Your privacy is important to us
This privacy notice has been drawn up pursuant to article 13 of the General Data Protection Regulation No 2016/679 (hereinafter the “GPDR”) and provides details regarding the processing of your information collected from the website www.pirolapennutozei.it (the “Site”). Please read it carefully.
1. WHO PROCESSES YOUR DATA?
The Data Controller for the Site shall be Pirola Pennuto Zei & Associati, with registered office at via Vittor Pisani, 20, Milan, VAT number 06946520159 (hereinafter, the “Controller” or the “Firm”).
Data protection officer
The Controller has appointed a data protection officer, who may be contacted at email@example.com
Other persons to whom your data may be disclosed
Your data may be shared with:
- Pirola Pennuto Zei & Associati’s designated staff and, if necessary, consultants who have agreed to maintain confidentiality or are subject to adequate confidentiality obligations;
- persons delegated and/or appointed by the Controller to carry out activities strictly related to the purposes set out below (including system maintenance services), if necessary, appointed as data processors.
Your personal data may be transferred outside the European Economic Area in accordance with articles 44 ff of the GDPR.
2. WHAT TYPE OF DATA DO WE COLLECT?
Data volunteered by the user
- Email contact address: The Site offers users the possibility to volunteer personal information, for instance by sending emails to request information and/or enter into relationships with the Firm’s consultants, providing to the Controller your e-mail address or volunteering other information by e-mail;
- Events: the Site enables Users to register in order to attend events and meetings organized or attended by the Firm’s professionals, by providing the Controller with their personal details: name and last name, name of company, position, email address. Should the Controller require additional personal data for registration, it will issue another specific privacy notice;
- Log-in section: the Site enables Users to register in the log-in section, which contains documents and information on the main tax and legal changes, as well as the meeting material prepared by the Firm. For registration purposes, users provide the Controller with the following personal details: name and last name, name of company, position, email address, phone number (optional);
- “Careers” section: users can apply for job openings at the Firm. For a detail of the personal data processing in this connection, see the Job Applicant Privacy Notice;
- “Whistleblowing” section: this section allows anyone concerned to report misconducts and violations of the Code of Ethics, of the Code of Professional Conduct, of the Organizational, management and control model pursuant to legislative decree 231/2001 and of the Firm’s internal procedures, as well as of the external regulations applicable to the Firm. The Firm shall process the data gathered from this section in accordance with the terms of the “GDPR Policy” and the “Whistleblowing Policy”.
Third party data
If you decide to provide third party data to us, we would please ask you to ensure that such third parties have been previously and adequately informed of the manner and purposes of the processing hereunder. In these cases, you will be deemed to be the controller, with the relevant legal obligations and responsibilities.
We shall collect the following information from the services used by you:
- technical data: these include IP addresses or domain names of your computers, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the manner in which the request has been submitted to the server, the size of the response file, the numerical code identifying the status of the server’s response (successful, error etc.) and other parameters regarding your Operating system and IT environment. These data are used for statistical information purposes only (and therefore are anonymous), in order to check proper operation of the site, and are deleted immediately after processing. Data may be used to ascertain responsibility in the event of purported IT crimes against the site: except in the latter case, surfing information is deleted within 7 days;
3. WHAT ARE THE PURPOSES OF PERSONAL DATA PROCESSING?
The personal data provided through the site shall be processed:
- For purposes strictly related and/or necessary to meet users’ requests through the website, by email or other means, including invitations to events and meetings;
- To enable you to access content in the Log-in section;
- To receive by email the latest tax and legal updates and information on the events promoted by the Firm:
- To ensure compliance with laws, regulations and EU provisions;
- To ascertain, claim or defend a right in court or whenever the judicial authorities exercise their functions;
- To carry out statistical surveys.
For the purposes under letters a) and b), the legal basis for processing shall be article 6(1)(b) of the GDPR – performance of a contract to which the data subject is party or in order to take steps at the request of the data subject.
For the purposes under letter c), the legal basis for processing shall be article 6(1)(a) of the GDPR – data subject’s consent to processing.
For the purposes under letter d), the legal basis for processing shall be article 6(1)(c) of the GDPR – compliance with a legal obligation to which the Controller is subject.
For the purposes under letter e), the legal basis for processing shall be article 6(1)(f) of the GDPR – legitimate interests pursued by the Controller.
The purpose under letter f) does not involve data processing activities.
4. HOW LONG DO WE KEEP YOUR INFORMATION FOR?
We shall keep your personal data in hard copy and/or electronic format for the time strictly necessary to achieve the purposes stated at point 3 above.
With regard to the processing under point 3.a, we will retain your data for the time strictly necessary to provide the service requested, unless otherwise required to meet legal obligations or protect the Controller’s legitimate interests. In particular, the data and documents sent to individual consultants, for participation in events and meetings or provided in the registration form will be kept by the Controller for the period of time not exceeding that necessary to achieve the purposes stated in this Privacy notice and.
With regard to the processing under point 3.b, we will retain your data for the time strictly necessary to achieve such purpose, unless otherwise required to meet legal obligations or protect the Controller’s legitimate interests. Failure to log in for an extended period of time shall result in data being automatically erased after 24 months.
With regard to the processing under point 3.c, we will retain your data until you revoke your consent. Revocation of consent shall not impair the lawfulness of processing based on the consent given by you before revocation, as well as the processing of personal data pursuant to other legal bases.
With regard to the processing under point 3.d, we will process your data for the time strictly necessary to allow the Controller to meet its legal obligations.
With regard to the processing under point 3.e, we will process your data for the time strictly necessary to allow the Controller to ascertain, claim or defend a right in court or whenever the judicial authorities exercise their functions.
5. HOW CAN YOU EXERCISE YOUR RIGHTS?
Revocation of consent
You may revoke your consent at any time by contacting the Controller on firstname.lastname@example.org. Your consent is optional and may be revoked at any time without impairing the lawfulness of the processing carried out before such revocation on the basis of the consent given by you.
Exercise of your rights
Pursuant to the GPDR, you are entitled at all times to request the Controller to give you access to your personal data, to object to their processing, and ask the Controller to amend or erase them; you shall also be entitled by law to ask for restriction of processing in the cases set out in article 18 of the GDPR, or receive the personal data concerning you in a structured, commonly used and machine-readable format in the cases set out in article 20 of the GDPR.
Please send your requests to the following address: email@example.com
Finally, if you believe that processing of your data infringes the applicable law, you may file a complaint with the Italian Personal Data Protection Authority (Garante per la Protezione dei Dati Personali) pursuant to article 77 of the GDPR.
6. HOW DO WE PROTECT YOUR DATA?
Your personal data shall be processed by the persons stated under point 1. above in accordance with the applicable legislation. Taking into account the state of the art, the implementation costs and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
7. WHEN WAS THIS PRIVACY NOTICE LAST UPDATED?
This privacy notice was published in May 2021 and may be amended in connection with the entry into force of new industry legislation, with updates in the services or the provision of new services or technological innovation.