Privacy

This page describes the methods of managing the site in relation to the processing of personal data of users who consult it. This information is also provided pursuant to art. 13 of EU Regulation 2016/679 – regarding the protection of personal data.

THE “OWNER” OF THE TREATMENT

This information is provided by Studio Professionale Potenza & Partners with registered office in Via Santa Sofia 27, in Milan, Italy, telephone 02.58318685, fax 02.58300786 (hereinafter, for the sake of brevity, the “Data Controller”) to the subject whose data is involved (hereinafter, for the sake of brevity, the “Interested Party”), pursuant to and for the purposes of Regulation (EU) 2016/679 of 27 April 2016, the so-called GDPR (hereinafter, for the sake of brevity, the “Regulation”).

PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA

All data collected will be processed in compliance with the provisions of the Regulation and, in particular, in a lawful, correct and transparent manner, for the purposes indicated below, in an adequate, relevant and limited manner to what is necessary with respect to the purposes for which they are processed, and subject to adequate technical and organizational security measures. In compliance with the principle of updating data, the Data Controller reserves the right to periodically contact the Data Subject to verify that the data provided is updated

SOURCE OF DATA PROCESSING

The data is collected directly and exclusively from the interested party

LEGAL BASIS, PURPOSE OF THE PROCESSING AND RETENTION PERIOD

I dati raccolti saranno trattati per le seguenti finalità: [please to check] (a) – Execution of contractual obligations: To execute a contract to which the Data Subject is a party or the related pre-contractual measures adopted at the request of the Data Subject. The processing for this purpose is mandatory and lasts no longer than the obligations connected with the management of the contract; the documents and electronic information will be kept for at least 10 years as provided for by Article 2220 of the Civil Code; informing the customer that the lack of availability of the data by the Data Controller could result in the total or partial impossibility of performing its service; Compliance with regulatory obligations: To fulfill legal obligations, to fulfill the regulatory provisions applicable to the Data Controller, such as community rules, laws, regulations and orders of the authorities (for example obligations regarding anti-money laundering, anti-terrorism and tax). The processing for these purposes is mandatory and has a duration equal to that required by law for the fulfillment of such obligations and the protection of such rights (for example, the data are stored in the management systems for 5 years from the conclusion of the contract and for 10 years from the last accounting entry recorded in the accounting systems).

TREATMENT METHODS

The processing will be carried out using manual, electronic or automated tools with logic strictly related to the purposes of the processing and, in any case, in a way that guarantees the security and confidentiality of the data, compatible with the best technical solutions available.

PLACE OF DATA PROCESSING

The processing will be carried out by the Data Controller in Italy.

CATEGORIES OF DATA SUBJECT TO PROCESSING

The Data Controller processes the personal data of the Interested Party relating to: personal data and other personal identification elements, tax code or VAT number, identification details of other banking relationships (IBAN, ABI, CAB, and current account number), data relating to the personal, patrimonial, income or financial situation, data relating to the level of education and employment of the Interested Party. The Firm, in the exercise of its activity, does not process "sensitive" data concerning the Interested Party (racial and ethnic origin, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, as well as personal data suitable for revealing the state of health and sexual life), unless a specific operation requested by the Interested Party does not determine the possible knowledge of a sensitive data, which will remain subject to future further and specific manifestation of consent by the Interested Party.

CATEGORIES OF SUBJECTS TO WHOM PERSONAL DATA MAY BE TRANSFERRED OR COMMUNICATED

In order to pursue the purposes described, the data may be transferred or communicated to third parties belonging to the following categories: (a) public bodies, authorities and supervisory bodies, judicial authorities and in general public or private entities with public-level functions (for example, the Revenue Agency); (b) banking and financial service providers, outsourcers, financial statement auditing firms, companies that perform archiving services for documentation relating to relationships with customers, companies that perform data processing and transmission services, or, in general, IT services.

RIGHTS OF THE INTERESTED PARTY

The Data Subject enjoys the rights set out in Articles 7 and 12 to 22 of the Regulation. In cases where the processing is based on the consent of the Data Subject, the Data Subject has the right to withdraw his or her consent at any time. The Data Subject also has the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed and access to such personal data and the following information: (a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning him or her or to object to such processing; (f) the right to lodge a complaint with the supervisory authority (Guarantor for the protection of personal data - Piazza di Monte Citorio n. 121 00186 ROME Fax: (+39) 06.69677.3785 Switchboard: (+39) 06.696771 E-mail: garante@gpdp.it; (g) where the personal data are not collected from the data subject, any available information as to their source; (h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the existence of appropriate safeguards relating to the transfer. The data subject has, pursuant to art. 13.2.b, the right to request access to personal data (art. 15) and rectification (art. 16) or erasure of the same (art. 17) or restriction of processing of data concerning him or her (art. 18) or to object to their processing (art. 21), in addition to the right to data portability (art. 20) and the right to object to automated decision-making (art. 22). The interested party will always have the right to lodge a complaint with the Guarantor for the protection of personal data, at the addresses specified above or as may be updated from time to time by the Guarantor itself.