a) legal purposes, i.e., to meet obligations under law, regulations, EU legislation or provisions of lawful Authorities;
b) contractual purposes, and, more generally, administrative/accounting purposes, i.e., to meet the obligations arising from contracts to which you are a party or to meet your specific requests, which may entail using methods of remote communication;
c) commercial purposes, i.e., to provide you with information and send you advertising material, which may entail using methods of remote communication, on the company’s or third parties’ products, services or initiatives, to promote the same, for direct sales campaigns, to conduct market research, to monitor the quality of products and services offered to you, to improve the same offer, to send commercial information, to conduct statistical research, to profile you in order to take appropriate commercial decisions, to disclose the data to third parties so they may carry out their own commercial initiatives.
Providing your personal data for the purposes indicated in points a) and b) above is necessary to enter into contracts and perform them. Failure to provide the data could make it impossible to enter into and perform the contracts or to fulfill your requests.
Providing your personal data for the purposes indicated in point c) is optional, and without your consent we will not be able to provide you with material and advertising information on the company’s or third parties’ products, services or initiatives indicated above.
The company may process your sensitive data solely to the extent necessary for the performance of the specific transactions that you have requested or to manage certain transactions between you and the company, exclusively with your consent and in compliance with the Personal Data Protection Authority’s authorization, except for the specific cases expressly provided for by law.
With respect to the purposes indicated, the personal data shall be processed using manual, automated and electronic instruments with methods and logic strictly related to the same purposes and, in any case, in such a way as to ensure that the data remain secure and confidential.
Profiling and similar forms of processing
The company shall not process the data using automated decision-making processes. If the company decides to use such forms of data processing, it shall issue a specific notice indicating the logic used and the importance and consequences of such processing.
Based on the different purposes and aims for which the data were collected, the personal data shall be stored for the period of time provided for by the relevant legislation, i.e., the amount of time strictly necessary for the purposes and to protect the Data Controller’s rights in the event of legal disputes. However, the data shall be stored in accordance with the principles of necessity, purpose limitation, data minimisation and proportionality endorsed by the GDPR.
Within the company, your personal data could become known to employees and people working for the company in any capacity, assigned to services and offices, and to external and internal structures that perform technical, support and controlling duties on the company’s behalf.
To perform some of the activities related to the purposes for which the personal data are processed, as specified above, the company is assisted by external parties, including foreign entities, such as:
• banking and financial brokerage companies;
• data processing firms;
• service companies (e.g., envelope stuffing and customer notification);
• automated data management outsourcers;
• auditing firms;
• payment management outsourcers;
• legal and tax advisory firms for purposes closely related to the performance of our business activity;
• banks and bank branches;
• other subjects that have the right to access your personal data pursuant to the provisions of law or secondary or EU legislation.
In addition to meeting legal purposes, the data may be disclosed to meet anti-money laundering and anti-terrorism obligations pursuant to Italian Legislative Decree no. 90/2017, as amended and integrated, as well as to meet the company’s own contractual or commercial purposes and for the independent commercial purposes of the companies in the Kairos or Julius Baer group, or, in any case, parents, subsidiaries or associates.
The list of external and internal officers is updated continuously and stored at the company’s office where a free copy may be requested.
Transfer to third countries
Personal data may be transferred to third countries, as defined by the GDPR, where the European Commission has decided that the third country in question ensures an adequate level of protection, or in any case transferred to third countries with the appropriate safeguards (e.g., specific contractual clauses), pursuant to article 46 of the GDPR, or if there are binding corporate rules. Copies of the related documentation may be requested from the Internal Data Treatment Officer for compliance issues and replies to data subjects, including via email: email@example.com.
Data subject’s rights
Lastly, we inform you that articles 15 to 22 of the GDPR give the data subjects specific rights. In particular, data subjects shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning them are being processed and, where that is the case, to access the personal data.
Data subjects may also request:
• the erasure, rectification or limited processing of the personal data concerning them;
• the restriction of data processing for legitimate reasons;
• to receive the personal data concerning them in a structured, commonly used and machine-readable format and have the data transmitted to another controller (the right to portability).
To exercise these rights, data subjects may write to the Internal Data Treatment Officer for compliance issues and replies to data subjects indicated above, by post or email: firstname.lastname@example.org.
Data subjects also have the right to withdraw any consent given at any time, without affecting the lawfulness of processing based on consent before its withdrawal, and they may lodge complaints with the Personal Data Protection Authority.
The computer systems and software that guarantee the functioning of this website acquire certain personal data in a way that is implicit in the browsing of websites.
This is information that is not collected in order to be associated with identified persons, but that by its very nature could, through processing and association with data held by third parties, done only at the explicit request of legal authorities, enable users to be identified.
This category of data includes IP addresses of domain names of computers used by users accessing the site, address in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, and parameters relating to the operating system and to the user’s IT platform. These data are used for the sole purpose of collecting anonymous statistical information on the use of the site and to check its correct functioning.
This site uses two different types of cookie: