1.Data Controller and place of processing
The Data Controller is COIMA SGR with headquarters in Piazza Gae Aulenti 12, 20154, Milan.
2. Data processing methods
The User’s data are processed adopting all appropriate security measures to prevent unauthorised accesses, as well as the unauthorised disclosure, modification or destruction of the data. The processing is carried out using both IT and/or electronic tools, with organisational methods and logics strictly related and limited to the indicated purposes.
3. Purpose and legal basis of the data processing
COIMA, through the Website, may process the User’s data for the following purposes:
a Contact us. The User can obtain more information about the Campus and the services offered by using the contact details indicated on the Website. The User can also contact the exclusive agents identified (BNP Paribas and Colliers), whose contact details are indicated in the relevant section and who will act as independent data controllers, in order to respond to the User's requests. The exclusive agents will provide further information on data processing operations conducted outside the context of the Website, by means of specific privacy notices pursuant to Article 13 of the Regulation. Personal data provided voluntarily by the User (e.g. e-mail address, telephone number and/or other information provided by Users of their own accord) will be processed by the agents (data controllers) of reference in order to take charge of, properly manage and respond to communications and/or requests received from the User, including requests for contact in order to make an appointment. The need to implement the service expressly requested by the User represents the legal basis of the data processing, and any refusal to provide personal data will make it impossible to manage and respond to the communication or request for information. The exclusive agents will process the data solely in order meet the User's request.
b. To pursue the legitimate interests of the Data Controller and/or of third parties. The User's data may also be utilised in order to enable Data Controllers and/or third parties to exercise their rights and legitimate interests, e.g. to defend themselves in legal proceedings, to manage grievances/litigation, to recover receivables, to prevent fraud and/or illegal activities. In these cases, although the provision of the User’s personal data is not mandatory, it is necessary as those data are closely connected and instrumental to the pursuit of those legitimate interests, which do not prevail over the User’s rights and fundamental freedoms, and any refusal to provide them could involve the impossibility of carrying out the requested services (e.g. requesting information).
c. To fulfil legal obligations and/or applicable obligations. Personal data provided by the User or otherwise acquired while the User' interacts with the Website, may also be used to facilitate compliance with legislative and regulatory obligations, domestic and EU rules and obligations arising from official measures issued by lawfully authorised authorities, which represent the legal basis of the data processing, without the need to obtain the User's prior consent.
d. To carry out aggregate statistical analysis on an anonymous basis in order to improve the performance and services offered through the Website. In this case, the User’s consent will not be required, as the indicated data processing operations will be carried out only on anonymous data.
4. Categories of personal data to be processed
The Website may collect information related to Users who visit the pages of the Website and who use the web services available on the Website. In particular, the following information may be collected and processed.
4.1 Data collected through navigation and cookies
4.2 Data voluntarily provided by the User
The Website does not collect data from the User directly. The User can provide personal data when deciding to contact the exclusive agents (by e-mail or telephone) for information on the services offered by the Website. These data will be processed by the exclusive agents, who are independent data controllers, for purposes strictly related to the User's request. Any failure to provide the data may involve the impossibility of obtaining the requested service.
5. Disclosure of data to third parties
- companies assigned to manage the properties of the controllers and which act on behalf of them, including companies forming part of the COIMA platform, for administrative-accounting purposes, to pursue the legitimate interests of the Controllers and/or third parties, and for purposes of executing the services expressly requested by the User;
- companies, collaborators, consultants or freelance professionals used by COIMA to carry out duties of a technical or organisational nature (for example, providers of IT services), or with which they collaborate (including the other COIMA Companies), for purposes of providing and ensuring the functioning of its services, or for any communication activities;
- persons, companies or professional firms that provide assistance and advice to the Data Controller, particularly (but not exclusively) in accounting, administrative, legal, tax and financial matters;
- entities to which the right to access the data is recognised by legal provisions or by orders of the authorities.
The entities belonging to the categories indicated above will use the data in the capacity of independent data controllers in accordance with the law or data processors duly appointed on
behalf of the Controllers.
The list of entities to which the data are or may be disclosed can be requested from the Company by using the details indicated in the “Rights of Users and Contact Details” section.
6. Data retention
Data provided by the User when making contact with exclusive agents will be processed by the latter for the period of time necessary in order to implement the indicated activities. The exclusive agents shall provide information on the data retention times of data collected by them, in their own privacy notices.
7. Rights of Users and Contact Details
The User may exercise the rights provided for by the Regulation in the cases expressly envisaged by law and where applicable. In particular, the User has the right to:
- obtain confirmation of whether or not the User’s personal data is being processed and, in that case, to request from the controller access to information concerning that data processing (e.g. purposes, categories of data processed, recipients or categories of recipients of data, retention period, etc.);
- request the rectification of inaccurate or incomplete data;
- request from the Data Controller the erasure of the data (e.g. if the personal data are no longer necessary for the purposes for which they were collected, in the case of withdrawal of consent on which the processing is based, etc.);
- request the restriction of the data processing (e.g. if the User disputes the accuracy of the data; if the processing is unlawful and the User objects to the erasure of personal data; if the data are necessary to exercise or defend the User’s rights in court, even where the Data Controller no longer requires them; when exercising the right of objection, for the time necessary to verify the existence of the legitimate reasons).
- receive in a commonly-used and machine-readable format (e.g. pdf) the personal data relating to the User and to send them to another data controller, or obtain the direct transmission from one controller to the other, if technically feasible (known as data portability).
The User also has the right to object, in whole or in part, for legitimate reasons, to the processing of personal data relating to him/her.
These rights may be exercised directly by sending a communication to COIMA to the following email address: email@example.com. If the User has provided his/her data to the exclusive agents, he/she may directly contact the latter (who are independent data controllers) in order to exercise his/her rights.
Finally, if the User considers that the processing of data provided violates personal data protection rules, he/she has the right to file a complaint with the Italian Data Protection Authority (www garanteprivacy it).