With the following disclosure Marchese Zanardi & Partners informs you, pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”), on how your personal data will be processed.

 

1. Data Controller

The data controller (“Data Controller”) of your personal data (“Data”, as defined below) is Marchese Zanardi & Partners, with registered office in Via Massimo d’Azeglio 21, Bologna, Italy. Telephone (+39) 051 238405, email info@mztax.it.

 

2. The Data Being Processed

The Data Controller processes the Data concerning you and/or your related personnel (employees or collaborators) and/or the shareholders or directors of the company you represent, in order to manage the professional relationship with you and/or with the company you represent.

This processing will abide by the principles of correctness, lawfulness and transparency and protection of your privacy and your rights.

 

3. Definitions

Under the GDPR, the following definitions apply:

1. 1. personal data (Article 4(1) of the GDPR): “any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”;

   2. special data (Article 9(1) of the GDPR): data revealing “racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and […] data concerning health or data concerning a natural person’s sex life or sexual orientation”.

 

4. Data Categories

The categories of data processed by the Data Controller in the framework of the professional relationship fall into the category of personal data and special data (“Data”).

The Data processed for the purposes indicated below, have been communicated by yourself or come from publicly accessible sources (such as the Chamber of Commerce, the Revenue Agency, etc.).

 

5. Purposes

Your Data are processed for the following purposes:

1. to fulfil the professional mandate you have conferred or to manage the professional relationship with you and/or the company you represent, including the related legal, administrative, tax and accounting requirements (“Activity”);
2. to comply with the provisions of laws and regulations (national or EU), or execute orders of judicial authorities or supervisory bodies to which the Data Controller is subject;
3. to comply with anti-money laundering (AML) obligations.

We will not use your Data for purposes other than those described above without informing you in advance and, if necessary, obtaining your consent.

 

6. Voluntary Provision of Data and Consequences of Refusal

The collection of your personal data is not required by law. However, failure to provide the data could, despite our efforts, make it impossible for us to perform the Activity, as well as fail to comply with the requirements of civil, national and EU tax legislation.

Failure to provide personal data collected for anti-money laundering purposes makes it impossible for our firm to perform the Activity (forceful refrain).

 

7. Parties Authorised to Process the Data and Recipients

Your Data may be processed for the purposes specified in paragraph 5, by:

1. the Data Controller employees and contract staff, in their capacity as parties authorised to process the Data (“Sub-processors”);
2. professionals or service companies operating on behalf of the Data Controller, in their capacity as external data processors.

Your Data may also be disclosed to bodies of the Tax Authorities (Revenue Agency, Guardia di Finanza (Italian Finance Police), etc..), social security and welfare institutions (INPS, INAIL, etc..), offices and local authorities (Register of Companies Offices, municipal offices, provincial, etc.) and to any other public and/or private body exclusively to properly fulfil the obligations imposed on you by law, regulations and EU legislation.

 

8. Transfer of Data

The Data are stored on a server located in Italy. In any case, the Data Controller, if necessary, may relocate the server, even outside the EU. In this case, the Data Controller ensures as of now that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, subject to the stipulating the standard contractual clauses required by the European Commission.

 

9. Processing Methods

We process your Data as described in Article 4(2) of the GDPR and specifically: collection, recording, organisation, structuring, update, storage, adaptation or amendment, retrieval and analysis, consultation, use, disclosure by transmission, comparison, interconnection, restriction, deletion or destruction.

Your Data are processed both on paper and electronically with organization and processing logic strictly linked to the purposes in order to ensure the security, integrity and confidentiality of the Data in compliance with the organizational, security, physical and logical measures required by applicable regulations, and however in compliance with the provisions of the GDPR, as well as in compliance with the rules of professional ethics and proper professional conduct.

In any case, your Data will not be disclosed, unless this is necessary to comply with legal obligations or regulations.

 

10. Retention Period

The Data Controller will process the Data for the time necessary to fulfil the above purposes and, however, for no more than 10 years after the company is wound up, without prejudice to the legitimate interest of the Data Controller in accordance with the GDPR, or for any longer period that may be established in the future for situations that from time to time may be governed by applicable regulations or by the relevant authorities.

 

11. Rights of Data Subjects

You may exercise the following rights in relation to your Data at any time:

1. Right to access – to obtain confirmation as to whether or not any personal data concerning the Data Subject are being processed and, if so, receive information concerning, in particular: the purpose of the processing, the categories of personal data processed and the storage period thereof, the recipients to whom such data may be disclosed (Article 15 of the GDPR);

2. Right to correction – to obtain, without undue delay, the correction of inaccurate personal data concerning the Data Subject and the completion of incomplete personal data (Article 16 of the GDPR);

3. Right to deletion – to obtain, without undue delay, the deletion of the Data Subjects personal data, in the conditions specified in the GDPR (Article 17 of the GDPR);

4. Right to restriction of processing – to obtain from the Data Controller a restriction of the processing, in the conditions specified in the GDPR (Article 18 of the GDPR);

5. Right to portability – to receive the Data Subject’s personal data that has been provided to the Data Controller, in a structured, commonly used and machine-readable format, and to have such data sent to another data controller without hindrance, in the conditions specified in the GDPR (Article 20 of the GDPR);

6. Right to object – to object the processing of the Data Subject’s personal data, unless there are legitimate reasons for the Data Controller to continue processing it. It is also possible to unsubscribe from newsletters, automatic emails, etc. at any time. (Article 21 of the GDPR);

7. Right to lodge a complaint with the Supervisory Authority – to lodge a complaint with the Italian Data Protection Authority, by following the instructions published on the www.garanteprivacy.it website or by sending an email to urp@gpdp.it;

8. Right to withdraw – to withdraw the consent. The withdrawal of consent does not affect the lawfulness of the processing based on the consent conferred before the withdrawal itself (Article 7 of the GDPR).

 

12. How to the Exercise the Rights

The above rights may be exercised by submitting a written request that clearly specifies in its subject the type of right being exercised.

The request can be sent by registered letter with proof of delivery to the following address: Marchese Zanardi & Partners, via Massimo d’Azeglio 21, 40123, Bologna, Italy.