BRH+ PRIVACY POLICY

BRH+ respects the rights and privacy of individuals and is committed to handling their personal data with the utmost care, in accordance with current regulations, particularly the General Data Protection Regulation (GDPR) adopted by the European Union.

Below, you will find information on the data processing conducted by BRH+ through its website https://brh.it and on your rights regarding personal data.

If you have any further questions, please contact us at the following email address: studio@brh.it. We will respond as soon as possible.

 

Privacy policy suppliers and independent contractors

 

1. General Information

Suppliers, External Consultants and/or independent contractors are informed of the following general profiles, which apply to all areas of processing that may involve natural persons of reference (hereinafter, also as “data subjects”, ex art.4, c.1 GDPR)

• The Data Controller is Studio Professionale BRH+, (VAT No. 09325930015) with registered office in Turin, Via Valprato No. 70, in the person of the legal representatives Arch. Barbara Brondi and Marco Rainò
• The following contact information is provided: telephone +39 011 238 6119; e-mail address: studio@brh.it – certified electronic mail (Pec) boxes: b.brondi@architettitorinopec.it – m.raino@architettitorinopec.it
• All data of Suppliers, Autonomous Collaborators and/or Consultants, referring directly or indirectly to individuals, are processed lawfully, correctly and transparently towards the data subject, in accordance with the general principles set forth in Article 5 GDPR.
•  We have taken specific security measures to prevent data loss, illegal, or incorrect use, and unauthorized access
• Data processing is carried out with the support of computerized/telematic means and/or manually and concerns only “common” data (name/surname/address/phone/email/tax code/banking data) or information that does not include “special categories of data” (personal data revealing racial or ethnic origin, political opinions religious or philosophical beliefs, or trade union membership, as well as dealing with genetic data, biometric data intended to uniquely identify a natural person, data relating to a person’s health or sex life or sexual orientation) or “judicial data” (personal data relating to criminal convictions and offenses or related security measures).
• The processing of data is related to the provision of the requested services and/or supply of any related products or services, assistance related to the services, handling of any complaints and/or disputes, storage of personal data of suppliers, use of personal data to make communications related to the performance of the established contractual relationship, etc…
• The updated list of persons authorized to process on behalf of the Owner as well as external data processors designated by BRH+ is available at the Owner’s office.

2. Purposes and Communication

2.1 The processing of personal data of the data subjects, pursues the purpose of entering into and executing contractual relationships with BRH+’s suppliers or with BRH+’s Independent Collaborators and/or Consultants including for professional services (hereinafter the “Contract”).

Prior to the conclusion of the Contract, the processing of the data subject’s personal data may also pursue pre-contractual purposes, such as responding to specific requests from the data subject for the purpose of a subsequent contractual relationship. In any case, personal data are also processed to enable the Data Controller to fulfill obligations under the law, a regulation or EU legislation and for civil, accounting and tax purposes.

In addition, personal data may be processed for the purpose of asserting or defending in the competent fora (judicial, arbitration, administrative, etc…) rights of the Data Controller, whether or not related to the Contract (e.g.: default).

2.2 The Data Controller may disclose the data of the data subjects to third parties, as autonomous data controllers or data processors, who provide the Data Controller with services ancillary to the execution of the Contract, to consultants in the accounting, tax, legal and administrative fields, to banking institutions for the purpose of payment services, to public bodies (e.g. withholding tax payments), to the Data Controller’s partners for the exercise of their control rights or – finally – to internal staff (persons authorized as appointees) of the Data Controller.

The data will not be disseminated.

Where the Data Controller chooses to indicate by category the recipients of the data, he or she must justify why he or she considers this approach to be correct, and in any case the reference to the category should not be generic but specific, referring to the activities carried out, the sector, the industry, and the territorial location of the recipients identified by category. With this in mind, the Holder considers the approach by category of recipients of the communication to be correct in this case, since the naming of suppliers and sub-suppliers would be excessive. Third-party suppliers are represented by the following categories: ………; persons, companies or professional firms, which provide assistance, advice or collaboration to the Controller in accounting, administrative, legal, tax and financial matters in relation to the Contract.

2.3 In all the cases illustrated above, the Data Controller has no obligation to acquire any consent from the data subject. In fact, all the processing operations illustrated above pursue primary purposes for which Article 6 of the EU Data Protection Regulation 679/2016 excludes the need to acquire specific consent from the data subject, the legal bases of legitimacy of the processing being represented – depending on the case – by the Service and/or Supply Agreement, the obligation to comply with legal regulations, the need to implement measures requested by the data subject. In the case of actions to assert or defend a right in court, the legal basis of processing is represented by the legitimate interest of the Data Controller.

3. Data Transfer and Retention time

3.1 Data are stored at the Data Controller’s servers located within the European Economic Area; any data transfers to sub-contractors abroad will be covered by standard contractual clauses and/or adequacy decisions, in accordance with Articles 45 and 46 GDPR.

3.2 Data will be kept for ten years as required by applicable laws (tax, civil, anti-money laundering).

4. Your Rights

4.1 You can freely exercise the following rights in relation to the data processed by BRH+:

• Obtain confirmation that a processing of data concerning you is or is not taking place, and if so, obtain access to the data and information about the processing.
• Request correction of inaccurate data;
• Request the deletion of the data in the event that, among other reasons, the data are no longer necessary for the purposes for which they were requested; in this case, BRH+ will cease processing the data, except where the data are necessary for the establishment, exercise or defense of a right.
• Request the application of data processing limitation, in which case the data may be processed only with the consent of the data subject; exceptions to this are the retention of the data and its use for the establishment, exercise or defense of a right or for the protection of the rights of other physical or legal entities or for reasons of relevant public interest of the European Union or a Member State.
• Object, in whole or in part, for legitimate reasons, to the processing of your data, in which case, BRH+ must cease processing such data, except where the same is necessary for the defense against possible claims.
• Receive, in a structured, commonly used, machine-readable format, the data provided to BRH+ or request that BRH+ transfer it directly to another owner when technically possible.
• To revoke the consent granted, if relevant, for the purposes specified in section 2 above without affecting the lawfulness of processing on the basis of the consent provided prior to revocation.

4.2 The aforementioned rights of access, rectification, cancellation, restriction, opposition, and portability of data may be exercised directly by the data subject or his or her legal or voluntary representative by means of a request addressed to BRH+ at his or her contact information by sending a registered letter with return receipt to the registered office of BRH+ with registered office in Turin, Via Valprato n. 70, in the person of the legal representatives Arch. Barbara Brondi and Marco Rainò – email address: studio@brh.it – certified mailboxes (Pec): b.brondi@architettitorinopec.it – m.raino@architettitorinopec.it.
The data subject has the right to file a complaint with the competent supervisory authority.

5. Policy Update

Please note that this disclosure may be subject to periodic revision, including in relation to relevant legislation and case law.
However, the interested party is encouraged to consult this policy periodically.

 

PRIVACY POLICY WEBSITE

1. DATA CONTROLLER

The data controller of personal data collected through the website https://brh.it (hereinafter referred to as the “Site”) for Italian users is: Studio Professionale BRH+, (VAT Number: 09325930015) with its registered office in Turin, Via Valprato n. 70, Telephone Number: +39 011 238 61 19, e-mail: studio@brh.it (hereinafter referred to as the “Studio”).

 

2. PROCESSED DATA

2.1. Data collected through the service

The Studio only collects personal data that the user voluntarily provides by registering on the website or using the newsletter service. Among the personal data voluntarily provided by the user through the Service, there may be:

• First name;
• Last name;
• Tax code;
• Residential address;
• Date of birth;
• Email address;

For service provision, the Studio relies on certified suppliers:

• Mailchimp: see their privacy policy

2.2 Data collected through the website

As a result of merely browsing the publicly accessible pages of the Site, some navigation data may be automatically collected, including:

• IP addresses;
• URI (Uniform Resource Identifier) addresses of the requested resources;
• Time and method used to submit requests to the server;
• Numeric code indicating the status of the server’s response (success, error, etc.);

Navigation data are related to the user’s operating system and computer environment, the transmission of which is implicit in the use of Internet communication protocols.

The Association uses a third-party tool (Google Analytics) for statistical and marketing purposes only. However, the data is managed in a fully anonymized form. Although this information is not collected to be associated with identified individuals, it could potentially allow for user identification through processing and association with data held by third parties. This data is used solely to obtain anonymous statistical information on the use of the Site and to check its proper functioning and is deleted immediately after processing.

For any contact with the Studio, for example, by sending emails to the addresses indicated on the Site, the user’s data will be considered acquired and thus processed in full compliance with current regulations.

 

3. PURPOSES OF PROCESSING

The Studio processes the personal data provided by the user through the Site or through our suppliers (Mailchimp). Specifically, the user’s personal data may be used for the following purposes:

• Communication and marketing: periodic sending of news related to the Studio’s activities and service information.

The purposes listed above are subject to the user’s consent (which in some cases must be explicit).

The Studio will not use the data provided for purposes other than those listed above, to which the interested user has consented, and only within the limits specified in any additional specific information accompanying the different services that may be requested by the user. The user’s data will never be sold, rented, or otherwise transferred by the Studio to third parties. The user is the sole owner of their data and can request its modification or deletion at any time: see section 8 “User Rights” below.

 

4. RETENTION OF PERSONAL DATA

The Studio will retain the user’s information as required by current regulations and, in any case, for the time necessary to provide the requested services. The user is free to provide their personal data, but failure to provide such data may make it impossible to obtain the requested service. Such data will be retained only for the time necessary to respond to user requests or for as long as the user requests to receive such service.

 

5. SECURITY AND TRANSFER OF PERSONAL DATA

The transfer, storage, and processing of the user’s data collected through the Site are ensured by appropriate technical measures. User data is collected, stored, and retained on a secure server.

 

6. TRANSFER OF DATA TO THIRD PARTIES

The Studio does not transfer the user’s personal data to third parties. Only if the Studio is required by law will personal data be provided to the competent authorities.

 

7. TRANSFER OF DATA ABROAD

The user’s data will not be transferred outside the European Union.

 

8. USER RIGHTS (DATA SUBJECT)

The user may at any time fully exercise the rights provided by current regulations, including the following rights:

• Receive confirmation of the existence of their personal data and request access to their content;
• Update, modify, and/or correct their personal data;
• Request the deletion, anonymization, or blocking of data processed in violation of the law;
• Request the limitation of processing;
• Object for legitimate reasons to the processing;
• Receive a copy of the data provided and request that such data be transmitted to another data controller.

To exercise one or more of the rights listed above, a specific request can be sent via email to studio@brh.it .

 

9. COOKIE

For information regarding the use of cookies through the Site, please read the Studio’s Cookie Policy.

 

10. CONTACTS

Please send an email to studio@brh.it for any questions regarding clarification or information on the contents of this page.