Privacy Notice (UK‑GDPR & DPA 2018)
2.1 Data Controller
Capitalio Ltd (details above) is the controller of personal data collected via the Site or in the course of providing services.
2.2 What We Collect
- Identification & contact data (name, address, email, telephone).
- AML/KYC data (passport, proof of address, source‑of‑funds).
- Investment preferences.
- Technical data (IP address, browser type, device IDs).
- Marketing preferences.
2.3 Purposes & Legal Bases
| Purpose | Legal Basis (Art 6 UK‑GDPR) |
| Operate & secure the Site | Legitimate interests |
| Respond to enquiries & provide services | Contract |
| Conduct AML/KYC screening | Legal obligation |
| Send direct marketing | Consent or legitimate interests |
| Analyse traffic & improve services | Legitimate interests |
2.4 Sharing & Transfers
We share data with Italian estate agents and professional advisers, IT/cloud providers, AML screening services, and regulators where required. Data transfers outside the UK rely on adequacy decisions or IDTAs.
2.5 Retention
Personal data is retained for six years after the end of our relationship or longer where required by law.
2.6 Your Rights
You may request access, rectification, erasure, restriction, data portability, or object to processing, and may withdraw consent at any time. Email advisory@capitalio.co.uk. You can complain to the UK Information Commissioner’s Office (ICO).
Data‑Protection Policy (Internal Extract)
3.1 Scope & Principles
Applies to all Capitalio staff and contractors and follows the seven UK‑GDPR principles: lawfulness, fairness & transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity & confidentiality; accountability.
3.2 Security Measures
- Encryption at rest & in transit (TLS 1.2+).
- Multi‑factor authentication on all cloud systems.
- Role‑based access & least‑privilege.
- Quarterly vulnerability scans & annual penetration tests.
- Breach‑notification procedure (<72 hours to ICO).
3.3 Responsibilities
- Board – ultimate accountability.
- Data‑Protection Officer – monitors compliance & reports to the ICO.
- Employees & Contractors – follow policy & complete annual training.
3.4 Review
This policy is reviewed annually or sooner if processing changes significantly.
