F2i
Switch to italian version


Privacy Notice for the Processing of Personal Data - Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679

Pursuant to European Regulation 2016/679 ("Regulation" or "GDPR") and national regulations on personal data protection, F2i Fondi Italiani per le infrastrutture SGR S.p.A. ("F2i" or "Company") invites you to carefully read this Privacy Notice regarding the processing of your personal data. Please be informed that the data you provide will be processed by the Data Controller as described below.

 

1. Definitions

Below are the meanings of some terms used in this Privacy Notice to facilitate its understanding:

  • Data: refers to Personal Data and Special Categories of Personal Data.
  • Personal Data: any information relating to an identified or identifiable natural person ("Data Subject"); a person is considered identifiable if they can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
  • Regulation (EU) 2016/679 ("GDPR"): Refers to the Regulation of the European Parliament and Council of 27 April 2016 on the protection of natural persons concerning the processing of personal data and the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).
  • Processor: A natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of the Data Controller.
  • Data Controller: F2i Fondi Italiani per le infrastrutture SGR S.p.A. determines the purposes and means of processing the Personal Data of the Data Subject.
  • Processing: Any operation or set of operations performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

 

2. Data Controller

F2i Fondi Italiani per le infrastrutture SGR S.p.A. ("F2i", "Company" or "Controller"), headquartered at Via San Protaso 5, 20121 Milan, represented by the current legal representative. In accordance with Articles 37 et seq. GDPR, the Company has appointed a Data Protection Officer ("DPO"), who can be contacted at privacy@f2isgr.it.

 

3. Personal Data Processed and Source of Processing

Personal Data is collected directly from the from the individual (e.g., when interacting with our representatives or filling out forms on our website) or from the company you work for in the context of relationships established with the Controller or from third-party sector information providers who collect and make available information about financial sector operators and their roles.

Personal Data Processing occurs through a dedicated management system ("Client Relationship Management" or "CRM") as detailed below. Through the CRM, we may process the following Personal Data:

  • Identifying data (name and surname);
  • Company email address;
  • Work contact details and addresses.

 

4. Purpose and Legal Basis of Processing

Processing will be carried out to manage our client/investor registry and communications. The CRM allows us to organize meetings and keep track of contact moments with the Data Subjects (e.g., by creating lists of call dates made/received with the Data Subjects).

We process Personal Data based on the relationship already established with our clients/investors to respond to specific requests sent to the Company and keep our clients/investors updated about our activities and projects. In some circumstances, based on our legitimate interest in business development, we may contact our clients/investors to propose services similar to those they have already used or shown interest in over time.

If you are not already our client, we may process your Data to present our services to you with your explicit consent. You may withdraw your consent at any time by submitting a specific request to the email address provided in this notice.

 

5. Processing Methods

Your Personal Data will be processed in accordance with applicable regulations on Personal Data Protection, using both electronic/automated and manual methods via our CRM. Your Data will be processed using suitable procedures to ensure maximum security and confidentiality and exclusively by authorized personnel for Processing activities. The Controller adopts technical and organizational measures to ensure an adequate level of security concerning the identified risks. We emphasize that conversations during phone calls between the Company and our clients are not recorded.

 

6. Data Retention Period

Personal Data communicated will be retained for the entire duration of the contractual relationship with the Controller and subsequently deleted unless legal obligations require their retention. Some Personal Data may be retained for fiscal and tax obligations. In case of disputes, the Controller may retain Personal Data for the duration of the dispute and within the statutory periods for defending its rights and interests.

Regarding Personal Data processed based on the Data Subject's consent, these will be retained until the consent is withdrew.

 

7. Data Recipients

The Personal Data you provide will be processed exclusively by authorized personnel of the Company. We specify that the CRM is managed by an external provider, appointed as a data processor pursuant to Article 28 GDPR. The Processor does not have access to the content of messages and communications exchanged with the Controller.

 

8. Data Transfer

In the context of Processing activities, your Personal Data will not be transferred to countries outside the European Union. In case of data transfer outside the European Union, the Controller ensures compliance with applicable legal provisions by entering, if necessary, agreements that guarantee an adequate level of protection and/or adopting standard contractual clauses provided by the European Commission.

 

9. Data Subject Rights and Exercise Methods

Pursuant to the GDPR, Data Subjects may exercise the rights set out below:

  • obtain information on the origin of the Personal Data, purposes and methods of Processing, logic applied in case of electronic processing, identifying details of the controller and processors, and entities or categories of entities to whom the Personal Data may be communicated;
  • obtain the updating, rectification or, where interested therein, integration of data; erasure, anonymization, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which they were collected or subsequently processed; certification that these operations have been brought to the attention of those to whom the data were communicated or disseminated, except where this proves impossible or involves a disproportionate effort;
  • object, in whole or in part, for legitimate reasons, to the processing of Personal Data concerning them, even if relevant to the purpose of the collection.

To exercise these rights or for any information regarding the Processing of Personal Data, you can send an email to the Controller or the DPO appointed by the Company at privacy@f2isgr.it or write to the registered office of F2i at Via San Protaso 5, 20121 Milan.

 

CONSENT TO THE PROCESSING OF PERSONAL DATA

I, the undersigned, declare that I have read the Privacy Notice pursuant to Articles 13 and 14 GDPR provided by F2i Fondi Italiani per le infrastrutture SGR S.p.A., as Data Controller of Personal Data, and for the promotional purposes of the services rendered by the Company