You are in:
  • Home
  • Information on privacy and cookies

Information on privacy and cookies

INFORMATION ON PRIVACY AND COOKIES

This information notice is presented by Cortellazzo&Soatto to the visitors and users of the website pursuant to the terms and effects of Legislative Decree 196/2003 (Code on Privacy) and EU Regulation 2016/679 (GDPR), to explain how the personal data of users are processed and protected.

1. DATA CONTROLLER
2. PURPOSES, LEGAL BASIS, TYPES OF DATA, NATURE OF CONFERRAL AND DURATION OF PROCESSING
3. PROCESSING METHODS AND STORAGE CRITERIA
4. RIGHTS OF THE USERS
5. UPDATES TO OUR PRIVACY POLICY


1. DATA CONTROLLER

Cortellazzo&Soatto, a Professional Partnership of Chartered Accountants and Solicitors, is the controller of the data received from the users and, as such, is responsible for their processing under the data protection law, as applicable. The registered office is Via Porciglia 14, Padua (email privacy@cortellazzo-soatto.it, tel. +39 049 8237311).

 
2. PURPOSES, LEGAL BASIS, TYPES OF DATA, NATURE OF CONFERRAL AND DURATION OF PROCESSING

For each specific processing operation on the data which we collect, we inform the user if the personal data is required and of the consequences of a decision not to supply them.


a) OBSERVANCE OF CONTRACTUAL OBLIGATIONS

 

 

Why do we use personal data?
We use the personal data received from the user, who may be our client, for the correct execution of the professional mandates conferred upon us (inclusive of administrative, accounting and tax formalities), and the exercise of the related rights.

 

What types of personal data do we process?
We process different types of personal data which may relate to the client, shareholders, members of the management and control bodies of the companies and entities which we represent and their personnel and collaborators, and their relatives (all of whom are subjects to which the client is obliged to pass on the information contained in the privacy notice).
More specifically:
-personal data, such as name, place of residence, post code, taxpayer ID, ID document number, IBAN.
- contract details, such as email addresses and telephone numbers;
-special data categories, as listed in article 9 of the GDPR, including personal data which reveal racial or ethnic origins, political opinions, religious beliefs, philosophical convictions and trade union membership, genetic and biometric data used to identify a natural person, information on the health, sex life or sexual orientation, and all other types of personal data necessary for the performance of the mandate conferred upon us.

 

Who has access to the personal data?
The personal data may be processed, in observance of the principles of security and integrity, manually, in hard copy format, electronically, digitally and by telephone, using automated systems where applicable, by subjects duly authorised by Cortellazzo&Soatto (associates, professionals, collaborators and employees), who may collect, file, organise, consult and use the data and transfer them to third parties.
The personal data of the users may be transferred to:
- suppliers used by Cortellazzo&Soatto for support activities regarding the mandate conferred (such as software houses and IT technicians, tax assistance centres, postal and courier services, communication consultants and technical consultants);
-service and consultancy companies for accounting services and Chamber of Commerce, tax and corporate formalities, treasury services, drafting of financial statements, filing, forwarding and withdrawal of documents, assistance with insolvency procedures and crisis management and event organisation;
-legal and tax consultants for purposes of execution, accounting entries and/or dispute management;
-adverse parties and their consultants;
-assignees of receivables;
-banks and insurance companies;
-public bodies, inspection and control authorities, police forces (even without the consent of the client when mandatory in law).
The data may be transferred to foreign countries, including those which are not EU member states, following checks on the existence of adequacy decisions by the EU Commission on the level of protection for the personal data in the country of destination, or the existence in the country concerned of adequate guarantees for the data subject, actionable rights and effective means of protection.

 

What is the legal basis for the processing of the personal data?
Data processing is based on the need to comply with all the relevant legal obligations (corporate and tax formalities, anti-money laundering and anti-terrorism regulations, etc.), or those arising out of the execution of the contractual obligations linked to the mandate.

 

What are the possible consequences of refusal?
The supply of the data of this nature is mandatory. Consequently, refusal to supply them, in whole or in part, may render it impossible for Cortellazzo&Soatto to execute the mandate or observe the obligations related thereto.

 

How long are the personal data stored?
The personal data is stored by Cortellazzo&Soatto until the mandate has been executed in full and, thereafter, for the period of time laid down in law, and in any case until the expiry of the ten year period in the case of the rights relating to the mandate in question. On expiry of the periods referred to above, the client's data will be erased or stored in anonymous format.

 


b) CONTACTS, MAILING LIST AND NEWSLETTER

 

 

Why do we use personal data?
The user data will be processed for the forwarding of information on our work, events, periodic updates and other initiatives, by email and standard mail. If a user subscribes to our newsletter and expresses consent for purposes of updates, we will process the personal data to manage the subscription to the newsletter and send out information on events of possible interest linked to our professional activities.

 

What types of personal data do we process? We process the following categories of personal data:
- contact details (such as email addresses, fax and phone numbers and post code);
- company or entity and position;
- browsing history;
- navigation and display history.
If the user has an account in the confidential page of the website or has filled in a contact form, we also process the personal data received in relation to the account or contact form.

 

Who has access to the personal data?
The user's personal data will be shared within Cortellazzo&Soatto. The data transferred to third parties will be used solely for the supply of the services listed above. The data will be transferred to multimedia agencies and technical suppliers (such as hosting, IT and market analysis companies and communications consultants).We do not transfer, sell or exchange the users' personal data with third parties outside Cortellazzo&Soatto for external marketing purposes. For newsletter management purposes, the personal data may be disclosed to the following third parties:
- MailChimp | The Rocket Science Group, LLC | Privacy Policy

 

What is the legal basis for the processing of the personal data?
The processing of the user's personal data is based on consent, when the user agrees to receive the information notice from ourselves and it is in our legitimate interests to promote our initiatives and activities.

Right to withdraw consent. The users have the right to withdraw their consent for the processing of their personal data and object to the promotion of relations with Cortellazzo&Soatto. The users may cancel their subscription to the newsletter at any time from the "Newsletter" section of the website and by following the instructions contained in all communications. If the users no longer wish to receive notices of events or professional updates and newsletters, they need simply click on this link. In this way, we will no longer be able to forward any further information based on user consent.

 

User right to raise objections to processing based on legitimate interests
The users have the right to raise objections to the processing of personal data based on our legitimate interests in promoting relations. In such a case, we will no longer process the personal data. The personal data will therefore be erased and we will no longer be able to supply the information and updating service.

 

How long are the personal data stored?
We store the personal data for the promotion of professional relations until such time as the users withdraw their consent or raise objections to their processing.

 

What are the possible consequences of refusal?
The supply of the data is not mandatory. If the users should refuse to provide us with their personal data, we will be unable to supply the services described above.

 

c) BROWSING DATA

Why do we use personal data?
We cover the way users browse and view our site to provide website access to the users and customise their visits. The browsing data are used solely to obtain anonymous statistical information on the use of the website and to monitor its correct running.

 

What types of personal data do we collect?
We process the following categories of personal data linked to cookies:-IP address;

- type of browser and plug-in information;
- type of device (computer, tablet, phone, etc.);
- operating system;
- browsing history;
- browsing and display history;
- technical information;
- information on user visits, location and the local time zone.

 

Who has access to the personal data?
The users' data will be shared within Cortellazzo&Soatto. The data transferred to third parties are used solely to supply the services described above and optimise the website (such as companies, consultants and professional specialists responsible for the installation, updating and maintenance of the hardware and software used by us to supply the services).

 

What is the legal basis for the processing of the personal data?
The processing of the users' personal data for account management purposes is based on consent, when the user browses our website and in our own legitimate interests.

 

Right to withdraw consent
The users have the right to withdraw their personal data processing consent at any time, by interrupting their browsing of the website.

 

Right of the users to raise objections to processing based on legitimate interests
The users have the right to raise objections to the processing of their personal data based on our legitimate interests by interrupting their browsing of the website. We will not continue to process the personal data. The personal data will therefore be erased and we will be unable to supply the services accessible through the website.

 

For how long are the personal data stored?
The browsing data are erased immediately after processing. The data may be used to establish liability in the event of IT offences against the website.

 

What are the possible consequences of refusal? The supply of the personal data is necessary to browse our website. If the users should refuse to provide us with their personal data, we will be unable to supply the services described above.

 

d) THE ACCOUNT IN THE CONFIDENTIAL AREA

 

 

Why do we use personal data?
We use personal data to create and manage the personal account, to enable us to offer the users confidential access to the website.
We allow users to manage the account settings. We also provide the users with a number of simple ways of keeping the information, such as contact details, correct and up to date.

 

What types of personal data do we collect?
We always process the email address and password supplied by the users when they register an account on the website.
We process the following categories of personal data, with which the users decide to supply us:
- contact details, such as name and email address;
- company and position.

 

Who has access to the personal data?
The users' data will be shared within Cortellazzo&Soatto. The data transferred to third parties are used solely to supply the services described above (web agencies to optimise the website, for example).

 

What is the legal basis for the processing of the personal data?
The processing of the users' personal data for account management purposes is based on consent, when the users create an account on the website.

Right to withdraw consent: The users have the right to withdraw their consent to the processing of their personal data at any time. By so doing, the account will cease to exist and we will be unable to supply the services described above.

 

How long are the personal data stored?
We store the personal data while the users have an active account on the website.
The users have the right to cancel their accounts at any time through this link.

If they should decide to do so, the account will cease to exist and the users will be regarded as inactive.
After the account is cancelled, all the personal data will be erased. We store the personal data of the users in the event of any legal requests or potential or pending disputes.

 

What are the possible consequences of refusal?
The supply of the data is optional.
If the users should refuse to provide us with their personal data, we will be unable to supply the services described above.



e) CVs

  

Why do we use personal data?
We use the personal data to examine applications to work with us.

 

What types of personal data do we collect?
We process the following categories of personal data which the candidate opts to forward to us:
- contact details such as name, address, postcode, phone number and email address;
- date of birth;
- photographs;
- gender;
- country;
- qualifications, education, current position and work experience.
In the course of the application procedure, the candidates may supply data on their ethnic origins or state of health ("sensitive data"), if these should be necessary for the purposes of the working relationship. A candidate who forwards a job application or fills in the form for that purpose is free not to supply such sensitive information. If data of this kind are supplied along with the job application, they will be used for those specific purposes only.

 

Who has access to the personal data?
The personal data of the users will be shared within Cortellazzo&Soatto. The data transferred to third parties will be used solely to supply the services described above (consultants, public authorities, professionals and doctors).

 

What is the legal basis for the processing of the personal data?
The processing of the personal data is based on the candidate's consent and on our personal interests in recruiting personnel and collaborators.

Right to withdraw consent: The candidates have the right to withdraw their consent to the processing of their personal data at any time, by means of this link.

 

Right of the candidates to raise objections to the processing on the basis of their legitimate interests
The candidates have the right to raise objections to the processing of their personal data based on our legitimate interests by means of this link. In such a case, we will not continue to process the personal data. The personal data will therefore be erased and we will be unable to retain and respond to the application.
How long are personal data stored? We store the personal data for five years, or until such time as the candidates withdraw their consent or raise objections to the processing.

 

What are the possible consequences of refusal?
The supply of the personal data is optional. If the candidates should refuse to supply their personal data, we will be unable to supply the services described above.

 

f) STATISTICS/DEVELOPMENT AND IMPROVEMENT

 

Why do we use personal data?
We use the personal data to assess, develop and improve our services and systems for all our users. For that purpose, we do not analyse the personal data at individual level. All processing is carried out on pseudonymised data.
This includes analyses to render our services more accessible, by modifying the client interface to simplify the flow of information, for example, or highlighting frequently used functions in our digital channels and improving the IT systems to increase the security of our visitors and users in general.

 

What types of personal data do we collect?
We process the following categories of personal data, if the users decide to supply them:
-account or subscription number;
-country;
-account settings;
And the following categories of personal data linked to cookies:
- browsing history;
- browsing and display history.

 

Who has access to the personal data?
The personal data of the users will be shared within Cortellazzo&Soatto. The data forwarded to third parties are used solely to supply the services described above to the users, companies, consultants or professionals responsible for the installation, maintenance, updating and management of the hardware and software which we use to supply the services.

 

What is the legal basis for the processing of the personal data?
The processing of the personal data to develop and improve our services is based on our legitimate interests in developing our company activities.

 

Right of the users to raise objections to the processing of the data

The users have the right to raise objections to the processing of their personal data based on our legitimate interests in developing and improving our services through this link. The account will therefore be cancelled and we will be unable to supply our services.

 

How long are personal data stored?
We store the personal data until the users withdraw their consent or raise objections to the processing.

 

What are the possible consequences of refusal?
The supply of the data is not mandatory. If the users should refuse to provide us with their personal data, we will be unable to supply the services described above.


 g) OBSERVANCE OF LEGAL OBLIGATIONS

 

Why do we use personal data?
We use the personal data to observe or carry out the obligations laid down in the law, regulations or rulings by the authorities.

 

What types of personal data do we process?
We process the following categories of personal data:
- name, date of birth, taxpayer ID, address post code;
- email address;
- company or entity;
- occupation;
- position;
- data of the beneficial owner.

 

Who has access to the personal data?
The user's personal data will be shared within Cortellazzo&Soatto.
We share the personal data with all the subjects (inclusive of public authorities) with access to them on the basis of regulatory and administrative rulings, and with all the public and/or private subjects, natural persons and/or legal entities (legal, administrative and tax consultancy practices, court offices, company registry, Chamber of Commerce, employment offices, tax and social security offices, etc.) if it should be necessary to do so to ensure the correct fulfilment of the contractual obligations taken on and any other legal obligations.

 

What is the legal basis for the processing of the personal data?
The processing of the users' personal data is necessary to enable us to fulfil our legal obligations.

 

How long are the personal data stored?
We store the users' personal data for the period required in the legal provisions applicable to Cortellazzo&Soatto and to invoke and defend a right in judicial proceedings.

 

What are the possible consequences of refusal?
The supply of the data is mandatory, to enable us to fulfil our legal obligations and the orders of public authorities. For that reason, the processing requires no consent and if the users should refuse to supply their personal data we will be unable to supply them with our professional services.

 

h) COOKIES

 

What are cookies?
Cookies and similar technologies are very small text documents or sections of code which frequently contain a unique identification code. When you visit a website or use a mobile application, a computer asks your computer or mobile device for authorisation to save this file within your devices and gain access to the information. The information obtained through cookies and similar technologies may include the date and time of the visit and the ways in which a specific website or mobile application are used.

 

Why do we use cookies?
Cookies make sure that the website will continue to run without problems during your visit to it. Cookies also enable us to see how our website is used and how we may improve it. Finally, in line with your preferences, our cookies can be used to present targeted advertising messages which may be of relevance to your personal interests.

 

What types of cookie do we use?

 

Necessary cookies
These cookies are necessary for the correct running of the website. Some of the following actions may be carried out using these cookies:

- saving cookie preferences for this website
- saving language preferences
- access to our portal We have to check whether you have gained access. 

 

Performance cookies

These cookies, which are also known as analysis cookies, are used to collect statistical information on the use of our website. We use these data to optimise the performance and the website.

 

Functional cookies

These cookies provide the visitors to our website with additional functionalities. They may be set by our outside service suppliers or our website. When this category is accepted, you have the option of activating the following functionalities:

- watching videos online
- social media sharing keys
- access to our website with social media.

 

Advertising / tracking cookies

These cookies are set by outside advertising partners and used to profile and track the data in a number of websites. If the users accept these cookies, we can display our advertising in other websites on the basis of the user profile and preferences expressed. These cookies can also be used to save the data on the number of visitors who saw or clicked on our advertising messages, with a view to optimising our advertising campaigns.

 

How can cookies be deactivated or removed?

You may decide not to accept any of the cookies other than the necessary ones. The browser settings may be modified to ensure that the cookies are blocked. Most browsers explain how to do this in the privacy section within the options. If the cookies are blocked, however, the users may be unable to make use of all the technical features which our website offers, which may have a negative impact on the browsing experience.

 

This table of cookies is created and updated by the CookieFirst consent management platform.

 

3. PROCESSING METHODS AND STORAGE CRITERIA

 

The user data will be processed with electronic or in any case automated instruments or in hard copy format, using methods and systems which are able to guarantee security and confidentiality, in accordance with the GDPR and other applicable regulations. All the technical, IT, organisational, logistical and procedural measures laid down in the GDPR will be adopted to ensure that only the duly authorised processing personnel will be granted access by the Data Controller or Processors.

 

Where are the personal data stored?
The data which we obtain from our clients are stored within the European Economic Area (EEA), but they may be transferred to and processed in countries outside the EEA. All transfers of personal data take place in accordance with the applicable laws.
The personal data may be transferred to other member states of the European Union or third countries for all the specific purposes indicated above. In the event of data transfers to countries outside the European Union, those countries will guarantee an acceptable level of protection on the basis of a specific decision by the European Commission, or, alternatively, the recipient will be contractually obliged to protect the data to an acceptable level equivalent to the safeguards provided under the GDPR.

 

Who has access to the data?
The user data may be shared within Cortellazzo&Soatto. The personal data of the users will be accessible to our authorised processing personnel when necessary to enable them to perform their functions.
The personal data will also be passed on to the categories of third party subjects indicated for each specific type of processing described in point 2 above.
We do not transfer, sell or exchange the users' personal data with third parties for external marketing purposes The data forwarded to third parties will be used only for the supply of our services to the users.

 

What happens if the users supply us with the data of third parties?
We offer functions and services which involve processing the personal data of third parties which we receive from the users. In such a case, the users are required to inform the third parties of the purposes and methods which we use to process their personal data.

 

How long are the personal data stored?
We store the personal data for the period of time strictly necessary for the pursuit of the specific aims set out in point 2 above, and in any case for the period permitted in law.
Upon expiry of that period, the user data will be converted to anonymous format, in such a way that the data subjects cannot be recognised.

 

Security information
The website is protected at various levels within our system, and only duly authorised personnel have access to the copies of the personal data of the users.

 

4. RIGHTS OF THE USERS

 

Right of access
The users have the right to obtain information on their personal data in our possession at any time. The user may contact Cortellazzo&Soatto at privacy@cortellazzo-soatto.it, to receive all the personal data by email.

 

Right of portability
On each occasion when we process the personal data of the users using automated tools on the basis of user consent, or on the basis of an agreement, the users have the right to obtain a copy of the data transferred to them or to another subject. This only applies to personal data forwarded to us by the users.

 

Right of rectification
The user has the right to ask for the rectification of their personal data if they are incorrect, inclusive of the right to have any incomplete personal data completed. If the users have an account in the website, they may amend their personal data from within that account.

 

Right of cancellation
The user has the right to cancel any personal data processed by us at any time, unless the user is suspected of having used - or has effectively used - our services in a fraudulent manner.

 

Right of the user to object to data processing based on legitimate interests
The user has the right to object to the processing of the data on the basis of our legitimate interests.

 

Right of the user to object to promotional activities
The user has the right to object to the presentation of information on initiatives. The users may decide not to accept the information service by writing to privacy@cortellazzo-soatto.it, or by following the instructions in the emails providing information on initiatives.

 

Right of limitation
If the processing is unlawful, the users may raise objections to the erasure of the personal data and ask for restrictions to be imposed on their use.

 

Right to complain to a competent supervisory authority
If the users believe that we are processing their personal data incorrectly, they may contact us by writing privacy@cortellazzo-soatto.it. The users also have the right to present a complaint to the Personal Data Protection Regulator or any other control authority.

 

How can I exercise my rights?
The protection of data is very important for us. We therefore have personnel dedicated to dealing with requests on the rights of the users listed above. The users may contact those personnel at the addressprivacy@cortellazzo-soatto.it.

 

 5UPDATES TO OUR PRIVACY POLICY

It may be necessary for us to update our Privacy Policy. The most recent version is available at all times on our website, and we would therefore ask you to ensure that you have examined the most up-to-date version by visiting this page regularly.

 

 

1st July 2018

Cortellazzo&Soatto