USER PRIVACY NOTICE PURSUANT TO OF ARTICLE 13 AND 14 OF THE EU REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL OF 27 APRIL 2016 N. 679 (THE “GDPR”)
Dea Capital S.P.A., with registered office in Milano, Via Brera 21, telephone number (+39) 02 6249951, fax (+39) 02 62499599, e-mail email@example.com,, as Data Controller (hereinafter, the “Company” or the “Controller”), provides this notice about the processing of the personal data collected by the users who browse the website, accessible online at the following address www.deacapital.com (the “Website”) and/or who make a request to the Controller
The personal data of the Website user (hereinafter, the “User”) are collected directly from the site, and are processed in compliance with the provisions of the GDPR, with applicable regulations, and with the present notice according to principles of correctness, lawfulness, transparency and the protection of confidentiality.
1. WHAT TYPES OF PERSONAL DATA ARE PROCESSED BY THE COMPANY?
1.1. Browsing data and technical cookies
Over the course of their normal operation, the procedures and IT systems set up for the Website acquire some personal data, the transmission of which is implicit in the use of Internet communication protocols, in order to allow the use to browse the Website or provide a service requested by said user.
The company uses only technical cookies, without which the viewing of the Website or certain other operations could not be carried out or would be more complex and/or less secure.
Technical cookies are installed directly by the Controller; since they are used for purposes which are strictly necessary for browsing the Website, the prior consent of the User accessing the Website is not required for their use (storage in the device).
|AWSALB||Technical||Traffic balancing management||7 days||https://www.deacapital.com/|
|AWSALBCORS||Technical||Traffic balancing management||7 days||https://www.deacapital.com/|
|AWSELB||Technical||Traffic balancing management||Session||https://www.deacapital.com/|
|AWSELBCORS||Technical||Traffic balancing management||Session||https://www.deacapital.com/|
|_icl_visitor_lang_js||Technical||Managing the language in which the user is browsing the site||1 day||https://www.deacapital.com/|
|wpml_browser_redirect_test||Technical||Managing the language in which the user is browsing the site||Session||https://www.deacapital.com/|
1.2. Data processed following a request for contact or for information made by the User
Through the Website the User can request to be contacted by the Company in order to receive information about the lease and/or purchase of the properties of the Fund promoted by the Website. In this case, the personal data voluntarily provided by the User (including by filling out the specific form on the Website) and transmitted to the Controller concern: name and surname, telephone number, and e-mail address.
The personal data indicated in sections 1.1 to 1.2 above are collectively defined as “Personal Data”.
2. FOR WHAT PURPOSES ARE PERSONAL DATA PROCESSED? WHAT IS THE LEGAL BASIS FOR THE PROCESSING?
Personal data are processed for the following purposes:
a) Browsing data (section 1.1): to carry out the activities necessary to ensure that the services offered are working properly and to allow the User to view the Website safely and efficiently;
b) Personal Data (section 1.2): to meet specific User requests regarding the lease and/or purchase of properties owned by the Fund, promoted by the Website; the legal basis for the processing is the implementation of pre-contractual and contractual measures adopted at the request of the interested party (Article 6, letter (b) of the GDPR);
c) all categories of Personal Data (section 1): (i) fulfilment of obligations mandated by applicable law; (ii) the ascertainment of any crimes by the judicial authority; the legal basis for the processing is the fulfillment of a legal obligation to which the Controller is subject (Article 6, letter c) of the GDPR);
d) all categories of Personal Data (section 1): (i) the exercise, where necessary, of the Controller’s rights, for example the right to defense in court; the legal basis for the processing is the pursuit of the Controller’s legitimate interest to protect their rights or their right to defense (Article 6, letter (f) of the GDPR).
3. WHO HAS ACCESS TO THE PERSONAL DATA? RECIPIENTS OF THE DATA
In carrying out its activity and for the purposes set out in section 2 above, the User’s Personal Data may be disclosed to:
– judicial and/or supervisory authorities, supervisory authorities, if they so request;
– providers of IT services for the Company;
– companies which are part of the Controller’s group;
The personal data are processed by:
– the Controller’s employees and/or collaborators, who operate on the basis of the instructions provided by the Controller. The name of the aforementioned subjects may be requested from the Controller, by contacting: firstname.lastname@example.org;
– the processors appointed for this purpose by the Controller. The list of processors appointed by the Company can be requested at the following e-mail address: privacy-RE@deacapital.com
4. WHERE DOES THE DATA PROCESSING TAKE PLACE? ARE PERSONAL DATA TRANSMITTED ABROAD?
The processing of Personal Data is carried out by the Controller mainly in Italy on the Controller’s servers and/or on those of the appointed third-party companies. With regards to the purposes set out in section 2 above, Personal Data may be transferred to third parties in Europe. The list of the latter countries is available from the Controller and can be requested in the manner indicated in section 9 below]
5. HOW LONG WILL THE DATA BE STORED?
Personal data will be stored according to the following criteria:
(i) for the purposes referred to in letter a) of section 2 above, for a period of time not exceeding 365 days from the viewing of the Website by the User, unless a different period of time is required for regulatory compliance;
(ii) for the purposes referred to in letter b) of section 2 above, for a period of time not exceeding 365 days from the last request for information sent by the User to the Company regarding the properties promoted through the Website, unless a different period of time is required for regulatory compliance;
(iii) for the purposes referred to in letter c) of section 2 above, for a period of time not exceeding that required for the fulfillment of a regulatory obligation and/or the ascertainment of an alleged crime;
(iv) for the purposes of legitimate interests as per letter d) of section 2 above, for the period of time necessary for the pursuit of the Controller’s legitimate interests to protect their rights or their right to defense by the collection of Personal Data.
6. HOW WILL THE DATA PROCESSING BE CARRIED OUT?
The processing of personal data will be carried out using electronic and/or telecommunications tools, with a logic strictly related to the purposes referred to in section 2 above, and in any case in such a way as to guarantee the security and confidentiality of said data.
7. WHAT RIGHTS DOES THE USER HAVE WITH REGARDS TO THEIR PERSONAL DATA?
With regards to their Personal Data, the User may, at any time, exercise the rights provided for in Articles 15 to 22 of the GDPR, in the manner and terms established therein.
In particular, the User has the right to:
(i) ask the Controller for access to, correction of, and erasure of browsing data (“right to be forgotten”) which pertain to said User or the limitation of the processing of such data;
(ii) oppose the processing of browsing data;
(iii) obtain the portability of the browsing data;
(iv) withdraw the consent requested by the Controller and potentially given by the user, at any time, and without compromising the lawfulness of the processing based on the consent given before its withdrawal.
8. LODGING COMPLAINTS
In regards to any type of data processed by the Controller, the User has the right — if they believe that the processing of their browsing data has occurred or is occurring in violation of the GDPR and of the applicable regulations at the time, and with no prejudice to their right to file an appeal to any other court — to lodge a complaint with the Supervisory Authority for personal data protection, in the manner indicated on the site www.garanteprivacy.it.
9. HOW TO EXERCISE THE RIGHTS. HOW TO CONTACT THE CONTROLLER
The user can exercise their rights at any time, as per section 7 above, by sending a communication to the following address:email@example.com or to the Company’s registered office, Via Brera, 21 – 20121 Milan.
10. THE NATURE OF THE PROVISION.
With regards to the purposes set out in section 2 above:
(i) for letter a), the provision of Personal Data is necessary in order to allow the User to view the Website effectively;
(ii) for letter b), the provision of Personal Data is optional; the absence of data prevents the User from receiving information on properties for lease and/or sale;
(iii) for letter c), the provision of Personal Data is mandatory for the fulfillment of legal obligations by the Controller;
(iv) for letter d), the provision of Personal Data is mandatory and the User may oppose it in the manner referred to in section 9 above, without prejudice to the right of the Company to assert any overriding interest or to defend their rights in legal proceedings.
The Data Controller
Dea Capital S.p.A.