Rolnik Capital Owners SGIIC's Privacy Policy.

Last updated: October 17, 2023.

Below is the privacy policy of Rolnik Capital Owners, SGIIC, SAU (hereinafter “Rolnik”), which regulates the collection and processing of data provided by users on this website.
Data Controller: The data controller for personal data is Rolnik Capital Owners, SGIIC, SAU (hereinafter Rolnik) with tax ID A85745750. Our registered office is located at Plaza de Alonso Martínez, 7 1º Izquierda – 28004 Madrid. You can contact us by phone at +34 696 362 169 or via email at [email protected].
Detailed Information on Processing by Rolnik:
1. Data Processing for Client and Potential Client Management:
o Description: This includes evaluating the suitability and appropriateness of contracting products, formalizing and executing orders, responding to messages received through the contact forms on our website, managing subscriptions to our publications with general investment content, current news, etc., preventing money laundering and terrorist financing, and creating advertising campaigns and commercial activities through any means, including electronic, as well as managing accounting, tax, and administrative matters related to client operations.
o Legal Basis: The processing of data for client and potential client operations is primarily justified by the necessity of the processing for the execution of a contract or the application of precontractual measures. For commercial actions directed at clients and potential clients or subscription to our publications, the processing is based on the consent provided by the individuals. Information required for due diligence in preventing money laundering and terrorist financing is processed in compliance with a legal obligation under Law 10/2010 of April 28, on the prevention of money laundering and terrorist financing. Additionally, processing contact data of individuals who are employees of the client or potential client is justified by Rolnik’s legitimate interest in maintaining commercial relationships with the entity where the individual provides services.
o Data Categories:
 Identifying and contact data: such as ID, NIE, or equivalent identification document; name and surname; postal, telephone, and electronic contact information; residence address, nationality, date of birth.
 Socioeconomic data: details of professional or labor activity, income or remuneration, family unit, education level, assets, fiscal and tax data.
 Information on knowledge or experience in investment products.
 Financial data: products and services contracted, relationship with the product (holder, authorized person, or representative).
 Legally required information for the prevention of money laundering and terrorist financing.
o Recipients: Regulatory bodies, supervisory authorities, and other competent public administration entities based on legal obligations or their requests. If applicable, data may be shared with banks or financial entities to address transfer requests. Entities providing services on our behalf, such as for shipping, marketing, and customer service, only for the purposes requested or required by law.
o International Transfers: Only occur if required by law (e.g., tax reporting obligations). If using providers whose services involve data transfers outside the European Economic Area, they must comply with written instructions through an agreement ensuring an adequate level of data protection equivalent to that of Europe, with standard contractual clauses approved by the European Commission.
o Retention Period: Personal data will be retained for as long as the contractual relationship is maintained and while liabilities arising from data processing remain according to current legislation. Specifically, for anti-money laundering and anti-terrorist financing activities, data will be retained for 10 years as required by applicable law. Data from requests that do not result in formalized operations may be processed for six months to handle future requests and avoid duplicating formalities. After these periods, data will be properly blocked until any responsibilities related to data processing and compliance with data protection laws are resolved. After this, the data will be deleted.
For contact data collected for commercial actions or subscriptions, which is based on the consent of the data subject, it will be retained indefinitely unless the individual requests its deletion.
2. Data Processing for Human Resources Management:
o Description: This includes processing data necessary for maintaining employment or administrative relationships with employees, training actions, required reporting in the event of a workplace accident, and activities to prevent, avoid, or reduce work-related risks, as well as monitoring employee health.
o Legal Basis: The processing of data for human resources management and staff training is necessary for the execution of a contract in which the data subject is a party or for the application of precontractual measures at their request. Activities to prevent, avoid, or reduce work-related risks and monitoring employee health are carried out in compliance with legal obligations under Law 31/1995 of November 8, on the prevention of occupational risks.
o Data Categories:
 Identifying data: such as name and surname, ID, and social security number, postal and electronic address, phone.
 Personal characteristics: such as marital status, date and place of birth, sex, nationality, or disability percentage.
 Academic and professional data.
 Economic, financial, and insurance data, such as bank details for payroll.
 Data necessary to avoid or reduce work-related risks, such as certain health data.
o Recipients: General Treasury of Social Security, State Tax Administration Agency, Labor Inspectorate, Accident Mutuals. Banks and financial entities for salary payments. Data may also be shared with the State Foundation for Employment Training (FUNDAE) if training bonuses are requested.
o International Transfers: Only occur if required by law (e.g., tax reporting obligations). If using providers whose services involve data transfers outside the European Economic Area, they must comply with written instructions through an agreement ensuring an adequate level of data protection equivalent to that of Europe, with standard contractual clauses approved by the European Commission.
o Retention Period: Data will be retained for as long as necessary to fulfill the purpose for which it was collected and to determine any potential liabilities arising from that purpose and data processing, in accordance with applicable labor legislation and specifically, the Law on Infringements and Penalties in Social Order. Additionally, economic data will be retained under the provisions of Law 58/2003 of December 17, General Tax Law.
3. Data Processing for Job Candidates’ Evaluation, Interview Scheduling, and Selection:
o Description: This includes processing curricular data of job applicants to manage their potential participation in selection processes carried out by Rolnik.
o Legal Basis: The processing of candidate data is based on their consent provided when applying for a specific job posted by Rolnik or submitting their resume for consideration in future selection processes.
o Data Categories:
 Identifying data: such as name and surname, ID, postal and electronic address, phone.
 Personal characteristics: such as marital status, date and place of birth, sex, nationality, or disability percentage.
 Academic and professional data.
o Recipients: No third-party disclosures are planned.
o International Transfers: No international data transfers are planned. If using providers whose services involve data transfers outside the European Economic Area, they must comply with written instructions through an agreement ensuring an adequate level of data protection equivalent to that of Europe, with standard contractual clauses approved by the European Commission.
o Retention Period: Data will be retained for one year, unless the candidate requests its deletion beforehand.
4. Data Processing for Supplier Management:
o Description: This includes accounting, tax, and administrative management with suppliers and service providers.
o Legal Basis: The processing of data for supplier operations is necessary for the execution of a contract or the application of precontractual measures. Processing contact data of individuals who are employees of the supplier is justified by Rolnik’s legitimate interest in maintaining commercial relationships with the entity where the individual provides services.
o Data Categories:
 Identifying data of individual suppliers and legal representatives of legal entities, such as name and surname, ID.
 Academic and professional data of individual suppliers.
 Economic and financial data of individual suppliers.
 Contact data of individual suppliers and representatives and employees of legal entities, such as name and surname, position, postal and electronic address, and professional phone.
o Recipients: Banks and financial entities. State Tax Administration Agency. Auditors.
o International Transfers: No international data transfers are planned. If using providers whose services involve data transfers outside the European Economic Area, they must comply with written instructions through an agreement ensuring an adequate level of data protection equivalent to that of Europe, with standard contractual clauses approved by the European Commission.
o Retention Period: Data will be retained for as long as necessary to fulfill the purpose for which it was collected and to determine any potential liabilities arising from that purpose and data processing, in accordance with mercantile and tax legislation.
5. Data Processing for the Management of Communications Received Through the Whistleblower Channel:
Data collected through the Whistleblower Channel will be processed solely for the purpose of handling the received complaints and, if necessary, investigating the reported facts.
o Description: This includes solely the handling of communications received through the Whistleblower Channel and, if necessary, investigating the reported facts.
o Legal Basis: The processing of data collected through Rolnik’s Whistleblower Channel is based on the fulfillment of a mission carried out in the public interest, such as the prevention of criminal offenses.
o Data Categories: Data provided by the whistleblower in their complaint and any data derived from the necessary investigations.
o Recipients: State Security Forces and Bodies; Judges and Courts.
o International Transfers: No international data transfers are planned.
o Retention Period: Data processed within the framework of investigations will be deleted as soon as the investigations are concluded. In any case, data will be deleted from the Whistleblower Channel three months after the complaint is received, though it may continue to be processed outside of it if necessary for judicial proceedings or disciplinary measures.
Rights of Data Subjects: You can exercise your rights of access, rectification, deletion, opposition, limitation, and portability by sending a letter to our registered office or to the email address [email protected], clearly identifying yourself with a photocopy of your ID or an equivalent identification document, and specifying the right you wish to exercise. You may also contact our Data Protection Officer for any questions regarding the processing of your personal data at [email protected].
You can also file a complaint with the Spanish Data Protection Agency. You can find the necessary information at: www.aepd.es
Cookies: Rolnik will only use data storage and retrieval devices (‘Cookies’) when the user has given prior consent, as indicated in the browser’s pop-up window when first accessing the website and in the terms and conditions stated in our Cookie Policy.
Security: Rolnik adopts the security levels required by the GDPR appropriate to the nature of the data processed and the risks to which they are exposed. We have implemented the necessary technical and organizational measures to ensure the security and integrity of the data, as well as to prevent its alteration, loss, processing, or unauthorized access.