Privacy Policy - Main Services

Main services of Yeldo.com

Introduction – Who are we?

Yeldo S.A., registered with Commercial registry office of Canton Ticino under the identification number CHE-255.680.014, having its registered office in Via Balestra, 12 6900 Lugano, Switzerland (hereinafter the “Data Controller” or “Yeldo”), owner of the website https://www.yeldo.com/ (hereinafter the “Website”), in its capacity as data controller in relation to personal data pertaining to the users using the Website (hereinafter the “Users”) provides the following privacy policy according to Article 13 of EU Regulation 2016/679 dated 27 April 2016 (hereinafter, “Regulation” or “Applicable Law”).

The Data Controller, established outside the European Union, providing a service to subjects resident in the European Union, will process the personal data of Users browsing the Website in full compliance with the Applicable Law, pursuant to Article 3(2)(a) of the Regulation.

How to contact us?

The Data Controller takes the utmost account of its Users’ right to privacy and protection of personal data. For any information related to this privacy policy, Users may contact the Data Controller at any time, using the following methods:

By sending an e-mail to: privacy@yeldo.com

The Users may also contact the Data Protection Officer (DPO) appointed by the Data Controller. The contact details of the DPO are: Shibumi S.r.l., in the person of Lapo Curini Galletti, email: dpo@yeldo.com.

The Data Controller, established outside the European Union, has appointed as its Representative in the European Union, pursuant to Article 27 of the Regulation, the company YELDO S.r.l, with registered office in Milano, Via Borgogna 5.

What do we do? – Procesing Purposes

By navigating the Website, the User can be kept up to date on the services and activities developed by the Data Controller. Moreover, the User,

  • from the “Login”, “Get Started”, “Learn More”, “Request financing”, “Sign-in”, “Sign-up now”, and “Create an Account and Start investing” sections (hereinafter the “Registration sections”), can register on the Website to obtain information on investment opportunities and enjoy the services offered by Data Controller (hereinafter, the “Service”);
  • from the "Contacts" and “Book a call” sections and through the chat-box “Got any questions? I'm happy to help” (hereinafter the “Contact sections”), the Users can contact the Data Controller for various purposes such as, purely by way of example and not limited to, obtaining more information about services provided through the Website, learning more about the Data Controller company activities, opportunities or specific investment product and asking the Data Controller for assistance.
  • from the “Work with us” section of the Website, the User can send his/her job applications.

In connection with the activities that may be carried out through the Website, the Data Controller collects personal data relating to the Users.

This Website and any services offered through the Website are reserved for individuals who are 18 years and over. Therefore, the Data Controller does not collect personal data relating to individuals under 18 years of age. Upon request of the Users, the Data Controller will promptly delete all personal data that has been involuntarily collected and related to subjects under the age of 18.

The personal data of the Users will be processed lawfully by the Data Controller for the following processing purposes:

  • browsing of the Website: to allow the browsing of the Website by the User. The User’s data collected by the Data Controller to this end include all personal data whose transmission is implicit in the use of Internet communication protocols, that the computer systems and software procedures used to operate the Website acquire during their normal functioning: the IP addresses or domain names of the computers used by the Users, the addresses in URI notation (Uniform Resource Identifier) of the requested resources, the time of the request, the method used in submitting the request to the server, the file size obtained in response, the numerical code indicating the status of the response given by the server (good order, error, etc.) and other parameters relating to the operating system and the User's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Website and to allow its correct operation. Without prejudice to what is stipulated elsewhere in this privacy policy, under no circumstances the Data Controller will make the personal data accessible to other Users and/or third parties;

  • registration request: to access services supplied by the Data Controller. The User's data collected by the Data Controller for the purposes of any registration request on the Website include: first name, last name, e-mail address, phone number, qualification as a professional investor as well as all the User's personal information that he/she may voluntarily publish. In particular, to verify the above mentioned qualification, User will be requested to answer a questionnaire through which the Controller may collect further personal data related to such verification. The User's personal data will be used by the Data Controller for the sole purpose of ascertaining the User's identity and qualification, thus avoiding possible fraud or abuse, and contacting the User for service purposes only . Without prejudice to what is provided for elsewhere in this privacy policy, under no circumstances shall the Data Controller make Users' personal data accessible to other Users and/or third parties.

  • processing the User’s contact request: the personal data of the Users are collected and processed by the Data Controller for the sole purpose of processing their request. The User’s data collected by the Data Controller for this purpose include name, surname, e-mail address, telephone number, pictures, voice and all other User data that may be voluntarily communicated by the User through the Contact sections or by telephone or e-mail to the contacts indicated on the Website. No other processing will be carried out by the Data Controller in relation to the Users’ personal data. Without prejudice to what is provided elsewhere in this privacy policy, in no case will the Data Controller make the personal data of the Users accessible to other Users and/or third parties.

  • submitting an application, the User's personal data collected and processed by the Data Controller for the sole purpose of processing the request regarding the possibility of establishing a working collaboration with the Data Controller include: first name, last name, e-mail address, curriculum vitae, as well as all the User's personal information that he/she may voluntarily publish. No other processing will be carried out by the Controller in relation to the Users' personal data. Without prejudice to what is provided for elsewhere in this privacy policy, under no circumstances will the Data Controller make Users' personal data accessible to other Users and/or third parties.

  • legal obligations, or to fulfil obligations provided by the law, an authority, a regulation or by European legislation Controller and/or User shall abide to.

The provision of personal data for the processing purposes indicated above is optional but necessary, since failure to provide such data will make it impossible for the User to access the Website and to use the Service.

Legal Basis

Browsing of the Website, registration request, processing User’s contact request and submitting of an application (as described in paragraph 3, letter a), b), c) and d) above): the legal basis is Article 6, paragraph 1, letter b) of the Regulation, since the processing is necessary for the performance of a contract to which the User is party or in order to take steps at the request of the User prior to entering into a contract.

Legal obligations (as described in paragraph 3, letter e) above): the legal basis is Article 6, paragraph 1, letter c) of the Regulation, since the processing is necessary for compliance with a legal obligation to which the Data Controller is subject.

Processing methods and data retention period

The Data Controller will process the personal data of Users using manual and IT tools, with logic strictly related to the purposes themselves and, in any case, in order to guarantee the security and confidentiality of the data.

The personal data of the Users will be retained for the time strictly necessary to carry out the main purposes explained in paragraph 3 above or, in any case, as necessary for the protection in civil law of the interests of both the Users and the Data Controller.

Transmission and dissemination of data

The User’s personal data may be transferred to third countries located outside the European Union that offer an adequate level of data protection, in particular to the territory of Switzerland. In this case, the Data Controller will ensure that the transfer takes place in accordance with the adequacy decision adopted by the European Commission on the basis of Article 45 of Regulation (EU) 2016/679. The effect of that decision is that personal data may be transferred from the EU (and Norway, Liechtenstein and Iceland) to that third country without the need for additional safeguards. In other words, transfers to that country will be treated as data transfers within the EU.

The personal data of the Users may be disclosed to the employees and/or collaborators of the Data Controller in charge of managing the Website and the Users’ requests. These subjects, who have been instructed to do so by the Data Controller pursuant to Article 29 of the Regulation, will process the User’s data exclusively for the purposes indicated in this policy and in compliance with the provisions of the Applicable Law.

The personal data of the Users may also be disclosed to third parties who may process personal data on behalf of the Data Controller as “Data Processors” pursuant to Article 28 of the Regulation, such as, for example, IT and logistic service providers functional to the operation of the Data Controller’s Website, suppliers of outsourcing or cloud computing services, professionals and consultants.

Users have the right to obtain a list of any data processors appointed by the Data Controller, making a request to the Data Controller in the manner indicated in paragraph 7 below.

Rights of the data subjects

Users may exercise their rights granted by the Applicable Law by contacting the Data Controller as follows:

By sending an e-mail to: privacy@yeldo.com

The Users may also contact the Data Protection Officer (DPO) appointed by the Data Controller. The contact details of the DPO are: Shibumi S.r.l., in the person of Lapo Curini Galletti, email: dpo@yeldo.com.

The Data Controller, established outside the European Union, has appointed as its Representative in the European Union, pursuant to Article 27 of the Regulation, the company YELDO S.r.l, with Registered Office in Via Borgogna 5, Milano

Pursuant to Applicable Law, the Data Controller informs that Users have the right to obtain indication of (i) the origin of personal data; (ii) the purposes and methods of the processing; (iii) the logic applied in the event of processing carried out with the aid of electronic instruments; (iv) of the identification details of the data controller and processors; (v) the subjects or categories of subjects to whom the personal data may be communicated or who may come to aware of them as processors or agents.

Furthermore, Users have the right to obtain:

  • access, updating, rectification, or, when interested, integration of data;
  • the cancellation, transformation into anonymous form or the restriction of data processed in breach of the law, including data that does not need to be stored in relation to the purposes for which the data was collected or subsequently processed;
  • certification to the effect that notification has been supplied of operations as per letters a) and b), as also regards their content, to those to whom the data was communicated or disseminated, except for the case where notification proves impossible or requires the use of means clearly disproportionate to the right being protected.

Moreover, the Users have:

  • the right to revoke consent at any time, if the processing is based on their consent;
  • (where applicable) the right to data portability (the right to receive all personal data concerning them in a structured format, commonly used and readable by automatic device);
  • the right to oppose to:
    • in whole or part, for legitimate reasons, the processing of personal data relating to him/her for legitimate reasons even pertinent to the purpose of collection;
    • in whole or part, the handling of personal data for the purpose of sending advertising or sales materials or for the carrying out of market research or for commercial communication purposes;
    • if personal data is processed for direct marketing purposes, at any time, to the processing of data for this purpose, including profiling to the extent that it is related to such direct marketing.
  • if it is deemed that the processing concerning his/her personal data violates the Regulation, the right to lodge a complaint with a Supervisory authority (in the Member State in which he/she usually resides, in the one in which he/she works or in the one in which the alleged violation has occurred). The Italian Supervisory Authority is the Data Protection Authority, with registered offices in Piazza Venezia No. 11, 00187 – Rome (http://www.garanteprivacy.it/).

The Data Controller is not responsible for updating all links viewed in this Privacy Policy, therefore, whenever a link does not work and/or is not updated, the Users acknowledge and accept that they must always refer to the document and/or section of the websites referred to by this link.