Your privacy is important to us, and we are committed to protecting your personal data. Our role towards certain personal data may be that we collect certain personal data or process certain personal data that is controlled by our clients. Our commitments in both cases can be found in respectively the Privacy Notice and the Data Processing Protocol.
The Data Processing Protocol is applicable in the situation where we may process certain personal information of which our client or client entities are the controller. It sets, among others, out the principle of confidentiality, the security practices and technical and organizational measures that Viteos has put in place.
This Data Processing Protocol (the “Protocol”) shall apply between Viteos and the Client Entity (“Client”) it is servicing, where Viteos may process Personal Data, of which the Client is the Controller.
The Protocol forms part of any agreement in place between Viteos and the Client (the “Service Agreement”).
Where this Protocol uses terms which are defined in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation the “GDPR”), then the definitions set out in that Regulation shall apply.
“Client” shall mean the company, trust, foundation, any other form of legal entity, partnership, or unincorporated business, set up, to which Viteos provides any service at the request or instruction of such entity and/or its group members; and “Viteos” shall mean the relevant Viteos group compan(y)/(ies) that have concluded a Service Agreement with the Client.
“Personal Data” shall mean personal data as defined in Clause 4 GDPR, which Viteos processes as a Data Processor in the course of providing services to Client.
2.1 Viteos shall only process the Personal Data on the instructions of the Client and in accordance with the provisions of this Protocol and associated Service Agreement(s). Viteos confirms that it will not process the Personal Data for its own use or any other purposes other than as provided for under this Protocol. Viteos shall immediately inform the Client if, in its opinion, an instruction infringes the GDPR or other Union or Member State data protection provisions.
2.2 Viteos will have no control over the purposes of processing the Personal Data.
2.3 The GDPR and any other applicable privacy laws apply to this Protocol and anything not specifically mentioned in this Protocol shall be governed by the GDPR and any other applicable privacy laws.
3.1 Viteos, and any person authorized to process Personal Data on its behalf, receiving the Personal Data from the Client pursuant to the Service Agreement, will exercise at least the same degree of care with respect to Personal Data with which Viteos protects its own Personal Data of the same or similar nature.
3.2 Viteos shall not communicate the Personal Data to or put the Personal Data at the disposal of third parties without the Client’s prior written consent thereto unless (a) it is required to do so by mandatory law or regulation or ordered to do so by a competent authority or (b) pursuant to Clause 9.
3.3 Viteos will only use or reproduce the Client’s Personal Data to the extent necessary to it to fulfil its obligations under the Service Agreement.
4.1 Viteos shall implement appropriate commercially reasonable technical, physical and organisational security measures to protect Personal Data from misuse and/or accidental, unlawful and/or unauthorized destruction, loss, alteration, disclosure, acquisition and/or access and against all other unlawful forms of Processing in accordance with adequate internal instructions adopted by Viteos. Viteos will ensure a level of security suitable (taking into account the state of the art and the costs of implementation of such security) in relation to the risks and the nature of the personal data to be protected to the identified risks and pursuant to applicable Data Protection Laws and, where the Processing concerns personal data of EU residents or in case GDPR applies, shall take all measures required pursuant to article 32 GDPR. Where local laws prescribe specific instructions and measures to be adopted for the purposes of this article, local laws will be applied.
4.2 In fulfillment of Viteos’s obligation to demonstrate compliance with this paragraph 4.1, Viteos will make available a description of its technical and organization measures. It may from time to time also make, at its discretion, reference to certificates, third party audit reports or other relevant information.
4.3 Client shall provide Viteos with thirty (30) calendar days advance notice of any audit request, which may be at the client’s expense. Client may not engage in an audit which would compromise confidentiality obligations towards any other clients and customers of Viteos, access to non-public external reports, supplier internal pricing information, Viteos confidential information and/ or any internal reports prepared by Viteos’s internal audit function. If the client wishes to nominate another auditor to undertake the audit, it shall ensure that the auditor enters into a confidentiality agreement with Viteos in such form as Viteos shall reasonably require. Any liability, indemnity and all obligations under this contract shall also remain with the client, even if it nominates another auditor. The client warrants that any auditors are suitably qualified to undertake such an exercise.
5.1 Viteos will process the Personal Data for as long as it provides services to the Client and will hold the Personal Data in archive after that date to the extent necessary for legitimate business purposes or for bona fide compliance purposes.
5.2 Client may instruct Viteos to delete or return Personal Data at the end of the period during which Viteos will process such Personal Data. Viteos shall be authorized to keep a copy to the extent required for legal, regulatory or bona fide compliance purposes, as well as the exercise or defense of legal claims for as long as is legally required for such purposes. Viteos will delete such Personal Data at the end of such period.
6.1 Viteos will without undue delay notify the Client whenever Viteos becomes aware that there has been a breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data processed by Viteos in the context of this Protocol that is likely to result in a high risk to the rights and freedoms of a data subject ("Data Breach Incident"). Viteos will investigate the Data Breach Incident, and take necessary steps to eliminate or contain the impact of the Data Breach Incident..
6.2 Viteos shall maintain written procedures which enable it to provide an immediate response to the Client about a Data Breach Incident.
The Client confirms that Viteos may transfer personal data to its affiliates and subprocessors inside and outside the European Economic Area (EEA) for purposes of servicing, support, back-up or any other legitimate interest Viteos may have to transfer personal data in order to fulfil its obligation(s) as per the relevant Service Agreement(s). Viteos confirms that it has established safeguards to protect Personal Data transferred to countries outside the EEA that are, as a minimum, in accordance with the relevant Standard Contractual Clauses as approved by the European Commission.
8.1 Upon instruction of the Client, Viteos will cooperate:
8.2 Notwithstanding Clause 8.1, Viteos shall not be obligated to delete copies of Personal Data that we hold as Controller or Processor, to the extent where further processing is required in order to comply with a legal obligation to which Viteos is subject or for the establishment, exercise or defense of legal claims.
8.3 The Client has the responsibility to provide the data subject with the information necessary to ensure fair and transparent processing in respect of the data subject (as set out in Article 14.1 of the GDPR or any similar provision under other applicable Data Protection Law). Where further processing of the personal data is required, for a purpose other than that for which the personal data were obtained, the client shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in Article 14.2 of the GDPR or any similar provision under other applicable Data Protection Law).Viteos shall not be held responsible if not aware of such information not being provided to the data subject.
8.4 Viteos shall not correct, delete or restrict data to be processed on behalf of the Client in an unauthorized manner. Should a Data Subject contact Viteos directly in this context, Viteos shall forward this request to the Client without undue delay.
Client agrees that Viteos may use subprocessors to provide support to the services under the Service Agreement. Viteos shall remain primarily responsible for the performance of its obligations under this Protocol and shall ensure that its agreements with such subprocessors are at least as restrictive as this Protocol. Viteos may change or add subprocessors from time to time, which changes shall be announced via an update of this Protocol. The client shall consult the Protocol regularly in order to be kept informed of such changes and may, within a reasonable period of time, object to the such changes.
Any amendment to this Protocol shall be published on the website of Viteos, but shall not reduce or otherwise limit the rights of the Client.
Viteos shall assist Client in ensuring compliance with its obligations pursuant to Articles 32 to 36 taking into account the nature of processing and the information available to Viteos.
This Agreement is governed by the applicable law of the Service Agreement and any dispute in respect of this Agreement or execution thereof shall be submitted to the Viteos entity servicing the Client and before the competent court as defined in the Service Agreement.
Annex 1 - Description of processing of personal data
All processing activities (including the collection, organization and analysis of personal data) as are reasonably required to facilitate or support the provision of the services described under the Service Agreement.
The Data Subjects may include individuals that represent the Client, that are advising the Client, that are investing in the Client, that are in any contractual or statutory relationship with the Client, or that the Client has collected in view of its servicing towards such individuals, or are otherwise connected to such individuals.
Most commonly the Data Subjects will include: (1) employees, investors, contractors or other workers of the Client and/or their family members, representatives or others connected with workers and (2) past, existing or prospective clients, investors and/or contractual counterparties of the Client, and/or their employees or other individuals connected with them, and/or their family members, representatives or others connected with them.
The services under the Service Agreement may involve the processing of the following types of Personal Data:
Welcome to our website www.viteos.com (the Website). Your privacy and the security of your personal data are very important to Viteos Fund Services LLC .. That is why we are collecting and managing your personal data with the utmost attention and are adopting specific measures to keep it secure. Below you will find the main information about Viteos’s processing of your personal data in relation to your navigation of www.viteos.com and to the use of the services offered. For detailed information on how Viteos Fund Services LLC manages your personal data, we ask that you carefully read this document. Some services may be subject to specific legal terms, in which case we will give you all the appropriate information in each instance.
The Website www.viteos.com is powered by HubSpot, Inc., with head office at 25 First Street, 2nd Floor Cambridge, MA 02141, United States ("Hubspot"), which acts as an independent processor of personal data for all marketing-related activities. Viteos Fund Services LLC., with registered office at 80 Cottontail Lane, Suite 430 Somerset, NJ 08873 (Viteos Fund Services LLC .) acts as an independent data controller for the purposes of marketing, profiling and sharing your data, whenever you provide your consent to such processing. Below is the main information regarding how Viteos Fund Services LLC processes your personal data. For any clarification, request or requirement related to your privacy and to the processing of your personal data, you may contact us at any time by sending a request to our Customer Care or by writing to the address of the registered office of Viteos Fund Services LLC.. If you wish to do so, you may also contact our Compliance Officer (CO), by writing to the aforementioned address, or via email to email@example.com.
The personal data that Hubspot processes is the information that you provide when you complete the a form or request information, and the information that we collect while you navigate or when you use the services offered on www.viteos.com and related websites. Hubspot may thus collect data concerning you, for example, contact information such as first and last name, company name, email address, IP address, phone number and navigation data. Viteos Fund Services LLC processes, with your consent, the data that you provide to us when you wish to receive promotional information or communications from Viteos Fund Services LLC or from other group companies. Viteos Fund Services LLC also processes data related to your interests, when you provide your express consent to record your interests and preferences so they can be used to create group and individual profiles ("profiling") which are used to send personalised communications, and to conduct market research and statistical research with anonymous data, organised in aggregate form. Your personal data is processed for the following purposes:
In the aforementioned cases, the processing of your personal data is lawful to the extent needed to provide you with the service/materials you have specifically requested. However, we will only process your personal data with your express consent for:
Your personal data is processed by personnel who have been duly instructed by us and by other companies in the Viteos Group and, for organisational and functional requirements related to the provision of services on www.viteos.com, by our providers. The latter have been evaluated and selected by Viteos Fund Services LLC and by Hubspot for their proven expertise and reliability. Some of these parties may also be based in non-EU countries and, in these cases, the transfer of your personal data in these countries is carried out in compliance with the guarantees provided by law.
We keep your personal data for a limited period of time, which depends on the purposes for which it was collected; after such period, your personal data will be deleted or nevertheless rendered irreversibly anonymous. The retention period for the data used to send you our materials until you request that we stop sending it to you is nevertheless kept for a period of no more than 60 months.
At any time, depending on the specific processing, you may: revoke your consent to processing, find out what personal data is in our possession, its source and how it is used, ask that the data be updated, corrected or supplemented as well as, in the cases provided for by the current provisions, have it deleted, limit its processing, or oppose it. If you wish, you may ask to receive the personal data in the possession of Viteos Fund Services LLC in a form that can be read by electronic devices and, where technically feasible, we can transfer your data directly to a third party you have indicated. If you believe that the processing of your personal data has been carried out illegally, you can submit a claim to one of the supervisory authorities responsible for compliance with the rules on personal data protection.
Viteos Fund Services LLC (“Viteos ") as data controller informs you as follows regarding the processing of your personal data pursuant to Art. 13 of EU Regulation 2016/679 on personal data protection ("Regulations").
Purposes that require data processing to perform marketing - profiling - sharing of data with the Viteos Group companies, with your consent (which is optional), Viteos uses your personal data for marketing purposes, i.e. to send you promotional newsletters, sales, or advertising communications on events, promotional and sales initiatives of Viteos , market research and satisfaction surveys, in addition to performing statistical analyses with anonymous data that has been organised in aggregate format. The marketing activities are completed by e-mail, newsletter, telephone call via operator, sms, chat, social networks and traditional mail, including the sending of invitations to events organised by Viteos or in which Viteos participates. You may at any time indicate the contact method you prefer of those noted above, or may oppose receiving promotional communications through all or just some of the aforementioned communication methods. With your consent (which is optional), Viteos, at its websites or Viteos accounts on social media, collects information relating to your preferences, practices, interests, in order to use it to create group and individual profiles ("profiling") which are used to send personalised communications and to perform market research and statistical research with anonymous data, which is organised in aggregate form. The personalised marketing activities are completed by e-mail (newsletter), phone, sms, chat, social network and traditional mail, including invitations to events. You may at any time indicate the contact method you prefer from among those noted above, and you may oppose receiving promotional communications through any or all of the communications methods listed above. With your consent (which is optional), Viteos uses your personal data for the purposes of sharing it with the companies of the Viteos group, in order to conduct marketing activities on their behalf, i.e. to send you promotional newsletters, sales or advertising communications about events, promotional and sales initiatives for companies in the Viteos group, market research and satisfaction surveys, in addition to performing statistical analyses with anonymous data, organised in aggregate form. Marketing activities are carried out by e-mail, newsletter, telephone calls through operators, sms, chat, social networks, and traditional mail, including sending invitations to events organised by companies in the Viteos Group or in which the companies of the Viteos Group participate. You may indicate at any time the contact method you prefer from among those noted above and you may oppose receipt of the promotional communications through all or some of the communication channels noted above. For the marketing, profiling and data sharing activities Viteos uses data such as your title, first and last name, e-mail address, company name, IP address, phone number, participation in events organised by Viteos, or in which Viteos participates. It is optional to provide your personal data for the aforementioned purposes of marketing, profiling and data sharing, and any refusal to do so shall have no effect on your registration with the website.
Viteos processes your personal data with or without the aid of electronic instruments, based on logic and procedures that are consistent with the purposes indicated below and in accordance with the Regulations, including the confidentiality and security terms. You may provide the data when registering with the website www.viteos.com or when you interact with our digital initiatives (websites, social media), or during events that are organised by Viteos Group or in which Viteos Group participates. In accordance with the Regulations, the personal data concerning you that is acquired from you in each instance or from authorised third parties is used to update and correct the information that was previously collected. Viteos processes your personal data based on the following criteria of legitimacy:
The personal data is accessible to our duly authorised personnel based on criteria of need and is communicated to third parties in the following cases: (i) when the communication is required by law and applicable regulations with respect to legitimate third parties who receive the data, such as public entities and authorities for the respective institutional purposes; (ii) communication to third parties in case of extraordinary operations (eg. mergers, purchases, disposal of business, etc.) Your personal data is also shared with our service providers, e.g. for services of a technical and organisational nature which are functional for the purposes indicated above, such as independent associates, including partners, e.g. companies that manage our website, companies specialised in market research or data processing, advertising companies, etc. We provide these parties with the data needed to perform the services agreed to and they act as Data Processors, based on the instructions they receive from Viteos. Viteos does not disclose your data to third parties for them to be able to use it for their own marketing or profiling purposes.
Aforementioned parties are established outside the European Union, in countries that may not provide an adequate level of personal data protection according to the standards established by the Regulations. Viteos takes the necessary precautions for data to be lawfully transferred (e.g. through implementation of the Standard Contractual Clauses approved by the European Commission). You may request information regarding the transfer abroad of your personal data at any time by contacting Viteos or Viteos 's Compliance Officer at the addressed indicated below.
The personal data processed for the purposes of marketing, profiling and sharing data with companies of the Viteos Group the data is kept for the period of time that is strictly necessary to achieve the aforementioned purposes, within the limits granted by the Regulations. In particular, your data will be processed for a period of 60 months for marketing purposes. You may request that your data be deleted for such purposes and oppose the processing of data for marketing purposes at any time.
The Data Controller is Viteos Fund Services LLC ., with registered office at 80 Cottontail Lane, Suite 430 Somerset, NJ 08873, United States. The Data Protection Officer is domiciled at the registered office of the Controller and may be contacted at the following e-mail address: firstname.lastname@example.org
You may contact Viteos in its capacity as Data Controller or the Compliance Officer at the addresses indicated above for an updated list of our data processors (i.e. our service providers), the parties to whom the data is disclosed and to exercise your rights per Art. 15 et seq. of the Regulations at any time; to obtain confirmation of whether or not your data exists, to check its content, source, accuracy, to request that it be supplemented, updated, corrected, deleted, anonymised, to request that it be transferred, that processing be limited, to oppose processing for legitimate reasons, e.g. opposing marketing activities, or to submit a claim to the Supervisory Authority (the Personal Data Protection Authority).