Intermonte SIM SpA (hereafter also referred to as “Intermonte”), part of Intermonte Group of SIM, provides products and services to parties such as corporations, financial institutions, legal persons, and public sector organizations, including through its “Websim” and “TIE” divisions. This Privacy Statement explains how Intermonte, or any of its divisions, process personal data about people with whom we come into contact (referred to as “you” in this document) in the course of our dealings with such clients and other relevant persons. This includes employees, officers, directors, beneficial owners and other personnel of our clients, service providers and other business counterparties (referred to as “Your Organization” in this document). 1. Identity and contact details of the controller for your personal data Intermonte SIM S.p.A. - with registered office in Galleria de Cristoforis 7/8 – 20122 Milan, Italy, tel. 003902771151, fax 00390277115300 - is the controller of your personal data. For more details, you can contact our Privacy Officer at privacy@intermonte.com, tel. 00390277116478. 2. Purposes of the processing of your personal data and the legal basis for doing so We process your personal data, as necessary to pursue our legitimate business and other interests, for the following reasons: • to provide financial products and services to our clients and to communicate with you and/or our clients about them; • to manage, administer and improve our business and client and service provider engagements and relationships and for corporate marketing, business development and analysis purposes; • to monitor and analyse the use of our products and services for system administration, operation, testing and support purposes; • to manage our information technology and to ensure the security of our systems; • to establish, exercise and/or defend legal claims or rights and to protect, exercise and enforce our rights, property or safety, or to assist our clients or others to do this; • to investigate and respond to complaints or incidents relating to us or our business, to maintain service quality and to train staff to deal with complaints and disputes. Data processing is performed using information technology, and in strict conformity with the purposes indicated above. We also process your personal data to comply with laws and regulations. We sometimes go beyond the strict requirements of the relevant law or regulation, but only as necessary to pursue our legitimate interests in cooperating with our regulators and other authorities, complying with foreign laws, preventing or detecting financial and other crimes and regulatory breaches, and protecting our businesses and the integrity of the financial markets. This involves processing your personal data for the following reasons: • to cooperate with, respond to requests from, and to report transactions and/or other activity to, government, tax or regulatory bodies, financial markets, brokers or other intermediaries or counterparties, courts or other third parties; • to conduct compliance activities such as audit and reporting, assessing and managing risk, maintenance of accounting and tax records, fraud and anti-money laundering (AML) prevention and measures relating to sanctions and antiterrorism laws and regulations and fighting crime. This includes know your customer (KYC) screening (which involves identity checks and verifying address and contact details), politically exposed persons screening (which involves screening client records against internal and external databases to establish connections to ‘politically exposed persons’ (PEPs) as part of client due diligence and onboarding) and sanctions screening (which involves the screening of clients and their representatives against published sanctions lists); • to monitor and analyse the use of our products and services for risk assessment and control purposes (including detection, prevention and investigation of fraud); • to record and/or monitor telephone conversations so as to maintain service quality and security, for staff training and fraud monitoring and to deal with complaints, disputes and potential and/or actual criminal activity. To the extent permitted by law, these recordings are our sole property. In most cases, as defined by GDPR regulation, we do not rely on consent as the legal basis for processing your personal data. If we do rely on your consent we will make this clear to you at the time we ask for your consent. If you do not provide information that we request, we may not be able to provide (or continue providing) relevant products or services to, or otherwise do business with, you or Your Organization. 3. Sources of your personal data We process personal data that you provide to us directly or that we learn about you from your use of our systems and our communications and other dealings with you and/or Your Organization. Your Organization will also give us some personal data about you. This may include your date of birth, title and job description, contact details such as your business email address, physical address and telephone number and other information required for KYC, AML and/or sanctions checking purposes (e.g., copies of your passport or a specimen of your signature). We also obtain some personal data about you from international sanctions lists, publically available websites, databases and other public data sources. 4. Recipients or categories of recipients of your personal data We disclose your personal data, for the reasons set out in Section 2, as follows: • to Your Organization in connection with the products and services that we provide to it if Your Organization is our client, or otherwise in connection with our dealings with Your Organization; • to other entities part of Intermonte Group of SIM for the purpose of managing Intermonte’s client, service provider and other business counterparty relationships; • to counterparty banks, payment infrastructure providers and other persons from whom we receive, or to whom we make, payments on our clients’ behalf; • to financial institutions, governmental authorities and their agents, insurers, due diligence service providers and credit assessors, in each case in connection with the products and services that we provide to Your Organization if Your Organization is our client, including in connection with financings; • to service providers that provide application processing and/or other customer services, fraud monitoring, hosting services and other technology and business process outsourcing services; • to our professional service providers (e.g., legal advisors, accountants, auditors, insurers and tax advisors); • to government and law enforcement authorities and other persons involved in, or contemplating, legal proceedings, courts or other tribunals in any jurisdiction, to competent regulatory, prosecuting, or tax authorities; • to other persons where disclosure is required by law or to enable products and services to be provided to you or our clients; • to prospective buyers as part of a sale, merger or other disposal of any of our business or assets. 5. Transfer your personal data We may transfer your personal data to Intermonte entities, regulatory, prosecuting, tax and governmental authorities, courts and other tribunals, service providers and other business counterparties located in countries outside the European Economic Area (EEA), including countries which have different data protection standards to those which apply in the EEA. When we transfer your personal data to Intermonte entities part of Intermonte Group of SIM, service providers or other business counterparties in these countries, we will ensure that they protect your personal data in accordance with EEA-approved standard data transfer agreements or other appropriate safeguards. 6. Storage of your personal data We keep your personal data for as long as is necessary for the purposes of our relationship with you or Your Organization or in connection with performing an agreement with a client or Your Organization or complying with a legal or regulatory obligation. 7. Rights of the data subject You can ask us to: (i) provide you with a copy of your personal data; (ii) correct your personal data; (iii) erase your personal data; (iv) restrict our processing of your personal data or (v) portability of your personal data. You can also opt out of the processing of your personal data for direct marketing purposes or object to our other processing of your personal data. These rights will be limited in some situations; for example, where we are required to process your personal data by EU or EU member state law. To exercise these rights or if you have questions about how we process your personal data, please contact us using the contact details in Section 1. We can in particular, provide copies of the data transfer safeguards referred to in Section 5. You can also complain to the relevant data protection authorities in the EEA member state where you live or work or where the alleged infringement of data protection law occurred. 8. Changes to this Privacy Statement In the event of changes to this Privacy Statement, we will post the new version to the website www.intermonte.it and, where appropriate, to the websites of Intermonte divisions, in order to keep you fully aware of our processing of your personal data and of related matters.
Last update: October 2019