Types of treated data
Information that is gathered in the Azimut Holding S.p.A. website might include navigation data, which is included into the following two categories:

-   "Information that allow personal identification" and
-   "Information that do not allow personal identification".

Information that allow personal identification:

Normally, consulting information included in the Azimut Holding S.p.A website is possible in a completely anonymous way. When the user visits a part of the website that is asking for Personal Data gathering, an explicit policy is always shown to them beforehand and, if necessary, the user is asked for their consensus. Personal Data that is gathered during the user’s browsing can include its name, address, phone number, e-mail address, profession, and additional specific data related to the required services.

Information that do not allow personal identification:
It is technically possible that, while browsing the website, data is gathered without an explicit registration to the service by the user and therefore without their active role. These data is, for this reason, defined as “passive”.

Informative systems and software procedures, appointed to monitor the website functioning, register some Personal Data which transmission is implicit and inevitable in the use of protocols of Internet communication. These is information that is not gathered to be associated to some specific subjects, but might allow to identify visitors of the website because of its nature, through elaborations and associations with Third-party data. In this category of Personal Data fall IP addresses, as well as the domain names of the PCs used by the users to connect to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to send the request to the server, the dimension of the file obtained as a response, the numerical code showing the status of the response given by the server (successful, error, etc.) and other parameter related to the operative system and the computing environment of the user.

These Personal Data can be used with the sole purpose to obtain statistical and anonymous information on the website use, and to monitor its correct functioning; they are deleted immediately after being processed.

Technical Cookies not requiring consensus
Technical cookies are those that are not strictly necessary for the correct functioning of the Website, and are used with the only purpose of managing Azimut Holding S.p.A. web services (such as the login or the access to the restricted area of the Website).

These are not used for further aims, and are normally installed directly from the Data Controller or the Website manager. They can be divided into:

• Navigation or session Cookies: they allow the normal navigation and use of the website; they are necessary for the correct functioning of the website.
• Cookies Analytics: similar to technical cookies when they are employed directly by the site operator to collect information, in aggregate form, on the number of users and how they visit the site itself, to enhance website performances;
• Functional Cookies: they allow the site to remember the choices made by the user (such as language and selected products for shopping,…) in order to enhance the service offered to the user himself/herself.

Cookies for transmission of personal information are not used, neither are used persistent cookies of any kind, namely systems for user tracking. Technical cookies used in this website do not allow the acquisition of Personal Data that identify the user.

Purpose of treatment
Personal Data is treated in the scope of ordinary activity of the Firm, as well as during the activities linked and aimed to the following aims:

• aims that are strictly related to the generation and management of client relationships (e.g. acquisition of preliminary information when closing a contract, execution of operations on the bases of obliges deriving from the contract signed with the client, etc.);
• aims connected to duties made by the law, regulations and EU policies;
• recruitment aims.

For the aims established by the policy or the authority order, the Data Subject consensus is not necessary. For the aims that are strictly related and necessary to originate and manage client relationships, Data Subject consensus is expressed by the request of relationship origination.

In case the user sends spontaneously and voluntarily data or other information to the e-mail address selezione@azimut.it, with the aim of starting a work relationship with a Firm or a Group, they are aware of the following modes of treatment of those data (art. 13, clause 5-bis of the Code).

Personal Data of the Data Subject is also treated, when the consensus is given by the Data Subject, with the following aims that are functional to the Firm’s activity:

• survey of the satisfaction grade of clients on the quality of the provided services, as well as on the activities carried out by the Firm or firms pertaining to the Group; these are conducted directly or, in alternative, by some appointed firms that use personal and telephone interviews, questionnaires, etc.;
• promotion and sales of products and services of firms of the Group, made by firms of the Group or other third parties via mail, telephone, advertising material, authorised systems of communication;
• market surveys;
• organisation of conferences and events, that might be targeted and/or customised, organised or sponsored by the Group;
• communication and promotion of initiatives and activities of the Group;
• forwarding of invitations and personalised coupons for special occasions such as festivity, or other recurrences.

The lack of consensus from the Data Subject for the aims expressed in the bullet points of above does not impede the origination or continuation of the relationship.

Modes of data treatment
In relation to the stated aims, Personal Data treatment is done with automated instruments for the time that is strictly necessary to reach the objectives for which they were gathered and, in any case, to allow privacy and security of data themselves.

Some categories of persons, as in charge of the treatment, can treat Personal Data with the aim to fulfil their mansions, under the direct responsibility of the owner or a supervisor. In particular, the Firm has designated its employees, consultants and collaborators as in charge of the treatment.

Specific security measures are taken to prevent data loss, illicit or incorrect use, and unauthorised access.

Treatments linked to web services of this websites occur at the office of the firm stated above (“Via Cusani n. 4, Milano”) and are duty of the personnel in charge of the treatment, and of individuals in charge of maintenance actions.

Personal Data that is sent will not be communicated to third parties outside the list included in the following paragraph, neither will be subject to diffusion.

Categories of subjects to which data can be communicated
For the aims stated above, the Firm addresses – and therefore has the necessity to transmit data – to firms of the Group or to external subjects, such as:

-    to juridical and administrative authorities;
-    to firms that provide banking, financial and investment services;
-    to subjects practising activities of assurance and reassurance, and/or operating in sectors that are linked to these activities, for example assurer, agents, subagents, assurance brokers, doctors, experts, liquidators, associative organisations;
-    to other firms in the Azimut group being Independent Controller/Processor¹ of Treatment;
-    to firms that manage national and international systems for controlling frauds at expense of banks and other financial brokers;
-    to interbank bodies that analyse financial risk;
-    to subjects that manage the activities of printing, transmitting, enfolding, carrying and distributing communication - also periodic - for the Azimut group;
-    to firms, bodies or consortium that, on behalf of firms pertaining to the Azimut group, provide some specific elaborative services or other related activities, instrumental or supportive to the firms itself, namely activities that are functional to the execution of some operations or any other services required by clients;
-    to subjects providing services on the management of the firms’ informative systems and telecommunication networks;
-    to subjects who promote and/or place products and/or services on behalf of Firms of the Group;
-    to entities having a role in archiving, document storage, or data entry activities.

Subjects pertaining to the categories to which data can be communicated, can treat data with a role of “owner”, if they are outside of the original treatment made at the firm and can autonomously determine modes and aims of the treatment.

Those subjects can be designated as external supervisors of the treatment, in case they make the treatment on behalf of the Firm following its instructions. Moreover, employees, collaborators, and consultants appointed from the Firm can be made aware of data too.

A detailed list of external supervisors, that can be placed and treat data from outside the country, is available at the Firm’s office.

Length of Personal Data treatment
Personal Data is stored for a period of time not exceeding that necessary to achieve the purposes for which they are processed, without prejudice to the terms of documentary preservation or other terms provided by law or other applicable regulatory sources.

Personal Data provided by the interested party for marketing purposes will be kept until the same does not revoke its consent to the pursuit of the aforementioned purposes.

Once the respective terms have elapsed, Personal Data is deleted and/or made anonymous so as not to allow, even indirectly, to identify the interested parties.

Rights of the Data Subject
About the Personal Data Treatment, the Data Subject has the faculty to exercise their rights included in articles number 15 and 22 of GDPR. In particular, the Data Subject has the right to obtain from the Owner the access, amendment, integration, or cancellation (“right to be forgotten”) of their Personal Data, the limitation to Treatment, and the portability of Personal Data; the Data Subject has also the right to oppose the Personal Data Treatment, and the right to file a complaint with the representative Authority.

The Data Subject is capable of employing the rights of above sending a communication to the following e-mail address: privacy@azimut.it.

_______________________________________________________________________________

¹As for this policy, ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (art. 4, number 7, GDPR); ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (art. 4, number 8, GDPR).