Professional secrecy

The professionals and employees at CHREA comply with the obligation of professional secrecy pursuant to Articles 351 and 342 of the Code of Criminal Procedure, and Article 249 of the Code of Civil Procedure, except with regard to activities for the mandatory auditing and certification of accounting and financial statements and those relating to the functions of auditor for companies or entities, or as required by current anti-money laundering regulations.

Anti-money laundering - Legislative Decree No. 231 of 21 November 2007

During the performance of its professional duties, CHREA applies the provisions of Article 16 et. seq. of Legislative Decree No. 231 of 21 November 2007, as amended and supplemented by Legislative Decree No. 151 of 25 September 2009 as subsequently amended, which envisage customer due diligence obligations for professionals. In particular, CHREA has aligned its procedures with the CNDCEC guidelines in accordance with the general principles provided by the legislator, as well as the implementing provisions contained in Ministerial Decree No. 141 of 3 February 2006, and the Italian Exchange Office Provision of 24 February 2006, for the parts not expressly declared incompatible by the Ministry of Economy and Finance in the circular dated 19 December 2007, prot. 125367 and, therefore, still in force according to the provisions of Article 66 of Legislative Decree 231/2007 and, finally, the indications of the FATF document “Risk Based Approach – Guidance for Accountants”.

Workplace safety

CHREA complies with the provisions of Legislative Decree No. 81 of 9 April 2008, issued in implementation of Article 1, Law No. 123 of 3 August 2007, on the protection of health and safety in the workplace to ensure compliance with basic service levels regarding civil and social rights, gender and age differences, the condition of immigrant workers and to prevent any risk or danger to the health and safety of workers and the surrounding environment. The firm has consequently adopted a risk assessment document and complies with the obligations set forth in Articles 17 and 18 of the aforementioned Legislative Decree.


In accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data, the personal data of Customers provided and acquired by CHIARAVALLI, REALI E ASSOCIATI (the “Firm”) are processed in compliance with the provisions of the aforementioned Regulation and the consequent rights and obligations, and specifically:

a) PURPOSE OF PROCESSING – Processing is aimed exclusively at the correct and complete execution of the professional assignment received.

b) METHODS OF PERSONAL DATA PROCESSING – Processing is carried out through operations, using electronic and paper means, and consists of the collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of the data.

Processing is carried out by the data controller and the data processors expressly authorised by the same.

c) PROVISION OF DATA AND REFUSAL – The provision of common and sensitive personal data is necessary for the performance of the activity referred to in point a) above and refusal of the data subject to provide personal data makes it impossible to carry out such activity.

d) COMMUNICATION OF DATA – Personal data may become known exclusively to the appointed data processors and be communicated for the purposes referred to in point a) above to external collaborators, the financial administration in the broadest sense, including tax commissions of all levels, the Public Administration, the Business Register and, in general, all entities to which communication is necessary for the correct performance of the professional assignment and for the purposes referred to in point a) above. Personal data are not disclosed.

e) TRANSFER OF DATA ABROAD – Personal data may be transferred to EU or non-EU countries or to international organisations, within the scope of the purposes referred to in point a) above.

f) DATA RETENTION – The data are kept for the period necessary to carry out the activity and in any case not exceeding ten years.

g) DATA CONTROLLER – The data controllers are the partners of the firm Chiaravalli, Reali e Associati, Giuseppe Chiaravalli, Andrea Chiaravalli, David Reali, Marco Curti and Alessandro Maruffi, in Milan (MI) Piazzetta Umberto Giordano, 4.

h) RIGHTS OF THE DATA SUBJECT – Data subjects have the right to:

  • access, rectify, erase, restrict or object to the processing of their data
  • receive their personal data in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from the controller to which the personal data have been provided
  • withdraw consent to the processing, without affecting the lawfulness of processing based on consent before its withdrawal
  • lodge a complaint with the Supervisory Authority for the protection of personal data.

These rights may be exercised by sending a written communication to the certified email address pec@pec.chrea.com or a registered letter addressed to CHIARAVALLI, REALI E ASSOCIATI – TITOLARE TRATTAMENTO PRIVACY – Piazzetta Umberto Giordano 4, 20122 MiIan (MI).


© 2024 chrea.com – p.iva 10802210152 – All rights reserved.