Client Area

Client Information Notice

In the execution of the assigned engagement, the companies of Bernoni Grant Thornton, in their capacity as autonomous Data Controllers, may collect and use personal data relating to:

• The Client, its employees, its company, its trustees, its clients; and
• The Client’s employees, agents, and collaborators;
• Any other personal data, possibly also collected from third-party companies, that is functional to the execution of the engagement.

The data protection relationship is held by the Bernoni Grant Thornton company with which the Client has a contractual relationship, as described below.

In consideration of the degree of autonomy in the processing of personal data concerning you, Bernoni Grant Thornton may assume the role of either Controller or Processor.

• Should we act as Controller, we would process all data as Controller in compliance with the “Guidelines 07/2020 on the concepts of controller and processor in the GDPR” adopted on 7 July 2021 by the European Data Protection Board (EDPB). In this case, data will be processed in order to carry out pre-contractual verifications provided by our procedures, to execute our engagement, and to comply with law, accounting and tax fulfilments, also according to the requirements of applicable regulations, by the policies and procedures on quality control from time to time in force at Bernoni Grant Thornton, as well as by applicable professional standards.
• Should we act as Processor, we would process only data relevant to the contractual management as Controller, while we would process data as Processor those data processed on behalf of the Client, also with reference “Guidelines 07/2020 on the concepts of controller and processor in the GDPR” of the EDPB. As regards the role as Processor, we acknowledge that the engagement was assigned considering the company profile, in terms of resources, property, equipment and know-how, which is adequate to provide sufficient guarantees so that proper technical and organizational solutions can be enacted to make processing be compliant with the requirements of the Regulation and ensure the protection of data subjects. The Processor will report to the Client any event that could breach the above requirements. The parties agree that the breach of one of the requirements under art. 28 of the Regulation constitutes a just cause for the revocation of the role as data Processor by the Controller. The Processor will stick to the instructions agreed with the Client.

Client representatives may be included in newsletter distribution lists for the purpose of receiving information regarding topics relevant to the contract and may be contacted for commercial purposes under the legitimate interest of the Controller, without prejudice to the right to object by the data subjects.

The data will be processed by the firm for the entire duration of the contract and also thereafter, for the fulfillment of all legal obligations.

Data may also be accessed by processors within outsourcing relationships, and by persons instructed on the management of personal data processing in accordance with Article 29 of the Regulation, who will process such data in compliance with the provisions of this privacy notice. The processing is not subject to automated decision-making processes, including profiling.

This privacy notice is provided in summarized form. It is understood that full privacy information is provided by the Bernoni Grant Thornton companies on the occasion of each specific engagement.