Privacy Disclosure

Disclosure pursuant to Art. 13 of EU Regulation 679/2016

This notice is drafted pursuant to Art. 13 of EU regulation 679/2016 (henceforth, GDPR), in regard to the processing of personal data that is or will come in the possession of the Firm, to inform you of the following:


Data Controller and Data Protection Officer

The Data Controller is ABCF Studio Commercialisti Associati, with offices in Milan, Via

Albricci 8. The contact information is as follows

The Firm did not appoint a data protection officer (DPO) as the conditions specified in Art. 37 of GDPR have not been met (regular and systematic monitoring of the persons or processing of special data categories, both carried out on a large scale)



Legal foundation of processing

The Firm shall process your personal data lawfully, correctly and to the extent this is necessary, when:

  1. the processing is necessary to execute the mandate granted or a contract of which you are a party or to execute the pre-contractual provisions adopted on request;
  2. the processing is necessary to fulfil a legal obligation incumbent upon you or the firm member;
  3. express consent to the processing has been given


Purposes of data processing

The data processing is aimed at the correct and complete execution of the professional mandate received, by way of example but not limited to:

  1. to fulfil tax and accounting obligations;
  2. to fulfil the obligations of the firm member, as specified by current laws and regulations.

Your data shall also be processed to provide:

  1. Regular newsletter on changes in laws and regulations
  2. Invitations to events organised by the Firm

Your personal data may be processed, in both paper and electronic format (including portable devices), to the extent strictly necessary for the purposes indicated above.


Data retention

Your personal data, object of the processing for the purposes indicated above, shall be retained for a period of 10 years starting from the termination of the contract or for the period in which the Firm is subject to retention obligation for tax or other purposes, set by legal or regulatory provisions (for example, tax returns and/or provisions against money laundering)


Recipients to whom the data may be disclosed

Your personal data may be disclosed to:

  1. Employees and contractors of ABCF Studio Commercialisti Associati authorised to the processing
  2. Banks and insurance companies providing services functional to the aforementioned purposes
  3. Parties processing the data to fulfil specific legal obligations
  4. Judicial or administrative authorities, to fulfil legal obligations.

For the parties indicated in 1, 2 and 3 above, only the recipient category is indicated, since the parties could change or be recipients only in special situations. Data subjects may request an updated list by contacting the Data Controller at the address provided here.


Consequence of a failure to disclose personal data

With regard to the personal data requested to execute the contract of which you are a party or to fulfil a legal obligation (for example, obligations related to the preparation of accounting and tax records), a failure to disclose personal data shall make it impossible to execute the contract.

Note that personal data shall be disclosed to third parties only when strictly necessary to fulfil the purposes for which the data had been provided. A refusal to provide the information requested, or the disclosure of incorrect information, shall make it impossible to process them and to execute the mandate.

Data processing under 3 above requires your express consent, without which this activity cannot be performed.


Profiling and Dissemination of data

Your personal data shall not be disseminated, nor used in fully automated decision-making processes.


Rights of data subjects

Data subjects may at any time exercise the rights indicated below:

  1. Right to access personal data to obtain confirmation of the existence or non-existence of personal data, and their disclosure in an intelligible form and, in this case, the indication: a) of the source of the personal data; b) of the purposes and methods of the processing; c) of the logic applied in the case of profiling; d) of the recipients or recipient categories to which the personal data was or shall be disclosed, in particular if third country recipients or international organisations e) of the retention period;
  2. Right to demand the rectification of incorrect data or the integration of incomplete data;
  3. Right to demand the erasure of personal data (if one of the conditions indicated in Art. 17, Par. 1 of GDPR is met and without prejudice to the exceptions specified in Par. 3 of the same article);
  4. Right to limit the processing of your personal data (in one of the cases indicated in Art. 18, Par. 1 of the GDPR);
  5. Right to data portability that is, to request and obtain from firm member – in the cases in which the legal foundation of the processing is the contract or the consent, and is carried out with automated means – the personal data in a structured format that may be read by automated means, also for the purposes of disclosing these data to another data controller.
  6. Right to oppose at any time the processing of your personal data in the special situations that apply to you;
  7. Right to withdraw the consent at any time, in the cases in which the processing is based on your consent for one or more specific purposes. The processing based on the consent and carried out before the withdrawal of the consent shall remain, in any case, lawful;
  8. Right to file a complaint with a supervisory authority (Italian Data Protection Authority –

To exercise the rights listed above, the Data Subject may send a notification to the Data Controller at the email address



In order to facilitate the understanding of this notice, some definitions are provided below:

personal data: any information concerning a natural person, who has been or may be identified (“data subject”);

processing: any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;

filing system: any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;

data controller: a natural or legal person, public authority, agency or body which, severally or with others, specifies the purposes and the means of the processing of the personal data;

data processor: a natural or legal person, public authority, agency or body which processes personal data on behalf of the data controller;

third party: a natural or legal person, public authority, agency or body other than the data subject, the data controller, the data processor and the persons authorised to the processing of the personal data under the direct authority of the data controller or processor;

recipient: a natural or legal person, public authority, agency or any other body to whom data are disclosed, whether a third party or not.

Le nostre EXPERTISE: consulenza, pianificazione e sviluppo

our activities in ABCF