CAVOUR CORPORATE FINANCE Srl, Company registered in Via Guido Reni 3 – 20125 Bologna (BO), VAT number 04306890379 (thereafter, “we” or “Cavour” or “Controller“), as Data Controller, informs you pursuant to art. 13 D.Lgs. 30.6.2003 n. 196 (hereinafter, “Privacy Code”) and art. 13 EU Regulation n. 2016/679 (hereinafter, “GDPR”) that the data you provide will be processed in compliance with the aforementioned law and the confidentiality obligations to which the undersigned Company is bound.
1. Object of the Treatment
We process personal data, (by way of example: name, surname, date of birth, company name, tax code, VAT number, address, telephone number, e-mail, bank and payment details), “personal data” or even “data” communicated by you or by third parties.
2. Scope of the Treatment
Your personal data will be processed:
(A) without your consent (Article 6, letters b, c, f, GDPR), for the following purposes:
- fulfill the pre-contractual and contractual obligations deriving from the conferment of a possible professional role,
- comply with the provisions of laws and regulations (national or EU), or execute an order of judicial authorities or supervisory bodies to which the Controller is subject,
- exercise the rights of the owner, in particular, that of defense in court;
B) Only subject to your specific and distinct consent (articles 23 and 130 of the Privacy Code and article 7 of the GDPR), for the following marketing purposes:
- send you via e-mail, mail and / or telephone contacts information or communications on events, meetings, conventions and seminars
- promotion of professional services, distribution of informative and promotional material, sending of newsletters and publications.
The provision of data for the purposes referred to in section A) above is mandatory. The lack of data and / or the possible express refusal to the treatment will make it impossible for the Data Controller to perform the assigned task or the possible violation of requests by the competent Authorities.
The provision of data for the purposes referred to in section B) is optional, with the result that you may decide not to give your consent, or to revoke it at any time.
3. Use of Personal information
The processing of your personal data is carried out by means of the operations indicated in art. 4 of the Privacy Code and art. 4 n. 2) GDPR and more precisely: collection, registration, organization, structuring, preservation, consultation, processing, modification, selection, extraction, comparison, use, blocking, communication, cancellation and destruction of data.
Your personal data are subjected to both paper and electronic and / or automated processing. In any case, the logical and physical security of the data and, in general, the confidentiality of the personal data processed will be guaranteed, putting in place all the necessary technical and organizational measures to guarantee their safety.
4. Access to data
Your data may be made accessible for the purposes referred to in paragraph 2.A) and B):
- to employees and collaborators of the Data Controller in their capacity as persons in charge and / or internal managers of the processing and / or system administrators;
- to third-party companies or other subjects (by way of example, credit institutions, professional firms, consultants, etc.) who carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.
5. Communication and disclosure of personal data
Without the need for express consent (pursuant to Article 24 letter a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data to Supervisory Bodies, Judicial Authorities, as well as to those subjects to whom the communication is mandatory by law for the accomplishment of said purposes. These subjects will process the data in their capacity as independent data controllers.
Your data will not be disclosed, unless expressly consented and only for the purposes referred to in paragraph 2.A)
6. Transfers of personal data
Personal data are stored on servers located in the premises of the owner and on the cloud and will not be transferred.
7. Period of retention of personal data
The Data Controller will process personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 10 years from the termination of the relationship for the purposes of Service and no later than 2 years from the collection of data for marketing purposes.
Personal data collected for the purposes indicated in the previous paragraph 2 section A) will be processed and stored for the entire duration of any professional relationship established.
From the date of termination of this relationship, for any reason or cause, the data will be kept for the duration of the prescription terms applicable by law.
Personal data collected for the purposes indicated in the previous paragraph 2, section (B) will be processed and stored for the time necessary to fulfill these purposes and in any case for no more than 2 years from the date we receive your consent.
8. Rights of the interested party
In your capacity as an interested party, you have the rights set forth in art. 7 of the Privacy Code and art. from 15 to 21 GDPR including:
- Right of access – To obtain confirmation that personal data processing concerning you is being processed and, in this case, to receive information regarding, among others: the purposes of the processing, the categories of personal data processed and the retention period, recipients to whom these may be communicated (Article 15 of the GDPR),
- Right to rectification – To obtain, without undue delay, the correction of inaccurate personal data concerning you and the integration of incomplete personal data (Article 16 of the GDPR),
- Right to cancellation – To obtain, without undue delay, the cancellation of personal data concerning you, in the cases provided for by the GDPR (article 17 GDPR),
- Right to limitation – To obtain a limitation of treatment from the co-owners, in the cases provided for by the GDPR (Article 18 GDPR)
- Right to portability – To receive in a structured format, commonly used and readable by an automatic device, the personal data concerning you and obtain that the same are transmitted to another holder without impediments, in the cases provided by the GDPR (Article 20 GDPR )
- Right to opposition – Oppose to the processing of personal data concerning you, unless there are legitimate reasons for the co-owners to continue the treatment (Article 21 GDPR)
9. How to contact us
If you have any questions or complaints about this Privacy statement or the way your personal information is processed, or would like to exercise one of your rights set out above, please contact us by one of the following means:
Post: Cavour Corporate Finance Srl, Via Guido Reni 3, 40125 Bologna;
10. Controller and processors
The Data Controller is Dr. Antonio Zecchino, Sole Director of Cavour Corporate Finance S.r.l.
The updated list of data processors is available at the registered office of the Data Controller.