Loading Results

PwC Tax STP Srl | Informativa protezione delle persone fisiche trattamento dei dati personali

View this page in Italian

Modello informativa INCARICHI PERSONE FISICHE (EN)

Information Notice, pursuant to Articles 13 and 14 of the European Regulation 2016/679 of the European Parliament and of the Council dated April 27, 2016, concerning the protection of  natural persons with regard to the processing of personal data (hereinafter “GDPR” and the “Notice”) 

Personal Data Processing

Pursuant to Article 26 of the European Regulation 2016/679 of the European Parliament and of the Council dated April 27, 2016, concerning the protection of natural persons with regard to the processing of personal data (hereinafter “GDPR”), PWC TAX SOCIETÀ TRA PROFESSIONISTI A RESPONSABILITÀ LIMITATA (“PwC Tax STP S.r.l.”) has executed a joint control agreement with Servizi Aziendali PricewaterhouseCoopers S.r.l. (hereinafter “SAPwC”), having its seat in Milan, Piazza Tre Torri, n. 2, a company supplying administrative, accounting and organizational services in favor of the Italian entities belonging to PwC Network[1] to which PwC Tax STP S.r.l. and SAPwC (hereinafter the “Joint Controllers”) are members. The essential content of such agreement is available on demand at the Joint Controllers’ premises.

Therefore, all personal data provided by the data subject (“Data Subject”) to PwC Tax STP S.r.l. shall automatically be in the joint control of SAPwC.

Based on the above, the Joint Controllers provide to the Data Subject the following information, pursuant to Articles 13 and 14 GDPR (hereinafter, the “Notice”) concerning the processing of personal data collected in connection to the performance of the Services required by the Data Subject.

For the performance of the professional engagement assigned by the Data Subject (hereinafter referred to as “Services”, as well as “Engagement”), in compliance with the principle of data minimization provided for by Article 5, Paragraph 1, Letter c), GDPR, the Customer undertakes therefore to refrain to send to PwC Tax STP S.r.l. personal data of any type, except for those strictly necessary for the performance of the Engagement. In such a case, the personal data shall be sent to PwC Tax STP S.r.l., wherever possible, in an anonymous way or by means of pseudonyms, as expressly set forth by the GDPR.

Should it be necessary for the performance of the Engagement to process personal data and the same shall not be collectable in an anonymous or pseudonymised manner, PwC Tax STP S.r.l. shall evaluate with the Data Subject the most suitable processing measures.

a) Identity and Contact details of the Joint Controllers
PWC TAX SOCIETÀ TRA PROFESSIONISTI A RESPONSABILITÀ LIMITATA
Piazza Tre Torri, n. 2 - 20145 Milano
C.F. e P.IVA 14143090968

Servizi Aziendali PricewaterhouseCoopers S.r.l.
Via Monte Rosa, n. 91 - 20149 Milano
Tax code/VAT no. 12449670152
Tel. (02) 77851

b) Purposes of the processing for which the personal data are collected and basis for lawful processing

The personal data will be processed for the following purposes:

(i) fulfill pre-contractual and contractual obligations deriving from the Services under the Engagement Letter,

(ii) fulfill obligations, as provided for by Italian or European laws and regulations (for example, anti money laundering or anti terrorism law) or, as far as applicable, of a third country,

(iii) performance of an order of any judicial authority, as well as any other entity to which the Joint Controllers are subject,

(iv) performance of any activity related to PwC Network procedures for processes and organizational, administrative and operative aspects related to the assignment and the performance of professional services and the relationships with the clients (for example, independence and potential conflict of interests controls, risk management procedures and quality control procedures),

(v) exercise the rights of the Joint Controllers, with particular reference to judicial defensive rights.

For the purposes indicated above the collection of the personal data is necessary and the same does not require the Data Subject consent. Lacking the data or any express refusal to process such data may cause the impossibility for PwC Tax STP S.r.l. to perform the Engagement and, for SAPwC, to perform its own ancillary activities as above described.

c) Processed categories of personal data

Pursuant to Article 4, n. 1, GDPR, “personal data” means any information related to a directly or indirectly identified or identifiable natural person, by reference to an identifier such as a name, and identification number, location data, on-line identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, which is processed by the Joint Controllers and collected through the Data Subject or from private and/or public data bases or registers (hereinafter, the “Data”).

For the performance of the Engagement, and without prejudice to the principle of the minimization as above indicated, considered the nature of the Services, in certain cases, it could become necessary the processing of special categories of personal Data such as, by way of example and not in an exhaustive way, those provided for by Article 9, GDPR (such as, data concerning health), or Data related to criminal convictions and offences or connected to security measures, as defined by Article 10, GDPR, concerning the Data Subject, or, whenever necessary, its relatives, including underage persons. In such latter case, PwC Tax STP S.r.l. will require the consent to one of the subjects exercising parental authority or of the guardian. 

d) Categories of personal Data recipients

In the performance of the Engagement, Data may be made accessible to:

(i) Joint Controllers’ employees and consultants, in their role of persons authorised to process Data (hereinafter, the “Authorised Persons”),

(ii) Any third party subject performing outsourced activities, including the Data storage, on behalf of the Joint Controllers, in their capacity of data processors,

(iii) Any judicial or controlling Authority, public entities (whether national or foreign ones),

(iv) other PwC Italian and international Network legal entities (of which Joint Controllers are members).

The updated list of Data processors and Authorized Persons is kept at the Joint Controllers’ seat.

e) Transfer of personal data to third countries

Data are processed and stored on “cloud” and on servers located within and outside the European Union, belonging to or in the availability of the Joint Controllers and/or third party processors, as duly appointed. Any transfer abroad of data to non-EU countries takes place in compliance with the regulations in force, as well as in compliance with the provisions adopted by the European Court of Justice and by national and foreign Authorities regarding the protection of personal data.

Personal Data will not be subject to dissemination.

f) Personal data storage period

Data will be kept throughout the whole duration of the professional Engagement. As of the date of termination, for whichever reason or cause, Data will be stored as long as time-barring legal terms will be elapsed, increased by twelve months, and well as to possibly ascertain, exercise and protect the rights of the Joint Controllers, aimed at evidencing the due performance of the professional engagement Services.

g) Exercisable Rights

In compliance with the provisions under Chapter III, Section I, GDPR, Data Subject may exercise the rights therein indicated and in particular:

Right of Access – Obtain confirmation whether Data are processed or not and, in such a case, obtain information related, in particular, to: the purposes of such processing, the categories of the processed Data, the storage period, the recipients to whom such Data can be transferred (Article 15, GDPR),

Right of Rectification – Obtain, without undue delay, the rectification of inaccurate Data and to have incomplete Data completed (Article 16, GDPR),

Right of Erasure – Obtain, without undue delay, the erasure of Data, in the cases provided for by the GDPR (Article 17, GDPR),

Right to Restriction – Obtain from the Joint Controllers the limitation to processing, in the cases provided for by the GDPR (Article 18, GDPR),

Right to Data Portability – Receive Data as communicated to the Joint Controllers in a structured, commonly used and machine-readable format and obtain the transmission of such Data to another controller without any hindrance, in the cases provided for by the GDPR (Article 20, GDPR),

Right to object – Object to the processing of Data, unless the Joint Controllers have compelling legitimate grounds for the continuation of the processing (Article 21, GDPR),

Right to Lodge a Complaint with the Supervisory Authority – Lodge a complaint to Autorità Garante per la protezione dei dati personali. (Information and contact details can be found on the authority’s website www.garanteprivacy.it).

Data subject may request to exercise such rights or request further information on the processing of your personal data (fill the form and send a request)

(h) Contact details of the Data Protection Officer

Office of the Data Protection Officer (“DPO”) / Data Protection Officer (“DPO”) - PwC Tax Srl
Piazza Tre Torri n. 2 – 20145 Milano
PEC: dpo-tax@pec-pwc.it

Office of the Data Protection Officer (“DPO”) / Data Protection Officer (“DPO”) - SAPwC
Piazza Tre Torri n. 2 - 20145 Milano
PEC: dpo-sap@pec-pwc.it
Tel. (02) 66734162

i)  Processing operations

Data are processed by the Joint Controllers through the operations indicated in Article 4, n. 2, GDPR – whether or not performed by automated means – such as: collection, recording, organization, structuring, update, storage, adaptation or alteration, retrieval and analysis, consultation, use, disclosure by transmission, alignment or combination, restriction, erasure or destruction.

 The Joint Controllers undertake hereby to keep confidential the Data and the information received for the performance of the Services and to adopt any suitable measure in order to guarantee an adequate protection of the same, granting the necessary confidentiality on their content.

Confidentiality obligations above shall continue to be effective further the performance of the Services.

Pursuant to Article 32, GDPR, taking into account nature, object, contest and purposes of the Data processing, the Joint Controllers represent having adopted adequate technical and organizational measures, also related to the particular categories of Data pursuant to articles 9 and 10, GDPR, to safeguard the security level proportionate to the level of risk, including by way of example and not in an exhaustive way: (i) pseudonymisation and encryption of personal data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

Joint Controllers shall be responsible for the protection of their own information system.

 

[1] Further information on PwC Network and its single entities may be found on www.pwc.com website.

 

Follow us

© 2017 - 2025 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.