CARAVATI PAGANI – Dottori Commercialisti Associati, Italian Tax Code and VAT No. 01186760037, with offices in Arona (NO), Piazza De Filippi 7, Milan (MI), Via Giosuè Carducci 31, Gozzano (NO), Via Beltrami 47 (“CARAVATI PAGANI”), in its capacity as the Controller of personal data freely and voluntarily given by you in accordance with EU Regulation 679/2016 – General Data Protection Regulation (GDPR), hereinafter only the “GDPR”, acknowledges the importance of personal data protection and has made it one of the main objectives of its business.
For processing personal data we mean any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
CARAVATI PAGANI informs you that your personal data will be processed by manual, computerised and / or telematic means, and based on the principles of lawfulness, fairness and transparency, purpose and storage limitation, data minimisation, accuracy, integrity and confidentiality and aiming to protect the rights and freedoms of the data subject. Therefore, your personal data will be processed insofar as strictly necessary to achieve the purposes indicated below and connected to the consultation and use of the Website, in compliance with the GDPR and, in any case, in order to ensure the security and confidentiality of the personal data.
The Website’s Data Controller is CARAVATI PAGANI – Dottori Commercialisti Associati, as defined above.
The data processing connected to the Website services takes place at the datacenter of Register.it S.p.A., with registered office in Florence, Via della Giovine Italia, 17 – 50122, and also at other offices of the Controller and through its devices. For any information concerning the personal data processing of CARAVATI PAGANI, including the list of data processors, please write to the following e-mail: firstname.lastname@example.org
2. PERSONAL DATA SUBJECT TO PROCESSING.
“Personal Data” means any information relating to an identified or identifiable natural person, with particular reference to identifiers such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that natural person.
More specifically, Personal Data collected by the Website are as follows:
A) Browsing data
Computer systems and software procedures relied upon to operate the Website work acquire some personal data as a standard of their ordinary operations. The transmission of the data is implicit in the use of internet communication protocols. These data are not collected to be associated with an identified data subject, but because of their very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the Website, the addresses provided with the Uniform Resource Identifier (URI) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s computer system. These data are used to obtain anonymous statistical information on the use of the Website and to check its correct functioning; to allow – given the architecture of the systems used – the correct delivery of the various features requested by you, for reasons of security and assessment of liability in cases of computer crimes against the Website or third parties.
B) Data communicated by users
Sending messages, on the basis of the user’s free, voluntary, explicit choice, to CARAVATI PAGANI contact addresses and filling in and sending the forms made available on the website (e.g. subscribe to the CARAVATI PAGANI newsletter service or contact CARAVATI PAGANI through the form “Contact us / Write us”, or by email messages containing contact requests, requests for a price quotation, submit of a spontaneous job application), entail the acquisition of the sender’s contact information as necessary to provide a reply as well as of any and all the personal data communicated. Such data are used only to perform the service requested and are disclosed to third parties only if it is strictly necessary for the performance of the service itself or if required by law. In these cases, therefore, failure to provide the data could compromise or make it impossible to provide the service.
CARAVATI PAGANI will process the above said data in compliance with the GDPR, assuming that they refer to you, your company or to third parties who have expressly authorised you to grant them based on an appropriate legal basis that legitimises the processing of the data in question. In such cases, you will be considered as an independent data controller regarding that Personal Data and must assume all the inherent legal obligations and responsibilities. In this regard, you grant the widest indemnity with respect to any dispute, claim, request for compensation for damage from unlawfully processing, etc., that it could be advanced against CARAVATI PAGANI from third parties whose Personal Data have been processed through your use of the Website in violation of current legislation.
C) Sharing content on social networks
If you decide to share some content on one or more social networks (Twitter, LinkedIn, Google + …), the Website may access some information of your account if you have activated the sharing of your account data with third-party applications.
You can disable the sharing of your account data with third-party applications by accessing the settings of the same. For more information, please consult the website of the social networks to which you are registered.
D) Cookies and similar technologies
- Definitions and characteristics of cookiesCookies and related technologies are information that websites and apps send or read on your devices at the first visit, to be then sent back to the same websites and apps at the next visit. Thanks to these technologies, websites and apps remember actions and preferences (such as login data, the chosen language, font size, other display settings, etc.), so that they do not have to be indicated again at the next visit.These technologies are used to perform IT authentication, session monitoring and storage of information regarding the activities of users accessing a service and may also contain a unique identification code that allows tracking of user navigation within the website for statistical or advertising purposes.
There are different types of cookies that, depending on their characteristics and functions, may persist on your device for different periods of time, such as session cookies, which are automatically deleted when you close the browser; and persistent cookies, which remain on your device for a pre-determined term.
Your prior consent is required for “analytical” cookies which are not anonymised and for profiling cookies, e.g., those that provide statistical analysis about the use of a website or that create user profiles as to send advertising messages according to their preferences expressed during browsing.
- Types of cookies used by the Website and deselect optionWhile browsing the site, you will receive the following cookies: cookies from a third party, i.e., cookies from different third-party websites or servers and therefore other than those belonging to CARAVATI PAGANI. Please note that these third parties, listed below with links to their privacy policies and opt-out mechanisms, process your Personal Data as Data Processors on behalf of CARAVATI PAGANI. These third parties have indeed signed agreements with CARAVATI PAGANI for the processing of data and the cookies were anonymised by masking the IP addresses. Cookies from third parties are:
For the provision and management of the Website’s newsletter, CARAVATI PAGANI uses the service offered by MailChimp and provides information relating to the processing of data to those who are interested in subscribing to this newsletter. To subscribe to the mailing list that allows you to receive CARAVATI PAGANI’s newsletter via email, automatically and free of charge, you can use the form “Subscribe to our newsletter” on the Website.
The e-mail address and other data given by the user through the related form are used to fulfil the request to send the newsletter, and allows to subscribe to the related mailing list that contains messages that have informative content, as articles and publications, concerning the areas of expertise covered by CARAVATI PAGANI.
On this point, it is specified that the Data Controller uses the service provided by MailChimp of The Rocket Science Group, LLC, 675 Ponce De Leon Ave NE, Suite 5000, Atlanta, Georgia 30308, and therefore, in the case of subscribing to the newsletter, the data relating to the data subject may be sent to and known by the American company that provides the service and may be stored in the cloud database of the aforementioned company.
The data collected are processed using the platform and the electronic tools provided by MailChimp’s service, as well as using additional IT tools provided by the Data Controller.
The data of the data subject who subscribes to the newsletter will therefore be transferred abroad; however, the data subject is informed that, in order to legitimise and guarantee the transfer of said non-EU data, standard contractual clauses were signed with the company that provides the service, which also complies with the Privacy Shield.
The consent to processing data is optional, but any refusal will make it impossible for the Data Controller to send the newsletter and for subscription to the mailing list.
The data are stored until the data subject objects to the sending and withdraws from receiving the newsletter.
4. PROCEDURES, PURPOSE, LEGAL BASIS, MANDATORY OR OPTIONAL NATURE OF PROCESSING, CONSEQUENCES OF REFUSAL, CONSENT
The collection and processing of Personal Data by CARAVATI PAGANI are performed in compliance with the principles of lawfulness, fairness and transparency and in order to ensure adequate security, including protection from unauthorised processing or unlawful and from accidental loss, destruction or damage, through appropriate technical and organisational measures.
The Personal Data are processed, mainly with automated and electronic tools, for the time strictly necessary to achieve the purposes for which they were collected, unless it is necessary to store data for compliance with legal obligations and/or for the time needed in consideration of statutory requirements, even after processing has been carried out.
The processing connected to the Website services are handled by CARAVATI PAGANI staff, for this purpose authorised to process Personal Data, as well as by third parties as Data Processors or Data Controllers in relation to the specific activities performed. The different role assumed by CARAVATI PAGANI partners in relation to the processing of data handled is strictly connected to the specific activity performed.
No data deriving from the web services of CARAVATI PAGANI, if not in an anonymous and aggregated form, shall be the subject of dissemination.
The Personal Data you give via the Website will be processed by CARAVATI PAGANI:
- without your express consent (Article 6, letters b, c, f, GDPR), for the following purposes:
- purposes related to the performance of a contract of which you are a party or in order to take steps at your request prior to entering into a contract (e.g., contact request via the Contact form – Write us/Contact us, etc.), therefore the performance of pre-contractual, contractual obligations and to fulfil tax obligations with respect to legal relations, even at a distance, established or going to be established;
- purposes of statistical research/analysis of aggregated or anonymous data, without the possibility of identifying the user, aimed at measuring the functioning of the Website, measuring internet traffic and assessing web usability and interests;
- purposes necessary for compliance with a legal obligation under the law, regulations, EU legislations or an order of the Authority (such as for anti-money laundering), to which CARAVATI PAGANI is subject;
- the purposes necessary for the establishment, exercise or defence of a right under a legal action or whenever courts are acting in their judicial capacity.
- with your consent (article 7, GDPR), for the following purposes:
- sending newsletters containing informative and educational material, articles and publications, also in relation to the professional activity of the Data Controller.
The legal basis for personal data processing in order to achieve the purposes referred to in Section I), point a) above is the performance of a contract of which you are a party or in order to take steps at your request prior to entering into a contract, therefore the performance of pre-contractual and contractual obligations with respect to legal relations established and/or going to be established with you. The purpose referred to in point b) does not involve the processing of personal data, while the legal basis of personal data processing for the purposes referred to in point c) is the fulfilment of a legal obligation to which the Data Controller is subject, and in point d), the legal basis is the pursuit of the Data Controller’s legitimate interest.
Please note that, taking into account the processing purposes as explained above, providing your personal data for the purposes referred to in Section I) above is mandatory.
The partial, incorrect or absence of consent and/or the explicit refusal to the processing will make it impossible for the Data Controller to fulfil your requests, to comply with the contractual obligations deriving from the appointment granted or from a legal obligation to which the Data Controller is subject to or fulfil requests from relevant Authorities.
The legal basis for personal data processing for the purposes referred to in Section II), point a), above is consent. For this purpose, consent to data processing is optional, with the consequence that you may decide not to give your consent, or to withdraw consent at any time. Refusal to give consent does not affect the contractual relationships.
Performing the above mentioned purposes, the Data Controller may become aware of particular categories of Personal Data, i.e., those considered suitable to reveal the racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, unions, associations or organisations with a religious, philosophical, political or trade union nature, health status and sexual life. The processing of these categories of data can only take place if the data subject has given his or her explicit consent and in compliance with the GDPR. Therefore if you have not provided written consent to the processing such data and such data has been sent, CARAVATI PAGANI will immediately erase them. The data subject can withdraw consent at any time. The Data Controller does not process data through automated decision-making procedures.
The following entities are recipients of the data collected in the course of visiting the website:
- entities to perform the services offered by the Website, including, but not limited to, the sending of e-mail messages, the newsletter service and the analysis of the Website’s functioning; other external entities with whom the Data Controller maintains the necessary relations carrying out its business or due to legal obligations; entities who have been specifically appointed and for the time necessary to achieve the purposes for which the data were collected, which typically act as the Data Processors of CARAVATI PAGANI;
- persons authorised by CARAVATI PAGANI for the processing of Personal Data that commit to maintain confidentiality or have an appropriate legal obligation of confidentiality; (e.g., employees and independent contractors of CARAVATI PAGANI); (a and b are collectively known as “Recipients”);
- The courts in the exercise of their functions under the Applicable Law.
The Data Controller ensures that the electronic and paper processing of your Personal Data by the Recipients takes place in compliance with the GDPR.
The Website may disclose some of the data collected to service companies located outside the European Union area. More specifically, with Google, Twitter and Microsoft (LinkedIn), through the social plugins and the Google Analytics service, as well as with MailChimp for the delivery of the website newsletter service. The transfer is authorised according to specific decisions of Europe Union and of the Data Protection Authority, specifically Decision 1250/2016 (Privacy Shield – here the information page of the Italian Data Protection Authority), for which no further consent is required. The above-mentioned companies guarantee their compliance to the Privacy Shield.
7. DATA STORAGE
The management and storage of personal data takes place in the cloud and on servers located inside and outside the European Union owned and/or available to the Data Controller and/or third-party companies in charge, which typically act as Data Processors of CARAVATI PAGANI or as autonomous data controllers.
CARAVATI PAGANI will process your Personal Data for the time strictly necessary to achieve the purposes indicated in the point n. 4 above. For example, CARAVATI PAGANI will process the Personal Data for the newsletter service until you decide to unsubscribe from the above-mentioned service.
Without prejudice to the foregoing, to protect its interests, CARAVATI PAGANI will process your Personal Data for the term allowed under Italian law.
Further information regarding the storage period of Personal Data and the criteria used to determine this period may be requested in writing to the Data Controller at the e-mail address indicated above.
8. YOUR RIGHTS
In compliance with the provisions of the GDPR, you have the right to exercise the following rights:
- the right of access – To obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and more specifically, the information regarding the purposes of the processing, the categories of personal data concerned, the storage period, the recipients to whom the personal data may be disclosed (Article 15, GDPR);
- right of rectification – obtain, without undue delay, the rectification of inaccurate personal data concerning you and the integration of incomplete personal data (Article 16, GDPR);
- right to erasure – obtain, without undue delay, the erasure of personal data concerning you, in the cases provided for by the GDPR (article 17, GDPR);
- right of restriction of processing – obtain from the Controller restriction of processing, in the cases provided for by the GDPR (Article 18, GDPR);
- the right to data portability – receive the personal data concerning you, which you may have provided to the Data Controller, in a structured, commonly used and machine-readable format, and the right to transmit the same data to another controller without hindrance, in the cases provided by the GDPR (Article 20, GDPR);
- right to object – to object to processing of personal data concerning you, unless there are legitimate reasons for the Data Controller to continue processing (Article 21, GDPR);
- the right to withdraw your consent at any time without prejudice to the lawfulness of the processing based on the consent before its withdrawal;
- the right to lodge a complaint with a supervisory authority – Lodge a complaint to the Italian Data Protection Authority, with registered office in Piazza di Montecitorio n. 121, 00186, Rome (RM).
You can, at any time, exercise your rights as indicated above by sending:
- a registered letter to: CARAVATI PAGANI, Piazza De Filippi, 7 – 28041 Arona (NO)
- an e-mail to the address: email@example.com