Privacy Policy

This document performs the function of the Privacy Policy pursuant to Article 13 of the “European Union Data Protection Regulation” referred to in EU Regulation 2016/679 (hereinafter, “Regulation” or “GDPR” – General Data Protection Regulation).

 2 – Data controller

Belluzzo International Partners Studio Legale Tributario, based in: Via Andegari, 4, 20121 Milan; Vicolo Pietrone, 1/b, 37123 Verona; Belluzzo International Partners STP ARL, based in: Via Andegari 4, 20121 Milan; Vicolo Pietrone, 1/b, 37123 Verona; Viale Regina Margherita, 294, 00198 Rome; B&P Tax Legal Finance LLP and Belluzzo Audit Ltd, based in 38 Craven Street, London WC2N 5NG (UK); Belluzzo International Partners Sagl, based in Via Nassa 60, 6900 Lugano; Belluzzo & Partners PTE. LTD, based in 101 Cecil Street #14-12, 069533 Singapore, are all co-owners of the processing (from now referred together as the: “Data Co-owners”).

 3 – Definition of “personal data”

For the purposes of this Privacy Policy, “personal data” – in accordance with article 4 of the regulation – means “any information concerning an identified or identifiable natural person  («the data subject»); the natural person who can be identified, directly or indirectly, with particular reference to an identifier such as name, identification number, location data, an online identifier or one or more elements characteristic of their physical, physiological, genetic, psychic, economic, cultural or social identity” is considered identifiable”.

This Privacy Policy applies only to personal data collected through the

www.belluzzo.net (hereinafter, Site”).

This Privacy Policy does not apply to other websites owned by third parties, which can be accessed through any links on the Site.

 4 – Data voluntarily provided by the user

The Data Controllers collect some personal data (name, surname, email address, telephone number, postal address, etc.) voluntarily provided by users of the Site through special registration forms or received directly from the user by email.

 5 – Navigation Data

The  IT systems and software procedures responsible for the operation of the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.  This information is not collected to be associated with identified subjects, but by their very nature could, through processing and associations with data held by third parties, allow users to be identified. This data category includes the IP addresses of the computers used by users connecting to the Site, the uniform resource identifier (URI) notation addresses of the requested resources, the time of the request, the method used to submit the request to the SERVER, the size of the file obtained in response, the numerical regulation indicating the status of the response given by the SERVER (successful, error, etc..) and other parameters related to the user’s operating system. This data is used for the purpose of obtaining anonymous statistical information on the use of the Site and to check its proper functioning, and is deleted immediately after processing. The data could be used for the assessment of liability in case of any computer crimes against the Site (See point 7, lit.b).

 6 – Use of cookies

The Site uses cookies in accordance with our Cookies Policy

 7 – Purposes and methods of processing and legal basis of processing

The above personal data will be processed exclusively in relation to the following:

1. a) the registration of the user for access to the content and information materials on the Site;
2. b) responses to requests for information or contact;
3. c) job or cooperation offers;
4. d) sending of newsletters, invitations to events, seminars, etc.;
5. e) in compliance with regulatory obligation;
6. f) in accordance to a legitimate interest of the Data Controllers (e.g. for the cybersecurity of the

Site).

In both of the aforementioned cases provided for in (c) and (f), the processing of data must be considered mandatory.  The Data Controllers protect the personal data of users by adopting the security measures provided for by the Regulation.

 8 – Optional provision of personal data

Except as specified for navigation data, as well as in relation to what is indicated in point 7 (c) and (f), the user has the right to provide their personal data in the forms for registration to the Site or by email.  Failure to provide data has the following consequences:

• In case (a) of the preceding paragraph, failure to provide personal data may make it impossible for the user to access the contents and information materials on the Site;
• In case of (b) and (c) of the preceding paragraph, failure to provide personal data will make it impossible to send the requested information to the user and to consider any offers of employment or collaboration or their assigment;
• In case (d), failure to provide data will make it impossible to receive newsletters, invitations to events, seminars, etc from the Site.

 9 – Communication and dissemination of personal data

Users’ personal data will be accessible to employees and consultants of the Processing Co-Owners formally designated as external or authorized data controllers. In particular, it should be specified that the data will be communicated, among others, to the subjects already appointed as data controllers, who are:

1. a) B International Ltd, based at 38 Craven Street, London WC2N 5NG (for the management of the communication activities of the Processing Co-owners);
2. b) The Rocket Science Group LL, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA (in relation to mailchimp usage).

The management and storage of personal data will also take place on servers located in non-EU countries. In any case, the Data Controllers already assure that the transfer of data outside the EU will take place in accordance with the applicable legal provisions and the Regulation, by concluding, if necessary, agreements that guarantee an adequate level of protection, and/or adopting the standard contractual clauses provided for by the European Commission. Some data may be communicated anonymously and aggregated to third parties for statistical purposes. In any case, this data does not allow the identification of users. Except in the cases permitted by law, or provided for in this Privacy Policy, personal data will not be disclosed or disclosed without your consent.

 10 – Data retention period

The processing of data is carried out through automated tools (e.g. using electronic procedures and media) and/or manually (e.g. on paper) for the time strictly necessary to achieve the purposes for which the data was collected and, in any case, in accordance with the regulatory provisions in force on the subject.

Personal data in the cases referred to in point 7 (a) and (d) will be processed by the Data Controllers for a period of twenty-four months. Personal data in the cases referred to in point 7 (b) and (c) will be processed for a maximum period of twelve months, unless a relationship of employment or collaboration is established, or a task is given to the Data Controllers, in the latter case having to apply a ten-year retention period.  In the case referred to in point 7(c) the user’s personal data will be kept for as long as required by the applicable regulations, while in the case provided for in the following lit. (f) for the duration of six months starting from the collection of the data, except for any extensions deriving from investigations by the judicial authority or ongoing investigation.

 11 – Rights of users with regards to their personal data

Rights granted to the user by GDPR include:

• Ask the professional for access to your personal data and any information relating to this; the rectification of inaccurate data or the integration of incomplete data; the deletion of personal data concerning you (at the occurrence of one of the conditions indicated in Article 17 (1) of the GDPR and in compliance with the exceptions provided for in paragraph 3 of the same article); the limitation of the processing of your personal data (to the use of one of the hypotheses indicated in Article 18(1) of the GDPR);
• request and obtain from the professional – in cases where the legal basis of the processing is the contract or consent, and the same is carried out by automated means – your personal data in a structured format that can be read by automatic device, also in order to communicate such data to another data controller (so-called right to portability of personal data);
• object at any time to the processing of your personal data to the use of specific situations that concern you;
• withdraw consent at any time, limited to cases where the processing is based on your consent for one or more specific purposes and concerns common personal data (e.g. date and place or birth or place of residence), or particular categories of data (e.g. data revealing your ethnic origin, political opinions, religious beliefs, state of health, or sex life). The processing based on consent and carried out before the withdrawal of the same, however, retains its lawfulness;
• lodge a complaint with the supervisory authority (Guarantor Authority for the Protection of Personal Data – www.garanteprivacy.it).

 12 – Changes to the Privacy Policy

The Data Controllers may make changes to this Privacy Policy in order to transpose changes in national and/or community legislation, or to adapt to technological innovations or for other reasons. Any new versions of this Privacy Policy will be listed on the Site.

You are requested to review this Privacy Policy and to check it carefully periodically, in order to check for any updates or revisions that may be necessary.

 13 – Exercise of rights and request for information

To exercise their rights and for any questions or requests relating to the processing of

Personal data by the Data Controllers, users can contact us at the following email address: privacy@belluzzo.net

Last updated September 22, 2022