INFORMATION REGARDING DATA PROCESSING
Pursuant to Article 13 of Regulation (EU) No. 2016/679 on the protection of personal data (hereinafter the "Regulation"), InvestiRE SGR S.p.A. (hereinafter "InvestiRE" or the "Company" or the "Data Controller"), as the data controller, wishes to provide the user (hereinafter "User" or "Data Subject") with certain information regarding the processing of personal data concerning him/her carried out within the framework of the desktop and mobile version of the website "www.investiresgr.it" (hereinafter the "Site") owned by the Data Controller.
This information does not concern other sites, pages or online services that can be reached through other websites of the Company.
1. Collection of navigation data
The computer systems and the technical and software procedures underlying the operation of the Site acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the access and operation mechanisms and protocols of Internet.
Each time the User connects to the Site and each time he or she calls up or requests content, access data is stored at our systems, in the form of tabular or linear data files.
This category of data includes, for example, IP addresses, the domain names of the computers used by Users who connect to the Site, the request from the User's browser, in the form of addresses in URI (Uniform Resource Identifier) notation, the date and time of the request to the server, the method used in submitting the request to the server, the amount of data transmitted, the numerical code indicating the status of the response given by the server, and other parameters relating to the User's operating system and computer environment.
This data may be used by the Data Controller for the sole purpose of obtaining anonymous statistical information on the use of the Site in order to identify the pages preferred by Users and thus provide increasingly appropriate content and to check its proper functioning. At the request of the Authority, the data could be acquired and used to ascertain responsibility in case of hypothetical computer crimes against the Site or its Users. The Company has a legitimate interest in processing the data for the above purposes in the terms and limits highlighted above.
2. Cookies and other tracking systems
Technical cookies are used within the Site, while analytics cookies are not used, nor are cookies or other tracking systems for users profiling.
For more information see the Site's Cookie Policy.
3. Purpose and legal basis for processing
Personal data collected through the Site will be processed in order to provide the services offered by the Site, requested or used by the User.
In dedicated sections of the Site, the User has the opportunity to transmit personal data (e.g. e-mail address, first and last name, social security number, other data , etc.). The sending of this data is done on an optional, explicit and voluntary basis, and involves the subsequent acquisition of the sender's e-mail address, which is necessary to respond to requests, as well as any other personal data entered for the purposes of the specific service requested. Further, specific information on the processing of personal data may also be reported or displayed, where necessary, in the sections of the Site set up for particular services on request and/or based, if applicable, on the consent of the Data Subject.
In addition, sending e-mail messages to the Controller's addresses on the Site involves the acquisition by the Controller of the sender's e-mail address. This e-mail address, together with other personal data that may be collected, is necessary in order to respond to the requests sent and to provide the services expressly requested.
The above data, also summarized in Section 4 below, are processed by the Data Controller for the above purposes and in particular for:
- allow navigation, provide any services that may be requested, ensure the security and proper functioning of the Site, process anonymous statistical information with reference to the number and type of accesses and views of pages of the Site and/or individual ads, and monitor the service levels of the Site and the Data Controller's suppliers in terms of the speed, adequacy and completeness of the answers provided;
- answering - directly and/or through the parties indicated in paragraph 6 below - to requests for applications formalized through the Site in order to provide, where possible and within the limits provided by the regulations in force, feedback to the requests.
For the aforementioned purposes, the processing of personal data is therefore necessary for the execution of measures requested by the data subject, the fulfillment of related regulatory obligations and the pursuit of legitimate interests of the Data Controller for the purpose of carrying out organizational, technical and security activities concerning the management of the Site and related services.
4. Categories of data processed
In connection with the above purposes, through the Site, the Data Controller collects and processes the navigation data referred to in point 1 above and, if it wishes to submit its application, the following personal data "first name," "last name," "e-mail address," and "tax code," "education," "experience," "area of interest," as well as any other information that may be provided by the Data Subject.
For the Services of the Site, no processing of special categories of personal data (such as, for example, personal data disclosing health status, political and trade union opinions, religious beliefs, etc.) is carried out.
Personal data will hereinafter be collectively referred to as "Data".
5. Nature of provision of Data
The provision of Personal Data is mandatory for the pursuit of the purposes set out in point 3, letter a) above, and any refusal by the User to provide such Data will result in the impossibility of receiving the service of the Site.
On the other hand, the provision of Data is optional for the other purposes and, in case of refusal, the Data Subject will not be able to access the requested service.di ricevere il servizio del Sito.
6. Method of processing and data retention time
The processing of the Data Subject's Data will be carried out with the aid of mainly automated tools and procedures suitable to guarantee their security and confidentiality in accordance with the law, with methods and logics strictly related to the above purposes.
The Data are not subject to an automated decision-making process.
The Data acquired as a result of the navigation and use of the Site are processed by the Data Controller for the time strictly necessary to provide the services requested and to carry out the related technical and security operations, as well as, once this period has ended, for the time period possibly established by the regulations in force for administrative and possibly defensive purposes.
In relation to the additional purposes referred to in 3(b) above, the Data may be retained by the Data Controller for a period of 2 years from the request of the data subject or, where applicable, from the provision of the data subject's consent, without prejudice to the data subject's ability to revoke it at any time.
7. Categories of subjects to whom the Data may be communicated or who may be made aware of it and the scope of dissemination thereof
Certain categories of employees of the Company, in their capacity as persons authorized to process, may have access to the Data Subject's Data for the purpose of the fulfillment of the duties assigned to them by the Company, aimed at the pursuit of the purposes illustrated above.
In addition, the Company, again for the pursuit of the purposes illustrated in this policy, may need to communicate the Data Subject's Data to the following recipients:
- subjects who perform, on behalf of or for the Company, tasks of a technical nature and professional assistance or advice;
- companies managing and maintaining the Site;
- public bodies, supervisory and control bodies and judicial authorities or judicial police for the need to fulfill regulatory obligations or to ascertain responsibility in case of cyber crimes related to the use of the Site.
I soggetti appartenenti alle categorie sopra menzionate possono agire quali responsabili del trattamento ove effettuato per conto di InvestiRE oppure operano in autonomia come distinti titolari del trattamento.
The Data Subject's Data processed by the Company will not be published or otherwise disseminated and will also not be transferred to third countries outside the European Economic Area.
8. Rights of the Data Subject
The Data Subject may exercise, at any time, his/her rights towards the Controller, pursuant to the Regulation, namely:
- access the Data concerning him/her and obtain certain information on their processing;
- rectify or complete them if inaccurate or incomplete;
- delete or restrict their processing, where applicable;
- object to their processing on grounds relating to his particular situation;
- withdraw consent, where the processing is based on such consent;
- obtain the portability of data subject to automated processing and based on consent or a contract with the Data Subject;
- lodge a complaint with the Data Protection Supervisor.
9. Controller of data processing
The Data Controller referred to in this information document is "InvestiRE SGR S.p.A.", with registered offices in Via Po, 16 / a - 00198 Rome and with offices in Milan, Largo Donegani, n.2– 20121, which can be contacted at the following addresses: Tel: 06 - 696291; Fax: 06 - 69629212; E-mail: trattamentodati@investiresgr.it.
10. Procedures for the exercise of rights by the Data Subject
Claims relating to the exercise of the rights referred to in Section 8 of this Privacy Policy may be submitted in writing by e-mail to the following address: trattamentodati@investiresgr.it.
11. Updates
This Privacy Policy may be subject to change and update. If substantial changes are made to the Data Controller's use of the Site User Data, the Data Controller will notify the User by posting such changes on the Site.
Text updated on September 2023