INFORMATION ON THE PROCESSING OF PERSONAL DATA

Pursuant to and for the purposes of Art. 13 of the New European Regulation 2016/679 concerning the protection of individuals with regard to the processing of personal data (GENERAL DATA PROTECTION REGULATION – GDPR)
As required by the General Data Protection Regulation of the European Union (GDPR 2016/679, Article 13), before proceeding with the processing, the interested party (user of the website www.digitax.com) is informed that personal data collected through the site are processed by the Company using IT and / or telematic tools, for the purposes indicated in this information.
To this end, the data subject is submitted to the Privacy Policy prepared by “ITALTAX S.R.L.” as Data Controller, creator and promoter of the activities available on the website www.digitax.com.

Holder of the treatment
The Data Controller of personal data is ITALTAX S.R.L., with registered office in Via Piemonte 39 / A – 00187, Rome (RM), VAT number: 02085850424.
The Company has identified a Data Protection Officer pursuant to articles 37 and following of the 2016/679 European Regulation, who identifies himself as Dr. Manolo Valori.
This person can be contacted for clarifications and questions regarding the processing of personal data at the address: dpo@digitax.com.
For more information relating to the rights of the interested party, please consider the paragraph called “Rights of the interested parties” of this information.

Treatment information
The personal data being processed are collected directly by ITALTAX S.R.L. or by third parties expressly authorized by it, or communicated by the Company to such third parties for the pursuit of the purposes described below.

Legal basis and purpose of the processing
The personal data provided by the user when browsing the website www.digitax.com are processed by the Data Controller in accordance with current regulations on the protection of personal data.
The legal basis of the processing is identified in the provision of its services by the Company, in the management and facilitation of the website, as well as in the possibility of requesting information by the visitor through a contact form and sending spontaneous application or in response to an open position.
The processing of personal data by ITALTAX S.R.L. on the website www.digitax.com is aimed at pursuing the following purposes:
1) CUSTOMER ASSISTANCE SERVICE: the personal data provided will be used in order to proceed with the request for assistance made by the customer within the private area, who, by means of a practical code assigned to him, will be able to view the status at any time progress of requests in progress, as well as the history of requests already completed.
2) INFORMATION REQUEST: the personal data provided will be used in order to answer the questions posed by the user about the various products and services offered or to communicate any suggestions. It is necessary to consent to the processing of personal data in order to send the request.
3) WORK WITH US: in the event that the user spontaneously decides to send his application in one of the company areas or apply for one of the open positions, he can do so by filling in the appropriate form on the site where it can be uploaded the CV. The processing to which the requested data will be subjected has the purpose of providing for the application for employment. It is necessary to consent to the processing of personal data in order to send the request.
4) PRIVATE AREA: the personal data provided will be used in order to proceed with the registration request by the customer within the private area where they can access additional services and download the technical manuals, brochures and proprietary software.

Nature of the treatment
In relation to the purposes referred to in points 1) and 2) of the previous paragraph, the provision of personal data and consent to their processing is necessary as failure to provide data and consent will make it impossible for ITALTAX S.R.L. to proceed with the assistance service and / or to answer the questions posed by the user about the various products and services offered or to communicate any suggestions.
In relation to the purposes referred to in point 3) of the previous paragraph, the provision of personal data and consent to their processing is necessary as failure to provide the data and the relative consent makes it impossible for ITALTAX S.R.L to provide to the acquisition of the data and the CV which will be electronically deleted and / or destroyed the paper format.
In relation to the purposes referred to in point 4) of the previous paragraph, the provision of personal data and consent to their processing is optional. Failure to register in the personal area will make it impossible for the user to access additional services and download the technical manuals, brochures and proprietary software.

Personal data processed
The Data Controller only collects the personal data necessary for the provision of its services. The type of data collected varies according to the nature of the service provided to the customer or, in any case, requested by the same. The information requested / provided concerns, by way of example but not limited to, personal data (name, surname, date and place of birth, place of residence / professional domicile, tax code or VAT number), contact details (email address, landline or mobile phone number), billing data, as well as, where required, the details of the company making the request.
The information requested / provided could possibly include the so-called “Particular categories of data”, or data defined as “sensitive”, which are processed by the Data Controller only when this is deemed necessary for the provision of the service requested by the customer. These “particular categories of data” are treated, with your consent, in accordance with current legislation on the protection of personal data.

Methods of data processing and storage
The processing of personal data is carried out by the Data Controller in compliance with the provisions of current legislation on privacy. The Data Controller processes personal data using IT and / or telematic tools and with organizational and logical methods strictly related to the pursuit of the purposes indicated in this information, as well as adopting the appropriate security measures in order to prevent access, disclosure, unauthorized modification or destruction of personal data, their loss and their illicit and incorrect use. However, the Company cannot guarantee its users that the measures adopted for the security of the site and the transmission of data and information on the site are able to limit or exclude any risk of unauthorized access or loss of data by devices. pertaining to the user. For this reason, users of the site are advised to make sure that their computer is equipped with adequate software for the protection of data transmission over the network (for example updated antivirus) and that their Internet Provider has adopted suitable measures for the security of transmission. of data on the network. The Company also undertakes to process the data according to the principles of correctness, lawfulness and transparency, to collect them to the extent necessary and exact for processing and to allow their use only by authorized personnel. The management and storage of the personal data acquired will take place in archives or on servers located within the European Union owned by the Data Controller and / or by third-party companies appointed as External Data Processors and, in any case, currently located in Italy.
In relation to the different purposes for which they are collected, personal data will be kept for the time strictly necessary to achieve them and, in any case, in compliance with the regulations in force on the matter.
In any case, the Company will take care to avoid the use of the data indefinitely by proceeding, on a periodic basis, to appropriately verify the effective persistence of the interest of the subject to which they refer.

Recipients and data processors
The data collected will not be disseminated in any way, but will be processed within the limits and for the purposes described by the employees of the Company on the basis of adequate operating instructions (for example, administrative, commercial, marketing, legal, system administrators, etc. .). Some data processing may also be carried out by third parties, appointed as External Data Processors, of which the Data Controller makes use or could use in the context of the management of the contractual relationship, the provision of the services offered and for the organizational needs of its business. In particular, the data could be communicated to:
a) subjects, public and private, who can access the data by virtue of the provision of law, regulation or community legislation, within the limits set by these rules;
b) subjects who need to access data for purposes related to the contractual relationship between the parties, within the limits strictly necessary for the performance of auxiliary tasks (such as, for example, banks and credit institutions, technical service providers, hosting providers, IT companies, communication agencies, postal couriers and shipping companies);
c) consultants, within the limits necessary for the performance of their professional duties.
The updated list of External Managers and persons authorized to process the processing is kept at the headquarters of the Data Controller and is available to the interested party, upon request to be made by e-mail to the address dpo@digitax.com.

Transfer of data abroad
Personal data is stored on servers located within the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the servers even outside the EU. In this case, the Data Controller ensures from now on that the transfer of non-EU data will take place in compliance with the applicable legal provisions, also through the provision of standard contractual clauses provided for by the European Commission and the adoption of binding corporate rules. for intra-group transfers.

Rights of the interested parties
As an interested party, the user may exercise, at any time, the rights provided for in articles 15, 16, 17, 18, 20 and 21 of the GDPR which confer, in particular, the right to:
a) obtain from the Data Controller, pursuant to Article 15, confirmation that personal data is being processed or not and, in this case, obtain access to the data and information such as: (i) the purposes of the processing; (ii) the categories of personal data; (iii) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients located in Third Countries or International Organizations; (iv) when possible, the retention period of the personal data envisaged or, if not possible, the criteria used to determine this period;
b) obtain from the Data Controller, pursuant to Article 16, the correction of inaccurate personal data concerning him without undue delay; taking into account the purposes of the processing, the interested party has the right to obtain the integration of incomplete personal data, also by providing a supplementary declaration;
c) obtain from the Data Controller, pursuant to Article 17, the cancellation of personal data concerning him without undue delay. The Data Controller is obliged to delete personal data without undue delay if one of the reasons indicated in paragraph 1 of Article 17 exists;
d) obtain from the Data Controller, pursuant to Art. 18, the limitation of processing when one of the hypotheses governed by paragraph 1 of Article 18 occurs;
e) obtain from the Data Controller, pursuant to Article 20, the portability of data, i.e. receiving in a structured format, commonly used and readable by an automatic device, the personal data concerning him provided to a Data Controller. The interested party also has the right to transmit such data to another Data Controller without impediments by the first Data Controller to whom he provided them, if the conditions indicated in Article 20 paragraph 1 are met. Finally, the interested party has the right to obtain the direct transmission of personal data from one Data Controller to another, if technically feasible;
f) object, in whole or in part, pursuant to Article 21, to the processing of personal data concerning him.
To exercise their rights, the user can send their requests to dpo@digitax.com.
It should also be noted that the interested party has the right to revoke the consent at any time without prejudice to the lawfulness of the treatment based on the consent given before the revocation, without prejudice to the consequences indicated above regarding any refusal to provide such personal data. . The interested party also has the right to lodge a complaint with a Supervisory Authority.
You can make requests regarding the exercise of these rights by contacting the address: dpo@digitax.com.
ITALTAX S.R.L. undertakes to respond to requests from the interested party within one month, except in particularly complex cases for which it could take a maximum of three months. In any case, the Data Controller will provide the interested party with evidence of the reason for waiting within one month of the request. The outcome of the request will be provided in writing or electronically. In the event of a request for rectification, cancellation and limitation of processing, the Data Controller undertakes to communicate the results of the requests received from the interested party to each of the recipients of his data, unless this proves impossible or involves a disproportionate effort.
The Company specifies that a possible contribution may be requested from the interested party if the questions are manifestly unfounded, excessive or repetitive; in this regard, the Data Controller will equip itself with a register to track requests for intervention.

Changes to this information
The data controller reserves the right to make changes to this Privacy Policy at any time by giving notice to users on the website www.digitax.com.
Therefore, please consult this page often, referring to the date of the last modification indicated at the end of the document. In the event of non-acceptance of the changes made to this Privacy Policy, the interested party may request the Data Controller to delete their personal data. Unless otherwise specified, the previous Privacy Policy will continue to apply to personal data collected up to that time.
Privacy policy updated on 07/10/2021