Privacy

illimity Società di Gestione del Risparmio S.p.A., as Data Controller (in the following “illimity SGR”), ensures the greatest attention to confidentiality, protection and security of personal data of the people it comes into contact with.

The user of this website is encouraged to read in advance all of the sections of this document, where the website’s management procedures related the processing of users’ personal data are described. This also constitutes a privacy notice pursuant to EU Regulation 679/2016 (GDPR) provided to everyone who is interacting with illimity SGR’s web services accessible through the internet at the following address: https://www.illimitysgr.com.

This privacy notice applies only to illimity SGR’s website and not to any other website the user could land on through links found on illimity SGR’s website. illimity SGR does not have any kind of control over those websites and over the procedures they put in place to guarantee data confidentiality and protection. Therefore, we strongly recommend reading privacy provisions of every entity you get in touch with before communicating personal information.

Data controller

The Data Controller is illimity Società di Gestione del Risparmio S.p.A., with registered office in Via Soperga 9, 20124 Milano (MI). E-mail address: info@illimitysgr.com– Certified e-mail address: illimitysgr@pec.illimitysgr.com.

The Data Protection Officer can be contacted at the following addresses:

1. - mailing address: Via Soperga 9, 20124 Milano;
2. - e-mail address:dpo@illimity.com

Purposes of the processing and lawfulness principles

Personal data illimity SGR might have access to are exclusively those provided by you while surfing the website through the optional, explicit and voluntary sending of the modules found on this website or of e-mails to the addresses on this website. Failure to provide the data might determine the impossibility for illimity SGR to provide the requested service. The conditions for the lawfulness of the processing are the following:

1. (i) your consent;
2. (ii) fulfilment of legal obligations.

The processing of your personal data may be carried out through manual and telematic tools.

Categories of processed data

illimity SGR processes personal data directly gathered from the client or from third parties, including, for instance, personal details and information on device used (e.g. operating system installed, etc.)

Means of processing

Data are processed through manual and telematic tools, in order to achieve the specified purposes of the processing. Specific security measures are implemented to avoid the risk of data loss, unlawful or improper use and unauthorized access.

Data recepients

Data might be accessed by natural and legal persons appointed as data processors, as well as authorized persons, who might have access only to such data as are necessary for the performance of their duties. Moreover, data might be communicated to third parties to comply with legal obligations. The list is available by contacting the data protection officer at the following e-mail address: dpo@illimity.com.

Data transfers to third countries

Data might be transferred outside either the EU area or the EEA (so called Third Countries) when the receiving country has been recognized by the European Commission as guaranteeing an adequate level of data protection, or, if not, only when compliance with the standard clauses adopted by the European Commission and any relevant indication given by the Authorities is guaranteed.

Data retention period

illimity SGR retains data for a period of time strictly necessary to the achievement of the specified purposes of the processing, in respect of contractual and/or legal obligations.

Data subjects rights

In accordance with articles from 15 to 21 of the Regulation (EU) 679/2016, data subject may exercise specific data protection rights set out in the list above:

1. 1. Right of access: right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and detailed information on the origin, the purposes, the categories of personal data concerned, the recipients and/or the transfer of data, and more;
2. 2.Right to rectification: right to obtain from the controller without undue delay the rectification of inaccurate personal data, as well as the right to have incomplete personal data completed, including by means of providing a supplementary statement;
3. 3. Right to erasure (“right to be forgotten”): right to obtain from the controller the erasure of personal data without undue delay when:
   • the personal data are no longer necessary in relation to the purposes for which they were processed;
   • consent on which the processing is based is withdrawn, and there is no other legal ground for the processing;
   • the personal data have been unlawfully processed;
   • the personal data have to be erased for compliance with a legal obligation;
4. 4. Right to object: right to object at any time to the processing of personal data having as a legal basis a legitimate interest of the Controller and/or to the processing for marketing purposes, including profiling. In the case of objection to the processing for marketing purposes, the personal data are not processed for those purposes anymore;
5. 5. Right to restriction of processing: right to obtain from the Controller restriction of processing where the accuracy of the personal data is contested (for a period enabling the controller to verify the accuracy of the personal data), the processing is unlawful and/or the data subject has objected to processing;
6. 6. Right to data portability: right to receive the personal data in a structured, commonly used and machine-readable format, and the right to have the data transmitted from one Controller to another, where technically feasible, only where the processing is based on consent or on an agreement and only for the data processed through electronic means;
7. 7. Right to lodge a complaint with a supervisory authority: without prejudice to any other administrative or jurisdictional claim, the data subject that considers the processing that concerns him/her is violating the Regulation has the right to lodge a complaint with the supervisory authority of the member state in which he resides or is established, as well as in the state where the assumed violation occurred;
8. 8. Right not to be subject to an entirely automated profiling: when the profiling is entirely automated, the right to obtain human intervention on the part of the Controller, to express his or her point of view and to contest the decision.

Moreover, we hereby inform you that you have the right to revoke at any time your consent previously given to optional activities, notwithstanding the lawfulness of the processing activities carried out before the withdrawal. To exercise your rights as a Data Subject, you can send your request to:

• mailing address: Via Soperga 9, 20124 Milano - Ufficio Privacy;
• e-mail address: dpo@illimity.com

The content of this website – script code, graphics, texts, charts, images, sounds, and any other information available in any form – are protected within the meaning of legislation in the field of intellectual works. Any company and products referred to in this website are identified by their trademarks, that might be protected by patents and/or copyright granted or registered by the competent authorities. Software products and informative contents, unless specified otherwise, can be downloaded or used for personal use only, or eventually for non- commercial use citing the source.