Privacy Policy
Hercle S.r.l., incorporated in Via Salasco 3, 20136, Milan, Italy, C.F.- P.IVA: IT10942550962 is the owner of the personal data (“Hercle”, or also “Owner”) of the users who access the website www.hercle.financial and of the customers who access, through it or through a direct interaction with the Hercle (“Site”), to the services.
Hercle, as Owner, makes the following information (“Privacy Notice”) pursuant to the Article 13 of Legislative Decree No. 196/2003 “Personal Data Protection Code” (“Privacy Code”) and subsequent amendments and additions, as well as to the Article 13 of EU Regulation No. 2016/679 (or General Data Protection Regulation, hereinafter also just “GDPR”).
This Privacy Notice concerns the methods of collection, processing and treatment of personal data during the use of the Site, or through direct interaction with Hercle’s staff, and does not concern other websites that may be consulted through access via links on the Site itself; and it has been drafted in a clear and comprehensible manner for the general public, as well as in a concise manner also with the help of icons, as provided for in Article 12(7) of the GDPR, which will be subsequently modified, once those officially approved by the European Commission are available.
The Privacy Policy is divided into the following paragraphs:
1. DATA SUBJECT TO PROCESSING
Normally, you can use the Site without having to provide any personal data. If you access the Site simply for informational purposes (and do not open an account on the Site), we will not collect any personal data, except for data transmitted by your browser or terminal device and your IP address in order to allow you to access the Site. In such case, the data transmitted to Hercle will be, without limitation: (i) the date and place of the request; (ii) the type and version of the browser you use; (iii) your operating system; (iv) page views and navigation paths on the Site; as well as (v) information about the timing, frequency and configuration of your use of the Site, and generally all usage data offered by Hercle’s automatic tracking system, through which, however, information is collected anonymously to report trends in the use of the Site without identifying individual visitors.
Personal data is collected within specific sections of the Site through electronic forms or through forms sent directly to the customer’s email address, only if access to Hercle’s services is desired. In this case, the personal data collected between the user and Hercle for the use of the services are of two distinct categories, depending on whether he/she wants to use the services only for the exchange and trading of virtual currencies with each other, or whether he/she also wants to access the services of converting, buying and selling virtual currencies in exchange for legal tender or vice versa.
In the first case, Hercle, as the Owner, collects and processes personal identifying information, such as, for example, your first name, last name, company name, address and e-mail address (hereinafter, “Personal Data” or also “Data”), disclosed by you when you open an account and register on the Site. In the second case, since the account will have to be verified for the purpose of personal identification, the Personal Data that will be requested will also be those necessary for identification, and may cover, for example: (i) first and last name; (ii) date of birth; (iii) place of birth; (iv) place of residence; (v) domicile, if different from residence; (vi) tax identification number, if issued; (vii) identification document details and date of issue and expiry, etc…
Hercle does not collect data relating to children under the age of 18, nor does it process sensitive data that may reveal racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership in parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, or health status.
2. VERIFICATION AND IDENTIFICATION
When the user has registered on the Site or through personal interaction for the use of the services by accepting the Terms and Conditions of Use of the Site and Services, Hercle is required to fulfill its obligations as a service provider related to the use of virtual currency, by effect of D. Legislative Decree No. 231 of November 21, 2007, as reformed by Legislative Decree No. 90 of May 25, 2017, on anti-money laundering and combating the financing of terrorism, limited to the performance of the activity of converting virtual currencies from or into currencies that are legal tender.
Hercle is obliged to verify the identity of the User by means of a valid identification document, to keep specific information obtained from such document, to check the authenticity of it together with all further information, including documentary information, which must be requested and which, during the relationship must be updated. To this end, the user will have to provide all the additional information beyond that required for the opening of the account, which will be requested through electronic forms that also provide for the possibility of uploading documents, or through questionnaires that will be submitted and that Hercle will ask you to fill out off-line.
In order to comply with all AML obligations, Hercle, as Owner, uses the services of third parties, duly authorized to process Personal Data through special outsourcing contracts with Hercle, i.e. special proxies to operate the processing; the third parties are required under the GDPR to comply with Hercle’s Privacy Policy and instructions on the storage and non-disclosure, nor misuse of Personal Data outside the prescribed purpose of collection.
A complete and up-to-date list of such entities is available to you; in this regard, you should address a formal request to Hercle.
3. LEGAL BASIS AND PURPOSE OF PROCESSING
The user’s Personal Data are processed:
A) without the need for the express consent of the data subject (Art. 6 lett. b), c) and f) GDPR), for the following purposes:
- to use the services of Hercle and the Site;
- to fulfill pre-contractual, contractual and tax obligations incumbent on Hercle or to perform all measures and actions at the request of the data subject, as arising from all existing relationships with users, customers, collaborators, business partners, suppliers, and consultants;
- fulfill obligations under the law, a regulation, EU legislation, or an order of the Authority (such as, for example, in the field of anti-money laundering);
- exercise legitimate rights and interests (such as, for example, the right to defense in court);
B) only with specific and separate consent (Articles 23 and 130 Privacy Code and Art. 7 GDPR), for the following marketing purposes:
- to send via e-mail, mail and/or sms and/or telephone contacts, newsletters, commercial communications and/or advertising material on products or services offered by the Owner and satisfaction survey on the quality of services;
- send via e-mail, mail and/or sms and/or telephone contacts commercial and/or promotional communications of third parties (such as, for example, business partners).
In any case, as far as possible, Hercle asks for the consent of the data subject even when the legal basis of the processing of Personal Data is based on the purposes referred to in paragraph 3.A).
4. NATURE OF PROVISION OF DATA
The provision of Personal Data for the purposes set out in paragraph 3.A) is mandatory.
In the absence of the provision of data by the data subject, Hercle cannot guarantee the provision of business services, nor will it be able to perform its contractual obligations towards customers, collaborators, suppliers, business partners and, in general, all those with whom Hercle enters into relations. In such cases, we also inform you that even the partial or inaccurate provision of Personal Data may have, as a consequence, the impossibility of providing the services and preclude, in any case, Hercle from fulfilling its pre-contractual, contractual and fiscal obligations.
If consent to the processing is requested from the data subject and the data subject withdraws the consent to the provision of Personal Data already made, it will nevertheless remain mandatory and an essential condition for the fulfillment of all the purposes indicated in paragraph 3.A) above. The failure of the data subject to provide Personal Data, given the impossibility for Hercle to make itself compliant, entails the absence of liability on the part of Hercle itself with the consequent supervening termination of any previous relationship or impossibility in continuing the same.
On the other hand, the provision of data for the purposes referred to in paragraph 3.B) is optional.
The interested party may therefore decide not to confer any Personal Data or to subsequently deny the possibility of processing any data already provided. In this case, the data subject will not be able to receive newsletters, commercial communications and advertising material related to the services offered by the Owner, but will be able to continue to take advantage of the company services and contractual services referred to in paragraph 3.A), without prejudice to the above.
5. METHODS OF PROCESSING AND STORAGE
The processing of Personal Data is carried out by means of the operations indicated in art. 4 Privacy Code and art. 4 no. 2) GDPR. Specifically, the processing is carried out through: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion and destruction of data.
The Personal Data are subject to both paper and electronic and/or automated processing with methods and tools in compliance with the security measures referred to in Article 32 of the GDPR and Annex B of the Privacy Code, by persons specifically appointed by Hercle in compliance with the provisions of Article 30 of the Privacy Code, or by persons entrusted with the processing of Personal Data under the direct authority of Hercle as provided by ‘Article 4, no. 10, of the GDPR. To the processing, as anticipated, may also be delegated, with appropriate contracts, subjects external to Hercle, appointed as data processors and who will act on the documented instructions of Hercle itself, as Owner.
The Controller or responsible party shall process and store Personal Data for the minimum time necessary to fulfill the purposes set forth in paragraph 3, and only for the time necessary to achieve storage to the extent required by the GDPR. Both processing and storage, however, are established for no longer than 10 years from the termination of the contractual relationship for processing that occurred for service purposes, and for no longer than 12 months from data collection for marketing purposes. After these retention periods have expired, the Personal Data will be blocked, destroyed or anonymized in accordance with legal requirements.
6. DATA ACCESS AND INTERNATIONAL TRANSFER
Personal Data may be made accessible for the purposes set out in paragraphs 3.A) and 3.B):
- to employees or collaborators of the Owner as data processors under the direct authority and directives of Hercle;
- to Hercle’s partner companies, in Italy and abroad, in their capacity as Owners and/or system administrators pursuant to Article 28 of the GDPR who act as processors of Personal Data on behalf of the Controller and who have offered sufficient guarantees to put in place adequate technical and organizational measures so that the processing entrusted to them meets the legal requirements;
- to third party companies or other entities, such as, for example, credit institutions, payment institutions or other financial intermediaries, professional firms, consultants, insurance companies, which carry out activities on behalf of the Controller and act as autonomous controllers with their own privacy policies, available to the data subject.
Without the need for express consent (art. 24 lett. a), b), and d) Privacy Code and art. 6 lett. b) and c) GDPR), the Owner may disclose the Data Subject’s Personal Data for the purposes referred to in paragraph 3.A) to Supervisory Bodies (such as FIU, Bank of Italy, OAM, IVASS, etc.), Judicial Authorities, insurance companies for the provision of insurance services, as well as to those subjects to whom disclosure is mandatory by law for the fulfillment of the said purposes. These subjects will process the data in their capacity as autonomous Owners and the Personal Data of the interested party will not be disseminated.
The Personal Data are stored on servers located within the European Union. It is in any case understood that the Owner, should it become necessary, will also have the right to move the servers to non-EU states.
In this case, the Owner assures as of now that the transfer of data to non-EU states will take place only upon the explicit issuance of an appropriate consent of each data subject, to countries that guarantee an adequate level of protection of Personal Data and only upon the conclusion of contracts containing standard clauses approved by the European Commission through which the processing of Personal Data is guaranteed to comply with the principles and legal requirements provided for by the GDPR.
7. COOKIES
The web pages of the Site use cookies. Through the use of cookies, Hercle can provide users of the Site with more user-friendly services that would not be possible without the setting of cookies. By means of cookies, the information on the Site can be optimized because cookies allow the Site’s users to be recognized. The purpose of this recognition is to make it easier for users to use the Site. The user, for example, is not obliged to enter login data every time he/she consults the Site since these are already acquired by the Site through cookies stored in the user’s computer system.
The data subject may, at any time, prevent the setting of cookies in accessing the Site by means of the corresponding setting of the Internet browser used, and may then permanently deny the setting of cookies. In addition, cookies that have already been set can be deleted at any time via an Internet browser or other software program. This is possible in all popular Internet browsers. If the affected person deactivates the cookie setting in the Internet browser used, not all functions of the Website may be fully usable.
More information on cookies is contained in the Cookie Policy, which can be accessed from the Website in the appropriate section and the user is encouraged to read it.
8. RIGHTS OF DATA SUBJECTS AND HOW TO EXERCISE THEM
The data subject has the rights under Art. 7 Privacy Code and Art. 15 GDPR and specifically the following rights to:
- obtain confirmation of the existence or non-existence with the Owner of his/her Personal Data, even if not yet registered;
- to obtain the indication of: a) the origin of the Personal Data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; and d) the identification details of the Owner, the data processors and other persons in charge;
- obtain: a) the updating, rectification or integration of the data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept in relation to the purposes for which they were collected; c) certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except where this proves impossible or involves a manifestly disproportionate use of means;
- to object, in whole or in part: a) for legitimate reasons, to the processing of their Personal Data even if pertinent to the purpose of collection; b) to the processing of their Personal Data for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication through the use of traditional marketing systems, or automated calling systems without an operator, by e-mail, telephone and/or paper mail.
The data subject also has the rights under Articles 16-21 GDPR, namely the right to be forgotten, right to restriction of processing, right to data portability, as well as the right to complain to the Data Protection Authority.
Finally, where consent to processing is required from the data subject, the data subject may revoke the provision of Personal Data already made.
The interested party may, at any time, exercise his or her rights by sending a request drafted on the basis of the model prepared by the Guarantor Authority for the Protection of Personal Data, available at the following link to be sent by:
- registered mail with return receipt to Hercle s.r.l, at the registered office at Via Salasco 3, 20136, Milan; or
- e-mail to: privacy@herclefinancial.com or hercle@pec.net.
9. OWNER, MANAGER AND APPOINTEES
The Owner is Hercle S.r.l., with registered office in Via Salasco 3, 20136, Milan, in the person of the pro-tempore legal representative.
It should be noted that, in order to comply with the GDPR, Hercle is preparing a privacy organizational model, identifying roles and responsibilities in the area of Personal Data processing, and identifying in particular, as internal privacy contact persons, the Managers of Organizational Units or Offices that, limited to the processing within their competence, are responsible for the execution of the data protection model in compliance with regulatory requirements. The Owner has designated in writing as Data Processors, pursuant to Article 30 of the Privacy Code, the employees of the corporate functions assigned to the pursuit of the aforementioned purposes and provided them with adequate instructions.
Personal Data may be processed by third parties that the Company uses for the purpose of identification procedures, verification of the authenticity of identity documents, consultation of databases, or for the purpose of the execution of payment services made available to customers. These individuals will act as autonomous Owners or are designated as Data Processors.
The updated list of data processors and processors is kept at the registered office of the Owner.
10. CHANGES TO THE PRIVACY POLICY
This Policy may be subject to change and you are advised to read the updates that will be reported from time to time.