This document summarizes the information on the processing of personal data of Clients who sign a consultancy contract in compliance with the provisions of Regulation (EU) 679 of 2016 (hereinafter European Regulation).
The data controller, i.e. the subject who decides on the purposes, methods and security of personal data, is the person of Dr. Stefano Scuratti, Galileo Business Consulting firm with registered office in Via Madonna, 31 20021 Bollate (MI), telephone contact (+39) 02 9476 5901, e-mail: firstname.lastname@example.org and PEC: email@example.com (hereinafter Galileo Business Consulting).
The personal data that you may provide us with and/or that may be collected during navigation on our site are processed for the purposes according to the legal bases indicated below:
Purpose: to fulfil the consultancy contract;
Legal basis: art. 6, letter B GDPR;
Consequences in case of refusal to process: consent is not required, the refusal makes the execution of the contract impossible.
Purpose: to fulfil legal, accounting and fiscal obligations;
Legal basis: Article 6(C) GDPR;
Consequences in case of refusal: consent is not required, refusal makes it impossible to perform the contract.
Purpose: sending newsletters and commercial communications;
Legal basis: art. 6, lett. A GDPR;
Consequences in case of refusal to process: we do not send the newsletter and commercial communications.
Data provided by you are processed by the competent subjects of Galileo Business Consulting for the execution of consultancy mandates, by subjects legitimated by law. The categories of data and the recipients to whom the communication of your data is authorized in case of consulting mandate to Galileo Business Consulting are:
Purpose: Anti-money laundering legislation (Legislative Decree 231/2007);
Data: Billing data;
Recipient: banking system and competent bodies.
Purpose: collaboration with other professional firms for the mandate;
Data: Contact and billing data;
Recipient: professional partners of Galileo Business Consulting.
The personal data collected will not be transferred outside the European Union. In case of collaboration with investment funds, Embassies and professional offices based outside Europe, specific Client approval will be requested on a project basis and only for the operational development required by the consulting contract.
Personal data provided by means of a document are stored in the following ways:
Consultancy contract: ten years from the date of conclusion of the contract;
Invoices: ten years from the date of invoice;
Identifying Documents: ten years from the date of acquisition;
Rights of Interested Party
The Regulation recognizes the following rights that you can exercise against and against each data controller to the processing of data; a complete extract of the articles of law as per the European Regulation is attached:
Right of access: Article 15 allows you to obtain confirmation from the data controller whether or not data is being processed and if so to obtain access to such data;
Right of rectification: Art. 16 allows to obtain from the data controller the rectification of inaccurate personal data; the data subject has the right to obtain the integration of incomplete data, also by providing a supplementary statement;
Right of cancellation: Art. 17 allows to obtain the cancellation of data without unjustified delay if there is one of the reasons provided for by the rule;
Right of limitation: Art. 18 allows to obtain the limitation of the treatment when one of the hypothesis provided for by the rule applies;
Right to object: Article 21 allows you to object at any time to the processing of personal data concerning you under Article 6(1)(e) or (f), including profiling on the basis of these provisions;
Right to portability: Article 20 allows you to receive in a structured format, in common use and readable by automatic device the personal data concerning you provided to a data controller and you have the right to transmit such data to another data controller without hindrance by the data controller to whom you have provided them according to the conditions provided for by the rule;
Right to revoke consent: Art. 7 allows you to revoke your consent at any time. The revocation of consent does not affect the lawfulness of the processing based on consent before the revocation;
Right to complain: Art. 77 recognizes the right to lodge a complaint with a competent authority.
The legal basis for the present document is defined in the Article 10 of Directive 95/46/EC, Directive 2002/58/EC, Directive 2009/136/EC and subsequent modifications.
Navigation data: the computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server and other parameters relating to the operating system and computer environment of the user. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site only at the request of the supervisory bodies in charge.
Data Communicated by the User
The optional, explicit and voluntary sending of messages to our contact addresses, private messages sent by users to institutional profiles/pages on social media (where this possibility is provided), the filling in and forwarding of any forms on our site, involve the acquisition of the sender's contact data necessary to respond, as well as all personal data included in communications.
Instead, session cookies are used strictly limited to what is necessary for the technical, safe and efficient navigation of the site. The storage of session cookies in terminals or browsers is under the user's control, whereas on the servers, at the end of HTTP sessions, information relating to cookies remains recorded in the service logs. Cookies are used for statistical purposes only thanks to the service provided by Google Analytics. For sharing functions via social networking sites, cookies may be installed by the relevant providers. These services are provided by third parties, of which you will find links to the relevant privacy policies for Linkedin, Facebook, Google and SendInBlue for the management of data for the newsletter. The cookies installed by the latter fall under the direct and exclusive responsibility of the third party operator and to revoke the consent you must refer to the websites of the third party or refer to www.youronlinechoices.com/it/ to obtain information on how to delete or manage cookies depending on the browser used and to manage preferences on third party profiling cookies
You could block or delete unnecessary cookies in the following ways: blocking third party cookies through your browser, using anonymous browsing according to your browser options or deleting cookies from your computer;