Privacy policy

The aim of this Privacy Policy is to describe the purposes and methods by which COIMA SGR, the Data Controller ("COIMA" or "Data Controller") and the subjects identified (exclusive agents) process personal data of the User ("User") collected through the website ("Website") when the User interacts with the Website and with the various services it offers.

The information contained in this Privacy Policy is provided in accordance with Art. 13 of Regulation EU 2016/679 (“Regulation”), as well as the Measures issued by the Data Protection Supervisory Authority and the Guidelines of the European Data Protection Board. The information on data processing is provided only for the Website and does not extend to data processing carried out by third parties on other websites that may be consulted by the User using links. The Data Controller accepts no responsibility for such additional data processing operations, and the User should refer to the individual Privacy Policies of the third party sites in question.

1.Data Controller and place of processing

The Data Controller is COIMA SGR with headquarters in Piazza Gae Aulenti 12, 20154, Milan.

2. Data processing methods

The User’s data are processed adopting all appropriate security measures to prevent unauthorised accesses, as well as the unauthorised disclosure, modification or destruction of the data. The processing is carried out using both IT and/or electronic tools, with organisational methods and logics strictly related and limited to the indicated purposes.

3. Purpose and legal basis of the data processing

COIMA, through the Website, may process the User’s data for the following purposes:

a Contact us. The User can obtain more information about the Campus and the services offered by using the contact details indicated on the Website. The User can also contact the exclusive agents identified (BNP Paribas and Colliers), whose contact details are indicated in the relevant section and who will act as independent data controllers, in order to respond to the User's requests. The exclusive agents will provide further information on data processing operations conducted outside the context of the Website, by means of specific privacy notices pursuant to Article 13 of the Regulation. Personal data provided voluntarily by the User (e.g. e-mail address, telephone number and/or other information provided by Users of their own accord) will be processed by the agents (data controllers) of reference in order to take charge of, properly manage and respond to communications and/or requests received from the User, including requests for contact in order to make an appointment. The need to implement the service expressly requested by the User represents the legal basis of the data processing, and any refusal to provide personal data will make it impossible to manage and respond to the communication or request for information. The exclusive agents will process the data solely in order meet the User's request.

b. To pursue the legitimate interests of the Data Controller and/or of third parties. The User's data may also be utilised in order to enable Data Controllers and/or third parties to exercise their rights and legitimate interests, e.g. to defend themselves in legal proceedings, to manage grievances/litigation, to recover receivables, to prevent fraud and/or illegal activities. In these cases, although the provision of the User’s personal data is not mandatory, it is necessary as those data are closely connected and instrumental to the pursuit of those legitimate interests, which do not prevail over the User’s rights and fundamental freedoms, and any refusal to provide them could involve the impossibility of carrying out the requested services (e.g. requesting information).

c. To fulfil legal obligations and/or applicable obligations. Personal data provided by the User or otherwise acquired while the User' interacts with the Website, may also be used to facilitate compliance with legislative and regulatory obligations, domestic and EU rules and obligations arising from official measures issued by lawfully authorised authorities, which represent the legal basis of the data processing, without the need to obtain the User's prior consent.

d. To carry out aggregate statistical analysis on an anonymous basis in order to improve the performance and services offered through the Website. In this case, the User’s consent will not be required, as the indicated data processing operations will be carried out only on anonymous data.

4. Categories of personal data to be processed

The Website may collect information related to Users who visit the pages of the Website and who use the web services available on the Website. In particular, the following information may be collected and processed.

4.1 Data collected through navigation and cookies
When the User visits the Website, the latter gathers specific data such as the pages displayed, the links or buttons clicked by the User, the date and time of access, the User's IP address, the browser and the operating system used ("navigation data"). Browsing data could, by their nature, enable the User to be identified also by means of data processing operations and associations with data held by third parties. However, such data are used only to obtain anonymous statistical information about the use of the Website for purposes strictly related to its operation. Navigation data could potentially be used in order to determine liability in the event of computer crimes that harm the Website. Secondly, in relation to the collection of the User’s data using cookies and similar technologies, please visit the Cookie Policy below.

4.2 Data voluntarily provided by the User
The Website does not collect data from the User directly. The User can provide personal data when deciding to contact the exclusive agents (by e-mail or telephone) for information on the services offered by the Website. These data will be processed by the exclusive agents, who are independent data controllers, for purposes strictly related to the User's request. Any failure to provide the data may involve the impossibility of obtaining the requested service.

5. Disclosure of data to third parties

The data gathered by the Website as part of the relevant services (e.g. IP address) will not be disseminated and may be communicated - for the purposes and using the methods illustrated in this Privacy Policy - to the categories of persons/entities listed below:

  • companies assigned to manage the properties of the controllers and which act on behalf of them, including companies forming part of the COIMA platform, for administrative-accounting purposes, to pursue the legitimate interests of the Controllers and/or third parties, and for purposes of executing the services expressly requested by the User;
  • companies, collaborators, consultants or freelance professionals used by COIMA to carry out duties of a technical or organisational nature (for example, providers of IT services), or with which they collaborate (including the other COIMA Companies), for purposes of providing and ensuring the functioning of its services, or for any communication activities;
  • persons, companies or professional firms that provide assistance and advice to the Data Controller, particularly (but not exclusively) in accounting, administrative, legal, tax and financial matters;
  • entities to which the right to access the data is recognised by legal provisions or by orders of the authorities.

The entities belonging to the categories indicated above will use the data in the capacity of independent data controllers in accordance with the law or data processors duly appointed on behalf of the Controllers.
The list of entities to which the data are or may be disclosed can be requested from the Company by using the details indicated in the “Rights of Users and Contact Details” section.

6. Data retention

Data provided by the User when making contact with exclusive agents will be processed by the latter for the period of time necessary in order to implement the indicated activities. The exclusive agents shall provide information on the data retention times of data collected by them, in their own privacy notices.

7. Rights of Users and Contact Details

The User may exercise the rights provided for by the Regulation in the cases expressly envisaged by law and where applicable. In particular, the User has the right to:

  • obtain confirmation of whether or not the User’s personal data is being processed and, in that case, to request from the controller access to information concerning that data processing (e.g. purposes, categories of data processed, recipients or categories of recipients of data, retention period, etc.);
  • request the rectification of inaccurate or incomplete data;
  • request from the Data Controller the erasure of the data (e.g. if the personal data are no longer necessary for the purposes for which they were collected, in the case of withdrawal of consent on which the processing is based, etc.);
  • request the restriction of the data processing (e.g. if the User disputes the accuracy of the data; if the processing is unlawful and the User objects to the erasure of personal data; if the data are necessary to exercise or defend the User’s rights in court, even where the Data Controller no longer requires them; when exercising the right of objection, for the time necessary to verify the existence of the legitimate reasons).
  • receive in a commonly-used and machine-readable format (e.g. pdf) the personal data relating to the User and to send them to another data controller, or obtain the direct transmission from one controller to the other, if technically feasible (known as data portability).

The User also has the right to object, in whole or in part, for legitimate reasons, to the processing of personal data relating to him/her.
These rights may be exercised directly by sending a communication to COIMA to the following email address: If the User has provided his/her data to the exclusive agents, he/she may directly contact the latter (who are independent data controllers) in order to exercise his/her rights.
Finally, if the User considers that the processing of data provided violates personal data protection rules, he/she has the right to file a complaint with the Italian Data Protection Authority (www garanteprivacy it).

Discover the Gallery


Download the Brochure