site.search.label [en-US]
PRIVATE AREA

Privacy

Privacy Policy

Intermonte considers the protection of personal data a fundamental principle in the provision of its investment services and is committed to ensuring the security and confidentiality of personal data. To this end, it defines and implements privacy policies that comply with the principles set out in Regulation (EU) 2016/679 on the protection of personal data (“GDPR”), Legislative Decree no. 196 of 30 June 2003 (the Italian Data Protection Code), as well as with the provisions issued by national and European supervisory authorities in this field. 

Data Controller

INTERMONTE SIM S.p.A. acts as the Data Controller
•    Registered, operational and administrative office at Galleria De Cristoforis, 7/8 – 20122 Milan (MI), Italy
•    website: https://www.intermonte.it/it/index.html
•    contact: Tel +39 02 771151, e-mail compliance@intermonte.it 

Data Protection Officer

The Data Controller has appointed a Data Protection Officer (“DPO”), in accordance with Article 37 of the GDPR.
The DPO may be contacted through the following channels:
•    tel. +39 02 771151 
•    e-mail: dpo@intermonte.it

Categories of Data Processed and Legal Basis for Processing

Intermonte processes the personal data of data subjects on the basis of the following legal grounds:
•    Personal data of a common nature relating to candidates and employees
•    Special categories of personal data relating to employees 
•    Personal data of a common nature relating to clients
•    Special categories of personal data relating to clients and suppliers 
The personal data processed by the Company fall within the following categories of data subjects (databases):
•    Prospective clients
•    Prospective suppliers/outsourcers
•    Clients
•    Suppliers/outsourcers
•    Business partners/counterparties
•    Candidates for potential employment
•    Employees
•    Collaborators/self-employed workers
•    Company officers
For further information regarding data processing carried out through the use of cookies, please refer to the Cookie Policy available in the relevant section of the website.

Methods of Data Processing

Intermonte adopts a data protection policy in line with the GDPR. In particular, the methods of data processing take into account the following principles:
•     Lawfulness, fairness and transparency: personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject.
•     Purpose limitation: personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
•     Data minimisation: personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
•     Accuracy: personal data must be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that inaccurate personal data are rectified or erased without delay.
•     Storage limitation: personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
•    Integrity and confidentiality: personal data must be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures.

Data Retention Periods

The personal data provided by the data subject will be processed for the time necessary to fulfil the purposes set out above. Once the purposes for which the personal data were collected have been achieved, in accordance with internal procedures, any outdated documentation will be promptly identified and securely deleted.
Should the data subject consider, for any reason, that the purpose of the processing has been fulfilled, they may notify Intermonte in writing. Intermonte will proceed with the immediate deletion of the information, provided that such request does not conflict with applicable legal obligations.

Rights of the Data Subject

The data subject may exercise all the rights provided for under Article 15 et seq. of Regulation (EU) 2016/679, namely:
•    Right of access, 
•    Right to rectification, 
•    Right to erasure (“right to be forgotten”), 
•    Right to restriction of processing, 
•    Right to data portability, 
•    Right to object to processing, 
•    Right to withdraw consent, where applicable
•    Right to lodge a complaint with the Data Protection Authority

The data subject also has the right to request from Intermonte SIM, and to obtain in a structured, commonly used and machine-readable format, the personal data concerning them (Articles 15 et seq. of Regulation (EU) 2016/679). Responses to requests for the exercise of data subject rights will be provided within 30 days, with the possibility of an extension of a further 30 days where permitted by law.
In the event that processing is carried out in breach of the GDPR and the relevant national provisions, the data subject has the right to lodge a complaint with the Data Protection Authority or to bring proceedings before the competent judicial authority.
To exercise their rights, the data subject may contact Intermonte using the contact details provided in this section.

Implementation Methods
These rights may be exercised in various ways: directly by submitting an oral or written request to the Company, through a legal representative upon presentation of a specific power of attorney or delegation to be attached to the request, or by means of dedicated tools (e.g. platforms) through which previously granted consent may be withdrawn.
The exercise of these rights is assessed taking into account:
•    legal obligations,
•    the need to protect the privacy of any third parties concerned,
•    other relevant public interests to be balanced against the right to privacy.
For the exercise of these rights, the data subject, depending on the nature of their relationship with Intermonte, may contact directly:
•    Legal & Administration Department, if the data subject is or has been an employee;
•    Operations Department, if the data subject is or has been a client or a supplier;
•    Digital & Advisory Department, if the data subject is or has been a client within the Digital Division.
The data subject may also lodge a complaint (a written statement contesting a specific unlawful act by Intermonte in relation to the processing of the complainant’s personal data) if they believe that their right to privacy has been violated. In such a case, please refer to the dedicated Complaints section available on the Company’s website.