As part of the provisions of advisory and legal services to clients, our Firm has access to their Personal Data, the protection of which is now governed by EU Regulation no. 2016/279, which entered into force on 25/05/2018.
The purpose of this statement is to explain, in accordance with the aforementioned Regulation, how and why we collect and use said personal data and how we protect their confidentiality. For any queries on this matter, please contact us at the following e-mail address firstname.lastname@example.org .
- Data Controller. Our Firm, Franco Baudino e Associati, professional association with registered office in Turin, 68 Corso Vittorio Emanuele II, is the data controller for all personal data, regardless of how they are provided, including through access to our website www.baudino.it
- Purpose of personal data processing. We process the data provided to our Firm upon establishment or in the course of the business relationship or in any other situation, for the sole purpose of ensuring the full and proper performance of the professional tasks for which we have been retained, in relation to both contentious and non-contentious matters.
- Processing methods, limits on the provision and storage of data. The processing of said data is carried out in compliance with the principles set out in Regulation 2016/279, also in accordance with the best practices of the industry in terms of safety and reliability. The processing can be carried out with or without the aid of electronic instruments. The processing is carried out by persons who have been duly informed, made accountable and trained with regard to the methods and purposes of such processing. All those in charge of the processing are trusted by the Data Controller.
- Providing the data is necessary for performing the requested service. Providing the personal data is strictly necessary for carrying out the activities referred to in paragraph 2.
- Refusal to provide the data. If the data subject refuses to provide his or her personal data for the purposes, in the manner and within the limits set out in paragraphs 2 and 3, it will not be possible to perform the activities referred to in paragraph 1.
- Disclosure of data. If necessary for the performance of the requested service or where mandatory in relation to specific legal obligations, the personal data provided to our Firm may be disclosed to third parties, such as providers of software or hardware, accountants, payroll consultants, technicians or others legal professionals who provide services that are functional and complementary to the above purposes. In addition the data provided to us may be disclosed to national judicial or administrative authorities. Furthermore, depending on the type of assignment for which we have been retained, we may need to disclose the personal data to the various categories of private and public entities mentioned above, who are based inside or outside the European Union. If we disclose your personal data outside the European Economic Area, we guarantee that the relevant recipients will ensure adequate safeguards and guarantees to protect your personal data.
- Data dissemination and profiling. The personal data that are provided to us in the manner and for the purposes set out above are not subject to dissemination or profiling practices.
- Data retention period Pursuant to the principle set forth by EU Regulation 2016/279, the personal data provided to us must be kept for the time necessary to provide the requested services. However, we have to reconcile this principle with the obligations arising under civil, accounting and tax laws as well as with the requirements imposed by anti-money laundering regulations. Such obligations normally require us to keep paper and electronic files containing the data provided to us for longer periods than it is necessary to complete the professional services for which we have been retained. For your information, we specify that our Firm keeps the personal data relating to the professional services carried out, for a period of ten years after termination of the professional relationship.
- Data security. Our Firm has adequate IT and physical safeguards in place designed to prevent the loss, misuse or alteration of data provided to us. We have adopted an internal policy for the protection of our systems from IT and physical intrusions by unauthorized persons. We regularly update our security measures, using expert professionals in the sector. Entry to the office areas where we keep your personal data is forbidden to the public. All our professionals and employees who have access to, or are involved in the processing of personal data, are required to respect the confidentiality of the personal data provided to us and to comply with the rules we have adopted for the protection of such data.
- Rights relating to data protection. Pursuant to the laws in force on the protection of personal data, you can exercise the rights provided by the legislation in force and in particular:
- you can request access to all your personal data in our possession;
- you can obtain the correction of any incorrect personal data in our possession;
- you can request that your personal data be deleted, as long as they are not necessary to comply with data retention obligations set forth by civil, accounting, tax or anti-money laundering laws and regulations;
- you can prevent or limit the processing of your personal data, except to the extent that such processing is required for the preparation, commencement or defence of legal proceedings;
- you can request the transfer of your personal data to third parties, where this is technically feasible.
In order to meet the needs related to the exercise of the aforementioned rights and provide any clarification on privacy matters, the above mentioned e-mail address email@example.com, is active and can be used to address your requests. After verifying your identity, we will acknowledge receipt of each request within 7 days and we will reply to each of them within 30 days of receipt. Exceptionally, this 30-day term may be extended for no more than 30 days in very complex cases. In any case, we will notify the applicant, before the 30-day deadline, of the need of an additional period of 30 days, provided that we will reply at the latest within 60 days of the request, adequately explaining the reasons for our decision, whether we uphold or reject your request.