Privacy policy

In Bernoni Grant Thornton, data protection is a crucial issue.

Below you can find all information about how we process data.

Who are the Data Controllers?

Depending on the processing of personal data carried out, one or more of the following companies act as autonomous Data Controllers or Joint Controllers, where the purposes and means of the processing are determined jointly:

• Bernoni & Partners, with registered office in Via Melchiorre Gioia, 8, 20124 Milan, VAT No. 01692980152
• Grant Thornton Financial Advisory Services S.r.l., with registered office in Via Melchiorre Gioia, 8, 20124 Milan, VAT No. 09585290969
• Grant Thornton Operations S.r.l., with registered office in Via Melchiorre Gioia, 8, 20124 Milan, VAT No. 12057310158
• Leoni Grant Thornton & Partners, with registered office in Via Statuto, 4, 20121 Milan, VAT No. 08565080960
• Grant Thornton Digital S.r.l., with registered office in Via Melchiorre Gioia, 8, 20124 Milan, VAT No. 02502680180

(hereinafter, jointly, "Bernoni Grant Thornton")

Within the relationships existing among the companies of Bernoni Grant Thornton, they may act as Joint Controllers. In this sense, Bernoni Grant Thornton ensures that the processing of personal data is carried out in compliance with the applicable legal provisions and the joint controllership agreement concluded pursuant to and for the purposes of Article 26 of Regulation (EU) No. 2016/679 (hereinafter the “Regulation” or "GDPR"). The essential content of the agreement is available by writing to the following email address: dataprotection@bgt.it.gt.com.

Hereinafter in the document, for each processing activity it will be specified whether the Bernoni Grant Thornton companies act as autonomous Controllers or as Joint Controllers.

Who is the Data Protection Officer?

The companies of Bernoni Grant Thornton have jointly designated an internal representative who acts as the point of contact for data subjects and as the coordinator of all activities carried out jointly by the companies. Bernoni & Partners, by means of a specific designation act, has appointed this individual as the Data Protection Officer (hereinafter also referred to as the “Data Protection Officer” or “DPO”) for the companies part of Bernoni Grant Thornton.

What types of information do we collect at Bernoni Grant Thornton?

Bernoni Grant Thornton collects personal data in the following areas of activity:

How do we process the data?

Personal data is processed in compliance with Regulation (EU) 2016/679, both by electronic and automated means and manually, with logics strictly related to the purposes of the processing, through databases and electronic platforms managed by the Controller and/or by third parties (appointed as Data Processors).

Data are processed using methods intended to guarantee maximum security and confidentiality, and only by persons who have been trained and authorized to process them.
The Controller adopts appropriate technical and organizational measures to ensure a level of security appropriate to the risk related to the processing.

This privacy notice is not applicable to any other sites accessed by the user via hyperlinks from the Bernoni Grant Thornton website.
Therefore, the existence of a link to another site does not imply approval or acceptance of responsibility by Bernoni Grant Thornton regarding the content of the linked site, including the policies adopted for the processing of personal data or their usage.

This policy is regularly updated in accordance with any regulatory changes.

What are your rights and how can you exercise them?

Data subjects may exercise the rights provided for by Articles 15–22 of the GDPR with reference to the data processed by Bernoni Grant Thornton. In particular, you have the right to:

• access your data: pursuant to Article 15 of the GDPR, you can request confirmation of whether or not personal data concerning you exists, and, if so, obtain access to such data and information regarding its origin; purposes of the processing; categories of personal data processed; recipients or categories of recipients to whom the personal data has been or will be disclosed; the envisaged storage period; the existence of automated decision-making, including profiling;
• verify and request rectification: pursuant to Article 16 of the GDPR, you can verify the accuracy of your data and request its update, rectification, or completion;
• obtain the erasure or removal of your personal data: when the conditions provided under Article 17 of the GDPR are met, you have the right to obtain without undue delay the erasure of your personal data;
• obtain the restriction of processing: when the conditions provided under Article 18 of the GDPR are met, you can request the restriction of the processing of your data;
• obtain data portability: pursuant to Article 20 of the GDPR, you have the right to receive your personal data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transmitted without hindrance to another controller. This right applies when data are processed by automated means and the processing is based on your consent, on a contract to which you are a party, or on pre-contractual measures requested by you;
• object to the processing of your personal data: pursuant to Article 21 of the GDPR, where personal data is processed based on a public interest, in the exercise of official authority vested in the Controller, or for the purposes of the legitimate interests pursued by the Controller, you have the right to object to the processing for reasons related to your particular situation; pursuant to Article 22, you also have the right not to be subject to a decision based solely on automated processing, including profiling;
• lodge a complaint: you may lodge a complaint with the competent data protection supervisory authority or take legal action.

To exercise these rights or to request further clarifications regarding the processing of your personal data, simply write to the attention of the Data Protection Officer at the following email address: dataprotection@bgt.it.gt.com.