Privacy policy - Notice regarding the data protection
1. INTRODUCTION
The most practical overview to the news introduced by the General Data Protection Regulation 2016/679 (the “GDPR”), entering into force the 25th May 2018, can be summarised in the following six principles expressed by Article 5 of the GDPR.
According to Article 5, the data protection shall be:
a) processed lawfully, fairly and in a transparent manner in relation to the data subject (“lawfulness, fairness and transparency”);
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (“purpose limitation”);
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”);
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”);
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (“storage limitation”);
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (“integrity and confidentiality”).
2. WHAT IS THE LEGAL BASIS AND WHY DO WE PROCESS YOUR DATA?
With the entry into force of the GDPR, all companies are obliged to comply with it.
In line with the data protection policy currently in force at our firm, we are required to process your personal data (the “Personal Data”) in accordance with the provisions of the GDPR (Article 6) to the extent that:
1. you have given a consent to do so;
2. processing is necessary for the execution of the contractual obligations to which you are a party or to take steps prior to entering into a contract;
3. processing is necessary as a result of legal provisions;
4. processing is necessary to safeguard your vital interests;
5. processing is necessary to carry out a specific task in the public interest; or
6. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless such interests are overridden by your interests or fundamental rights and freedoms.
Based in Luxembourg, Alicanto SICAV I is subject to local and European legal obligations in respect of, among other things, the transferable securities admitted to the official list of the Luxembourg Stock Exchange and other regulated markets.
Some of the purposes of the data processing operation regard the provision of investor-related services, the administration of shareholdings, the handling of subscription, dividend and redemption proceeds, the assessment of specified information aimed at ascertaining the suitability of sub-funds to certain data subjects, the maintenance of the register of shareholders, the management of distributions, the management and monitoring of portfolios, the sending of notices, accounting information and communications.
We process your data in order to provide you, inter alia, with such services as investment management, sale and distribution support, accounting, fund administration, risk services, investment compliance and corporate governance.
Our firm may use your Personal Data as part of marketing campaigns or market researches. The processing of your data for this purpose is legal as long as we receive consent from you to this end. However, you may withdraw your consent at any time in accordance with the instructions set out in section 8 below.
3. HOW DO WE COLLECT YOUR PERSONAL DATA AND FOR HOW LONG?
There are several ways to collect your personal information.
For instance, you could directly send them to us either in electronic or hardcopy formats. Otherwise your Personal Data may be collected when:
the business relation starts with you,
you request an offer,
you receive a business proposal, or
we realise a project for you.
We may also receive your data from external sources, such as public databases, websites, social networks and third parties.
Personal Data shall be kept in an appropriate form, allowing your identification for no longer than is necessary for the business purposes of our firm.
4. WHAT PERSONAL DATA ARE PROCESSED?
Personal Data processed by our firm are mainly related to your identity.
Our intervention is limited to the processing of Personal Data obtained in the context of our commercial relations or work, namely for example:
name and surname;
role;
details (e.g. email address, telephone number, postal address);
bank account;
proof of origin of funds;
tax numbers/TIN;
investment data.
In the frame of a possible recruiting, we are equally led to collect the following personal information:
diplomas;
social security number;
tax card;
photo.
5. WHO RECEIVES YOUR DATA?
The following organisations have access to your Personal Data in order to meet our legal, contractual and administrative obligations:
1. Alicanto Capital SGR S.p.A: (“Alicanto Capital”): the Management Company;
2. CACEIS Bank (“Caceis”): the Central Administration, also acting as Depositary and Principal Paying Agent, Domiciliary Agent, Transfer and Registrar Agent and Correspondent Bank in Italy via its local branch;
3. The Distributors (an updated list is available on the Company Website).
As regards the contractual relationship established with you, we may be required to transmit certain information to third parties (e.g. with regard to the recovery of claims) where legal provisions require that you have given your consent to this end.
For the sake of clarity, we undertake to verify that the concerned third parties comply with our same level of confidentiality and process your Personal Data in accordance with the provisions of the GDPR.
It is important to specify that your Personal Data may be transferred to any jurisdiction, inside and outside the European Union (the “EU”), and to third party organisations.
However, the transfer of Personal Data outside the EU may be made to countries capable of ensuring an adequate level of protection (based on the European Commission’s decision) or to countries not matching such protection level.
In the latter case, the transfer of Personal Data will be protected by appropriate or suitable safeguards, in accordance with the data protection policy of the firm and the data protection laws and it will not be made unless you will have explicitly provided a consent to do so.
6. WHO IS RESPONSIBLE FOR DATA PROCESSING AND HOW CAN BE CONTACTED?
You may contact the Company for the data protection through our firm at the following coordinates:
ALICANTO SICAV I
5, Allée Scheffer,
L - 2520 Luxembourg
Email: Questo indirizzo email è protetto dagli spambots. È necessario abilitare JavaScript per vederlo.
7. YOUR RIGHTS IN CONFIDENTIALITY OF DATA
You may withdraw your consent to the processing of your Personal Data at any time by contacting our responsible for the data protection at the aforementioned address.
You are also entitled to:
• access your Personal Data under Article 15 of the GDPR;
• rectify your Personal Data under Article 16 of the GDPR;
• erase your Personal Data under Article 17 of the GDPR, when they are no longer necessary for the purposes for which they were collected.
Thus, you can simply withdraw your consent if you object to the processing of your data, if the processing is unlawful or if the legal obligation imposing the retention of your data by our firm has expired.
In addition, you are entitled to limit the processing of your data, in accordance with Article 18 of the GDPR.
You also have the right of objection pursuant to Article 21 of the GDPR and the right of portability of your data under Article 20 of the GDPR.
We ask you to be clear about the purpose of your request.
In particular, please expressly state whether you wish your Personal Data to be completely deleted from our database or whether you wish to restrict the access to your data.
For any complaint concerning your Personal Data processed by us, you have the right to submit a claim to the relevant authority responsible for the protection of Personal Data under Article 77 of the GDPR. In Luxembourg, the authority in charge of protecting Personal Data is the Commission Nationale de Protection des Données, based in 1, avenue du Rock'n'Roll, L-4361 Esch-sur-Alzette, Tel: (+352) 26 10 60 -1 (www.cnpd.lu ).
8. HOW TO WITHDRAW YOUR CONSENT
You are now aware that you can withdraw your consent at any time by contacting our responsible for data controlling at the contact details mentioned in section 6 above.
This rule also applies to any consent statement given before the entry into force of the GDPR, i.e. before 25th May 2018.
The withdrawal of consent does not affect the legality of the processing of the data that occurred prior to this withdrawal.
nto SICAV.