Privacy Policy

In compliance with the EU Regulation nr. 2016/679 (hereinafter “GDPR”), and in connection with the personal data held by NewHorizon Trustee Services ltd (hereinafter the “Data Controller”), we would like to give you the following information.

1. Purpose and legal basis of data processing

Collected personal data (including special categories of personal data or ‘sensitive data’) will be processed in compliance with the confidentiality obligations.

Personal data will be processed:

- in compliance with art. 6, comma 1, letter b), c) and f) of GDPR for the following purposes:

• for compliance with a legal obligation deriving from a national or supranational regulation and upon request of the competent authorities;
• the management of the contractual relationship based on the mandate assigned to the Data Controller and for the provision of associated professional services, also through communication to internal and external collaborators: setting, management and extinction of contractual and commercial relationship, compliance with accounting and tax obligations, management of litigations;
• the exercise or defense of a legal right or to protect the rights of another natural or legal person;
• the invitation to conferences and conventions or for the sending of information and documentation or the proposal of consultancy and professional assistance services, also similar to those previously requested to the Data Controller, through Traditional contacts, such as paper mail and operator phone calls, or via e-mail;
• Subject to the explicit consent of the person concerned, under articles 9, Comma 2, letter a), f) and 6, Comma 1, letter A) of the GDPR in order to:
• inform you about our commercial and promotional initiatives (i.e. invitations to conferences organized and/or sponsored by the Data Controller, internal circulars, information documentation, etc.).
• The execution of pre-contractual or contractual measures related to the establishment, management and definition of the engagement agreed, where necessary to process special categories of personal data or ‘sensitive data’
• Profiling in order to provide professional services tailored to the concerned person.

2. Methods of data processing

The treatment is carried out by means of operations indicated in art. 4 of GDPR: collection, registration, organization, structuring, preservation, adaptation or modification, extraction, consultation, use, communication, transmission, dissemination, or any other form of making available, comparison or interconnection, limitation, deletion and destruction of data.

The operations can be carried out with or without the support of electronic or otherwise automated instruments.

The processing shall be carried out by the Data Owner or by external Data processors or by other entities duly authorized thereto.

 

 

3. Recipients of data

In the establishment, management, execution and definition of the assignment received, the Data Controller may have to communicate the personal data of the person interested in the processing to: persons, companies or professionals, who provide assistance, consultancy or cooperation in accounting, administrative, legal, tax and financial matters relating to the assignment received, as well as to the judicial authorities and competent public authorities.

4. Data transfer to third countries

The management and preservation of personal data, including particular or judicial, will take place on servers located within the European Union, owned by the Data Controller or third parties in charge and duly appointed as Data Processors. Currently the servers are located in the European Community, but it is understood that the Data Controller, if necessary, will have the right to move the location of the servers in non-EU countries. The personal data, including special categories of personal data could be transferred also extra-EU to subjects with which is a collaboration or a professional alliance exists for the establishment and management of the assignment received by the Data Controller. In this case, the Data Controller ensures that the transfer of extra-EU data will take place in accordance with applicable legal provisions, by stipulating, if necessary, agreements which guarantee an adequate level of protection, and/or by adopting the standard contractual clauses provided for by the European Commission. In any case, it is understood  that the Data Controller will never communicate to third parties the personal data collected.

5. Data Retention period

Personal data and documentation necessary and relevant to the activities under way, to be established or terminated, will be retained for a period of 10 years from the termination of the mandate. This period could be broader if there are reasons related to the exercise of a right before any Court or to protect the rights of another natural or legal person, or if there is a statutory obligation to any nature stipulating a longer retention period. In relation to the processing for promotional or profiling purposes, in the event of the optional consents required or of legitimate interest of the data controller, the information collected will be retained for the time strictly necessary for the management of the above purposes according to criteria based on compliance with the outstanding rules and the correctness and balance between the legitimate interest of the Data Controller  and the rights and freedom of the person concerned. Consequently, in absence of specific rules envisaging different retention periods the Data Controller  will use the data for the above marketing and profiling purposes for a reasonable time in relation to the interest expressed by the involved person in relation to the actions of the Data Controller. In any case, the Data Controller will avoid an indefinite use of the data, verifying periodically, in an appropriate way, the actual continuation of the interest of the subject to which the data refers.

6. Refusal of conferral of data

The data communication is mandatory when it must comply with precise legal provisions or when, without them, it is impossible to execute the contract. In any event, common personal data, special categories of personal data or ‘sensitive data’ and judicial data, communicated, will be used by the Data Controller only for the purposes referred to in Point 1 and will be communicated to third parties only when is strictly necessary to fulfill the purposes for which they were communicated.

Possible refusal to provide the information requested, or their miscommunication, will result in the impossibility to carry out the task given to the Data Controller, as well as the delivery of articles, newsletters (information, etc.), or the profiling of the interested party by the Data Controller.

7. Rights of the subject

You have the rights as per art. 15 of the Regulation, and more precisely the right:

• To obtain confirmation of the existence of their personal data and their communication in an intelligible form;
• To obtain the indication: a) of the origin of the personal data; b) the purposes and modalities of processing; c) of the logic applied in the case of profiling; d) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if recipients are in third countries or are international organizations, and the existence of adequate guarantees to the transfer; e) of the retention period; f) the existence of a profiling process and its applied logic and the importance and expected consequences of such a treatment;
• To obtain: a) the updating, the rectification or, if the case, the integration of the data; b) the deletion or limitation of the processing of the data;
• To oppose, in whole or in part: a) to the processing of personal data which are processed within the meaning of article 6, comma 1, letter e), f), including profiling; (b) the processing of personal data for the purposes of sending promotional and commercial material by e-mail and/or by means of traditional marketing via telephone and/or paper mail;
• To revoke the consent provided pursuant to article 6, comma 1, letter a) and article 9, comma 2, letter a) of the Regulation at any time without prejudice to the lawfulness of the treatment based on the consent before the withdrawal;
• The right to submit a complaint to the supervisory authority for the protection of personal data (The Information Commissioner -   Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF) with the modalities indicated at the Internet address: ico.org.uk.

8. Exercise of the rights

You may, at any time exercise the above rights sending:

• A registered letter to NewHorizon Trustee Services Limited, 16 Upperwoburn Place London WC1H 0AF;
• An e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it.

9. Source of processed personal data

The personal data processed will be collected from the persons concerned or obtained from public bodies and/or agencies, registers or public directories as well as judicial authorities, and/or persons, companies, professional studies indicated by the same person interested in the processing.

10. Existence of an automated decision-making process including profiling

Personal data could be processed to profile the person interested in the treatment in order to propose specific consultancy services. The use of personal data collected in relation to the engagement received will allow the sending of communications more responsive to the needs of the person interested in the processing of personal data. The profiling process may involve the creation of additional data in relation to the originals, which could, in the case of erroneous profiling, affect the choices of the person interested in the treatment.

11. Owner of the treatment

The data controller is: to NewHorizon Trustee Services Limited, 16 Woburn Place London WC1H 0AF  (United Kingdom).