Colliers International Italia S.p.A. is glad to provide you, pursuant to Sections 13, GDPR, with all of the following information (hereinafter, the “Information Notice”).

a. Identity and Contact details of the Controller

Colliers International Italia Via Durini, n. 4 - 20122 Milano, C.F. e P.IVA: 11962350150, Tel. +39 0267160201

b. Purposes of the processing for which the personal data are intended and related legal basis

Your personal data will be processed:
(i) without your consent (section 6, items b, c, f, GDPR), for the following purposes:

  •  performance of pre-contractual and contractual obligations deriving from the execution of a possible professional service contract;
  •  compliance with legal obligations, as provided for by a law (national or EU) or perform an order of any authority, as well of any other entity to which the Controller is subject;

(ii) with your consent (section 7, GDPR), for the following purposes:

  •  marketing and promotional activities of professional services, distribution of promotional materials, sending out of professional newsletters and publications; 

For the purposes under par. (i) above, the collection of your personal data is necessary. In lack of the data or in case of any express refusal of consent to process such data may cause the impossibility to the Controller to perform the professional services contract or the possible violation of the competent Authorities requests.

For the purposes under par. (ii) above, the collection of your personal data is made on voluntary basis; consequently, you may decide not to provide us with any consent, or to waive it in any moment.

c. Processed Categories of Personal Data

Within the purposes of processes mentioned under par. c) above, we shall exclusively process those personal data concerning, by way of example, your name and family name, tax code, VAT number, residence, domicile, work address, e-mail, certified e-mail address, phone and fax numbers, employer company, business role and / or position.

d. Categories of Personal Data Recipients

The personal data you will submit us for the purposes mentioned under par. c), section (i) above, could be transferred to:

  1. Employees and collaborators of the Controller, in its capacity of persons duly authorised to data processing,
  2. Any third party subject, performing outsourced activities on behalf of the Controller, in its capacity of data processors.
  3. Any judicial or controlling Authority, public entities (whether national or foreign ones);
  4. Any other entities belonging to the national and international Colliers Network to which the Controller is part thereof.

Upon your express consent to processing the personal data for the purposes indicated under par. (c), section (ii) above, data may be transferred to those subjects indicated under items 1), 2) and 3) above, as well as, upon your prior consent, to other Italian entities belonging to PwC Network to which the Joint Controllers are part thereof.

e. Storage and Transfer of Personal Data to Third Countries

Personal data are processed and stored “on cloud” and on servers located within and outside EU, belonging to or in the possession of the Controller and/or third party processors, as duly appointed.

Your personal data will not be subject to dissemination.

f. Personal Data Storage Period

Personal Data provided for the purposes indicated under par. (c), section (i) above are processed and stored for the entire duration of the executed professional services contract.

As of the termination of such contractual relationship, for whichever reason or cause, personal data will be stored as long as time-barring legal terms will be elapsed.

Personal Data provided for the purposes indicated under par. (c), section (ii) above are processed and stored for the time necessary for the performance of the same purposes and, anyhow, not later than 2 years from the date in which we will receive your consent

g. Exercisable Rights

In compliance with the provisions under Chapter III, Section I, GDPR, you may exercise the rights therein indicated and in particular:

  • Right of Access – Obtain confirmation whether your data are processed or not and, in such a case, obtain information related, in particular, to: the purposes of such processing, the categories of the processed personal data, the storage period, the recipients to whom such data can be transferred (Section 15, GDPR);
  • Right of Rectification – Obtain, without undue delay, the rectification of inaccurate personal data and to have incomplete personal data completed (Section 16, GDPR);
  • Right of Erasure – Obtain, without undue delay, the erasure of your personal data, in the cases provided for by the GPDR (Section 17, GDPR);
  • Right to Restriction – Obtain from the Controller the limitation to processing, in the cases provided for by the GDPR (Section 18, GDPR);
  • Right to Data Portability – Receive you are personal data as communicated to the Controller in a structured, commonly used and machine-readable format and obtain the transmission of such data to another controller without any hindrance, in the cases provided for by the GDPR (Section 20, GDPR);
  • Right to object – Object to the processing of your personal data, unless the Controller has compelling legitimate grounds for the continuation of the processing (Section 21, GDPR);
  • Right to Lodge a Complaint with the Supervisory Authority – Lodge a complaint to Autorità Garante per la protezione dei dati personali.


h. Processing Operations

Your personal data are processed through the operations indicated in section 4, n. 2), GDPR  - whether or not performed by automated means – such as: collection, recording, organisation, structuring, update, storage, adaptation or alteration, retrieval and analysis, consultation, use, disclosure by transmission, alignment or combination, restriction, erasure or destruction.

Whichever the way, it will guaranteed their security, logical and physical, and overall their confidentiality, adopting all necessary technical and organisational measures appropriate to guarantee the data security.

GDPR:European Regulation 2016/679 of the EU Parliament and of the Council dated April 27, 2016, concerning the protection of natural persons with regard to the processing of personal data.