This Information Notice is made pursuant to Articles 13 and 14 of the EU General Data Protection Regulation (GDPR).

* * *

JOINT DATA CONTROLLERS

The joint data controllers are ASSIOM FOREX - Associazione Operatori dei Mercati Finanziari and ASSIOM FOREX Servizi srl, both with registered offices at Via Monte Rosa n. 17, 20149 - Milan.

For any further information or clarification, ASSIOM FOREX may be contacted at the mail address indicated, or at the e-mail address privacy@assiomforex.it.

PERSONAL DATA SUBJECT TO PROCESSING

The personal data subject to processing are:

• personal data: first name, last name, tax code, date and place of birth
• contact data: telephone number, cell phone number, email address, residence and home address
• information on the professional activity of the data subject
• bank data (for example: IBAN and bank/postal data)

LEGAL BASIS AND PURPOSE OF PROCESSING

Your personal data will be processed for the purposes specified below.

1. exchanging information aimed at the execution of the contractual relationship, including pre- and post-contractual activities;
2. to make requests or process requests received;
3. fulfill administrative, accounting and tax obligations arising from existing relationships;
4. fulfill obligations under the law, a regulation, EU legislation or an order of the Authority
5. forward communications related to the execution of the contract by different means of communication (telephone, fax, email).
6. to exercise the rights of the Data Controller, such as the right of defense in court.

The legal basis for the processing is the execution of a contract to which the data subject is a party or the execution of pre-contractual measures taken at the request of the data subject (e.g., requests to send information or commercial offers) as well as the fulfillment of a legal obligation to which the Data Controller is subject. In any case, it is a legitimate interest of the Data Controller to be able to process the data in order to effectively and efficiently manage the relationship with the data subjects and to manage the related internal and external organizational processes. The provision of data for these purposes is mandatory and, therefore, any refusal to provide it in whole or in part would not allow the execution of the contract

SUBJECTS TO WHOM PERSONAL DATA MAY BE COMMUNICATED

For the purposes indicated, the personal data may be communicated to the employees and collaborators of the Data Controller in their capacity as persons authorized to process the data in order to carry out the necessary activities and with guaranteed protection of the rights of the data subject.

The data may also be communicated to professionals or service companies that perform outsourcing activities on behalf of the Data Controller, in their capacity as Data Processors (by way of example, credit institutions, professional firms, consultants, etc.).

Finally, the data may be communicated to all those public and private entities whose right to access the data is recognized by legal provisions or orders of the authorities.

More information on the subjects to whom the data may be communicated will be provided to data subjects in the exercise of their rights under Article 15 of the Regulations.

The personal data processed will not be disseminated.

TRANSFER OF PERSONAL DATA

Assiom Forex does not transfer personal data to third countries or to international organizations. However, it reserves the right to use cloud services. In this case, the service providers will be selected from among those who provide adequate guarantees, as provided by Article 46 GDPR 679/16. Therefore, the processing will take place according to one of the modalities allowed by the current law, such as the adoption of Standard Clauses approved by the European Commission, the selection of entities adhering to international programs for the free movement of data or operating in countries considered safe by the European Commission.

RETENTION OF PERSONAL DATA

Personal data will be retained only for the achievement of the specific purposes pursued from time to time; in any case, the criterion used to determine the period of retention is based on compliance with the terms allowed by applicable laws and the principles of proportionality, necessity and minimization of processing.

In general, personal data will be retained for a time period of 10 years from the termination of the contractual relationship to which the data subject is a party.

In relation to marketing purposes, personal data will be retained for up to 24 months following the termination of the contractual relationship and subject to any request for deletion by the data subject.

RIGHTS OF THE DATA SUBJECT

The data subject, pursuant to Articles 15-22 REG EU 679/16, has the right to:

• access your data and receive a copy of it;
• obtain the rectification of the personal data concerning him/her and obtain the integration of such data where it is incomplete;
• obtain the deletion of your personal data;
• obtain the limitation of the processing if certain conditions are met;
• receive your data or have them transferred to another data controller, in a structured, commonly used and readable format if technically feasible;
• object to the processing of your data on grounds related to your particular situation;
• not be subjected to a fully automated decision-making process except where there is a compelling need

Requests should be made in writing to the contact details indicated in the “Data Processors” section of this policy.

In any case, the data subject always has the right to lodge a complaint with the competent supervisory authority (Garante per la protezione dei dati personali), in accordance with Article 77 of the Regulation, if he/she considers that the processing of his/her data is contrary to the legislation in force.