BEEWISE – INFORMATION NOTICE

Azimut[1] is fully committed to protect and respect your privacy and use your personal data in compliance with the provisions stated by Regulation EU 2016/679 – General Data Protection Regulation (hereinafter “GDPR” or “Regulation”).

Here you will find all the information about how our mobile application Beewise[2] (hereinafter “Beewise” or the “App”) collect and process your personal data[3], how you can exercise your rights and change the way we process your personal data.

The companies that will carry out the processing of your personal data according to the purposes and methods listed below are Azimut Capital Management S.p.A. and Azimut Investment S.A. (hereinafter “Azimut”, “We” or “Us”) in their quality of joint controllers[1] according to article 26 of the GDPR.

You will be able to reach Us out and get more information about our role and responsibilities by sending an email to: privacy@beewiseapp.com

[1] For the purpose of this notice “Joint Controllers” shall mean two or more controllers jointly determining the purposes and means of processing.

The Data Protection Officer (“DPO”) is a supervisor, expert in the field of privacy, with the task of overseeing and verifying the effectiveness of the measures that Azimut has developed.

Azimut has appointed a DPO, you will be able to reach him out by sending an email to: dpo@beewiseapp.com

In this section you will get more information on what personal data We collect and process during the registration and account creation process and while you are using Beewise.

1. First steps

After having downloaded Beewise on your device, you will start the registration and account creation process during which We will ask you to provide Us some personal data.

You can find more details about the processing of your personal data in the following table.

In addition to the personal data listed above    , you can also provide Us with other personal data to better personalize and set up your Beewise account (for example a profile picture). The provision of these personal data is optional therefore you will be able to proceed in the registration and account creation process also without providing these personal data.

Please note that during the registration and account creation process, in addition to the personal data directly collected from you, We may collect information about you from public sources for complying with legal obligations to whom We are subject according to statutory and regulatory requirements. We will collect the information from third parties, such as credit reference agencies, fraud-prevention agencies and trusted partners helping Us to provide our services. The information We collect includes information aimed to allow us to check your identity and information relating to your transactions.

2. Identity verification

During the registration and account creation process, our trusted partner IDNow GmbH (hereinafter “IDNow”), will ask you to take a picture of yourself (hereinafter “selfie”) and scan your identification document. IDNow, as autonomous data controller, will collect personal data directly from you in a dedicated page after giving the information notice and having collected your consent to perform the processing of your biometrical data.

In particular, the processing of personal data is necessary to allow IDNow to confirm the likeness of your selfie to the photo on your identification document (hereinafter “likeness check”).

After having performed the likeness check and the liveness detection (a check aimed to make sure that you are a human and not a robot), IDNow will send Us a report containing your personal data so that We can comply with the legal obligations We are subject pursuant to statutory and regulatory requirements.

3. Bank account linking

To invest in Azimut Investments funds, you will need to link your bank account(s) to Beewise in order to provide Us with the required account information. This linking process is facilitated by our trusted partners Salt Edge Limited (hereinafter “Salt Edge”) and fino run GmbH (hereinafter “fino”).  After the completion of the Beewise registration and account creation process, you will land on Salt Edge’s web page whereby fino, an authorized provider of account information services, will allow you to connect to your bank account(s) using your online account credentials, so that fino can retrieve the associated account information.

During the bank account(s) linking process, Salt Edge, as autonomous data controller, will collect your consent to share with Us the information related to your bank account(s) (such as account holder details, account details, regular payments history and account transactions for the past 12 months, as made available by your account provider).

We process the shared information as autonomous data controller solely to help you to set up and personalize your investment account according to your needs and financial situation.

4. Payment initiation

If you are using the payment initiation functionality made available within Beewise in order to purchase an Azimut Investment’s product you will have to submit a payment order. Once you confirm the payment order, We will provide the payment order details (that may include, without limitation, the payment order date, amount, currency, description) to our trusted partner fino run GmbH (hereinafter “fino”). fino is a licensed payment initiation service provider that allows you to initiate payment transactions directly from your payment account in accordance with the Revised Payment Services Directive (hereinafter “PSD2”).

During the payment initiation flow, fino will ask for your consent to the initiation of the respective payment order. Once you give such consent fino will initiate the payment order by transmitting it to your account provider (i.e., bank, electronic money institution) for execution. fino will provide to Azimut the information returned by your respective account provider regarding the initiated payment order, such as the status of such payment order (accepted, rejected, failed, etc.) and in some cases associated transaction data (such as payment account holder name and IBAN).

fino will process your payment order data and any other personal data collected during the payment initiation flow as autonomous data controller solely for the purpose of providing the requested payment initiation services to you and in accordance with the applicable legal framework.If you want more information about the processing of your personal data performed by fino please refer to their privacy policy.

5. Information We collect while you are using Beewise

While you are using Beewise, We may automatically collect certain information as better detailed in the following table.

6. Processing of anonymous data

Anonymous data are information which, through a data processing technique, are altered so as to render impossible to relate them to an identified or identifiable natural person. Therefore, GDPR does not apply to the processing of such anonymous information.

We may use anonymized or aggregate data for different purposes such as business purpose, including to better understand customer base needs and behaviors, improve our App and services, conduct business intelligence activities and marketing, and detect security threats.

Please note that, with the solely exception of this section, none of the other provisions of this information notice applies to anonymized and/or aggregated data.

In this section you will find out more about the purposes for which We collect and process your personal data and the legal basis that allows Us to perform those processing activities in compliance with GDPR

1. Providing you services

We collect and process your personal data for the performance of the contract between you and Azimut concerning the use of Beewise and to support you regarding any request you sent to support@beewiseapp.com  (for any technical issues) or to customerservice@beewiseapp.com (for any other issues related to the investments).

The provision of personal data for the above-mentioned purpose is necessary, any refusal to provide Us with such data will make impossible for you to use Beewise services or for Us to provide you support regarding any eventual issue for which you requested our help (technical or relate to your investments).

The legal basis of above-mentioned processing is the performance of a contract to which the data subject is party or take steps at the request of the data subject prior to entering a contract pursuant article 6, paragraph 1, letter b, of GDPR.

2. Complying with legal obligations

Azimut is subject to various legal obligations pursuant to statutory (e.g. laws of the financial sector, anti-money laundering and combatting the financing of terrorism laws, tax laws) and regulatory requirements (e.g. requirements of any regulatory authority).  This cover our processing of your personal data for compliance with applicable laws such as the  applicable legislation on know-your-Customer (“KYC”) and anti-money laundering and combatting  the financing of terrorism (“AML/CFT”), compliance with requests from or requirements of local or  foreign regulatory enforcement authorities, tax identification and reporting (where appropriate), the OECD’s standard for automatic exchange of financial account information commonly referred to as the Common Reporting Standard or “CRS”,  for Foreign Account Tax and Compliance Act (“FATCA”) purposes, for the Automatic Exchange of  Information (“AEI”) and any other exchange of information regime to which We may be subject to  from time to time.

The provision of your personal data to comply with the regulatory provisions is mandatory and your consent is not required.

The legal basis of above-mentioned processing is the compliance with a legal obligation to which the controller is subject pursuant article 6, paragraph 1, letter c, of GDPR.

3. Preventing frauds, money laundering and defend our rights

We collect and process your personal data for preventing frauds and money laundering by determining whether a transaction or an account presents a fraud or legal risk. In this way, We aim also to protect you from money loss by ascertaining, preventing and mitigating frauds and/or abuses of the services We provide through the App.

Furthermore, We may process your personal data for defend our rights or for defending our self from any legal claim. The processing     is not intendent to be limited to current legal proceedings but includes processing necessary for:

• prospective proceedings;
• obtaining legal advice; or
• establishing, exercising or defending legal rights in any other way (in Court or in the stages leading to possible legal action).

The legal base of above-mentioned processing is our legitimate interest pursuant article 6, paragraph 1, letter f, of GDPR.

4. Marketing activities

To proceed with the processing of your personal data for marketing purposes, We need to obtain your specific, separate, expressed, documented, preventive and optional consent.

By giving your consent to the processing of your personal data for marketing purposes, you specifically acknowledge the promotional, commercial and marketing purposes (included the consequent administrative and management activities) and expressively allow the processing (the means used for the process could be: call with operator or other non-electronic means, not telematics or not supported by automatic, electronic or telematics mechanisms and/or procedures and where the means used for the process are e-mail, electronic platforms and other electronic means).

You can freely decide to give or deny your consent without any impact on your ability to use Beewise services, in fact a refusal to provide the consent to the processing for marketing purposes will not determine any consequence regarding the execution of the contract between you and Azimut.

Please consider that at any time you will be able to withdraw the given consent without affecting the lawfulness of processing based on consent before its withdrawal.

The legal basis of above-mentioned processing is data subject’s consent to processing of his/her personal data pursuant article 6, paragraph 1, letter a, of GDPR.

5. Profiling activities

To proceed with the processing of your personal data based on profiling for marketing purposes and to improve Beewise services, We need to obtain your specific, separate, expressed, documented, preventive and optional consent. For the purpose of giving full comprehension of the processing, please note that for “profiling” we refer to any form of automated processing of personal data consisting in the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements (art. 4, paragraph 1, n. 4) of GDPR).

You can freely decide to give or deny your consent without any impact on your ability to use Beewise services, in fact a refusal to give consent to the personal data processing based on profiling for marketing purposes and to improve Beewise services, will not determine any consequence regarding the execution of the contract between you and Azimut.

Please consider that at any time you will be able to withdraw the given consent without affecting the lawfulness of processing based on consent before its withdrawal.

The legal basis of above-mentioned processing is data subject’s consent to processing of his/her personal data pursuant article 6, paragraph 1, letter a, of GDPR.

6. Information security

We collect and process your personal data for preventing threats to integrity, availability and confidentiality of your personal data, combat spam or other malwares and, in general, to detect, prevent and mitigate security risks.

The legal base of above-mentioned processing is our legitimate interest pursuant article 6, paragraph 1, letter f, of GDPR.

Personal data are processed manually, electronically or by computer means in such a way as to ensure full security and confidentiality by adopting appropriate security measures to effectively preserve all the information and data from unauthorized access, alteration, destruction or loss, from unauthorized transmission, unauthorized treatment and other abuses.

To achieve the purposes listed in the paragraph above, We might communicate your personal data to the following categories of recipients:

1) Third parties: our trusted partners, some of which based abroad, operating in the following areas:

• banking and financial, account aggregation, management of payment systems, tax collection operations and treasuries;
• acquisition, registration and handling of data and documents relating to payments or other items;
• detection of financial risks;
• identity checks;
• credit recovery services and ancillary activities such as telephone contacts and reminders;
• management of communications addressed to the clients as well as archiving hardcopy, electronic data and documents:
• disclosures, detection and alerts regarding money laundering regulations;
• management of national and international systems for the detection of frauds;
• surveys on service quality, market research, commercial information and promotion of products and/or services;
• supply and management of information procedures and systems, telecommunication networks and protection and security systems;
• external auditing, balance sheet certification, professional consulting services and customer assistance.

The aforementioned third parties shall process your personal data in their capacity as independent data controllers, or as data processors[4] appointed, pursuant to Article 28 of the GDPR, by Azimut.

When We use data processors, We ensure that such data processors provide sufficient guarantees to implement appropriate technical and organisational measures and that such processing performed on our behalf meets the requirements of GDPR and ensures the protection of your rights.

The other entities to which We can communicate your personal data, but who are not appointed as data processor, will process your personal data as  autonomous data controllers pursuant to the relevant personal data protection law, handling same on a fully independent basis and/or in connection with the processing performed by Azimut. For more information about the processing of your personal data performed by those entities in their quality of data controller, please refer to the information notice of each data controller.

An updated list of third parties identified as data controllers or data processors is available by sending an email at: privacy@beewiseapp.com

2) Authority: as may be required or authorized by law (including but not limited to public administrative bodies and local or foreign public and judicial authorities, including any competent regulators).

Please note that your personal data are processed within the territory of the European Union and, if  necessary, for technical or  operational reasons, We reserve the right to transfer your personal  data to countries outside the European Union subject to the existence of European Commission  “adequacy” decisions, or on the basis of adequate guarantees, or on the specific exceptions provided for by  GDPR.

With specific regard to the compliance with the relevant law on know-your-Customer (“KYC”) and anti-money laundering and combatting the financing of terrorism (“AML/CFT”), We are required to assess respectively your investor profile and risk level. Both the assessments take place through an automated decision-making based on an algorithm that analyze the answers you will provide to the AML/CFT and KYC questionnaires allowing us to assign you a specific score.

According to article 22 of GDPR, your consent is not required because the processing is necessary for entering into a contract between you and Us. Please note that you have the right to request human intervention and to challenge the result of the automated decision making by sending an email at: privacy@beewiseapp.com

Your personal data will be stored within the European Economic Area (EEA) in our providers’ servers for a period of time strictly necessary to the pursuing of each purpose for which the personal data have been collected. In any case the criteria used to determine the storage period is based on the respect of the personal data storage periods stated by law and by principles set out by article 5 of GDPR.

Personal data processed for marketing purposes and personal data whose processing is based on profiling for marketing purposes and to improve Beewise services, shall be stored until you withdraw your consent for the achievement of the aforementioned purposes and, in any case, not later respectively than 24 months and 12 months starting from the moment personal data have been collected.

In general, some personal data may be retained even after the end of activities in your comparisons for the time necessary to allow Azimut to comply with contractual and legal obligations. Luxembourg law relating to anti-money laundering for example requires that documents are retained for a period of five or ten years (depending of the specific processing) after the relationship has come to an end.

In any case, At the end the retention period, personal data will be erased or anonymized.

According to article 15 to 22 of GDPR, you have the right, at any time, to:

1. request Us to access to your personal data processed by Us or on our behalf by our data processors;
2. request Us to rectify your personal data in case they are incorrect or incomplete;
3. request Us the deletion of your personal data in accordance with the provisions of article
   17 of GDPR including in the following situations (i) where personal data are no longer
   necessary in relation to the management of your investments, (ii) you objects to the processing of  your personal data and there are no overriding legitimate grounds for the processing, and (iii) the personal data has been unlawfully processed;
4. request a restriction of the processing of your personal data in accordance with the provisions of  article 18 of GDPR;
5. object to the processing of your personal data;
6. lodge a complaint with the Commission Nationale pour la Protection des Données  (“CNPD”) in Luxembourg  and the Garante per la protezione dei dati personali in Italy and the relevant authority of the Member State in which you reside or work in accordance with the provisions of article 77 of GDPR;
7. receive your personal data or request the transmission to
   another data controller, when feasible, in accordance with the provisions of article 20 of GDPR.

At any time, you will be able to exercise your rights by sending an email to privacy@beewiseapp.com

We are constantly committed to improve the level of protection of your personal data and the respect of your privacy therefore We may amend, integrate or update, this privacy notice from time to time. We will notify you of changes We made to the privacy notice through in App pop up and, in any case, you can go in Beewise privacy section or visit the  website www.beewiseapp.com to ensure that you are always up to date about all processing activities and our compliance with applicable data protection legislation.

While using Beewise you may run into links to third parties’ web sites and services. The present privacy notice does not refer to any personal data processing performed by those third parties. Azimut has no control and responsibility for the personal data processing eventually performed by third parties through their websites and/or services. For more information about the processing performed by third parties, please refer to the privacy policy of any third party.

[1] For the purpose of this notice, “Azimut” shall mean Azimut Capital Management S.p.A. and Azimut Investment S.A. in their quality of joint controllers according to article 26 of the GDPR.

[2] With the term “Beewise” we refer to the mobile application run by Azimut and available on IOS and Android in Italy.

[3] For the purpose of this notice, “process of your personal data” shall mean any operation or set of operations, which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (article 4, 2), of GDPR).

[4] For the purpose of this notice “Data processor” shall mean a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Joint Controllers.