Walliance S.p.A., with its registered office in Trento (TN-38122), Viale della Costituzione No. 16, as Data Controller of personal data (hereinafter: "Data Controller" or "Walliance") acknowledges the relevance of personal data protection and considers such protection among its primary work objectives.
The Data Controller informs you that your personal data will be processed according to principles of appropriateness, legality, transparency, and protection of your privacy and rights. Your personal data will therefore be processed in accordance with the GDPR measures and the protection obligations provided for therein.
- Data Controller, Data Supervisors, and Data Protection Officers (DPO);
- Personal data subject to processing;
2.1 Navigation data;
2.2 Data provided voluntarily by the user;
- Purpose of the processing and mandatory or optional nature of the provision of data;
- Processing methods, security, and data processing place;
- Communication and disclosure;
- Data storage;
- Your rights;
1. DATA CONTROLLER, PERSONAL DATA SUPERVISORS, AND DATA PROTECTION OFFICER (DPO)
Data relating to identified or identifiable physical persons may be processed following consultation and use of this Site. The identifying contact details of the Data Controller and Site manager are as follows: Walliance S.p.A., with registered office at Viale della Costituzione 16, 38122 Trento, Tax Code and VAT number 02432640221, Economic Administrative Index TN-224237.
The list of Data Supervisors may be requested by sending an e-mail to: firstname.lastname@example.org.
The Data Controller has appointed the Data Protection Officer (hereafter: "DPO"), who can be contacted at the following address: Leonardo Grechi, email@example.com.
2. PERSONAL DATA SUBJECT TO PROCESSING
2.1 Navigation data
During their normal operation, the computer systems and software procedures used to operate this Site acquire some personal data. Such data transmission is implicit in the use of Internet communication protocols. This entails information that is not collected for association with identified persons. Nevertheless, because of its very nature, such information could lead to user identification through processing and association with data held by third parties. This data category includes IP addresses or domain names of devices used to connect to the Site; URI (Uniform Resource Identifier) annotated addresses of the requested resources; time of the request; method used to submit the request to the server; size of the file obtained in response; the numerical code indicating the server response status (success, error, etc.), and other parameters pertaining to the User's operating system and IT environment.
These data are used to obtain anonymous statistical information about Site use and to check its correct functioning in order to allow—given the system architecture used—the correct delivery of various functions requested by the User. For security reasons, data are deleted immediately after processing.
Under no circumstances shall the Data Controller cross any such information with any other data that he/she may have for tracking the activities of specific users.
2.2 Data voluntarily provided by the User
In order to access the Site's functionality, which is reserved for registered users, registration is required for account verification through the following personal data: first name, last name, E-mail, and phone number.
Once registered within the User's personal area, it is possible to enter other data related to your profile, e.g. date of birth, tax code, citizenship, sex, residential address, copy, number, ID expiration date, and bank account or accounts from which invested sums are sent.
These data are provided voluntarily and will be processed in full compliance with data protection law. The failure to provide such data will solely result in the inability to create an account and access certain features.
The user is responsible for entering accurate profile data and guarantees their accuracy.
Such data may also be processed in relation to any subsequent users' authorization as "Investors" and "Offerors" for joining equity crowdfunding campaigns (under conditions available in the specific Site area) or for submitting public offers of risk capital funding via online portals to Walliance, and possibly publishing them on the Site.
The Site and its services can be accessed through third-party credentials, such as Google, Facebook, or a similar service ("social login"). In this case, the User is required to check the settings of such a service and carefully read the third party provider's policies. Such policies may authorize the third party to share personal information and authorize Walliance to collect information, such as contacts, friends, and other User data. We will store the identification code associated with the User's account through the third party's service when logging into Walliance or sharing site-hosted content through such a service. The code will be stored as long as necessary for the required services. If the User creates a Walliance account or uses site services by connecting through the social login, then we may use the information contained in the sourced account to complete the User's Site profile. The User can update or modify the profile and contact information at any time during social login.
Such data are kept for the necessary time to provide the requested services plus additional periods if storage is required by law or other legitimate purposes, i.e., Walliance legal defense proceedings, legitimate interest in the controlled data, or third parties.
2.3 Information collected through cookies
- Legal definitions, characteristics, and application
Technical cookies are necessary for the proper functioning of a Web site and to facilitate user navigation. Without them, the user may be unable to view pages correctly or use certain services.
Profiling cookies create the user's profiles. These profiles are used to push advertising messages aligned with user preferences expressed during navigation.
Cookies can be further classified as:
"session" cookies, which are deleted immediately upon closing the navigation browser; "persistent" cookies, which remain in the browser for a certain period of time and are used, for example, to recognize the connected device and facilitate the user's authentication; "own" cookies, generated and managed directly by the manager of the browsed website; "third party" cookies, generated and managed by subjects other than the browsed website manager.
Cookies can always be disabled. To do so, please refer to each browser's Site navigation instructions.
- Types of cookies used by this Site
The Site uses the following cookie types and offers the possibility to deselect them. This is with the exception of third-party cookies, where the user must refer directly to the related selection and deselection methods of the specific cookies, indicated via the links:
Either navigation or session technical cookies are strictly necessary for Site operation or to allow the User to benefit from the requested content and services.
Analytics cookies facilitate the Site operator's understanding of how users utilize the site. We do not collect information about the User's identity or any personal data through these cookies. Such information is processed in an aggregate and anonymous manner.
Functionality cookies activate specific Site functions and a set of selected criteria (e.g. language and products selected for purchase) in order to improve the delivered service.
CAUTION: by disabling technical and/or functional cookies, the Site may be unavailable or some services and certain functions of the Web site may be unavailable or work improperly. The User may be forced to change or manually enter certain information or preferences every time he/she visits the Site.
Third-party cookies, namely site or web server cookies other than that of the Data Controller, are used for such third parties, including profiling cookies. Please note that said third parties, listed below with the relative hyperlinks to privacy policies, act as independent data controllers of data collected through sent cookies. Therefore, the User must refer to their policies on the processing of personal data, information, and any forms of consent collection (selection and deselection of the corresponding cookies).
Google Connect https://www.google.it/intl/it/policies/technologies/types/
Facebook Connect https://www.facebook.com/policies/cookies/
Facebook Pixel https://www.facebook.com/policies/cookies/
Cookies sent directly from Walliance through the Site are outlined in detail via the following link: https://www.walliance.eu/cookies
3. SCOPE OF THE PROCESSING AND MANDATORY OR VOLUNTARY NATURE OF THE DATA TRANSFER
The user provides us with data through the Site. Data will be processed by the Data Controller for the following purposes:
a) purposes related to requested service delivery (e.g. contact request, newsletter subscription, registration, offers submitted by Investors and Offerors, resolution of issues related to Site use, complaints, etc.).
Granting your data for the purposes referred to in letter a) is optional but failure to do so could result in the impossibility of operating the required functionality.
b) reasons related to aggregated or anonymous data statistical research/analysis, without the possibility of identifying the User for measuring Site functioning and traffic, as well as evaluating usability and interest.
c) reasons related to the fulfillment of obligations under law, regulation, or European Union (EU) standards.
Conferring your data for the purposes listed above (c) is mandatory. If not conferred, the data controller would be unable to meet the obligations established by law, regulation, or EU standards.
d) marketing reasons.
The conferred data may be processed, being subject to explicit and specific consent for promotional and marketing communications mailings. Such sending includes newsletters and market research through automated tools (SMS, MMS, E-mail, push notifications, fax) and non-automated tools (post, telephone with operator). Article 6, paragraph 1, letter a) of the GDPR provides the legal basis for processing your data. Commercial profiling and direct marketing processing is optional and depends on your choice. Thus, failure to provide consent for such purposes will not impair service use.
4. PROCESSING METHOD, SECURITY, AND DATA PROCESSING LOCATION
Your personal data are processed by the Data Controller or third parties carefully selected in light of their reliability and competence and, therefore, appointed as Data Supervisors. This processing is limited to the achievement of the aforementioned purposes, mainly with automated tools but also in print, for the period of time strictly necessary to achieve the goals of their collection.
Specific security measures are observed to prevent data loss, illicit or unfair use, and unauthorized access in full compliance with current regulations.
5. COMMUNICATION AND DISCLOSURE
Your personal data may be disclosed to employees or external collaborators of the Data Controller who are administrative, sales, legal, or accounting employees, or IT administrators, depending on how your data is processed and who, working under the Data Controller’s direct authority, will be designated as Data Processors or persons in charge of the processing, pursuant to arts. 28 and 29 of the GDPR. These people will be suitably instructed on how to perform the tasks involved.
Your personal data may be communicated to subjects external to the Data Controller, whereas their activity is needed for the functionality and delivery of the Site's features.
Your personal data may be disclosed to third parties such as:
people, companies, or professional firms that provide assistance and advice to the Data Controller, duly appointed as Data Supervisors; subjects, entities, or authorities to whom the communication of your personal data is mandatory, pursuant to legal provisions or orders from the competent authorities; subjects delegated and/or appointed by the Data Controller to carry out activities strictly related to the pursuit of the aforementioned purposes (including interventions of system technical maintenance), duly appointed as Data Supervisors; commercial partners, and suppliers of functional services for software development and services related to the Site.
Where necessary, the Data Controller reserves the right to collect your specific consent.
Your personal data will not be circulated by the Data Controller without your specific consent. Your data may be transferred abroad to European Union countries or to countries outside the EU that have received an adequacy decision by the Commission. This may also include countries that have not received such an adequacy decision in compliance and within the limits of Art. 44 – 49 of the GDPR.
6. DATA STORAGE
Personal data are stored and processed through computer systems owned by the Data Controller and managed by the Data Controller or third party technical service providers. Data are exclusively processed by specifically authorized personnel, including personnel assigned to carry out extraordinary maintenance operations.
The data will be stored strictly for the necessary time of the contractual or legal purposes in which the data have been provided to the Data Controller. In any case, the data will not be stored beyond 10 years from the termination of any relationship with the Data Controller.
7. YOUR RIGHTS
Pursuant to articles 15 to 22 of the GDPR, you can, at any time, exercise the right to:
ask for confirmation of the existence or not of personal data; obtain information on the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the storage period; obtain the correction and deletion of data; obtain the limitation of the treatment; obtain the portability of the data, i.e., receive them from the Data Controller in a structured, common format, that is readable by an automatic device, and transmit them to another Data Controller without hindrance; object to the processing at any time, even in the case of processing for direct marketing purposes; oppose an automated decision-making process relating to natural persons, including profiling; ask the Data Controller to access personal data and to correct or cancel them or limit or oppose their processing, in addition to the right to data portability; withdraw consent at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation; propose a complaint to a supervisory authority (Italian Data Protection Authority – www.garanteprivacy.it).
Requests can be e-mailed to firstname.lastname@example.org.
The User declares to have read the information reported here and gives his/her consent to the processing of all personal data.