INFORMATION PROVIDED PURSUANT TO ARTICLES 13-14 OF THE GDPR (GENERAL DATA PROTECTION REGULATION) 2016/679

We inform you that, for the establishment and execution of contractual relationships, our organisation may come into possession of your data, acquired also verbally, directly or through third parties, qualified as personal by the European Regulation 2016/679 (GDPR) and by Legislative Decree 196/2003, as amended by Legislative Decree 101/2018. Legislative Decree 101/2018.

According to the indicated regulation, this treatment will be based on principles of correctness, lawfulness, transparency and protection of your privacy and your rights, as better illustrated below.

WHAT TYPE OF DATA IS PROCESSED?

We process your personal details, tax information, contact details and economic data necessary for the fulfilment of contractual relationships, existing or future, as communicated by you at the time of the conclusion and execution of contracts, or by virtue of pre-contractual negotiations and relationships. We do not possess any of your data that can be classified as sensitive or judicial in nature (art. 9 and 10 of the GDPR), which would in any case be processed in the presence of a specific legitimate legal basis.

IS DATA OF MINORS PROCESSED?

The Data Controller’s Services are not intended for minors under 18 years of age and the Data Controller does not intentionally collect personal information relating to minors. Where the subject providing the data is a minor, such processing is lawful only if and to the extent that such consent is given or authorised by the holder of parental responsibility for whom the identification data and a copy of the identification documents are acquired. Otherwise, if information on minors is unintentionally recorded or collected, the Data Controller will delete it promptly.

WHAT ARE THE PURPOSE OF THE PROCESSING, THE DURATION OF THE PROCESSING AND THE LEGAL BASIS?

Your data will be processed for the entire duration of the contractual relationship and also subsequently, without your express consent pursuant to art. 6 letter b and f GDPR, solely and exclusively for the following purposes: to fulfil pre-contractual, contractual and tax obligations; to fulfil obligations under the law, regulations, community legislation or an order of the Authority; to exercise the rights of the Data Controller, for example the right to defence in court. The Data Controller will process the personal data for the time necessary to fulfil the purposes and, in any case, for no longer than 10 years from the termination of the relationship.

Please note that, if you are already a customer, we may send you commercial communications relating to the Data Controller’s services and products like those you have already used, unless you object (Articles 130 of Legislative Decree 196/2003 and 21(2) of the GDPR).

WHAT HAPPENS IF WE ARE NOT PROVIDED WITH DATA?

Regarding the data that we are obliged to know, in order to fulfil the obligations established by law, failure to provide such data by you will make it impossible to establish or continue the relationship, insofar as such data is necessary for the execution of the relationship.

WHO MAY BE AWARE OF YOUR DATA?

The following categories of persons may become aware of your data in their capacity as data processors or authorised data processing officers appointed by the undersigned company, data controller: managers, directors and statutory auditors; internal secretarial offices; accounting and billing officers; service marketing officers; third parties (for example, providers for the management and maintenance of the website, suppliers, credit institutions, professional firms, etc.) who perform outsourced activities on behalf of the Data Controller, in their capacity as external data processors; Supervisory bodies, Judicial authorities, as well as to all other subjects to whom communication is mandatory by law for the accomplishment of the indicated purposes.

HOW IS YOUR DATA DISCLOSED?

 We will not disclose your data to unspecified parties by making them available or allowing them to be consulted. We may communicate your data, within the scope of our respective and specific competence, to organisations and in general to any public or private entity with respect to which we have the obligation (or faculty recognised by law or secondary or community regulations) or need for communication, as well as to our consultants, within the limits necessary for them to carry out their duties within our organisation, subject to our letter of assignment that imposes the duty of confidentiality and security.

Only where necessary may Personal Data be transferred abroad to non-European countries whose level of data protection has been deemed adequate by the European Commission pursuant to art. 45 of the GDPR or subject to the signing of the Standard Contractual Clauses adopted/approved by the European Commission pursuant to art. 46, 2 lett. C) and d) or after the adoption of other guarantees as per articles 46 and 47 of the GDPR.

WHAT ARE YOUR RIGHTS?

In your capacity as an interested party, you have the rights referred to in art. 15 GDPR and precisely the rights to: i. obtain confirmation of the existence or not of personal data concerning you, even if not yet recorded, and their communication in an intelligible form; ii. obtain the indication: a) of the origin of the personal data; b) of the purposes and methods of the processing; c) of the logic applied in case of processing carried out with the aid of electronic instruments; d) of the identification details of the holder, of the persons in charge and of the designated representative according to art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents; iii. to obtain: a) the updating, correction or integration of the data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including data that does not need to be retained for the purposes for which it was collected or subsequently processed; c) certification that the operations in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case where such fulfilment proves impossible or involves the use of means manifestly disproportionate to the protected right; iv. to object, in whole or in part: a) for legitimate reasons, to the processing of your personal data, even if pertinent to the purpose of collection; b) to the processing of personal data concerning you for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator, by email and/or through traditional marketing methods such as telephone and/or paper mail. Where applicable, you will also have the rights referred to in Articles 16-21 GDPR (Right of rectification, right to be forgotten, right of limitation of treatment, right to data portability, right of opposition), as well as the right of complaint to the Guarantor Authority. At any time, you may obtain confirmation of the existence or non-existence of personal data concerning you and the communication of such data and the purposes upon which the processing is based. You may also obtain the cancellation, transformation into anonymous form or the blocking of data processed in violation of the law, as well as the updating, rectification or, if you have an interest in doing so, the integration of the data. You may object to the processing itself for legitimate reasons. We kindly ask you to promptly report any changes to your personal data to the company’s reference office so that we can comply with current legislation, which requires that the data collected is accurate and, therefore, up to date.

 The Data Controller is PROREVI AUDITING SRL, (VAT n. 02247300482) with headquarters at 20124 Milan (MI), Corso Buenos Aires, 20, in the person of its temporary legal representative.

To exercise your rights and/or for any clarifications regarding the protection of personal data you can contact our DPO Avv. Roberto Spreafico of Milano lawyers ‘register at the following email address: r.spreafico@studiospreafico.eu.