This notice is drafted pursuant to Art. 13 of EU regulation 679/2016 (henceforth, GDPR), in regard to the processing of personal data that is or will come in the possession of the Firm, to inform you of the following:
Data Controller and Data Protection Officer
The Data Controller is ABCF Studio Commercialisti Associati, with offices in Milan, Via
Albricci 8. The contact information is as follows firstname.lastname@example.org
The Firm did not appoint a data protection officer (DPO) as the conditions specified in Art. 37 of GDPR have not been met (regular and systematic monitoring of the persons or processing of special data categories, both carried out on a large scale)
Legal foundation of processing
The Firm shall process your personal data lawfully, correctly and to the extent this is necessary, when:
Purposes of data processing
The data processing is aimed at the correct and complete execution of the professional mandate received, by way of example but not limited to:
Your data shall also be processed to provide:
Your personal data may be processed, in both paper and electronic format (including portable devices), to the extent strictly necessary for the purposes indicated above.
Your personal data, object of the processing for the purposes indicated above, shall be retained for a period of 10 years starting from the termination of the contract or for the period in which the Firm is subject to retention obligation for tax or other purposes, set by legal or regulatory provisions (for example, tax returns and/or provisions against money laundering)
Recipients to whom the data may be disclosed
Your personal data may be disclosed to:
For the parties indicated in 1, 2 and 3 above, only the recipient category is indicated, since the parties could change or be recipients only in special situations. Data subjects may request an updated list by contacting the Data Controller at the address provided here.
Consequence of a failure to disclose personal data
With regard to the personal data requested to execute the contract of which you are a party or to fulfil a legal obligation (for example, obligations related to the preparation of accounting and tax records), a failure to disclose personal data shall make it impossible to execute the contract.
Note that personal data shall be disclosed to third parties only when strictly necessary to fulfil the purposes for which the data had been provided. A refusal to provide the information requested, or the disclosure of incorrect information, shall make it impossible to process them and to execute the mandate.
Data processing under 3 above requires your express consent, without which this activity cannot be performed.
Profiling and Dissemination of data
Your personal data shall not be disseminated, nor used in fully automated decision-making processes.
Rights of data subjects
Data subjects may at any time exercise the rights indicated below:
To exercise the rights listed above, the Data Subject may send a notification to the Data Controller at the email address email@example.com
In order to facilitate the understanding of this notice, some definitions are provided below:
personal data: any information concerning a natural person, who has been or may be identified (“data subject”);
processing: any operation or set of operations which is performed upon personal data or sets of personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;
filing system: any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;
data controller: a natural or legal person, public authority, agency or body which, severally or with others, specifies the purposes and the means of the processing of the personal data;
data processor: a natural or legal person, public authority, agency or body which processes personal data on behalf of the data controller;
third party: a natural or legal person, public authority, agency or body other than the data subject, the data controller, the data processor and the persons authorised to the processing of the personal data under the direct authority of the data controller or processor;
recipient: a natural or legal person, public authority, agency or any other body to whom data are disclosed, whether a third party or not.