01 CONSTRUCTION

Privacy & GDPR

PRIVACY POLICY

At Baker Tilly Italy, the protection of personal data is of paramount importance.

On this page, we aim to provide you with the necessary information regarding the collection and processing of personal data from users who visit and navigate our website, regardless of whether they decide to contact our professionals. These details are subject to periodic review, and any changes and/or updates will be included in this section of the website. Please note that links redirecting to third-party websites, including sites managed by affiliated companies of Baker Tilly Italy, are not covered by this privacy policy, and it is therefore necessary to review their respective privacy policies directly on those sites.

1. DATA CONTROLLER
The data controller is Baker Tilly Italy S.r.l., with registered office in Via Carlo Alberto 31, 10123 Turin, Italy, tax code and VAT number 12531180011, PEC: bakertillyitaly@pec.it (hereinafter referred to as the "Controller").

2. PURPOSE OF PROCESSING
The Controller may process:
- IP addresses and other general user information (types of browsers used, date, location, and time of website access, etc.). Such data is not collected to be associated with or identify specific individuals, but due to the nature of the data itself, it could potentially be used to identify users.
- User identification data (name, surname, company name, etc.) and contact information (email address, phone number, etc.) if provided through the online form.

3. PURPOSE AND LEGAL BASIS OF PROCESSING
Personal data is collected and processed for the following purposes:
- Providing the content of our website and ensuring the functionality of our IT systems.
- Collecting statistical data and information about users of our site.
- Responding to your inquiries.
- If you use the online form, the information transmitted will be used to manage your request.
- Security: To protect site users and the Controller, prevent attacks on our IT systems, and provide the necessary information to authorities in case of cyberattacks.

The applicable legal bases are those set forth in Article 6, letter b (processing is necessary for the performance of pre-contractual measures taken at the data subject's request) and c (processing is necessary for compliance with a legal obligation to which the data controller is subject) and f (processing is necessary for the purposes of the legitimate interests pursued by the Controller to ensure the security and functionality of IT systems).
Please refer to t paragraph (7) for the use of cookies.

4. NATURE OF DATA PROVISION
The processing of your personal data is necessary to fulfill the above purposes. For any purpose other than those expressly listed in this privacy policy, the Controller will verify the existence of one of the legal bases provided for in Articles 6 and 9 of the GDPR.

5. DATA RETENTION AND STORAGE PERIOD
Regarding the above purposes, personal data will be subject to computerized processing by the Controller, which does not involve profiling processes. Personal data will be retained for the period strictly necessary to fulfill your request. Afterward, the data will be kept for statistical purposes and to comply with any legal or contractual obligations. The Controller adopts appropriate technical and organizational measures to ensure the security and confidentiality of data. All Baker Tilly Italy personnel are required to keep personal information confidential and ensure access is limited to authorized individuals.

6. DATA COMMUNICATION AND DISCLOSURE
Personal data may be transmitted and/or disclosed to:
- One or more independent members of Baker Tilly International to manage your request. It should also be noted that Baker Tilly Italy does not provide information to third parties for marketing purposes.
- Parties (such as administrative, judicial, supervisory, and control authorities) to whom such communication is required in compliance with national or European law.
- Third-party product and/or service providers. Depending on the circumstances, these recipients may process personal data as independent data controllers or processors.

Your data may also be processed by the staff of individual companies providing services, as authorized data processors, only for the data necessary to perform their assigned tasks.

7. COOKIES
This site uses cookies.
Cookies are small text files used by websites to make the user experience more efficient. Our site uses:

1. Technical cookies: essential for allowing users to access the services requested. Without these cookies, navigation on the site and certain user-requested operations may not be possible. Considering the purposes for which technical cookies are used, their storage on the device does not require the user's prior consent.
2. Analytical cookies: used to produce aggregated and anonymous statistics for internal research purposes, such as the number of users, their location when visiting the site, and the date and time of access, etc. The use of analytical cookies aims to optimize and improve the website. In accordance with applicable regulations, the installation of this type of cookie does not require the user's prior consent.
Your choices will be saved for 12 months.

Furthermore, users are informed that, in addition to the above, they can express their preferences regarding cookies through the settings of the browser used on their device.

8. DATA SUBJECT'S RIGHTS
Under the GDPR, you, as a user, have the following rights concerning your personal data:
- Right of access to personal data and the right to obtain a copy thereof (Article 15 of the GDPR).
- Right to rectify inaccurate data (Article 16 of the GDPR).
- Right to erasure (the "right to be forgotten") without undue delay (Article 17 of the GDPR).
- Right to restriction of processing (Article 18 of the GDPR).
- Right to data portability, i.e., the right to receive personal data in a structured, commonly used, and machine-readable format (Article 20 of the GDPR).
- Right to object to processing at any time for reasons related to your particular situation (Article 21 of the GDPR).
- Right not to be subject to automated decision-making, including profiling (Article 22 of the GDPR).
- Right to lodge a complaint with the supervisory authority (Article 77 of the GDPR) if you believe that the processing of personal data by the Controller violates the regulations.

To exercise these rights, please refer to point 10 below.

9. TRANSFER OF DATA ABROAD
If necessary for the purposes mentioned above, including due to Baker Tilly Italy's membership in the Baker Tilly International network, data transfers to:
a) European countries: such transfers, occurring to countries subject to the GDPR, will comply with the provisions of the GDPR, as explained in this privacy policy.
b) Non-European countries: such transfers, occurring to countries not subject to the GDPR, can only take place once the Controller has verified the presence of conditions provided for in Chapter V of the GDPR (Article 44 et seq.), as explained in this privacy policy and in accordance with specific internal policies and/or network-level provisions, if applicable.

Further information on this matter can be requested from the data controller, as indicated in point 10 below.

10. INFORMATION AND EXERCISE OF RIGHTS
For more information about the processing of personal data or to exercise the rights mentioned in point 8 above, you can contact the Controller via the email address info@bakertillyitaly.it.

Please note that, before providing any information or making any changes to personal data, the Controller may need to verify the identity of the requester, which may involve answering some questions. A response will be provided as soon as possible and within the time limits set by law.

Find an office
Offices