GDPR WellTax Policy
Information notice pursuant to articles 13 and 14 of the Data Protection Regulation (UE) 678/2016 and article 13 of legislative decree n.196/2003
We would like to inform you that the Data Protection Regulation (UE) 678/2016 "European Regulation on the protection of personal data" (hereafter "GDPR") sets forth the applicable rules with regard to individuals' and other persons' data protection and privacy.
According to its provisions, this regulation is based on the principles of lawfulness, fairness and transparency and protection of your privacy and rights.
In accordance with article 13 of the GDPR and art. 13 of Legislative Decree n.196/2003 and with respect to personal data that WellTax Limited will hold, we invite you to take notice of the information that follows:
1) Purposes of the processing
a) The processing of personal data will occur for legal, judicial and extrajudicial purposes in accordance with the purposes for which the professional mandate was granted and, in any case, for the purposes connected with and/or instrumental to the performance of the professional tasks for which Accountancy Firm has been retained, excluding, therefore, any uses which differs from such purposes and/or is in conflict with your interests.
b) The personal data will be processed in order to comply with the professional's obligations laid down in existing legislation, including tax and accounting as well as anti-money laundering provisions (pursuant to D.Lgs.n.231/2007).
c) The processing of personal data could be used to send Legal newsletters or information related to the activities of our Accountancy Firm (such as conferences, publications…).
d) If the data controller intends to further process the personal data for a different purpose, he/she shall inform the person involved of such different purpose and give all the relevant information before processing the data.
2) Legal basis for data processing
In accordance with art. 6 of GDPR, the processing of personal data in based on:
a) the necessity to perform the contract;
b) the necessity for compliance with a legal duty;
c) your consent.
3) Performance of the processing
a) The processing of your personal data will carried out, in compliance with the provisions of the GDPR, by paper, computer and electronic means, for reasons strictly related to the abovementioned purposes and, in each case, in such manner as to guarantee the security and protection of the data in accordance with the provisions art. 32 of the GDPR.
b) Data shall be carried out by the data controller, data processors and persons appointed to perform such task.
c) The data controller and the data processors shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
d) The data processing referred to in point 1) letter a) and b) will carried out for the duration of the professional assignment and the payment of outstanding dues and fees (without prejudice to the legal obligation of record keeping).
The data processing referred to in point 1) letter c) will be carried out for the period necessary to accomplish the purposes for which the data was collected and in any case up to the moment in which the interested party will revoke the consent or request the cancellation of the data.
4) Data provision
The provision of personal common data, sensitive data and judicial data are strictly related to the processing referred to in point 1).
5) Refusal to provide data
The refusal by the interested party to provide the data referred to in point 1) prevents us from accomplishing the activities for which we have been retained.
6) Data Communication
Personal data may be communicated, in compliance with purposes referred to in point 1), to external consultants, professionals operating within the justice system, counterparts and their defense lawyers, public authorities, consultants or other persons for discharging obligations, tribunals of arbitrators, and, generally, all the recipients with whom the communication is necessary for the proper performance of purposes referred to in point 1).
Furthermore, should the legal need arise, personal data, its processing as well as the relevant information may be communicated to the appropriate authorities with jurisdiction on anti money laundering (Regulating and Supervising Authorities). Finally, should the necessary legal conditions arise, personal data, its processing as well as the relevant information shall be communicated to the person in charge of the mailing list.
7) Data Dissemination
Personal data shall not be disseminated.
8) Data transfer abroad
For the purposes referred to in point 1), data could be transferred out of the European Union. Such transfer may follow recording of such data into a database managed by third companies, acting on behalf of our Accountancy Firm. The management of the database and the data processing are linked to the purposes of their collection and are processed with the utmost respect of the law on personal data protection. In fact, the data are transferred only if the Data controller and Data processors comply with the conditions set forth in the GDPR. With respect to the purposes referred to in point 1), the data transfer must comply with the provisions of the GDPR to ensure that the level of protection of the individual, as granted in GDPR, will not be compromised.
9) Data Subject's Rights
GDPR Articles 15 to 27 give the Data Subject specific rights vis-à-vis the Data controller.
Specifically, in relation to the processing described in this notice the Data Subject shall exercise these rights subject to the conditions laid down therein.
• Right of access: the right to know if your personal data are being processed and in this case the Data Subject should have access to his/her data - including a copy of them - and be informed of the following:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipient to whom the personal data have been or will be disclosed;
d) the envisaged period for which the personal data will be stored or criteria used to determine such period;
e) the existence of the right to request rectifications, erasure, restriction of the processing of personal data or the right to object.
• Right to rectification: the right to obtain rectification of incorrect personal data and/or integration of the data;
• Right to erasure: the right to obtain the cancellation of the personal data, if:
a) the data are no longer necessary for the purposes for which they have been collected or subsequently processed;
b) the data subject has revoked his/her consent and there is no legal basis for further processing;
c) the data subject has successfully withdrawn his/her consent to the processing of the personal data;
d) the data were illegitimately processed;
e) the data should be cancelled for compliance with a legal obligation;
The right to erasure could not be applied if the processing is necessary for the compliance with a legal obligation or for the performance of a task carried out in the public interests or for the establishment, exercise or defense of legal claims.
• Right to restriction of processing: the right to obtain the restriction of processing, if:
a) the data subject contests the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and instead requests the restriction of their use;
c) the personal data are required by the data subject for the establishment, exercise or defense of legal claims
• Right to data portability: right to receive, in a structured format and in a commonly used format, readable by automated systems, personal data sent to the data controller and the right to transfer them unimpeded to another data controller, if the data processing is based on consent and through automated means. Moreover, the right to obtain that your personal data shall be transmitted directly to the data controller if this is technically feasible;
• Right to object: the right to object, at any time, to the processing of personal data, if used for different purposes than those for which consent has been released.
• Lodge a complain with the Information Commissioner’s Office, located in Wilmslow, Cheshire (UK)
In addition, the GDPR gives the data subject the right to revoke the consent at any time and with the same ease as during the collection phase.
All the rights provided here may be exercised vis-à-vis the data controller.
The exercise of these rights as data subject are free of charge as referred to in art. 12 of GDPR.
Nevertheless, if the requests are manifestly unfounded or excessive, possibly because of their repetitive character, the Data controller may charge a reasonable fee based on administrative costs, incurred to manage your demand, or deny your request.
10) Data Collector
The Data Collector is the Accountancy Firm Welltax Limited in the person of Mr. Michele Giuseppe Ammirati, London, 246-250 Romford Road E7 9HZ (UK).