Privacy and Cookie Policy

This Privacy Policy describes the purposes and methods by which COIMA SGR S.p.A., as a management company acting on behalf of the Porta Romana fund data controller (“Company”) , collects and processes personal data relating to the user (“User”) who interacts with the website (“Website”) and with the various services it offers.

The information contained in this Privacy Policy is provided under Art. 13 of Regulation EU of 27 April 2016 no. 679 (“Regulation” or “GDPR”), and the Measures issued by the Data Protection Supervisory Authority and the Guidelines of the European authorities.

Information on the processing of data is provided only for the Website and for data processing operations carried out by the Company and it does not extend to processing carried out by third parties on other websites that may be consulted by Users via links. The Company does not accept any liability for this further processing; the User should refer to the individual Privacy Policies of the third party websites.


  1. Data Controller

COIMA SGR SPA, as a management company of the Porta Romana fund, with its registered office in Milan (Italy), Piazza Gae Aulenti, 12, 20154.


  1. Data processing methods

The Company processes the User’s data while adopting all appropriate data security measures to prevent unauthorised access, unauthorised disclosure, modification or destruction of the data. The processing is carried out using both manual and/or electronic tools, using organisational methods and logics strictly related and limited to the indicated purposes.


  1. Data processing purpose and legal basis

The Company, through the Website, may process the User’s data for the following purposes:

  • Contacting the Company. The User can contact the Company through SEC Newgate Italia – which has been appointed Company press officer and Data Processor, to request information using the contact details specified on the Website.
  • Contact the project Companies: the Website contains the project companies’ press officer email addresses, which may be used by journalists or the user to receive information. Each company will process the data provided in the email as an independent data controller to reply to requests made by email. Personal data provided voluntarily by the User (e.g., email address or other information freely provided by the User) will be processed by the individual project companies to manage and respond to the User’s communications or requests. The processing legal basis is the performance of the service requested by the User (Art. 6(1)(b) GDPR), and any refusal to provide personal data will make it impossible for the Company to manage and acknowledge the communication or request for information.
  • Newsletter.  When the User voluntarily enters their email address in the “STAY UPDATED” form, the User subscribes to the project newsletter and receives information and updates on its development. The processing legal basis is the performance of the service requested by the User (newsletter and update) (Art. 6(1)(b) GDPR), and any refusal to provide personal data will make it impossible for the Company to manage this service and send communications to the User’s email address. The User may opt-out of receiving these newsletters by clicking on the unsubscribe link at the bottom of each newsletter;
  • Commercial communications. By filling in the contact form with the User’s data, the User can be informed in real time and receive information on the marketing of future residential buildings under construction in the area. Also in this case, the legal basis for data processing is the User’s consent (Art. 6 (1)(a) GDPR), and any refusal to provide personal data marked with an asterisk (*) will result in the Company being prevented from sending communications to the email address provided by the User. The User may opt-out of receiving these communications by clicking on the unsubscribe link at the bottom of each communication.
  • Pursuing the legitimate interests of the Company and/or third parties. The User’s data may be used to exercise the rights and legitimate interests of the Company or third parties, for example, handling claims, fraud prevention or prevention of unlawful activities. In these cases, although the provision of the User’s personal data is not mandatory, it is necessary as this data is closely connected and instrumental to the pursuit of those legitimate interests, which do not prevail over the User’s rights and fundamental freedoms (art. 6(1)(f) GDPR).
  • Fulfilling applicable legal or other obligations. The Company may use personal data provided by the User or acquired during the User’s interaction with the Website for purposes of compliance with legislative and regulatory obligations, national and EU legislation, as well as obligations deriving from measures issued by authorities who are legally authorised to do so, which represent the legal basis of data processing, without the need to obtain the User’s prior consent. (art. 6(1) (c) GDPR).


  1. Data categories

The Company receives and collects information through the Website relating to the User who visits the pages of the Website and who uses the web services available on the Website. The Company acquires and processes the following information.


4.1 Data collected from browsing and cookies

When the User visits the Website, the latter collects certain data, such as pages viewed, connections or buttons clicked by the User, date and time of access, IP address, browser and operating system used (known as “navigation data”). The Company uses this data for the sole purpose of obtaining statistical and anonymous information on the use of the Website for purposes strictly related to its operation and assess the effectiveness of the services offered by the Website. Navigation data could be used to ascertain responsibility in the event of any computer crimes being committed against the Website.
For the collection of the User’s data through cookies and similar technologies, please visit the Cookie Policy.


4.2 Data provided voluntarily by the User

The Company limits the gathering of voluntarily provided information to data necessary to achieve the purposes described in paragraph 3 above and receive the services requested. Additional personal data may be collected and processed by the Company, if the same are provided voluntarily by the User as part of the services offered by the Website, for example, if the User contact the Company to report disservice or malfunctioning, to exercise its rights in relation to personal data processing, etc. Those data will be processed by the Company only for purposes strictly linked to the User’s request. Any failure to provide the data may make it impossible to obtain the requested service.


  1. Disclosure of data to third parties

The data provided by the User as well as those collected by the Website as part of the relevant services (e.g. IP address) will not be disseminated and may be communicated – for the purposes and using the methods illustrated in this Privacy Policy – to the categories of persons/entities listed below:

  • COIMA, Covivio and Prada Holding SpA platform companies, for organisational purposes, internal control purposes, pursue the Company or third-party legitimate interests and carry out the User services/requests (e.g., enquiries to the controllers’ press officers);
  • companies, co-workers, consultants or freelancers that the Company uses in order to implement technical or organisational tasks (e.g. IT and web service providers), or with whom the Company collaborates (including other COIMA Companies) to provide and operate its own services, or for any communication activities;
  • persons, companies or professional firms that provide assistance and advice to the Company, particularly (but not exclusively) in accounting, administrative, legal, tax and financial matters;
  • persons/entities entitled by law or by order of a public authority to access the data.

The persons/entities belonging to the categories indicated above will use the data as independent data controllers pursuant to law or as data processors properly appointed by the Company. If the user writes directly to the press addresses of the project companies, they will process data as independent data controllers exclusively to reply to email requests.

The list of entities to which the data are or may be disclosed can be requested from the Company by using the details indicated in the “Rights of Users and Contact Details” section.


  1. Data retention

The data are processed for the period of time necessary to carry out the activities indicated in paragraph 3 above, and are erased when the purposes for which they were collected and processed no longer apply.

The Company will provide feedback to email requests without further processing personal data. It may hold the data for longer periods to meet the user’s request. The User’s data used for newsletter and update purposes will be retained until the User unsubscribes from the service, then data will be deleted.
The information collected through cookies will be stored for the periods specified in each table in section 8 below.


  1. User rights and contact details

The User may exercise the rights provided for by the Regulation in the cases expressly envisaged by law and where applicable. The User has the right to:

  • obtain confirmation of whether or not the processing of his/her personal data is in progress and, in that case, to request from the Controller access to information relating to that processing (e.g. purposes, categories of data processed, recipients or categories of recipients of data, retention period, etc.);
  • request the rectification of inaccurate or incomplete data;
  • request the Controller to erase the data (e.g. if the personal data are no longer necessary in relation to the purposes for which they were collected, or if the consent on which the data processing is based is withdrawn, etc.);
  • request the data processing limitation (e.g. if the User disputes the accuracy of the data; if the data processing is unlawful and they object to the erasure of personal data; if data is required to exercise or defend the User’s rights in court, even where the Controller no longer requires it; when the User exercises their right to oppose data processing, for the time required to verify whether legitimate reasons exists).
  • receive personal data relating to him/her in a commonly-used and machine-readable format (e.g. pdf) and to send them to a different data controller, or to obtain direct transmission from one controller to the other, if technically possible (known as data portability).

The User also has the right to object, in whole or in part, for legitimate reasons, to the processing of their personal data.

Those rights may be exercised by sending a communication to the following email address: [email protected].

Finally, if the User considers that the processing of data provided violates personal data protection rules, he/she has the right to lodge a complaint with the Italian Data Protection Authority (


  1. Data collection using Cookies


8.1 What are cookies?

Cookies are small text files that the websites visited by the user send to the device being used by the user to access the Internet (usually via a browser), where they are stored in order to later be retransmitted to the same websites the next time that the same user visits them. Each cookie is unique in relation to the browser and device used to access the Website

Cookies cannot view or retrieve data from other cookies, transmit computer viruses, or identify and use email addresses or passwords, nor can they acquire files or data stored on the user’s device.

Cookies can be installed by the owner or manager of the website that the user is visiting (known as “first-party cookies”) or by other providers (known as “third-party cookies”).

Cookies can be stored permanently on the user’s device. Once the browser is closed, cookies are not removed but remain until a pre-set expiry date or are deleted by the user (“persistent cookies”), or they can be automatically deleted every time the user leaves the Website or closes the browser (“session cookies”).


Cookies can be:

  • Technical: cookies necessary for the proper website operation or are useful for storing information about users during later visits to the website. Technical cookies are essential to allow the user to navigate through the website, so they do not require the user’s express consent;
  • Functional: Functional cookies share website content on social media platforms, collecting feedback and other third-party features (.e.g. possibility of viewing videos) for which consent is required. Without them, the website can be used but the user cannot access certain parts

8.2       Cookies used by the Website

The cookies used on the Website are technical and functional cookies, as listed in the “Cookie Setting” section of the Banner

To get information on managing the functional cookies and reject them, the user must click on the “Reject” button on the Banner or on “Cookie Settings” if the user wants to know the types of cookies and choose those to activate or reject, or on “Accept All” to accept all cookies.

We recommend that you consult the privacy policies of third-party cookie providers and their cookie options at the links specified in the “cookie settings” table.


8.3 Changing and managing cookie preferences

It is possible to change and manage cookie preferences through the Website or browser settings or third-party websites.

1) through the Website: third-party cookies can be enabled/disabled using the selections in the table in the paragraph above

2) through third-party websites such as or

3) through the browser settings, cookies received from the Website or any other website can be blocked or deleted by changing the browser settings through the browser function.

Below are links to the instructions for the following browsers:


Internet Explorer –

Chrome –

Firefox –

Opera –

Safari –

Please note that disabling cookies – including strictly necessary cookies – could cause issues with browsing the Website and prevent certain features of the Website from functioning properly.


9        Third Party Plugins

The Website may also incorporate plugins and/or buttons for social networks in order to make it easier for the user to share content on their preferred social networks. These plugins do not set a cookie, but if one is already present on the user’s computer, they can read it and use it within the limits of its settings. The collection and use of information by these third parties is regulated by the relevant privacy policies, which the user is recommended to read.


10      Use of other websites

The user is recommended to read the privacy and cookie policies of any websites that they visit through the links present on the Website.

Please note that the cookie preferences applicable to this Website will not be active on the websites of other companies.


11    Transfer to non-EU countries

The Company will not transfer your data to entities established outside the European Union. For information on the possible transfer of personal data collected through third-party cookies established in non-EU countries, please refer to the third-party privacy policy on its website.

12 Changes to the Privacy and Cookie Policy

The Company reserves the right to make changes to this Privacy and Cookie Policy at any time, giving notice of this by publication on the Website.
We invite the User to check these updates on the Website.

Should the changes be particularly significant and/or notably impact the User’s rights, the Company may also communicate them to the User in a different manner (e.g. by sending an email).

Privacy and Cookie Policy updated on 5 June 2023