NOTICE ACCORDING TO GDPR

This notice is rendered in accordance with art. 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, General Data Protection Regulation (hereinafter the “GDPR”) with reference to the personal data that the Law and Tax Firms of ETL GLOBAL in Italy and, in particular, a) GRABER & PARTNER SRL b) NEXUMStp S.p.A. and c) SHELTONS ITALY SRL (altogether referred to as “The Advisors“) collect from each data subject on the date of engagement by the latter.

Controller and Data Protection Officer:

a) The CONTROLLER of personal data processing is GRABER & PARTNER SRL (P.I. 01590740211), in the person of its legal representative, Dr. Hermann Andrä Graber, with registered office in Via dei Campi della Rienza, 30 – 39031 Brunico (BZ), Italy (IT); the contact details of the Controller are as follows: email: info@graber-partner.com; pec: graberpartner@arubapec.it; telephone number: +39 0474 572900.

GRABER & PARTNER SRL has appointed a personal DATA PROTECTION OFFICER (hereinafter “DPO of GRABER & PARTNER SRL”) in the person of Dr. Hermann Andrä Graber, who can be reached at the following e-mail address: info@graber-partner.com. 

b) The CONTROLLER of personal data processing is NEXUMStp S.p.A. (P.I. 13262641007), in the person of its legal representative, Dr. Paolo Stern, with registered office in Via Nairobi, 40 – 00144 Rome (RM), Italy (IT); the contact details of the Controller are as follows: e-mail: info@nexumstp.it; pec: nexumstp@pec.it; telephone number: +39 06 5916078.

NEXUMSTP S.p.A. has appointed a personal DATA PROTECTION OFFICER (hereinafter referred to as the “DPO of NEXUMSTP S.p.A“) in the person of Ms. Francesca Potì, lawyer, who can be reached at the following e-mail address: dpo@nexumstp.it.

C) The CONTROLLER of personal data processing is SHELTONS ITALY SRL (P.I. 11809830968), in the person of its legal representative, Ivan Zammit, with registered office in Via Dante, 16 – 20121 Milan MI, Italy (IT); the contact details of the Controller are as follows: e-mail: i.zammit@sheltonsgroup.com; telephone number: +39 380 638 2344.

SHELTONS ITALY SRL has appointed a personal DATA PROTECTION OFFICER (hereinafter “DPO of SHELTONS ITALY SRL”) in the person of Mr. Ivan Zammit, who can be reached at the following e-mail address: i.zammit@sheltonsgroup.com.

Purpose of the processing: The processing of the data subject’s personal data is necessary for the duly performance of the court and out-of court professional advisory services to be rendered by the Advisors, their associates and their external and independent fiduciary professionals. The personal data of the data subject will be processed for the purpose of: a) performing the clients’ tax and accounting duties; b) complying with any of the Advisors’ duty provided by mandatory provisions of law. Personal data may be stored in analogical or digital archives (inclusive of mobile devices) and processed on a strict need-to-know basis for the purposes mentioned above.

Legal basis for the processing: The Controller lawfully processes the data subject’s personal data (mainly those of directors and officers of the Advisors’ corporate clients), to the extent the data processing: a) is necessary for the performance of the professional advisory services, a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering a contract; b) is necessary for compliance with a legal obligation to which the Advisors, their associates and/or their external and independent fiduciary professionals are subject; c) is based on the data subject’s explicit consent to the processing of his personal data for one or more specific purposes.

Consequences of failure to provide the personal data: Should the provision of personal data be a statutory or contractual requirement, or a requirement necessary to enter into a contract (e.g. for fiscal and accounting purposes), the failure to provide the personal data may avoid the valid conclusion of the relevant contract.

Data storage: The data subject’s personal data shall be processed in compliance with the provisions above and stored by the Controller for a period equal to the duration of the professional advisory agreement and, after expiry or termination of the same, for a period equal to the Advisors’, their associates’ and/or their external and independent fiduciary professionals’ duties of law to store and keep records of those personal data (e.g. for fiscal purposes).

Further data processing: The data subject’s personal data may be further processed to: a) advisors and accountants or other attorneys providing ancillary professional advisory services to those mentioned above; b) banks or insurance companies providing services in connection with the Advisors’ professional advisory services; c) entities processing the personal data for compliance with a specific legal obligation; d) judicial or administrative authorities in connection with their legal obligations.

Profiling and further data processing: The data subject’s personal data are neither subject to further data processing nor to any automated decision-making, including profiling.

Rights of the data subject: The GDPR grants to the data subject the following rights vis-à-vis the Controller: a) to obtain access to his or her personal data and to any relevant information, to obtain the rectification of inaccurate personal data or to have incomplete personal data completed, to obtain erasure of personal data concerning him or her (should one of the grounds listed under art. 17, paragraph 1 of the GDPR occur and notwithstanding the exemptions under paragraph 3 of the same article), to obtain restriction of processing (where one of the situations under art. 18, paragraph 1 of the GDPR occurs); b) to obtain – in those cases in which the processing is based on consent or on a contract and such processing is carried out by automated means – his or her personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller (right to data portability); c) to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her; d) to withdraw his or her consent at any time with reference to those processing based on the data subject’s consent, is based on his or her particular situation and refers to general data (e.g. date and place of birth or of residence) or on particular data (e.g. data revealing racial or ethnic origin, political opinions, religious of philosophical beliefs, health and sex life or sexual orientation of the data subject) and provided the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal; e) notify a breach of a personal data protection to the supervisory authority (Autorità Garante per la protezione dei dati personali – www.garanteprivacy.it).

This information sheet about personal data protection has been filed on the basis of the GDPR (English version) and of the “Model Information Sheet” prepared by the Italian National Bar Association.