PRIVACY POLICY

Dear user,

we would like to inform you that the processing of your personal data carried out through this website will be carried out in compliance with the current legislation on the protection of personal data and will be based on the principles of correctness, lawfulness, transparency and data protection. To this end, in compliance with the provisions of Article 13 of European Regulation 2016/679 (GDPR), we provide you with general information regarding the processing of personal data carried out through this website. 

This information refers exclusively to the data of those who interact with the services accessible from the home www.gebpartners.it (the Site), without extending to other websites that the user may reach via any links on the site.

The information is provided for this Site, therefore Valente Associati GEB Partners S.r.l. (hereinafter, also, the “Firm”) does not assume any responsibility for other websites (including social network platforms) that may be consulted through hypertext links on the Site.

Contact details of the Data Controller and of the DPO

The data controller is Valente Associati GEB Partners S.r.l., with registered office in Milan, Viale Bianca Maria no. 45, VAT no. 05177460960 (hereinafter "the Data Controller").

We inform you that the Data Controller has appointed a Data Protection Officer (DPO) who can be contacted at: privacy@gebnetwork.it.

For any communication from you to the DPO, please include your contact details in your request.

Other parties to whom your data may be disclosed

Your data may be shared with:

  • the personnel in charge of the Firm and any of its professionals who have committed themselves to confidentiality or are subject to an appropriate legal obligation of confidentiality;

  • parties delegated and/or appointed by the Data Controller to carry out activities strictly related to the pursuit of the purposes indicated below (including technical maintenance work on the systems), where necessary, rightly appointed as data processors.

Your personal data may be transferred outside the European Economic Area in full compliance with the provisions of Articles 44 et seq. of the GDPR.

Navigation data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters relating to the user's operating system and computer environment.

This information is not collected in order to be associated with identified interested parties, as the data is used solely for the purpose of obtaining anonymous statistical information on the use of the site and to check that it is working properly, but by its very nature it could, through processing and association with data held by third parties, allow users to be identified. Please note that the data could be used by the competent Authorities to ascertain responsibility in case of hypothetical computer crimes.

Purpose 

The data you provide may be processed in order to

  1. carry out the operations strictly necessary in order to proceed with the provision of the services you may have requested, including the implicit request consisting of your browsing through the pages of the site;

  2. receive e-mail updates on the main fiscal and tax news and on the initiatives promoted by Valente Associati GEB Partners S.r.l;

  3. activities imposed by laws, regulations or provisions

  4. statistical processing of aggregate data in relation to the performance of the site.

Legal basis

With reference to the purposes referred to in point 1), the legal basis for the processing of your personal data is represented by Article 6, paragraph 1, letter b) of the GDPR - performance of a contract to which the data subject is party or of pre-contractual measures taken at the request of the data subject.

With reference to the purpose referred to in point 2), the legal basis for the processing of your personal data is represented by Article 6(1)(a) of the GDPR - consent of the data subject.

With reference to the purpose referred to in point 3), the legal basis for the processing of your personal data is represented by Article 6(1)(c) of the GDPR - fulfilment of a legal obligation to which the Data Controller is subject.

With reference to the purpose referred to in point 4), this activity does not involve the processing of personal data.

Processing methods, security measures and retention periods

All data will be processed mainly in electronic format. Personal data, as well as any other information that can be associated, directly or indirectly, with a specific user, are collected and processed by applying technical and organizational security measures such as to ensure a level of security appropriate to the risk, taking into account the state of the art and the costs of implementation, or, where applicable, security measures prescribed by specific legislation.

Precisely with reference to the aspects of personal data protection, you are invited, pursuant to Article 33 of the GDPR, to notify the Data Controller of any circumstances or events from which a potential "personal data breach" may arise in order to allow for an immediate assessment and the adoption of any actions aimed at countering such an event, by sending a specific communication to the email address given in the section above entitled "Data Controller and DPO contact details". Please note that a personal data breach is defined as "a breach of security leading accidentally or unlawfully to the destruction, loss, modification, unauthorized disclosure of or access to personal data transmitted, stored or otherwise processed".

The measures adopted by the Data Controller do not exempt the user from paying the necessary attention to the use, where required, of passwords/PINs of adequate complexity, which he/she shall guard carefully and make inaccessible to others, in order to avoid improper and unauthorised use.

The personal data processed will be kept in a form that allows the identification of the data subjects for a period of time not exceeding the purposes for which they are processed, without prejudice to the need to keep them for a longer period following requests by the competent Authorities for the prevention and prosecution of offences or, in any case, to assert or defend a right in court.

 

Categories of recipients of personal data

Personal data will be processed by personnel specifically authorized by the Data Controller as well as by third parties, including those established in countries outside the European Union, only if this is necessary for the operation and maintenance of the site and of the services made available through the site itself, without prejudice to any obligations provided for by law (e.g. inspections by the competent Authorities).

Under no circumstances will the data be disclosed to the public.

As envisaged by the GDPR, the Data Controller shall appoint as data processors third-party companies that perform all or part of the activities in question exclusively on behalf of the Data Controller. In the event of the involvement of third parties established in countries outside the European Union, the appropriate safeguards corresponding to the adequacy decisions issued by the European Commission and/or the National Data Protection Authority appropriate to the case at hand shall be adopted for the relevant data transfer abroad. Further information regarding cases of possible data transfers to countries outside the European Union and the relevant guarantees adopted, as well as information regarding the companies appointed as personal data processors, may be requested from the DPO.

The personal data provided by users who request dispatch of informative material (various documents, answers to questions, publications, etc.) are used for the sole purpose of performing the service or provision requested and are communicated to third parties only if necessary for that purpose.

Rights of data subjects

In relation to the processing of your personal data carried out through this website, you may at any time exercise your rights as a data subject under the GDPR. In particular, you may:

  • access your personal data, obtaining evidence of the purposes pursued by the data controller, the categories of data involved, the recipients to whom the data may be disclosed, the applicable retention period, the existence of automated decision-making processes, including profiling, and, at least in such cases, meaningful information on the logic used, as well as the relevance and possible consequences for the data subject, where not already indicated in the text of this Policy

  • obtain without delay the rectification of inaccurate personal data concerning him/her

  • obtain, in the cases provided for by law, the deletion of your data

  • to obtain the restriction of the processing or to object to the processing, when allowed under the provisions of the law applicable to the specific case

  • in the cases provided for by law, request the portability of the data that you have provided to the data controller, i.e. to receive them in a structured, commonly used and machine-readable format, and also to request the transmission of such data to another data controller, if technically feasible

  • if you consider it appropriate, to lodge a complaint with the supervisory authority.

In particular, you are granted the following rights: Art. 15 - "Data subject's right of access", 16 - "Right to rectification", 17 - "Right to erasure", 18 - "Right to restriction of processing", 20 - "Right to data portability", 21 - "Right to object" GDPR within the limits and under the conditions provided for by Art. 12 GDPR.

For the processing of personal data for which the legal basis is consent, you may always revoke it.

To exercise these rights, simply contact the DPO by referring to the contact details given at the beginning of this Policy.

In this regard, we would like to point out that the Data Protection Authority has set up a special form on its website which you may use in whole or in part to describe which rights you intend to exercise; this form can be found at the following web address: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9401345.

For further information on your rights and on privacy regulations in general, we invite you to visit the website of the Italian Data Protection Authority at http://www.garanteprivacy.it/.

This information notice was published in October 2022 and may be subject to change over time, also in connection with the possible entry into force of new sector regulations, the updating or provision of new services or technological innovations.