Pursuant to article 13 and ff. of Regulation (EU) 2016/679 and in relation to your personal data of which the company NASH ADVISORY s.r.l., P.IVA 10567610018, registered office in Torino, via Po n. 1, will come into possession, we provide you with the following privacy policy statement:

Controller and manager of the processing. The data controller is the company NASH ADVISORY s.r.l., P.IVA 10567610018.

2. Purposes of data processing.

Your personal data may be processed, without the need for your consent, in cases where this is necessary in order to fulfill any legal obligation in the following areas: private law, tax law, anti-money laundering discipline, as well as any other European provision, rules, codes or procedures approved by the Authorities and other national competent institutions.

Furthermore, your personal data may be processed in order to follow up requests from the competent administrative or judicial authorities and, more generally, from public entities in compliance with legal formalities.

Your personal data will also be processed for the purposes related and / or linked to the activities which are carried out by the controller, such as:

– for those who contact us via site or email, to respond to their requests;

– for customer satisfaction surveys of the quality of the services provided;

– the subjects who contact us via the website or via e-mail are informed on the fact that navigating and accessing the site do not require, or allow, profiling activities. In any case, all data which are acquired during the navigation are anonymously processed and may only be used without the express consent of the User for the purposes of accessing the website and present the services of NASH ADVISORY s.r.l..

In particular, as regards navigation data, we inform you that computer systems and software procedures that are used to operate on this website acquire, during their normal functioning, some personal data whose transmission is implicit in the use of protocols of Internet communication. Such information is not collected in order to be associated with identified data subjects but, by its very nature, could, through processing and association with data held by third parties, allow Users to be identified. This category of data includes IP addresses or domain names of the computers used by Users accessing the website, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the time of the request, the used method to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the User’s computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the website and to check its correct functioning. Furthermore, the data could be used to ascertain responsibility in case of hypothetical computer crimes against the website.- NASH ADVISORY s.r.l. does not disclose personal data acquired to third parties for the possible sending of advertising material, commercial information, sale of products or services by foreign companies or commercial partners.- Your personal data may also be processed, provided that you give your optional and separate expressed consent, for the following additional purposes functional to the activity of the Controller: market research, economic analysis and statistics; marketing of the services of the Controller, sending of advertising/informative/promotional material, newsletters, press relases about Controller’s activities and services.

3. Transfer of data abroad. Users’ personal data may be freely transferred outside the national territory to other countries in the European Union, but it could also be transferred outside the European Union. With regard to transfers outside the territory of the European Union to countries that are not considered appropriate by the European Commission, the Controller shall take suitable and appropriate security measures in order to protect the received personal data. Consequently, any transfer of data to countries outside the European Union, in any case, shall take place in compliance with suitable and appropriate guarantees for the purpose of the transfer, such as the standard data protection contractual clauses, pursuant to the applicable legal discipline and, specifically, to articles 45 and 46 of the Privacy Regulation.

4. Methods of processing and retention. The data processing will be carried out in an automated and / or manual way, in compliance with the provisions of art. 32 of the GDPR 2016/679 concerning security measures, by specifically appointed subjects and by external consultants, in compliance with the provisions of art. 29 GDPR 2016/679.Please note that, in compliance with the principles of lawfulness, purpose limitation and data minimization, pursuant to art. 5 GDPR 2016/679, your personal data will be retained for the necessary period of time for the achievement of the purposes for which they were collected and processed, and in order to comply with the obligations and requirements of provided by law.

5. Communication of data. Personal data may be disclosed to the subjects in charge of the processing and it may be communicated – for the purposes referred to in point 2 – to other consultancy and assistance providers, to banks, to the companies of the Controller’s group, to the sales network, and, more generally, to all those public and private subjects to whom communication is necessary for the correct fulfillment of the purposes indicated in point 2 or on account of legal obligations.

6. Dissemination of data. Personal data are not subject to disclosure.

7. Cloud and telematics systems. Sensitive data may also be stored and / or used and / or sent / exchanged in online mode and the related programs (for example Dropbox, Onedrive, Outlook or other cloud and mailing programs), exclusively for the purposes set out in this statement.


8. Right to access personal data. The data subject has the right to ask the data controller to access his personal data. Upon request, the data controller provides a copy of the personal data which are being processed. In the event of further copies requested by the data subject, the data controller may charge an administrative fee based on administrative costs. If the data subject submits the request by electronic means, and unless otherwise indicated by said subject, the information is provided in a commonly used electronic format.

9. Right to rectification. The data subject has the right to obtain the rectification of inaccurate personal data concerning him from the data Controller without undue delay.Having considered the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, also by providing a supplementary statement.

10. Right to erasure (“right to be forgotten”). With the exception of the cases provided for by article 17, paragraph 3 of Regulation (EU) 2016/679, the data subject has the right to obtain the deletion of personal data concerning him from the data controller without undue delay and the data controller has the obligation to erase personal data without undue delay, when one of the cases provided for in article 17, paragraph 1, of Regulation (EU) 2016/679 occurs.

11. Right to the restriction of processing. The data subject has the right to obtain the restriction of the processing from the data controller using one of the hypotheses provided for in article 18 of Regulation (EU) 2016/679.

12. Right to object to the processing. The data subject has the right to object at any time, for reasons connected with his particular situation, to the processing of his personal data pursuant to article 6, paragraph 1, letters e) or f) of Regulation (EU) 2016/679.The data controller refrains from further processing personal data unless he demonstrates the existence of binding legitimate reasons to proceed with the processing that prevail over the interests, rights and freedoms of the data subject or for the assessment, exercise or the defense of a right in court.

13. Right to data portability. The data subject has the right to receive, in a structured, commonly used and automatically readable format, the personal data concerning him / her that have been given to a data controller and has the right to transmit such data to another data controller without any opposition of the data controller to whom they were given only in the cases provided by law and without prejudice to the rights and freedoms of others.

14. Withdrawal of consent. If the treatment is based on article 6, paragraph 1, letter a), or on article 9, paragraph 2, letter a) of Regulation (EU) 2016/679, the data subject has the right to withdraw his consent at any time without prejudice to the lawfulness of the processing based on the consent that was given prior to the withdrawal.

15. Right to complain. The data subject has the right to lodge a complaint with the Supervisory Authority.

16. Refusal to provide data. Any refusal of the data subject to provide his personal data will make it impossible to fulfill the activities covered by the agreement entrusted to NASH ADVISORY s.r.l..

You can exercise your rights with a written request sent by registered mail to the registered office of the company or to the PEC address: