Pursuant to articles 13 e 14 of EU Regulation 2016/679 (“GDPR”)
The Professional Association “Fantozzi e Associati” Tax Law Firm with registered office in Via Sicilia 66-00187 Rome, provides some information regarding the use of personal data referred to individuals – hereafter “Data Subject” – who apply for a service provided by “Fantozzi e Associati” Tax Law Firm or either contact it to evaluate the opportunity to apply for a service or to obtain any information on the services offered and the activities performed. Personal data are processed by “Fantozzi e Associati” Tax Law Firm as “Data Controller” in compliance with current legislation and with the obligations of confidentiality that inspire the activity of the Data Controller.
Personal data include, but are not limited to: first name, last name, place and date of birth, social security number, residence, gender, telephone contacts, e-mail address. We also inform you that, pursuant to art. 9 GDPR, the Data Controller is forbidden to treat special categories of data (” Data Special Categories “), except in cases where one of the conditions that allow to process such data pursuant to art. 9.2 GDPR (consent of the Data Subject, defense of a right in court, purpose of public interest, etc.). In particular, Data Special Categories include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership, as well as genetic data, biometric data intended to uniquely identify a person physics, data relating to a person’s health or sexual life or sexual orientation.
Identifying and common personal data are collected directly from the Data Subject, orally or through the filling of forms; or, again, in the fulfillment of obligations for the conclusion and execution of contracts relating to the services offered by the Data Controller. Some data are provided by third parties during operations that are functional or instrumental to the provision of services offered by the Data Controller. Other personal identification data or other common data may be collected from third parties, when this is permitted by law or is functional to the conclusion or execution of service.
Personal data are processed to execute the contract between the Data Controller and the Data Subject, including the pre-contractual phase, or to provide other services requested by the Data Subject. The provision of personal data is a necessary requirement for the establishment of a contract or for the performance of a pre-contractual phase and the refusal to supply them implies the impossibility for the Data Controller of satisfying the Data Subject requests. The legal basis for processing Personal Data is the execution of a contract or pre-contractual measures.
Personal Data are also processed as part of the normal activity of the Data Controller in order to comply with obligations established by laws, regulations and / or Community legislation, or provisions issued by authorities legitimated by law and by supervisory and control bodies (for example: financial police, tax office). The legal basis for processing Personal Data is the execution of a legal obligation.
The Data Controller may process your personal data also to ascertain, exercise or defend his rights in the context of an out- of- court and / or judicial dispute, where necessary. The legal basis for processing Personal Data is the legitimate interest of the Data Controller.
As a part of the execution of the contract, including the pre-contractual phase, the Data Controller may know directly and / or indirectly also data qualified as Data Special Categories. For the execution of the contract, even in the pre-contractual phase, processing of such data may be necessary. In such cases, the processing will be carried out exclusively for the pursuit of the purposes for which it is necessary and in a manner suitable to guarantee the security and confidentiality of Personal Data involved. The legal basis for processing Personal Data, pursuant to art. 9.2, letter f) of the GDPR, is the necessity of the processing itself in order to ascertain, exercise or defend a right in court or whenever the jurisdictional authorities exercise their jurisdictional functions.
The processing of personal data is carried out using manual, informatic and telematic tools, according to a principle of data minimisation and, in any case, in a manner that ensures the security and confidentiality of personal data.
Fulfillment of contractual obligations (execution of professional mandate)
For the duration of the contractual relationship and, after termination, for a further 10 years.
In the case of judicial litigation, they are retained in any case for the entire duration of the same, up to the expiry of the legal terms to appeal.
Compliance with legal obligations
For the duration of the contractual relationship and, after the termination, for 10 more years, as the ordinary prescription of contractual liability (applied to all the processings for which the law does not require different retention terms).
In case of judicial litigation, for the entire duration of the same, until the expiry of the legal terms to appeal.
Ascertainment, exercise or defence of rights of the Data Controller on appeal and / or court settlement and / or judicial
The duration of the claim and / or the out-of-court and / or judicial procedure, until the expiry of the legal terms to appeal.
Each employee and collaborator of the Data Controller has access only to the personal data necessary for the performance of the duties assigned as persons authorized to process personal data. Furthermore, the Data Controller asks collaboration to third parties, as Processors, in the following categories: computer consulting companies; website maintenance companies; payroll consultants; lawyers; registered accountants; investigative agencies; experts appointed by the Court.
A list of all Data Processors is made available by the Data Controller.
According to EU Regulation 2016/679, the Data Subject has the right to ask the Data Controller to access personal data, to correct or delete them, to limit the processing of his personal data, to object to their processing, to achieve data portability. Finally, the Data Subject has the right to lodge a complaint with the Authority for the Protection of Personal Data, as well as to resort to the other means of protection provided for by the applicable legislation. For further information, please contact the Data Controller based in Via Sicilia 66 – 00187 Rome – telephone: 06 420061; email address: firstname.lastname@example.org; certified email address: email@example.com
Contact details of the Data Controller and Data Processor
The Data Controller is the Professional Association “Fantozzi e Associati” Tax and Law Firm with registered office in Via Sicilia 66 – 00187 Rome. It may be reached to the following references: telephone: 06 420061; email address: firstname.lastname@example.org; certified email address: email@example.com