Privacy Policy

Colliers Global Investors Italy SGR S.p.A., in its capacity as data controller, wishes to inform users of its website www.casavilloresi.com (hereinafter the "Site"), about the processing of their personal data, pursuant to Legislative Decree 196/2003, as amended and supplemented (hereinafter the "Privacy Code") and to the General Data Protection Regulation 679/2016/EU (hereinafter the "GDPR").

1. Who is the data controller?

Colliers Global Investors Italy SGR S.p.A., with registered office in Milan - 20121, Corso Giacomo Matteotti, 10, VAT number, tax code and registration number on the Companies' Register of Milan 06817000968 (hereinafter the "Data Controller", or "we"), which may be contacted at the following e-mail address privacy.italy@colliersglobalinvestors.com.

The Data Protection Officer appointed by the Data Controller is the lawyer Francesco Conti, with office in Milan - 20122, Corso Europa, 12. You can contact the Data Protection Officer free of charge at the telephone number +39 02 3030 9330 and at the address already indicated, as well as at the PEC address francesco.conti@milano.pecavvocati.it.

2. What data are processed?

Your data, collected by us as part of your navigation of the Site, are as follows:

  • "Identification Data" such as:
    1. first and last name;
    2. e-mail address;
    3. telephone number, only if voluntarily provided by you; and
    4. any further information you can enter via the 'Request' field in our Contact Form.
  • "Navigation Data" such as:
    1. the IP address and domain name of the device used;
    2. the URI (Uniform Resource Identifier) addresses;
    3. the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (e.g., successful, error, etc.); and
    4. other parameters relating to the device, operating system and computer environment used by you;

(hereinafter jointly referred to as the "Data").

3. Why do we process your Data?

Your Navigation Data are processed for the following purposes:

  1. enable you to benefit from the services offered on the Site ("Contractual Purposes").

Your Identification Data will be processed for the following purposes:

  1. responding to any requests for information regarding the products and/or services offered by the Data Controller or executing a contract to which you are a party ("Contractual Purposes");
  2. comply with any legal and regulatory obligation ("Legal Purposes");
  3. with your prior consent, to send newsletters and commercial communications and invitations to events, through traditional and remote means of communication including e-mail, SMS, social networks, instant messages, mobile applications, banners, mail and telephone, for the promotion and/or sale of products and/or services marketed by the Controller ("Marketing Purposes");
  4. with your prior consent, to send marketing communications from HELM Italy, S.r.l. with registered office in Milan, Via Broletto, 35 - 20121, VAT number 11819980969. In relation to other services related to those offered on the Site in the manner set out in paragraph c) above ("Third Party Marketing Purposes");
  5. to carry out activities in connection with the sale of companies and business units, acquisitions, mergers, demergers or other transformations and for the execution of such transactions, as well as to assert and defend the rights of the Controller against you and third parties in any litigation ("Legitimate Business Interest Purposes").

4. What is the legal basis for the processing of your Data?

The processing of Navigation Data and Identification Data for Contractual Purposes is necessary in order to take advantage of the functionalities provided through the Site. Therefore, if you do not want your Data to be processed for such purposes, it will not be possible for you to take advantage of the services offered on the Site and/or to follow up any requests you may have made.  

The processing of Identification Data for the Legal Purposes is mandatory, as required under applicable laws.

The processing of Identification Data for Marketing Purposes and Third Party Marketing Purposes is optional and subject to your prior consent. Failure to provide your consent will make it impossible for the Data Controller and/or HELM Italy S.r.l. to keep you updated on new products, services or promotions, which may be in line with your interests.  

The processing of Data for the Legitimate Business Interest Purposes is functional to the pursuit of a legitimate interest of the Controller, appropriately balanced with your interests in the light of the limits imposed on such processing. You shall have the right to object to the processing for such purposes, in the manner set out in paragraph 7 below, unless we have an overriding interest in continuing the processing and unless the processing is necessary for the exercise or defense of a legal claim against us.

5. How do we process your Data?

In relation to the aforementioned purposes, the processing of Data shall take place both through IT tools and on paper and, in any case, through tools suitable to guarantee security and confidentiality through the adoption of the security measures prescribed by the GDPR.  

We will proceed to the deletion and/or removal of the Data if there is no need to process the Data in an identifiable form for the purposes of processing and upon expiry of the retention period indicated in paragraph 8 below.

6. Can Data be communicated or transferred abroad?

We can disclose your Data for the purposes set out in paragraph 3 to the following categories of recipients: (i) collaborators and employees of the Data Controller and of the entities indicated below in this paragraph 6, within the scope of their respective duties, as persons in charge of processing; (ii) third party providers of assistance and consultancy services with reference to activities in the areas of, but not limited to, marketing, technological, accounting, administrative, legal, insurance, as data processors or autonomous data controllers; (iii) entities and authorities whose right to access the Data is expressly recognized by law, regulations or measures issued by the competent authorities, as autonomous data controllers.  

Furthermore, the Data Controller may also share Identification Data with following categories of recipients: (i) subjects who are the transferees of a company or a business unit, companies resulting from possible mergers, demergers or other transformations of the Data Controller, as autonomous data controllers; (ii) companies of its group, as well as its agents and authorized dealers, as data processors.

Your data will not be disclosed.

Your Data will not be transferred outside the European Economic Area. Any transfer of your Data to countries outside the European Economic Area will, in any event, take place in accordance with the appropriate and adequate safeguards for such transfer, pursuant to articles 44 et seq. of the GDPR.

7. What are your rights?

You have, at any time and free of charge, the right to:

  1. obtain confirmation of the existence or otherwise of Data concerning you, and to know its content and origin, verify its accuracy or request that it be supplemented or updated, or corrected;
  2. request the deletion, transformation into anonymous form or blocking of Data processed in breach of the law;
  3. object in any case, for legitimate reasons, to their processing;
  4. request the restriction of the processing of the Data where (i) you dispute the accuracy of the Data, for the period necessary for the Data Controller to verify the accuracy of such Data; (ii) the processing is unlawful and you, receiving objection to the deletion of the Data, request instead that its use be restricted (iii) although the Data Controller no longer needs it for the purposes of the processing, the Data is necessary for the establishment, exercise or defense of a legal claim; (iv) you have objected to the processing pursuant to Article 21(1) of the GDPR pending verification as to whether the Data Controller's legitimate grounds prevail over those of the data subject;
  5. object at any time to the processing of Data;
  6. request deletion of the Data without undue delay;
  7. obtain Data portability;
  8. revoke, at any time, consent to the processing of data, without in any way affecting the lawfulness of the processing based on the consent given before revocation.

In the event of death, the aforementioned rights in relation to your Data may be exercised by those who have an interest of their own or are acting in your capacity as authorized representative, or for family reasons worthy of protection. You may expressly prohibit the exercise of some of the rights listed above by your successors in title by sending a written declaration to the Data Controller at the e-mail address below. The declaration may be revoked or modified later in the same manner.

Relevant requests may be addressed directly to the Data Controller by sending an e-mail to privacy.italy@colliersglobalinvestors.com .  

You also have the right to lodge a complaint with the Italian Data Protection Authority: https://www.garanteprivacy.it/

8. How long do we keep your Data?

We will process your Data for the period necessary to fulfil the purposes for which it was collected in accordance with paragraph 3 above.  

In any case,  

  • Data collected for Contractual Purposes are kept for the duration of the contract and/or service requested;
  • Data collected for the Legal Purposes are retained for a period equal to the duration prescribed for each type of data by law;
  • Data collected for Legitimate Business Interest Purposes shall be retained for a period of 10 years from the time of collection in the case of processing for the purpose of asserting and defending the Data Controller's rights against you and third parties in any litigation, whereas with respect to processing for the purpose of carrying out activities functional to transfers of business and business divisions, acquisitions, mergers, demergers or other transformations and for the performance of such operations, the retention periods listed above shall apply with respect to the main processing that takes place;
  • Data processed for Marketing Purposes and Third Party Marketing Purposes are kept for 24 months after the collection of the relevant consent, without prejudice to your right to object to such processing at any time.

Once the above-mentioned periods have expired, Data may be deleted, anonymized and/or aggregated.

9. Changes and updates

This Privacy Policy is valid as of its effective date. However, we may need to make changes and/or additions to this Privacy Policy, including as a result of any subsequent regulatory changes and/or additions. You will be notified in advance of any such changes or updates.