Privacy Policy
With the following privacy policy Poggi & Associati informs you, pursuant to Section 13 of (EU) Regulation no. 2016/679 (hereinafter “GDPR”), about how your personal data will be processed.
1. Controller
The firm Poggi & Associati, whose registered office is in Via Farini 11, Bologna – 40124, tel. (+39) 051 231800, e-mail: info@poggieassociati.it, is the Data Controller (hereinafter “Controller”) of your personal data (“Data” as defined below).
2. Purpose of the processing
The Controller processes the data related to you and/or to reference personnel (employees or contract staff) and/or the shareholders or the directors of the company that you represent, in order to manage the professional activity with you and/or with the company that you represent. Said processing will be conducted within the principles of lawfulness, legality, transparency and respect for your privacy and rights.
3. Definitions
For the purposes of GDPR, the following definitions shall apply:
a) personal data (Art. 4, paragraph 1 of GDPR): “means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”;
b) special categories of personal data (Article 9, paragraph 1 of GDPR): revealing “racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and […] data concerning health or data concerning a natural person’s sex life or sexual orientation”.
4. Categories of Data
The categories of data processed by the Controller in the framework of the professional relationship fall into the category of personal data and special categories of personal data, hereinafter the “Data”. It should be noted that the Data processed in the framework of the purposes indicated below, have been communicated by you or have generally come from accessible sources (such as, for example, the Chamber of Commerce, the Revenue Agency, etc.).
5. Purposes
Your Data are processed for the following purposes:
a) perform the professional mandate conferred or manage the professional activity with you and/or with the company that you represent, including legal, administrative, tax and accounting compliance (“Activities”);
b) comply with legislation and regulations (national or EU), or fulfil an order from the judicial authorities or supervisory bodies to which the Controller is subject;
c) fulfil the obligations in respect of money laundering (AML).
We also inform you that we will not use your Personal Data for different and other purposes with respect to those described above, without informing you first and, where necessary, you giving your consent.
6. Nature of the provision and the consequences of refusing
The collection of personal data is not required by law, however, not providing data could regretfully lead to it being impossible for us to carry out the Activity, as well as failure to comply with the requirements of civil, national and EU tax legislation.
Failure to provide personal data collected for anti-money laundering purposes makes it impossible for our firm to perform the Activity (abstention obligation).
7. Persons authorised to process data and recipients
Your Personal Data may be processed for the purposes referred to in Art. 5 above by:
a) the Controller’s employees and contract staff, in their capacity as persons authorised to process data (so-called “persons in charge”);
b) professionals or service companies acting on behalf of the Controller, in their capacity as external processors.
Your Personal Data may also be communicated to members of the financial administration (Revenue Agencies, Local Agencies, Property Agencies, Financial Intelligence Units, Guardia di Finanza (Italian Finance Police), State General Accounting Department , etc.), social security institutions (INPS, INAIL, etc.), to local offices and authorities (Company Register, local council, provincial offices, etc.) and any other public and/or private body, exclusively for the purposes of the proper fulfilment of the obligations imposed on you by law, regulations and by EU legislation.
8. Transfer of data
The data are stored on a server located in Italy. In any case, it remains understood that the Controller, where necessary, shall have the right to move the server even outside of the EU. In this case, the Controller shall ensure as of now that the transfer of data outside the EU will be in accordance with the provisions of the applicable law, after concluding the standard contract terms laid down by the European Commission.
9. Processing methods
Your Personal Data are processed by means of the operations indicated in Art. 4, paragraph 2 of GDPR and precisely: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Your Personal Data are subjected to both paper and electronic processing with organisation and processing logics closely correlated to the same purposes and in any case in such a way as to ensure the security, integrity and confidentiality of your Personal Data in respect of organisational measures, security, physical and logical measures under the provisions in force and, however in respect of that covered by the GDPR, as well as in compliance with the rules of professional ethics and correct conduct specific to the profession concerned. In any case, we hereby inform you that your Personal Data will not be the subject of disclosure, unless necessary to fulfil the obligations provided for by law or regulations.
10. Retention period
The Controller will process the data for the time necessary to fulfil the purposes referred to above and, anyway, for no more than ten years from the termination of the Activity, without prejudice to the legitimate interest of the Controller pursuant to the GDPR, or any longer period that may be established in the future with reference to cases regulated from time to time by the applicable laws or by the competent authorities.
11. Data subject’s rights
With respect to your Data, you may exercise the following rights at any time:
a) Right of access – obtain confirmation whether or not personal data concerning you are being processed, and, where that is the case, access to the following information relating in particular to: the purpose of the processing, the categories of personal data processed and storage period, recipients to whom they can be communicated (Art. 15, GDPR);
b) Right to rectification – obtain, without undue delay, the rectification of inaccurate personal data concerning you and have incomplete personal data completed (Art. 16, GDPR);
c) Right to erasure – obtain, without undue delay, erasure of your personal data, in the cases provided for by the GDPR (Art. 17, GDPR);
d) Right to restriction of processing – obtain from the Controller restriction of processing, in the cases provided for by the GDPR (Art. 18, GDPR);
e) Right to portability – receive the personal data concerning you, which you have provided to a Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance, in the cases provided for by the GDPR (Art. 20, GDPR);
f) Right to object – object to the processing of personal data concerning you, unless there exist legitimate grounds for the Controller to continue with the processing. At any time it is possible to unsubscribe from newsletters, automatic emails, etc. (Art. 21, GDPR);
g) The right to lodge a complaint with a supervisory authority – submit a complaint to the competent authority according to the instructions published on the website www.garanteprivacy.it or by sending an email to urp@gpdp.it;
h) Right of withdrawal – withdraw your consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal (Art. 7, GDPR).
12. How to exercise the rights
The rights referred to above can be exercised by written request that contains the clear indication in the reference of the type of right exercised. This request may be sent by registered letter with acknowledgement of receipt or regular email addressed to the Controller, using the following addresses:
– registered letter with acknowledgement of receipt: Poggi & Associati, Via Farini 11, Bologna – 40124;
– email address: privacy@poggieassociati.it.