NOTICE ACCORDING TO GDPR
This notice is rendered in accordance with art. 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, General Data Protection Regulation (hereinafter the “GDPR”) with reference to the personal data that the Italian Law and Tax Firms of ETL Italia and, in particular, a) the Law and Tax Firm RAMPF§LEGAL / GV ASSOCIATI and b) the Tax Firm GRABER & PARTNER collect from each data subject on the date of engagement by the latter.
Controller: The Controller is:
- a) For the Law and Tax Firm RAMPF§LEGAL / GV ASSOCIATI (hereinafter the “Controller RAMPF§LEGAL / GV ASSOCIATI“), Mr. Marco Rampf and Mr. Gianluca Ventola (hereinafter jointly referred to as the “Advisors RAMPF§LEGAL / GV ASSOCIATI“), with office in 00144 Rome (RM), Viale Pasteur 66. The Advisors RAMPF§LEGAL / GV ASSOCIATI may be contacted at the certified e-mail address (PEC) email@example.com. The Controller RAMPF§LEGAL / GV ASSOCIATI has appointed Mr. Marco Rampf and Mr. Gianluca Ventola as data protection officers (hereinafter the “DPO RAMPF§LEGAL / GV ASSOCIATI“). The DPO RAMPF§LEGAL / GV ASSOCIATI are located at the firm’s office and may be contacted at the above mentioned certified e-mail address of the Advisors RAMPF§LEGAL / GV ASSOCIATI.
- b) For the Tax Firm GRABER & PARTNER GMBH (hereinafter the “Controller GRABER & PARTNER“), Mr. Hermann Andrä Graber (hereinafter referred to as “Advisor GRABER & PARTNER“), with office in 39031 Bruneck (BZ), Rienzfeldstraße 30. The Advisors GRABER & PARTNER may be contacted at the certified e-mail address (PEC) firstname.lastname@example.org. The Controller GRABER & PARTNER has appointed Mr. Hermann Andrä Graber as data protection officer (hereinafter the “DPO GRABER & PARTNER“). The DPO GRABER & PARTNER is located at the firm’s office and may be contacted at the above mentioned certified e-mail address of the Advisor GRABER & PARTNER.
The Controller RAMPF§LEGAL / GV ASSOCIATI and the Controller GRABER & PARTNER are hereinafter jointly referred to as to the “Controllers“. The Advisors RAMPF§LEGAL / GV ASSOCIATI and the Advisor GRABER & PARTNER are hereinafter jointly referred to as to the “Advisors“. The DPO RAMPF§LEGAL / GV ASSOCIATI and the DPO GRABER & PARTNER are hereinafter jointly referred to as to the “DPOs“.
Purpose of the processing: The processing of the data subject’s personal data is necessary for the duly performance of the court and out-of court professional advisory services to be rendered by the Advisors, their associates and their external and independent fiduciary professionals. The personal data of the data subject will be processed for the purpose of: a) performing the clients’ tax and accounting duties; b) complying with any of the Advisors’ duty provided by mandatory provisions of law. Personal data may be stored in analogical or digital archives (inclusive of mobile devices) and processed on a strict need-to-know basis for the purposes mentioned above.
Legal basis for the processing: The Controllers lawfully process the data subject’s personal data (mainly those of directors and officers of the Advisors’ corporate clients), to the extent the data processing: a) is necessary for the performance of the professional advisory services, a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering a contract; b) is necessary for compliance with a legal obligation to which the Advisors, their associates and/or their external and independent fiduciary professionals are subject; c) is based on the data subject’s explicit consent to the processing of his personal data for one or more specific purposes.
Consequences of failure to provide the personal data: Should the provision of personal data be a statutory or contractual requirement, or a requirement necessary to enter into a contract (e.g. for fiscal and accounting purposes), the failure to provide the personal data may avoid the valid conclusion of the relevant contract.
Data storage: The data subject’s personal data shall be processed in compliance with the provisions above and stored by the Controller for a period equal to the duration of the professional advisory agreement and, after expiry or termination of the same, for a period equal to the Advisors’, their associates’ and/or their external and independent fiduciary professionals’ duties of law to store and keep records of those personal data (e.g. for fiscal purposes).
Further data processing: The data subject’s personal data may be further processed to: a) advisors and accountants or other attorneys providing ancillary professional advisory services to those mentioned above; b) banks or insurance companies providing services in connection with the Advisors’ professional advisory services; c) entities processing the personal data for compliance with a specific legal obligation; d) judicial or administrative authorities in connection with their legal obligations.
Profiling and further data processing: The data subject’s personal data are neither subject to further data processing nor to any automated decision-making, including profiling.
Rights of the data subject: The GDPR grants to the data subject the following rights vis-à-vis the Controller: a) to obtain access to his or her personal data and to any relevant information, to obtain the rectification of inaccurate personal data or to have incomplete personal data completed, to obtain erasure of personal data concerning him or her (should one of the grounds listed under art. 17, paragraph 1 of the GDPR occur and notwithstanding the exemptions under paragraph 3 of the same article), to obtain restriction of processing (where one of the situations under art. 18, paragraph 1 of the GDPR occurs); b) to obtain – in those cases in which the processing is based on consent or on a contract and such processing is carried out by automated means – his or her personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller (right to data portability); c) to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her; d) to withdraw his or her consent at any time with reference to those processing based on the data subject’s consent, is based on his or her particular situation and refers to general data (e.g. date and place of birth or of residence) or on particular data (e.g. data revealing racial or ethnic origin, political opinions, religious of philosophical beliefs, health and sex life or sexual orientation of the data subject) and provided the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal; e) notify a breach of a personal data protection to the supervisory authority (Autorità Garante per la protezione dei dati personali – www.garanteprivacy.it).
This information sheet about personal data protection has been filed on the basis of the GDPR (English version) and of the “Model Information Sheet” prepared by the Italian National Bar Association.