PRIVACY POLICY
Privacy policy pursuant to the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL, regarding the “securities services” offered by SESSA INTERNATIONAL SRL
Information to be provided to SESSA INTERNATIONAL S.r.l.’s clients and suppliers
In accordance with the Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data, namely Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereafter, also, the Regulation), SESSA INTERNATIONAL SRL. (hereafter also SESSA INTERNATIONAL S.r.l.), informs its clients and
suppliers that it would act as Data Controller in the provision of its “securities services”. Accordingly, SESSA INTERNATIONAL S.r.l. has prepared the privacy policy for natural persons who have relations with its clients.
The content of the Information referred in point b) is also valid for personal data of natural persons, (such as representatives of the clients or the suppliers) directly collected by SESSA INTERNATIONAL S.r.l..
Information to be provided to natural persons who have relations with the SESSA INTERNATIONAL S.r.l.’s clients.
In accordance with the Regulation on the protection of individuals with regard to the processing of
personal data and on the free movement of such data, namely Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereafter, also, the Regulation), SESSA INTERNATIONAL S.r.l. (hereinafter also referred to as SESSA INTERNATIONAL S.r.l.), in its role as Data Controller, provides to the Data Subjects (i.e. the natural persons who have relations with its clients) with the following information.
Source of personal data
The personal data held by SESSA INTERNATIONAL S.r.l. are collected exclusively from third parties, namely, clients of SESSA INTERNATIONAL S.r.l. with whom the Data Subjects concerned have a relationship. The abovementioned third parties transfer the data (or request their transfer) to SESSA INTERNATIONAL S.r.l.for the performance of its “securities services”.
Categories of personal data processed
The term “Personal data” means any type of information, identified or identifiable, relating to a Data Subject. The Data Subject’s personal data processed by SESSA INTERNATIONAL S.r.l. are those collected from the source described above and could include name, surname, nationality, contacts (including address, phone number and email address), date and place of birth, civil status, economic and financial information, details of ID documents. Usually, SESSA INTERNATIONAL S.r.l.does not process special categories of personal data (i.e. special categories of personal data are information revealing the ethnic or racial origin of the Data Subject, his/her political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data aimed at uniquely identifying a natural person, data regarding health or sexual life and sexual orientation of the person). Should SESSA INTERNATIONAL S.r.l. collect or process special categories of personal data in order to achieve the purposes indicated below, SESSA INTERNATIONAL S.r.l. will always process these data in compliance with the provisions of the law and with the requirements indicated in this data protection policy.
Purpose of the processing for which the data are intended. Mandatory and optional nature of
the data provision
The processing of the data indicated above is carried out in compliance with the Regulation and
with the principles and obligations of confidentiality and privacy.
The personal data are processed for the following purposes:
Purposes closely related and essential to the provision of SESSA INTERNATIONAL S.r.l.’s services (in
particular, asset management companies and investment firms, administration services, contracts services, daily business management, ecc.). The provision of personal data necessary for such purposes is not mandatory, but the refusal to provide them may result in the impossibility of SESSA INTERNATIONAL S.r.l. to provide the service.
Their processing does not require the consent of the Data Subject;
Purposes connected to the obligations laid down by laws, regulations and directives issued
by the Supervising Authority (Garante) and Supervisory Bodies of the financial system. The
provision of personal data necessary for these purposes is mandatory and the processing
does not require the consent of the Data Subject.
The Data Subject’s personal data collected for the abovementioned purposes are used by SESSA INTERNATIONAL S.r.l. for marketing, commercial or promotional purposes.
Categories of recipients to whom the personal data are disclosed
In order to carry out some of its activities, SESSA INTERNATIONAL S.r.l. outsources services to different companies but also of third parties, which fall into the following categories:
• companies providing banking, financial and insurance services;
• entities who offer services for the acquisition, registration and processing of data deriving from documents and media provided or originating from the Data Subjects.
• Such services are characterized by massive processing;
• entities who carry out activities of enveloping, manage, transport and sorting of communications to the Data Subjects;
• entities who carry out activities of archiving the documentation relative to the relations with the Data Subjects;
• entities providing hardware outsourcing and data processing services.
The personal data collected may also be communicated to the competent Authorities of European
or Non-European countries to provide answers to thier requests in accordance with the regulation
applicable time by time, in particular referring to the prevention of money laundering and terrorist
financing.
Personal data are not object to disclosure.
Transfer of personal data outside the European Economic Area
Given the international presence of SESSA INTERNATIONAL S.r.l., and in order to optimise the quality of the services provided, SESSA INTERNATIONAL S.r.l. may have to transfer the personal data collected to countries outside the European Economic Area, whose legal provisions on the protection of personal data are different from those of the European Union.
In this case, SESSA INTERNATIONAL S.r.l. ensures the protection of personal data by signing Standard Contract
Clauses or other protection tools defined by law.
Retention period of personal data
SESSA INTERNATIONAL S.r.l. keeps personal data for a period of 10 (ten) years starting from the termination of the contractual relationship with its clients, without prejudice to the provisions of art.17 of the Regulation.
Exercising the personal data access right and other rights
With relation to the provided personal data, the Data Subject can exercise the following rights at artt. 15-22 GDPR guaranteed by the Regulation:
a. access right;
b. right to rectification, modification and cancellation of personal data or the right of restriction the processing of the former;
c. right to object the processing;
d. right to withdraw the consent
e. right to send a complaint to the competent Supervisory Authority (Garante)
The right to portability of the data cannot be exercised, as the data are not collected directly by SESSA INTERNATIONAL S.R.L. and the latter processes them on the basis of a contract with its clients and not with the Data Subject concerned.
The Data Subject can exercise any of the abovementioned rights from point a) to point e) sending a
• via email/PEC to: sessainternationalsrl@legalmail.com.
• via recommended letter to: SESSA INTERNATIONAL S.R.L., Via Cortenuova, 21/23 – 24050 Cividate al Piano.
Cividate al Piano (BG), 21/06/2019
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-advertisement | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category . |
cookielawinfo-checkbox-analytics | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category . |
cookielawinfo-checkbox-functional | 1 year | The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 1 year | Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category . |
CookieLawInfoConsent | 1 year | Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie. |
elementor | never | This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time. |
PHPSESSID | session | This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed. |
Cookie | Duration | Description |
---|---|---|
fr | 3 months | Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin. |
VISITOR_INFO1_LIVE | 5 months 27 days | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt.innertube::nextId | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
yt.innertube::requests | never | This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen. |
_fbp | 3 months | This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website. |
Cookie | Duration | Description |
---|---|---|
CONSENT | 2 years | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
vuid | 2 years | Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website. |
_ga | 2 years | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. |
_gat_gtag_UA_87795292_20 | 1 minute | Set by Google to distinguish users. |
_gid | 1 day | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
Cookie | Duration | Description |
---|---|---|
aka_debug | session | Vimeo sets this cookie which is essential for the website to play video functionality. |