Information for data processing

Vela Capital S.r.l. with registered office in Via Santa Marta 19, 20123 Milan, T.C. and VAT 13173170153 and REA Number MI 1621992, as the data controller (hereinafter the “Controller“), informs you pursuant to EU Regulation 2016/679 (“GDPR“) and the current national legislation on the protection of personal data that your data will be processed in the manner and for the following purposes:

1. Object of the treatment
The Data Controller processes the identifying and non-particular / sensitive personal data (in particular – hereinafter “Data” or “Personal Data“) communicated by you when browsing the Data Controller’S website https://www.velacapital.it (hereinafter “ The Site“) and/or in the event of a contact request sent to the Data Controller.
In particular, the Owner deals with:

• name, surname, email, telephone number, company data, IP address and any other data possibly communicated in case of contact request;
• navigation data such as IP addresses or domain names of the computers used by users who connect to The Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s computer environment. This information is collected through the cookies described in the Cookie Policy of the website to which you are referred.

2. Purpose and legal basis of the treatment
   Your data are processed for the following purposes and legal bases:
3. A) without your prior consent, for the following purposes and legal bases:

A.1) the execution of contractual and/or pre-contractual commitments and obligations, i.e. for:

• sending quotes;
• execution of the contract;
• management of contractual and pre-contractual relationships;
• management of a contact request by you.

A.2) the fulfilment by the Owner of legal obligations, i.e. for

• compliance with the obligations established by laws, regulations or imposed by the Authorities;
• tax compliance.

A.3) the pursuit of a legitimate interest of the Owner, in particular:

• website management and maintenance;
• prevention or discovery of fraudulent activities or abuses harmful to the Site and exercise of the rights of the Owner, for example the right to defend in court. The interest of the owner corresponds to the constitutionally guaranteed right of action (art. 24 of the Constitution) and, as such, is socially recognized as prevalent with respect to the interests of the individual subject concerned;
• sending, if you are already our customer, commercial communications to the email address provided relating to the owner’s services and products similar to those of which you have already used (so-called “Soft Spam“). Each email sent will allow, by clicking on the appropriate link, to refuse further mailings.

1. B) only with your consent, for:

• marketing purposes, i.e. for the sending by the Owner of communications and advertising or direct sales material of the Owner, having commercial and/or promotional and/or advertising content, also through the use of automated call systems and/or email and/or fax and/or SMS and/or MMS and/or WhatsApp and/or other messaging and/or newsletter services and/or through traditional marketing methods such as telephone and/or paper mail;
• perform statistics – carried out using the analytical cookies described in the Cookie Policy of the website to which you are referred – aimed at optimizing and improving navigation on the website without identifying the navigator. In this case, consent is provided through the acceptance of cookies through the banner.

3. Processing methods
   The processing of your data is carried out – electronically – by means of the operations of collection, registration, updating, organization, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, cancellation and destruction of data. The Data Controller has adopted adequate technical and organizational security measures to protect your Data and minimize the risk of destruction, loss (including accidental loss), unauthorized access/use or use incompatible with the initial purpose of the collection.
4. . Data retention
   The Data Controller processes the data for the time necessary to fulfil the aforementioned purposes and in any case for no longer than :

• 10 years from the termination of the relationship for other purposes;
• 1 year from the collection for marketing purposes;
• the storage time of the data indicated in the Cookie Policy of the website for statistical activities.

5. Access to data
   Your data can access for the above purposes:

• employees and/or collaborators of the Data Controller and/or Group companies, in their capacity as data processors and/or internal data processors and/or system administrators;
• third-party companies or other subjects (for example, IT service providers, suppliers, etc.) who carries out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.

6. Disclosure of data
   Your data may be communicated, even without your consent, for the aforementioned purposes to supervisory bodies, law enforcement agencies or the judiciary who will process them, at their express request, as independent data controllers for institutional purposes and/or by law during investigations and checks. Your data may also be communicated to third parties (for example, banking institutions, partners, freelancers, agents, etc.), as independent data controllers, for the performance of activities instrumental to the aforementioned purposes.
7. Data transfer
   The data are not disclosed but can be transferred for the above purposes to countries outside the EU such as but not exclusively, for example, Switzerland. To ensure an adequate level of protection of Personal Data, the transfer will take place on the basis of the adequacy decision approved by the European Commission or the adoption by the Data Controller of the Standard Contractual Clauses prepared by the European Commission.
8. Nature of providing data and consequences of refusing to answer
   The provision of Data for Service Purposes is mandatory: these Data are necessary to use the services of the Data Controller and if you decide not to provide the Data, you will not be able to use the services of the Data Controller.
   The provision of data for marketing purposes, soft spam and statistical activity through cookies is optional and failure to provide them does not prevent you from using the services of the owner. If you decide not to provide the data, however, you will not be able to receive personalized initiatives and offers for you.
9. Rights of the interested party
   We inform you that, as an interested party, if the limitations provided for by the law do not exist, you have the right to:

• obtain confirmation of the existence or not of your personal data, even if not yet registered, and that these data are made available to you in an intelligible form;
• obtain indication and, if necessary, copy: a) of the origin and category of personal data; b) the logic applied in case of treatment carried out with the aid of electronic instruments; c) the purposes and methods of treatment; d) the identity of the owner and managers; e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them, in particular if they are recipients of third countries or international organizations; e) when possible, of the data retention period or the criteria used to determine this period; f) the existence of an automated decision-making process and in this case the logics used, the importance and consequences expected for the interested party; g) the existence of adequate guarantees in case of data transfer to a non-EU country or to an international organization;
• obtain, without undue delay, the updating and correction of inaccurate data or, when interested, the integration of incomplete data;
• revoke the consent given at any time, easily, without hindrance, using, if possible, the same channels used to provide them;
• obtain the cancellation, transformation into anonymous form or blocking of data: a) unlawfully processed; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) in case of revocation of the consent on which the treatment is based and if there is no other legal basis, d) if you have opposed the treatment and there is no prevailing legitimate reason to continue the treatment; e) in case of fulfilment of a legal obligation; f) in the case of data referring to minors. The Data Controller may refuse cancellation only in the case of: a) exercise of the right to freedom of expression and information; b) fulfilment of a legal obligation, execution of a task performed in the public interest or exercise of public powers; c) reasons of public health interest; d) filing in the public interest, scientific or historical research or for statistical purposes; e) exercise of a right in court;
• obtain the limitation of treatment in the case of: a) dispute on the accuracy of personal data; b) unlawful processing of the Data Controller to prevent cancellation; c) exercise of your right in court; d) verification of the possible prevalence of the legitimate reasons of the Data Controller over those of the interested party;
• receive, if the processing is carried out by automatic means, without hindrance and in a structured, commonly used and legible format, the personal data concerning you to transmit them to another holder or – if technically feasible – to obtain direct transmission by the Holder to another holdere;
• object, in whole or in part: a) for legitimate reasons, relating to your particular situation, to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by email and/or through traditional marketing methods by telephone and/or paper mail;
• propose a complaint to the Guarantor Authority for the Protection of Personal Data.

In the cases mentioned above, where necessary, the Data Controller will disclose the third parties to whom your personal data are communicated of any exercise of the rights by you, with the exception of specific cases (e.g. when such fulfilment proves impossible or involves the use of means manifestly disproportionate to the protected right).

10. How to exercise your rights
    You can exercise these rights at any time:

• by sending an email to  info@velcapital.it;
• by calling +39 02 84232415

11. Owner, manager and agents
    The data controller is Vela Capital S.r.l. with registered office in Via Santa Marta 19, 20123 Milan (MI), C.F. 13173170153 and REA registration MI 1621992.
    The Privacy Manager is Federico Marescotti, who can be contacted by email and phone at info@velcapital.it;and +39 02 84232415.

Milan, August 2020

Vela Capital S.r.l.