COOKIE POLICY

This privacy policy (hereinafter, for simplicity, the “Cookie Policy”) governs the processing of your personal data while browsing the website https://www.lumiassetmanagement.com (“Site”), through the use of cookies and other tracking tools, carried out by LUMI Asset Management srl, with registered office in via San Paolo, 1 - 20121 Milan, P. VAT IT12918500963, email info@lumiassetmanagement.com (“Data Controller”), in accordance with applicable data protection regulations, including EU Regulation 2016/679 (“GDPR”) and Directive 2002/58/EC (“Directive”) as amended from time to time.

1. Identity and contact details of the Representative

The Data Controller is LUMI Asset Management.

Since the Data Controller is established in the territory of the EU, no representativehas been appointed.

2. Contact details of the Data Protection Officer

The Data Controller has not appointed a Data ProtectionOfficer (“DPO”) pursuant to Article 37 GDPR.

3. Means and purpose of processing

Navigation data

In order to complete the connection to the Site, we process personal data, such as:

  • the IP address of the device you are using;
  • the date and time of access;
  • the type of browsing browser;
  • the operating system used.

 Cookies

Cookies are small text files that are downloaded toyour device when you visit the Site. They are used to enhance your userexperience. Cookies can remember your preferences, such as language or Sitesettings, to make subsequent visits to the Site easier and more personalised.

Cookiescan be classified in various ways:

  • Depending on how long the informationis stored:
    - Session cookies: these are temporary and are deleted each time you close the browser.
    - Persistent cookies: these remain on your device until you delete them or until they expire.
  • Depending on who manages thecookies:
    - First-party cookies
    : these cookies are installed and managed directly by the Controller.
    - Third-party cookies: these are installed by other websites that provide various services to the Site. In other words, these cookies are managed by websites other than the one you are visiting.
  • According to the functionalpurpose of the cookie:
    - Technical cookies: cookies in this category allow the Site to function properly
    - Statistical cookies: cookies in this category allow statistical analyses to be carried out on various domains, websites or apps that can be traced back to the Data Controller.
    - Marketing cookie: cookies in this category allow the Data Controller to carry out marketing activities.
    - Profiling cookies:
    cookies in this category allow the Data Controller to track information about you in order to provide you with services tailored to your needs and preferences.

 Listed below are all the cookies used by the Data Controller within the Site:

Technical cookies

4. Delete and deactivate cookies

You can configure your browser to prevent the processing of cookies, or delete them immediately afterbrowsing. Below, we list how to disable and delete cookies with the mainbrowsers:

  • Delete/deactivate cookies with Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
  • Delete/deactivate cookies with Edge: https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
  • Delete/deactivate cookies with Chrome: https://support.google.com/accounts/answer/32050?hl=en&co=GENIE.Platform%3DDesktop‍
  • Delete/deactivate cookies with Opera: https://help.opera.com/en/latest/web-preferences/#cookies‍
  • Delete/deactivate cookies with Safari: https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac, https://support.apple.com/en-us/HT201265

5. Legal basis of processing and optionality of consent

  1. Personal data processed while browsing the Site: the communication of such personal data is a contractual obligation, without which the services of the Site could not be made available properly.
  2. Personal data processed by fingerprinting: the communication of such personal data is purely optional. In the event that you do not give your consent to the communication of such data, it will be impossible for the Data Controller to carry out this tracking activity. The legal basis for the processing is your consent, given in accordance with applicable law.
  3. Personal data processed with technical cookies: the provision of personal data is a contractual obligation, without which the services of the Site could not be made available properly.
  4. Personal data processed with statistical cookies: the communication of personal data is purely optional. In the event that you do not consent to the communication of such data, it will be impossible for the Data Controller to carry out this tracking activity.The legal basis for the processing is your consent, given in accordance with current legislation.
  5. Personal data processed with marketing cookies: the communication of personal data is purely optional. If you do not give your consent to the communication of such data, it will be impossible for the Data Controller to carry out thistracking activity. The legal basis for the processing is your consent, given in accordance with current legislation.
  6. Personal data processed with profiling cookies: the communication of personal data is purely optional. If you do not give your consent to the communication of such data, it will be impossible for the Data Controller to carry out this tracking activity. The legal basis for the processing is your consent, given in accordance with applicable law.

You may express your consent to the processing of personal data through the means of tracking described in this Cookie Policy by clicking on specific boxes within the appropriate banners.

6. Profiling

If you consent to processing by tracking means in order to benefit from personalised services, your personal data may be subject to an automated decision-making process, with one or more specific algorithms deciding which communications best fit your profile or which may be of interest to you.

7. Source of personal data and categories of data

The Data Controller will only process personal data provided by you in accordance with the Cookie Policy, collected through the Site. The Data Controller will not process personal data from publicly accessible sources. The Data Controller will not process special personal data as referred to in Article 9 of the GDPR.

8. Recipients and possible categories of recipients of personal data

They may receive your personal data:

  • companies offering hosting services;
  • companies that provide commercial and marketing services on behalf of the Data Controller; 

9. Transfer of personal data

The Data Controller has no intention of transferringPersonal Data to entities established in a country outside the European Union or to an international organisation.

10. Personal data retention period

  1. Personal data processed while browsing the Site: the Data Controller will retain your personal data processed while browsing the Site for a period not exceeding 12 (twelve) months from the date of individual collection;
  2. Personal data processed by means of fingerprinting: the Data Controller will keep your personal data processed while browsing the Site for a period not exceeding 12 (twelve) months from the date of individual collection;
  3. Personal data processed with technical cookies: the Data Controller will store your personal data processed with technical cookies in order to allow you to use the Site correctly for a period not exceeding 12 (twelve) months from the date of individual collection;
  4. Personal data processed by means of statistical cookies: the Data Controller will retain your personal data processed to make personalised services available by means of statistical cookies for a period not exceeding 12 (twelve) months from the date of individual collection;
  5. Personal data processed with marketing cookies: the Data Controller will retain your personal data processed to make personalised services available through marketing cookies for a period not exceeding 12 (twelve) months from the date of individual collection;
  6. Personal data processed by means of profiling cookies: the Data Controller will retain your personal data processed to make personalised services available by means of profiling cookies for a period not exceeding 12 (twelve) months from the date of individual collection.

The Data Controller reserves the right, in anyevent, to ask you to renew and/or verify the consents expressed.

11. Right of opposition

As a ‘data subject’, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you pursuant to Article 6(1)(e) or (f) of the GDPR, including profiling on the basis of these provisions.

The Data Controller shall refrain from further processing your personal data, unless the Data Controller proves the existence of compelling legitimate grounds for processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

If personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you carried out for such purposes, including profiling insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, your personal data are no longer processed for such purposes.

You may object to the processing of your personal data for direct marketing purposes even in part, e.g. by objecting only to the sending of promotional communications by automated and/or digital means, or to the sending of paper communications and/or the receipt of telephone communications.

If your personal data are processed for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, you have the right, on grounds relating to your particular situation, to object to the processing of your personal data, unless the processing is necessary for the performance of a task carried out in the public interest.

12.  Other Rights

The Data Controlleralso wishes to inform you of the existence of the following rights:

  • Right of access: you have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning you is being processed. If so, you have the right to access your personal data and specific information, in accordance with Article 15 of the GDPR;
  • Right of rectification: you have the right to obtain from the Data Controller the rectification of inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration, in accordance with Article 16 of the GDPR;
  • Right to erasure: you have the right to obtain from the Data Controller the erasure of personal data concerning you without undue delay. The Data Controller is obliged to delete your personal data without undue delay, if there are grounds listed in Article 17 of the GDPR;
  • Right of restriction of processing: you have the right to obtain from the Data Controller the restriction of processing, if the grounds listed in Article 18 of the GDPR exist;
  • Right to data portability: you have the right to receive, in a structured, commonly used and machine-readable format, personal data concerning you provided to the Data Controller, such as the right to transmit such data to another controller without hindrance by the Data Controller, in the cases and under the conditions specified by Article 20 of the GDPR;
  • Right to object to commercial communications: you have the right to object at any time, free of charge, to receiving commercial communications from the Data Controller;
  • Rights in relation to profiling: you have the right to obtain human intervention by the Data Controller, to express your opinion and to challenge the decision, in accordance with Article 22 of the GDPR;
  • Right to lodge a complaint with the Data Protection Authority: you have the right to lodge a complaint with the Data Protection Authority to complain about a breach of data protection regulations, in accordance with Article 77 of the GDPR.

13.  How to exercise your rights

You will be able to exercise the rights set out in the Cookie Policy by addressing your requests directly to the Data Controller at the e-mail address info@lumiassetmanagement, or by sending the relevant communication by registered letter with acknowledgement of receipt to the address via San Paolo, 1 - 20121 Milan.

You may lodge a complaint with the Personal Data Protection Authority in the manner provided for on the official site, by addressing it to the contact details available at https://www.garanteprivacy.it/home/footer/contatti

14. Accessibility

The Cookie Policy is accessible at https://www.lumiassetmanagement.com/cookie-policy.html and at the Data Controller’s offices. If you expressly request it, the Data Controller may provide you with the information orally, subject to proof of your identity, by means of a telephone request addressed to +39 02 45.381.840.

15. Modifications

The Cookie Policy may be amended by the Data Controller, also in order to adapt to national and/or European Union legislation or technological innovations. Any new versions of the Cookie Policy will be posted on the Site. We invite you to periodically check the Cookie Policy. Any changes will be communicated to you by means of a pop-up on the Site or by other means and/or computer tools. If the Data Controller substantially modifies the Cookie Policy, by providing for new processing purposes and/or categories of personal data processed or by changing the third parties, the Data Controller will inform you, requesting the necessary consents, by means of a specific banner. If it is impossible for the Data Controller to check that cookies have been stored on your device on your next visit to the Site, for example, if the cookies installed are deleted, the Data Controller will inform you by means of a specific banner and will request the necessary consents. If at least 6 (six) months have elapsed since the previous presentation of the banner on the Site, the Data Controller will inform you, requesting the necessary consents, by means of a specific banner.