top of page

Privacy Policy

1. Data Controller

The Data Controller is:

ATLAS SOCIETA' DI GESTIONE DEL RISPARMIO S.P.A.
In abbreviated form: ATLAS SGR S.P.A.
VAT No.: 09935580960
Tax Code: 09935580960
EU VAT: IT09935580960
Registered Office: Corso Europa 16, 20122 Milano (MI), Italy
REA: MI-2122807
Certified Email (PEC): atlassgr-spa@legalmail.it

(hereinafter, the “Company” or the “Data Controller”).

2. Types of Data Collected

Through the website (the “Website”), the Company may collect and process the following categories of personal data:

a) Navigation Data

IT systems and software procedures used to operate the Website acquire certain personal data during their normal operation, the transmission of which is implicit in the use of Internet communication protocols.
This category includes IP addresses, domain names, URI addresses of requested resources, request time, method used to submit the request, response size, server status code, and other parameters relating to the user’s operating system and IT environment.

b) Data Provided Voluntarily by the User

Personal data voluntarily provided by users through contact forms, email communications, subscription forms, or other interactive features, including:

  • Name and surname

  • Email address

  • Company name

  • Professional title

  • Telephone number

  • Any additional information included in communications

c) Cookies and Similar Technologies

The Website may use cookies and similar tracking technologies. Detailed information is provided in the Cookie Policy.

Different jurisdictions have different legal obligations of what must be included in a Privacy Policy. You are responsible to make sure you are following the relevant legislation to your activities and location.

3. Purpose and Legal Basis of Processing

Personal data are processed for the following purposes:

a) Responding to Requests

To respond to inquiries or requests submitted by users.
Legal basis: Article 6(1)(b) GDPR (performance of pre-contractual measures at the request of the data subject).

b) Compliance with Legal Obligations

To fulfill obligations under applicable laws, regulations, or orders from competent authorities.
Legal basis: Article 6(1)(c) GDPR.

c) Protection of the Company’s Rights

To exercise or defend legal claims.
Legal basis: Article 6(1)(f) GDPR (legitimate interest).

d) Website Security and Performance

To ensure the proper functioning, maintenance, and security of the Website.
Legal basis: Article 6(1)(f) GDPR.

e) Marketing Communications (if applicable)

To send newsletters or communications regarding the Company’s activities, events, or updates, subject to prior consent where required.
Legal basis: Article 6(1)(a) GDPR (consent).

Consent may be withdrawn at any time without affecting the lawfulness of processing carried out before withdrawal.

4. Methods of Processing

Personal data are processed using manual and electronic tools, in compliance with the principles of lawfulness, fairness, transparency, data minimization, accuracy, integrity, and confidentiality.

Appropriate technical and organizational measures are adopted to protect personal data against unauthorized access, disclosure, alteration, or destruction.

5. Data Retention

Personal data will be retained only for as long as necessary to fulfill the purposes for which they were collected, and in any case:

  • Contact data: for the time necessary to manage the request and any follow-up.

  • Marketing data: until consent is withdrawn.

  • Legal compliance data: for the period required by applicable law.

After the retention period expires, personal data will be deleted or anonymized.

6. Recipients of Data

Personal data may be disclosed to:

  • Employees and collaborators of the Company authorized to process personal data;

  • External service providers (e.g., IT providers, hosting services, professional advisors) acting as Data Processors pursuant to Article 28 GDPR;

  • Public authorities or supervisory bodies where required by law.

Personal data will not be publicly disclosed.

7. Transfer of Data Outside the EU

Personal data may be transferred to countries outside the European Union only where necessary and in compliance with Articles 44–49 GDPR, including through the adoption of Standard Contractual Clauses or other appropriate safeguards.

8. Data Subject Rights

Pursuant to Articles 15–22 GDPR, data subjects have the right to:

  • Access their personal data;

  • Request rectification or erasure;

  • Request restriction of processing;

  • Object to processing;

  • Request data portability;

  • Withdraw consent at any time (where processing is based on consent);

  • Lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).

Requests may be submitted to:
atlassgr-spa@legalmail.it

9. Nature of Data Provision

Provision of personal data for responding to inquiries is voluntary. However, failure to provide necessary data may make it impossible for the Company to process the request.

Provision of personal data for marketing purposes is optional and subject to explicit consent.

10. Changes to This Privacy Policy

The Company reserves the right to amend this Privacy Policy at any time. Updates will be published on the Website with the relevant revision date.

Revision Date: 21 Febraury 2026

bottom of page