Information to be provided to SESSA INTERNATIONAL S.r.l.’s clients and suppliers
In accordance with the Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data, namely Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereafter, also, the Regulation), SESSA INTERNATIONAL SRL. (hereafter also SESSA INTERNATIONAL S.r.l.), informs its clients and
The content of the Information referred in point b) is also valid for personal data of natural persons, (such as representatives of the clients or the suppliers) directly collected by SESSA INTERNATIONAL S.r.l..
Information to be provided to natural persons who have relations with the SESSA INTERNATIONAL S.r.l.’s clients.
In accordance with the Regulation on the protection of individuals with regard to the processing of
personal data and on the free movement of such data, namely Regulation (EU) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 (hereafter, also, the Regulation), SESSA INTERNATIONAL S.r.l. (hereinafter also referred to as SESSA INTERNATIONAL S.r.l.), in its role as Data Controller, provides to the Data Subjects (i.e. the natural persons who have relations with its clients) with the following information.
Source of personal data
The personal data held by SESSA INTERNATIONAL S.r.l. are collected exclusively from third parties, namely, clients of SESSA INTERNATIONAL S.r.l. with whom the Data Subjects concerned have a relationship. The abovementioned third parties transfer the data (or request their transfer) to SESSA INTERNATIONAL S.r.l.for the performance of its «securities services».
Categories of personal data processed
The term “Personal data” means any type of information, identified or identifiable, relating to a Data Subject. The Data Subject’s personal data processed by SESSA INTERNATIONAL S.r.l. are those collected from the source described above and could include name, surname, nationality, contacts (including address, phone number and email address), date and place of birth, civil status, economic and financial information, details of ID documents. Usually, SESSA INTERNATIONAL S.r.l.does not process special categories of personal data (i.e. special categories of personal data are information revealing the ethnic or racial origin of the Data Subject, his/her political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data aimed at uniquely identifying a natural person, data regarding health or sexual life and sexual orientation of the person). Should SESSA INTERNATIONAL S.r.l. collect or process special categories of personal data in order to achieve the purposes indicated below, SESSA INTERNATIONAL S.r.l. will always process these data in compliance with the provisions of the law and with the requirements indicated in this data protection policy.
Purpose of the processing for which the data are intended. Mandatory and optional nature of
the data provision
The processing of the data indicated above is carried out in compliance with the Regulation and
with the principles and obligations of confidentiality and privacy.
The personal data are processed for the following purposes:
Purposes closely related and essential to the provision of SESSA INTERNATIONAL S.r.l.’s services (in
particular, asset management companies and investment firms, administration services, contracts services, daily business management, ecc.). The provision of personal data necessary for such purposes is not mandatory, but the refusal to provide them may result in the impossibility of SESSA INTERNATIONAL S.r.l. to provide the service.
Their processing does not require the consent of the Data Subject;
Purposes connected to the obligations laid down by laws, regulations and directives issued
by the Supervising Authority (Garante) and Supervisory Bodies of the financial system. The
provision of personal data necessary for these purposes is mandatory and the processing
does not require the consent of the Data Subject.
The Data Subject’s personal data collected for the abovementioned purposes are used by SESSA INTERNATIONAL S.r.l. for marketing, commercial or promotional purposes.
Categories of recipients to whom the personal data are disclosed
In order to carry out some of its activities, SESSA INTERNATIONAL S.r.l. outsources services to different companies but also of third parties, which fall into the following categories:
• companies providing banking, financial and insurance services;
• entities who offer services for the acquisition, registration and processing of data deriving from documents and media provided or originating from the Data Subjects.
• Such services are characterized by massive processing;
• entities who carry out activities of enveloping, manage, transport and sorting of communications to the Data Subjects;
• entities who carry out activities of archiving the documentation relative to the relations with the Data Subjects;
• entities providing hardware outsourcing and data processing services.
The personal data collected may also be communicated to the competent Authorities of European
or Non-European countries to provide answers to thier requests in accordance with the regulation
applicable time by time, in particular referring to the prevention of money laundering and terrorist
Personal data are not object to disclosure.
Transfer of personal data outside the European Economic Area
Given the international presence of SESSA INTERNATIONAL S.r.l., and in order to optimise the quality of the services provided, SESSA INTERNATIONAL S.r.l. may have to transfer the personal data collected to countries outside the European Economic Area, whose legal provisions on the protection of personal data are different from those of the European Union.
In this case, SESSA INTERNATIONAL S.r.l. ensures the protection of personal data by signing Standard Contract
Clauses or other protection tools defined by law.
Retention period of personal data
SESSA INTERNATIONAL S.r.l. keeps personal data for a period of 10 (ten) years starting from the termination of the contractual relationship with its clients, without prejudice to the provisions of art.17 of the Regulation.
Exercising the personal data access right and other rights
With relation to the provided personal data, the Data Subject can exercise the following rights at artt. 15-22 GDPR guaranteed by the Regulation:
a. access right;
b. right to rectification, modification and cancellation of personal data or the right of restriction the processing of the former;
c. right to object the processing;
d. right to withdraw the consent
e. right to send a complaint to the competent Supervisory Authority (Garante)
The right to portability of the data cannot be exercised, as the data are not collected directly by SESSA INTERNATIONAL S.R.L. and the latter processes them on the basis of a contract with its clients and not with the Data Subject concerned.
The Data Subject can exercise any of the abovementioned rights from point a) to point e) sending a
• via email/PEC to: firstname.lastname@example.org.
• via recommended letter to: SESSA INTERNATIONAL S.R.L., Via Cortenuova, 21/23 – 24050 Cividate al Piano.
Cividate al Piano (BG), 21/06/2019