As part of the browsing of the website https://www.grimaldialliance.com/it/ (hereinafter, the “Site”), Grimaldi Alliance, with registered office in Milan, Corso Europa, 12, VAT No. IT04063930962 (hereinafter, “Grimaldi Alliance”, the “Firm” or the “Data Controller”) may come into possession of the personal data of users who visit the Site, send a contact request and/or subscribe to the Firm’s newsletter.

Pursuant to EU Regulation 679/2016 (hereinafter, the “Regulation”), “processing” is defined as any operation, including the mere collection and/or storage, of personal data of any natural person (hereinafter, the “Data Subject”), “data controller” is defined as the one who determines the purposes and means of the processing, “personal data” is defined as any information relating to a natural person identified or identifiable, even indirectly, by reference to any other information, and ‘special categories of personal data’ shall mean personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data intended to uniquely identify a natural person, as well as personal data disclosing health or sex life or sexual orientation.

That said, the personal data processed in the context of using the Site are the IP address of the device used to browse the Site and, in general, some browsing data, the personal data provided by the Data Subject to Grimaldi Alliance by spontaneously sending a request in the “Contact us” section on the Site (such as, for example, name, surname, e-mail address and any additional personal data contained in the message), as well as the data provided in the form to subscribe to the Firm’s newsletter (hereinafter, collectively, the “Personal Data”). 

This privacy policy is published on the Site before the Data Subject has provided any data.

1. DATA CONTROLLER

The Data Controller is Grimaldi Alliance, with registered office in Milan, Corso Europa, 12, VAT No. IT04063930962 – e-mail privacy@grimaldialliance.com – in the person of its legal representative, Mr. Francesco Sciaudone.

The Data Protection Officer appointed by the Data Controller is the Mr. Claudio Rizzo, with an office in Milan, Corso Europa, 12. For the purposes of requesting information and exercising your rights, you may contact the DPO free of charge at the telephone number +39 02 3030 9330 and at the address already indicated, as well as at the e-mail address crizzo@grimaldialliance.com.

2. CATEGORIES OF PROCESSED DATA 
   1. Navigation data

The computer systems and software procedures used to operate the Site acquire, in the course of their normal operation, some Personal Data whose transmission is implicit in the use of the Internet communication protocols adopted.

This is information that is not collected in order to be associated with identified Data Subjects, but which by its very nature could, through processing and association with other data, make it possible to identify the Data Subject.

This category of data includes IP addresses, the type of browser used to connect to the Site, the name of the internet service provider (ISP), the date and time of browsing, the web page from which the data subject came, and other parameters relating to the operating system and computer environment of the data subject.

2. Data provided voluntarily by the Data Subject

The request to subscribe to the newsletter programme, and the optional, explicit and voluntary sending of information requests by the Data Subject through the use of the form in the “Contact us” section of the Site, entail the acquisition by Grimaldi Alliance of Personal Data such as name, surname, e-mail address and, only in the case of sending contact requests, any other Personal Data included in the message.

Users who intend to send, through the Site, a request, are invited to pay due attention to what is indicated in this document regarding the processing of their Personal Data included therein. Grimaldi Alliance, in particular, does not process data belonging to “special categories”, except those necessary to fulfil legal obligations. In any case, we invite all those who send a request not to report any data belonging to “special categories”.

3. PURPOSE OF PROCESSING

The data will be used for the following purposes:

1. Proper functioning of the Site

Browsing data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning. The data could be used to ascertain responsibility in the event of hypothetical computer crimes to the detriment of the Site.

2. Responding to Data Subjects’ Requests

The Personal Data collected through the form in the “Contact Us” section of the Site will be processed for the pursuit of the legitimate interest of the Data Controller – arising from the spontaneous and unsolicited contact by the Data Subject – in taking care of clients and maintaining the Firm’s image and good reputation, by responding to requests received from clients and visitors to the Site.

3. Newsletter subscription via the Site

The Grimaldi Alliance may process the Personal Data of the Data Subject in order to allow him/her to subscribe to the Firm’s newsletter programme and to send communications with informative content, including invitations to events organized and/or attended by Grimaldi Alliance professionals, by email.

The Data Subject who wishes to receive the Firm’s newsletter and the commercial communications referred to in the preceding paragraph may provide his or her Personal Data via the relevant section of the Site, after giving his or her consent, by ticking the relevant checkbox at the bottom of the newsletter subscription form on the Site.

4. Carrying out legal obligations, exercising administrative activities, exercising rights in court and responding to specific requests from judicial and/or public security authorities

Personal Data will be processed in order to fulfil the obligations laid down by law, regulation or EU legislation, to enable the performance of administrative activities, to exercise and defend the rights of the Data Controller in the appropriate fora, and to comply with specific requests from judicial authorities and/or public security authorities.

4. NATURE OF DATA PROVISION AND LEGAL BASIS

With reference to the purposes set out in point 3.1: proper functioning of the Site

The provision of navigation data is necessary in order to be able to navigate on the Site.

The legal basis for the processing of Personal Data for the purpose referred to in point 3.1 above is the legitimate interest of the Data Controller in enabling the Site to function properly.

With reference to the purposes set out in point 3.2: responding to requests from Data Subjects

The Data Subject is free to decide whether to provide his or her Personal Data by sending an e-mail or filling in the contact form to forward a request to Grimaldi Alliance. However, the processing of Personal Data is necessary for the purpose referred to in point 3.2 above, as it is strictly functional to the examination of the request.

The legal basis for the processing of Personal Data for the purpose referred to in Article 3.2 above is the legitimate interest of the Data Controller in responding to requests received, and the performance of a contract to which the Data Subject is a party, consisting of the provision of the requested service. If the pursuit of the aforesaid legitimate interest involves the processing of particular categories of Personal Data of the Data Subject, the processing is necessary to establish, exercise or defend a right in court or whenever the judicial authorities exercise their jurisdictional functions, pursuant to Article 9(2)(f) of the Regulation.

With reference to the purposes set out in point 3.3: Newsletter subscription

On the other hand, the provision of consent to the use of one’s Personal Data is optional for the purposes set out in point 3.3 above. Refusal of consent for the purposes set out in point 3.3 above will nevertheless allow the Data Subject to browse the Site.

The legal basis for the processing of Personal Data for the purposes referred to in point 3.3 above is the consent of the Data Subject, which is given by means of a specific and separately expressed manifestation of will, only after having read this privacy policy, made available on the Site.

The Data Subject may object to the processing for the purpose referred to in Section 3.3 above at any time, even after having given his/her consent, by clicking on the unsubscribe button in each newsletter, or by sending an email to privacy@grimaldialliance.com.

With reference to the purposes set out in point 3.4: performance of legal obligations, exercise of administrative activities, exercise of rights in court and response to specific requests from judicial authorities and/or public security authorities

Finally, the provision of Personal Data is necessary for the purposes set out in point 3.4 above, as it is strictly functional to the performance of administrative activities, to the exercise of Grimaldi Alliance’s rights in the appropriate fora, to the fulfilment of legal obligations, and to respond to specific requests from judicial authorities and/or public safety authorities.

The legal basis for the processing of Personal Data for the purpose referred to in point 3.4 above is the legitimate interest of the Data Controller, the performance of a contractual obligation, and the fulfilment of legal obligations.

5. CATEGORIES OF PERSONS TO WHOM THE DATA MAY BE DISCLOSED

The Data Subject’s Personal Data may be processed by internal collaborators and/or employees of Grimaldi Alliance and/or by persons involved in the organization of the Site (administrative, sales, marketing, legal, system administrators), who have been given adequate instructions regarding the processing of such data and who need access to it as a result of their duties or hierarchical position. Such persons have been appropriately trained in order to avoid loss, destruction, unauthorized access or unauthorized processing of such data.

Moreover, your Personal Data will be accessible to the companies appointed for this purpose as data processors or sub-processors pursuant to Article 28 of the Regulation. The updated list of third parties to which the Data Controller may disclose your Personal Data remains at your disposal at the Grimaldi Alliance headquarters

Where necessary, the data will also be accessible to the judicial authorities or the judicial police in the event of a specific request. Where necessary or required by laws, regulations, EU legislation, rulings by judges, arbitrators or public authorities, as well as for the performance of contractual obligations (e.g. Public Bodies, Control Authorities, Banking Institutions, etc.), Personal Data may be transmitted to the entities to which the communication is envisaged. Personal Data may in any case be communicated to internet providers, web administrators, hosting providers, IT service providers, IT companies, communication agencies, companies performing data entry and mailing activities. The data will not be subject to further dissemination.

6. COOKIES

The Site uses cookies, including some ‘third-party’ cookies, for technical, analytical, statistical and marketing purposes.

The technical cookies used on the Site are navigation or session cookies, through which normal navigation and use of the Site is guaranteed. The use of “session cookies” (which are not persistently stored on the data subject’s device and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable the safe and efficient exploration of the Site.

The session cookies used on the Site avoid resorting to other computer techniques potentially prejudicial to the confidentiality of the Data Subject’s navigation and, in any case, do not allow the acquisition of Personal Data identifying the Data Subject.

The Site also uses cookies for analytical and statistical purposes, in order to improve the user’s interaction with the Site and customise the sending of communications of an advertising nature based on the purchases made and the interests expressed by the user (profiling).

Finally, third-party cookies are also installed on the Site, for the implementation of some particular functionalities. These cookies are set by a third-party domain, reside on third-party servers and are not directly controlled by this Site nor by the Data Controller.

For further information, please see the extended Cookie Policy, available on the Site at the link: [•].

7. METHODS OF TREATMENT

Grimaldi Alliance, through the persons in charge, will carry out operations of collection, registration, storage and filing of personal data by means of manual, computerised and telematic tools with logics strictly related to the purposes and, in any case, in such a way as to guarantee the security and confidentiality of the data collected.

The security of the data and their transmission is guaranteed by adequate protection systems such as antivirus, anti-ransomware, firewalls and access passwords, and by physical impediment measures to select and prevent access to the premises where they are stored.

The data may be processed with the cooperation of persons expressly appointed as data processors.

8. DATA RETENTION PERIODS

Browsing data with reference to the purpose stated in 3.1 above are deleted immediately after processing.

The processing of Personal Data with reference to the purpose referred to in point 3.2 above will have a duration equal to that necessary to fulfil the requests received. At the end of the data processing period, the data will be deleted, or permanently anonymised.

The processing of Personal Data with reference to the purpose referred to in point 3.3 above shall last for a period not exceeding 24 months from the date of granting of consent. At the end of the data processing period, the data will be deleted or permanently anonymised. The Data Subject may unsubscribe from the newsletter at any time by clicking on the appropriate link or by sending an e-mail to privacy@grimaldialliance.com.

The processing of Personal Data with reference to the purpose referred to in point 3.4 above, will have a duration equal to that necessary for the performance of administrative activities, the protection of the rights of Grimaldi Alliance, and to provide feedback to requests from judicial authorities and/or public security.

9. RIGHTS OF THE DATA SUBJECT

The rights granted to the Data Subject include the following: (a) to ask the Data Controller to confirm the existence or non-existence of his or her personal data; (b) to obtain information about the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the storage period; c) obtain rectification and erasure of the data; d) obtain restriction of processing; e) obtain portability of the data, i.e. receive them from a data controller in a structured, commonly used and machine-readable format and transmit them to another data controller without hindrance f) to object to the processing at any time, including in the case of processing for direct marketing purposes; g) to object to automated decision-making relating to fixed persons, including profiling h) request from the data controller access to and rectification, erasure or restriction of personal data concerning him/her, object to the processing of personal data, as well as the right to data portability; i) withdraw consent at any time without prejudice to the lawfulness of the processing based on the consent given before the revocation; j) lodge a complaint with a supervisory authority.

For any complaints or reports on data processing methods, the Data Subject may contact the Data Controller. However, you can forward your complaints or reports to the supervisory authority (the Italian Data Protection Authority – www.garanteprivacy.it).

10. INFORMATION UPDATES

This privacy policy is subject to occasional revision. If any changes are made to the processing, Grimaldi Alliance will notify the Data Subject accordingly. Where required by the regulations in place, the Data Subject shall be entitled to give its consent to any new processing. In the event of refusal, the Data Subject’s Personal Data will not be processed in accordance with the changes contemplated by this privacy policy.

11. TRANSFER ABROAD

Some of the recipients of Personal Data may be located outside the European Economic Area, in countries that do not have an adequate level of protection of personal data as required by the Italian Privacy Legislation. In such cases, Grimaldi Alliance may transfer Personal Data only for the purposes set out in this Privacy Policy by means of the standard contractual clauses adopted by the European Commission, with the aim of ensuring a level of protection of personal data equivalent to the one provided by the Regulation together with any further appropriate measures that may be necessary for that purpose.

You may at any time request a copy of the Personal Data transferred and/or the place where it was made available by forwarding your request to the e-mail address privacy@grimaldialliance.com and/or to the DPO appointed by Grimaldi Alliance, Mr. Claudio Rizzo, at the e-mail address crizzo@grimaldialliance.com.

Milan, June 2024

Grimaldi Alliance