Personal data protection notice pursuant to articles 13 and 14 of European Regulation 2016/679- the General Data Protection Regulation (“GDPR”)
Kairos Partners SGR S.p.A. (the “company”) believes in the fundamental importance of safeguarding the confidentiality of its clients’ data. This is why it has always been careful to process and store the personal data disclosed to it with full transparency and in compliance with current regulations and the highest security standards.
In accordance with the GDPR, the company informs you that the personal data you provide shall be processed in compliance with the law and the principles of confidentiality.
The Data Controller is Kairos Partners SGR S.p.A., based in Milan, Via San Prospero 2, and legally represented by its CEO.
The Data Protection Officer, as defined in the GDPR, is Ecoconsult S.r.l., based in Milan, Via C. Goldoni 1 – email: firstname.lastname@example.org.
The Internal Data Treatment Officer for compliance issues and replies to data subjects is the Compliance and Corporate Affairs Officer, domiciled for the purposes of this office with the Data Controller – email: email@example.com.
Purposes of data processing
The personal data indicated above shall be processed within the scope of the company’s normal operations and for the purposes indicated below:
a) legal purposes, i.e., to meet obligations under law, regulations, EU legislation or provisions of lawful Authorities;
b) contractual purposes, and, more generally, administrative/accounting purposes, i.e., to meet the obligations arising from contracts to which you are a party or to meet your specific requests, which may entail using methods of remote communication;
c) commercial purposes, i.e., to provide you with information and send you advertising material, which may entail using methods of remote communication, on the company’s or third parties’ products, services or initiatives, to promote the same, for direct sales campaigns, to conduct market research, to monitor the quality of products and services offered to you, to improve the same offer, to send commercial information, to conduct statistical research, to profile you in order to take appropriate commercial decisions, to disclose the data to third parties so they may carry out their own commercial initiatives.
Providing your personal data for the purposes indicated in points a) and b) above is necessary to enter into contracts and perform them. Failure to provide the data could make it impossible to enter into and perform the contracts or to fulfill your requests.
Providing your personal data for the purposes indicated in point c) is optional, and without your consent we will not be able to provide you with material and advertising information on the company’s or third parties’ products, services or initiatives indicated above.
The company may process your sensitive data solely to the extent necessary for the performance of the specific transactions that you have requested or to manage certain transactions between you and the company, exclusively with your consent and in compliance with the Personal Data Protection Authority’s authorization, except for the specific cases expressly provided for by law.
With respect to the purposes indicated, the personal data shall be processed using manual, automated and electronic instruments with methods and logic strictly related to the same purposes and, in any case, in such a way as to ensure that the data remain secure and confidential.
Profiling and similar forms of processing
The company shall not process the data using automated decision-making processes. If the company decides to use such forms of data processing, it shall issue a specific notice indicating the logic used and the importance and consequences of such processing.
Based on the different purposes and aims for which the data were collected, the personal data shall be stored for the period of time provided for by the relevant legislation, i.e., the amount of time strictly necessary for the purposes and to protect the Data Controller’s rights in the event of legal disputes. However, the data shall be stored in accordance with the principles of necessity, purpose limitation, data minimisation and proportionality endorsed by the GDPR.
Within the company, your personal data could become known to employees and people working for the company in any capacity, assigned to services and offices, and to external and internal structures that perform technical, support and controlling duties on the company’s behalf.
To perform some of the activities related to the purposes for which the personal data are processed, as specified above, the company is assisted by external parties, including foreign entities, such as:
• banking and financial brokerage companies;
• data processing firms;
• service companies (e.g., envelope stuffing and customer notification);
• automated data management outsourcers;
• auditing firms;
• payment management outsourcers;
• legal and tax advisory firms for purposes closely related to the performance of our business activity;
• banks and bank branches;
• other subjects that have the right to access your personal data pursuant to the provisions of law or secondary or EU legislation.
In addition to meeting legal purposes, the data may be disclosed to meet anti-money laundering and anti-terrorism obligations pursuant to Italian Legislative Decree no. 90/2017, as amended and integrated, as well as to meet the company’s own contractual or commercial purposes and for the independent commercial purposes of the companies in the Kairos or Julius Baer group, or, in any case, parents, subsidiaries or associates.
The list of external and internal officers is updated continuously and stored at the company’s office where a free copy may be requested.
Transfer to third countries
Personal data may be transferred to third countries, as defined by the GDPR, where the European Commission has decided that the third country in question ensures an adequate level of protection, or in any case transferred to third countries with the appropriate safeguards (e.g., specific contractual clauses), pursuant to article 46 of the GDPR, or if there are binding corporate rules. Copies of the related documentation may be requested from the Internal Data Treatment Officer for compliance issues and replies to data subjects, including via email: firstname.lastname@example.org.
Data subject’s rights
Lastly, we inform you that articles 15 to 22 of the GDPR give the data subjects specific rights. In particular, data subjects shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning them are being processed and, where that is the case, to access the personal data.
Data subjects may also request:
• the erasure, rectification or limited processing of the personal data concerning them;
• the restriction of data processing for legitimate reasons;
• to receive the personal data concerning them in a structured, commonly used and machine-readable format and have the data transmitted to another controller (the right to portability).
To exercise these rights, data subjects may write to the Internal Data Treatment Officer for compliance issues and replies to data subjects indicated above, by post or email: email@example.com.
Data subjects also have the right to withdraw any consent given at any time, without affecting the lawfulness of processing based on consent before its withdrawal, and they may lodge complaints with the Personal Data Protection Authority.
General Data Protection Regulation (“GDPR”)
Date: with effect from 25th May 2018
Kairos Investment Management Limited, authorised and regulated by the Financial Conduct Authority and registered in England – 3594381, with its registered office at 10 Portman Square,
London W1H 6AZ. (“we”, “us” and “our”) is committed to respecting your privacy.
This privacy notice applies if you are a customer or client; supplier; professional adviser and consultant; a visitor to our website or an employee; or a director, officer or representative of another organisation with which we have a business relationship or,where any such person is not an individual, such person’s individual directors, officers, employees and/or owners.
This Privacy Notice is intended to ensure that you are aware of the categories of your personal data we may collect, how we collect it, what we use it for and with whom we share it in accordance with the GDPR.
“Personal data” means any information relating to you, but does not include data where you can no longer be identified from it such as anonymised aggregated data.
We will be a data controller in respect of your relationship with us. A data controller is responsible for deciding how to hold and use personal data about you. We may process your personal data ourselves or through others acting as data processors on our behalf.
Personal data held by us or on our behalf may include, but is not necessarily limited to, your name, residential address, place of business, email address, other contact details, corporate contact information, signature, nationality, country of residence, place of birth, date of birth, tax identification, tax jurisdiction, employment and job history, education details, regulatory status, credit history, correspondence records, passport number, bank account details, certain financial information contained within KYC documents, source of funds and details relating to your investment activity or preferences. We typically collect personal data about you when you provide information to us or others acting on our behalf. In addition, we may receive personal information about you from third parties.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose, in which case, we will notify you and explain the legal basis which allows us to do so.
We may also process your information where we are required by law to do so or if we reasonably believe that it is necessary to protect our rights and/or to comply with judicial or regulatory
proceedings, a court order or other legal process.
There are more limited bases for processing special category personal data. This is personal data which reveals or contains racial or ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life and sexual orientation. We do not intend to actively collect special category data about you. Whilst we will use reasonable efforts to limit our holding of such data, please be aware that we may hold such data incidentally.
Unless and until you make a decision to invest or otherwise engage in a business transaction with us, you are not required to provide us with any information. If you are invested with us, in some circumstances, if you do not provide us with certain information when requested, we may be limited in our ability to deal with you.
We may share your personal data with a third party where this is required by law, where it is necessary to perform our contract with you, or where we have another legitimate interest in doing so.
We may transfer the personal data we collect about you to non-EEA countries (including in particular Switzerland). Those countries may not have the same standard of data protection laws as the EEA. Where this is the case, unless an exemption applies, we will seek to put in place appropriate safeguards where possible, such as the EEA-approved standard contractual clauses to ensure that your personal data is treated in a manner that is consistent with and respects the EEA laws on data protection.
We will retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements and our legitimate interests in maintaining such personal information in our records. Generally, we will keep information relevant to our dealings with you for ten years following the last date of activity. In some circumstances your personal data may be anonymised so that it can no longer be associated with you, in which case it is no longer personal data. Once we no longer require your personal data for the purposes for which it was collected, we will securely destroy your personal data in accordance with applicable laws and regulations.
You have rights as an individual which you can exercise in relation to the information we hold about by contacting us at firstname.lastname@example.org. These rights are to:
You will not usually have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose, you may withdraw your consent for that specific processing by contacting email@example.com.
Please let us know if your personal data which we hold changes during your relationship with us.
We reserve the right to update this Privacy Notice at any time.
If you require any further information, please do not hesitate to contact firstname.lastname@example.org.