INFORMATION ON THE PROCESSING OF PERSONAL DATA
pursuant to article 13 of Regulation 679/2016 (GDPR)
In compliance with the European Regulation 2016/679 (GDPR) regarding the protection of personal data, pursuant to Art. 13 of the same, we wish to inform you that the personal data provided by you will be subject to processing in compliance with the aforementioned legislation.
The “DATA CONTROLLER”, pursuant to art. 4 point 7) of the GDPR is CONSULTANT AND PROFESSIONAL ACCOUNTANTS - C/O ROSSELLO 186 3-5 - 08008 BARCELLONA
The processing of your DATA is carried out by means of the operations indicated in the art. 4 paragraph 2 and precisely: collection, recording, organisation, conservation, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your DATA is processed using both paper and IT and telematic tools in compliance with the regulations in force and the principles of correctness, lawfulness, transparency, relevance, completeness and non-excessiveness, accuracy and with organization and processing logic strictly related to the purposes pursued and in any case in such a way as to guarantee the security, integrity and confidentiality of the data processed, in compliance with the organisational, physical and logical measures in compliance with the provisions of the art. 32 of the GDPR 2016/679, by the Privacy Code as amended by Legislative Decree 101/2018 as well as any regulations that may impact the processing of data.
These measures will be implemented and increased from time to time also in relation to technological development to guarantee the confidentiality, availability and integrity of the data processed, also taking into consideration the EU Directive 2019/1937 implemented through Legislative Decree. 10 March 2023 n. 24.
The categories of data being processed are common personal contact data, of a professional nature or corresponding to other personal identification elements provided by the reporting party regarding himself or relating to third parties. Personal information may be contained in the reports and in any documents attached to them, as well as the data, if applicable, acquired during the investigation by the body in charge.
Since suspected violations can also be reported anonymously, the subjects who transmit them are not required to disclose their personal data.
As part of the management of the report, the Company may process some particular categories of personal data provided on the whistleblowing platform, i.e. data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the person's health or sexual life or sexual orientation.
1. Purpose of the processing
- Management of reports and verification of the facts covered by the report: The processing is necessary to fulfill a legal obligation to which the data controller is subject (art. 6 paragraph 1 letter c), the Legislative Decree. 10 March 2023 n. 24 on the subject of Whistleblowing.
- Management of any subsequent exercise of the Company's rights in court: processing is necessary for the pursuit of the legitimate interest of the Data Controller, provided that the interests or fundamental rights and freedoms of the interested party do not prevail and require the protection of personal data , in particular if the interested party is a minor
2. Recipients
The Company collects personal data through the offense reporting platform and processes them, both directly, as Data Controller, and by making use of the work of other subjects, appropriately designated and trained, who will act as Data Processors or Authorized Persons.
3. Conservation
Your personal data will be retained for a period of time no longer than necessary and in any case no later than 5 years from the conclusion of the processing, unless there are further purposes that justify its retention.
4. Nature of the provision of data
You have the right to open a report while remaining anonymous. In this case the processing of data concerning you will not take place, however, depending on what you indicate in the report itself, there may be processing of third party data.
5. The rights of the interested party
In your capacity as an interested party, you have the rights referred to in article 15 and precisely the rights to:
- obtain confirmation of the existence or otherwise of data concerning you, even if not yet registered, and their communication in an intelligible form;
- obtain the indication: a) of the origin of the data; b) the purposes and methods of processing; c) of the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the owner, managers and representative designated pursuant to art. 3, paragraph 1; e) of the subjects or categories of subjects to whom the data may be communicated or who may become aware of them as designated representatives in the territory of the State, managers or appointees;
- obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been brought to the attention, also with regard to their content, of those to whom the data have been communicated or disseminated, except in the case in which this requirement is proves impossible or involves a manifestly disproportionate use of means compared to the protected right;
- object, in whole or in part: a) for legitimate reasons to the processing of data concerning you, even if pertinent to the purpose of the collection.
Where applicable, you also have the following rights:
- Right of rectification (art. 16)
- Right to erasure («right to be forgotten») (art. 17)
- Right to limit processing (art. 18)
- Obligation to notify in the event of rectification or deletion of data or limitation of processing (art. 19)
- Right to data portability (art. 20)
- Right of opposition (art. 21)
- as well as the right to complain to the Guarantor Authority.
6. Method of exercising rights
You can exercise your rights at any time by sending:
- a registered letter with return receipt CONSULTANT AND PROFESSIONAL ACCOUNTANTS - C/O ROSSELLO 186 3-5 - 08008 BARCELLONA
- an e-mail to info@cpacorporateservices.com
- by accessing the Privacy Guarantor website http://www.garanteprivacy.it
7. Owner, manager and appointees
The data controller is CONSULTANT AND PROFESSIONAL ACCOUNTANTS - C/O ROSSELLO 186 3-5 - 08008 BARCELLONA
The updated list of data controllers is kept at the registered office of the Data Controller.
8. Automated decision making
The interested party is not subject to decisions based on automated processing referred to in the art. 22 EU Regulation 679/2016.