Confidentiality
Data Protection Policy
Data Protection Policy
Praemia REIM Italy SGR, a company within the Praemia REIM group, attaches great importance to privacy protection and ensures the protection of your personal data.
The companies within the Primonial group adhere to the applicable rules regarding the protection of personal data, in particular, the General Data Protection Regulation (GDPR) No. 2016/679 of April 27, 2016, as well as all national laws enacted in accordance with it, subsidiarily.
This document reflects and clearly describes our policy on this matter, informing you about the conditions under which Praemia REIM Italy SGR collects and uses your personal data in accordance with the data protection principles of the group's companies. It also outlines the means available to you to control this use and exercise your related rights.
1. Definitions
-
Personal data: Any information or data relating to an identified or identifiable natural person.
-
Processing: Any operation or set of operations performed on personal data, whether automated or not: collection, recording, organization, storage, modification, retrieval, consultation, extraction, use, or making available, alignment, combination, as well as blocking, erasure, or destruction of such personal data.
-
Data controller: The natural or legal person who determines the means and purposes of the processing.
-
Processor: The natural or legal person, public authority, service, or other body processing personal data on behalf of the data controller.
-
Cookie and tracker: Refers to a data block not used for identification purposes but serves to record information about the customer's navigation in the service. Cookies and trackers are intended to collect information about your navigation on the sites. These files record information that will facilitate your navigation, adapt your content, and optimize certain features.
2. Who is the Data Controller?
Praemia REIM Italy SGR determines the purposes for which your personal data is collected and how your personal data is used. In this sense, Praemia REIM Italy SGR acts as the data controller for your personal data.
3. What Personal Data is Processed?
In strict compliance with current regulations, Praemia REIM Italy processes:
-
Declarative personal data, collected directly from you or from partners with whom we have a contractual relationship.
-
Personal data generated, in particular during the use of online services or in the context of our commercial relationship.
More precisely, here is an exhaustive list of the personal data and categories of personal data that we collect and use:
-
Identification data: first name, last name, email address, postal address.
-
Data related to your professional situation: email address, professional activity, company, employee or independent status, postal address, diplomas, and training certificates obtained through [Praemia REIM Italy SGR].
-
Economic and financial data: bank details, bank account number (RIB).
-
Data from contact forms that you fill out on our website, including your choice regarding commercial prospecting.
-
Information about the history of our commercial relationship.
-
Any other information you wish to bring to our attention.
-
Data related to your connection and navigation on the Internet, such as your username or information collected through cookies and trackers deposited on your device.
4. What are the Purposes of Data Processing?
The personal data we process is used in accordance with the principle of minimization. Thus, Praemia REIM Italy SGR limits the collection to data strictly necessary for the accomplishment of the purposes defined below:
-
Receipt of contact forms.
-
Management of the website and social networks.
-
Management of subscriptions to our newsletters and/or email alerts.
-
Management of the sending of communications and promotional emails.
-
The implementation of operations related to commercial management and the execution of marketing actions; Sending information about the modification or evolution of our services.
-
Prospecting and commercial management; Development of new offers and services;
-
Execution of marketing actions; Management of subscriptions to our newsletters and/or email alerts; Sending communications, newsletters, and promotional emails; Processing your information requests; Management of customer relations and contracts to which you are a party; Management of complaints and litigation; Creation of an account, including the validation and security of this account; Use of data for statistical purposes.
-
Praemia REIM Italy SGR may also offer satisfaction surveys to gather your needs and improve our offer. In the context of our commercial relationship, and subject to obtaining your express consent, your personal data may also be used for prospecting purposes for products or services distributed by Praemia REIM Italy SGR, the Primonial group, and our commercial partners.
-
The legal bases justifying the collection and processing of this data are:
-
Your consent: You have the right to withdraw your consent to the processing of your data at any time.
-
The execution of a contract linking you to Praemia REIM Italy SGR requires us to carry out the processing of the personal data concerned.
-
The existence of a legitimate interest of Praemia REIM Italy SGR justifies the implementation of processing personal data while respecting your fundamental rights and freedoms.
-
Compliance with a legal or regulatory obligation to which Praemia REIM Italy SGR is subject, requiring the implementation of processing personal data, including its obligations to combat money laundering and the financing of terrorism (AML/CFT).
5. Who Are the Recipients of the Collected Data?
The personal data we collect may be processed by authorized persons within Praemia REIM Italy SGR within the limits of their respective powers. Furthermore, this data may be reconciled, pooled, or shared among all entities of the Praemia REIM group exclusively to achieve the purposes of this policy.
Praemia REIM Italy SGR may communicate information about clients to competent administrative and judicial authorities as part of the execution of our legal, regulatory, or contractual obligations. We may also share certain personal data with our service providers or commercial partners to perform services entrusted to them. In this case, we take appropriate measures to ensure that all subcontractors process your personal data in accordance with the Regulation. These measures include, among other things, the signing of an agreement specifying the processing of data and requiring subcontractors, among other things, to process your personal data only on our instructions, not to engage a second-tier subcontractor without our agreement, to take appropriate technical and organizational measures to ensure the security of your data, to ensure that individuals authorized to access the data are subject to confidentiality obligations, to return and/or destroy your data at the end of their mission or contract, to undergo audits, and to provide us with assistance in monitoring your requests regarding the exercise of your rights regarding your personal data.
-
Do we transfer Data outside the EEA?
Praemia REIM Italy SGR has chosen not to transfer personal data outside the European Economic Area ("EEA"). In cases where your personal data is transferred to countries outside the EEA, Praemia REIM Italy SGR will ensure, on a case-by-case basis, the following guarantees:
-
Ensure that the country to which the personal data is transferred has received an adequacy decision from the European Commission under Article 45 of the GDPR;
-
In the absence of an adequacy decision for the country in question, ensure the implementation of appropriate safeguards under Article 46 of the GDPR;
-
In the case of a transfer to the United States, ensure that the receiving entity of the data is certified in accordance with the adequacy decision issued by the European Commission on February 28, 2023. In the absence of certification, implement transfer framework tools provided for in Article 46 of the GDPR and inform the individuals concerned by these transfers;
-
Conclude an agreement containing the standard contractual clauses for the protection of personal data adopted by the European Commission under Article 47 of the GDPR.
-
What are the retention periods for the collected Data?
We have established a data retention policy to ensure that your personal data is only retained for periods strictly necessary for the proper execution of the processing carried out. To determine these durations, we take into account the different purposes for which this data is collected, the individuals concerned by the collection, and compliance with legal, regulatory, or professional obligations to which we are subject. Data that is subject to archiving obligations under legislative or regulatory provisions will be archived in accordance with the conditions provided for by the relevant text(s), such as Article L.6353-1 of the Labor Code, which requires us to keep essential documents to prove the reality of training in case of administration control for three years, or Article L.123-22 of the Commercial Code, which requires us to keep invoices and documents related to billing data for ten years.
-
What security measures are implemented by Praemia REIM Italy SGR?
In addition to applying the requirements of the regulations on the protection of personal data, Praemia REIM Italy SGR considers that all data concerning you constitutes confidential data covered by professional secrecy to which we are subject. As such, we implement appropriate technical and organizational measures to secure our information system and protect your personal data, taking into account the state of knowledge and the risks, the probability and severity of which vary, for the rights and freedoms of individuals, to preserve the security of this data and, in particular, to prevent it from being distorted, damaged, or accessed by unauthorized third parties. Here is a non-exhaustive list of security measures that Praemia REIM Italy SGR implements:
-
Apply data pseudonymization and encryption methods;
-
Implement authentication processes consisting of personal and secure access rights via confidential identifiers and passwords, as well as logging connections;
-
Ensure the ability to ensure the confidentiality, integrity, availability, and resistance of information systems and processing services;
-
Ensure the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
-
Implement a process to regularly test, evaluate, and assess the effectiveness of these technical and organizational measures;
-
Apply best practices for incident response management;
-
Ensure the physical protection of premises;
-
Apply the principles of privacy protection from the outset (privacy by design) and by default (privacy by default), which consist of ensuring that data protection and security are taken into account in the planning and development of services;
-
Ensure that subcontractors and service providers implement and maintain a security system in accordance with our requirements and current standards.
We are also affiliated with a CERT (Computer Emergency Response Team) and regularly conduct a series of tests on websites and applications exposed on the internet to correct any identified vulnerabilities or flaws.
-
What rights are recognized to you?
In accordance with the General Data Protection Regulation and the Data Protection Act, you have the following rights:
-
The right to be informed: You have the right to obtain clear, transparent, and understandable information about how we use your personal data and how you can exercise your rights. This is the goal we pursue by providing you with the information contained in this personal data protection policy.
-
The right of access and rectification: At any time, you can request access to your personal data and their rectification if they are inaccurate or incomplete.
-
The right to erasure ("right to be forgotten"): You have the right to obtain the erasure of your personal data. However, the right to erasure is not absolute and is subject to specific conditions. Thus, we may keep your personal data if we are authorized by applicable law, if their processing remains necessary for compliance with a legal obligation to which we are subject, or for the establishment, exercise, or defense of a right in court.
-
The right to restrict processing: You have the right to obtain the restriction of processing, in certain circumstances. In this case, data can only be processed, except for their retention, with your consent or for the establishment, exercise, or defense of a right in court.
-
The right to data portability: You have the right, in certain circumstances, to receive personal data concerning you that you have provided to Praemia REIM Italy SGR in a structured, commonly used, and machine-readable format and to transmit them to another data controller.
-
The right to object to processing: You have the right, provided you present reasons relating to your particular situation, to object to certain types of processing, if there are no legitimate and compelling reasons justifying such processing.
-
The right to withdraw your consent: If the processing of your data is based on your consent, you have the right to withdraw it at any time.
-
The right to define directives regarding the fate of your data after your death: You can define directives regarding the retention, erasure, and communication of your personal data after your death. These directives are general or specific. General directives are recorded with a trusted third party. Specific directives are recorded with the data controller.
To exercise your rights, you can contact the person in charge of personal data protection:
-
By email at the following email address: info.italy@praemiareim.it
-
By post at the following address:
PRAEMIA REIM ITALY SGR
Sede Legale: Via Palestro, 6
Milano – 20121 – Italia
T. +39 02 97801922
F. +39 02 97801975
In case of a dispute, you have the right to lodge a complaint with the supervisory authorities, including the GPDP.
>>RENEW OR MODIFY YOUR COOKIES