×
Please select your Country

Privacy Policy


The General Data Protection Regulation

To protect the personal data of individuals and customers in the European Union and to keep up with everchanging technology, as per the May 25, 2018 the General Data Protection Regulation (GDPR) will come into effect. The GDPR impacts every organization which stores or processes personal data of individuals across the European Union. The GDPR aims to strengthen the rights of individuals over their personal data and creates a harmonized personal data protection standard. As a trusted partner to professionals, we want our customers to be confident that their personal data is protected. Consistent with the Wolters Kluwer company values and business principles, data privacy is at the heart of our approach to the GDPR. We fully understand the importance of data privacy standards to our customers and we recognize the obligations that apply to managing, storing and processing personal data. At Wolters Kluwer, we are committed to protecting our customers’ personal data. We deliver on this promise by striving to keep information secure and respecting the rights of individuals. With the Wolters Kluwer Corporate Privacy Office, we are fully engaged in a cross-functional GDPR program. We are reviewing data processes (policies, standards and documentation) and practices throughout our company and are implementing changes to further enhance protection of personal data. We are training our employees on their responsibilities and new ways of working related to GDPR; we are partnering with third parties and vendors to ensure their compliance; and we are assessing customer contracts and working with our customers to help to support them.


Information Concerning Article 13 of Italian Legislative Decree No. 196/03 and EU Regulation No. 679/2016

Tagetik Software S.r.l., with registered offices in Lucca [Italy], on Via Delano Roosevelt, No. 103, Tax ID and VAT No. 01234830469, in its role as data controller (hereinafter, “Data Controller”) would like to inform you, pursuant to Article 13 of Italian Legislative Decree No. 196 of 6.30.2003 (hereinafter, “Privacy Code”) and Article 13 of EU Regulation No. 2016/679 (hereinafter, “GDPR“ for General Data Protection Regulation) that your data will be processed in the following manner and for the following purposes:


1. Object of the Processing

The Data Controller processes personal data (such as your first name, last name, company name, address, telephone number, email address, banking and payment details) – hereinafter, “personal data” or also “data” that you have communicated or we have collected as follows:

  • In the context of commercial relationships, also carried out in collaboration with CCH Tagetik partner companies
  • Via telephonic activities
  • During visits to CCH Tagetik websites
  • By filling in the forms on CCH Tagetik websites 
  • Through the purchase of commercial databases or public documents/information

2. Processing Methods and Purposes

The processing of your personal data is carried out through the operations indicated in Article 4 of the Privacy Code and Article 4 (2) of the GDPR, and more precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation, and erasure of data. Your personal data are subjected to both paper and electronic and/or automated processing.
The Data Controller will process your personal data for the time necessary to fulfill the aforementioned purposes and in any case for no more than 20 years from the termination of the relationship for the purposes of providing services or until the request is made for the erasure of data that was gathered for marketing purposes.

Your personal data are processed:

A) Without your express consent (Article 24, letters (a), (b), and (c) of the Privacy Code and Article 6, letters (b) and (e) of the GDPR) for the following service purposes:

  • Fulfillment of pre-contractual, contractual, and tax obligations deriving from existing relationships with you;
  • Fulfillment of the obligations established by Italian law, by a regulation, by European Community legislation, or by order of an Authority (for example relating to anti-money laundering);
  • Exercising of the rights of the Data Controller, for example the right to defense in court

B) Only with your specific and distinct consent (Articles 23 and 130 of the Privacy Code and Article 7 of the GDPR), for the following marketing purposes:

  • Sending you newsletters, commercial communications and/or advertising material on products or services offered by the Data Controller, invitations to events, webinars, or other specific marketing initiatives or update on CCH Tagetik via email, regular mail, text messages and/or telephone;

3. Data Access

Your data may be rendered accessible for the purposes referred to in Article 2.A and 2.B):

  • To employees and collaborators of the Data Controller of the Group companies in Italy and abroad, in their capacity as agents and/or internal staff involved in the processing and/or system administrators;
  • To third-party companies or other subjects (merely by way of example, business partners, credit institutes, professional firms, consultants, insurance companies for the provision of insurance services, etc.) who carry out outsourcing activities on behalf of the Data Controller, in their capacity as external processing managers.

4. Communication of the Data

Without the need for express consent (pursuant to Article 24, letters (a), (b), and (d) of the Privacy Code and Article 6, letters (b) and (c) of the GDPR), the Data Controller may communicate your data for the purposes referred to in Article 2(A) To Supervisory Bodies (such as IVASS – Italian Institute for the Supervision of Insurance), Judicial Authorities, insurance companies for the provision of insurance services, and to those subjects to whom communication is mandatory by law for the accomplishment of said purposes.
These subjects will process the data in their roles as independent data controllers.
Your data will not be disclosed.


5. Data Transfer

Personal data is stored on servers located within the European Union and on servers located outside the EU. In the latter case, the Data Controller guarantees that the transfer of non-EU data will take place in accordance with the applicable legal provisions, subject to stipulation of the standard contractual clauses provided by the European Commission.


6. Nature of Data Provision and Consequences of Refusal to Answer

The provision of data for the purposes referred to in Article 2 (A) is mandatory. In their absence, we cannot guarantee the services outlined in Article 2 (A).
The provision of data for the purposes referred to in Article 2 (B) is, instead, optional. You can, therefore, decide to not provide any data or to subsequently deny the possibility of processing data which had been provided earlier. In this case, you will not be able to receive newsletters, commercial communications, and advertising material concerning the services offered by the Data Controller.
However, you will still be entitled to the services referred to in Article 2 (A).


7. Rights of Data Subjects

In your role as an interested subject, you have the rights set forth in Article 7 of the Privacy Code and Article 15 of the GDPR, and more precisely:
i. To obtain confirmation of the existence or non-existence of your personal data, even if it has not yet been registered, and communication of the same in an intelligible form.
ii. To be informed: (a) of the source of the personal data; (b) of the purposes and methods of the processing; (c) of the logic applied to the processing, if carried out with the help of electronic means; (d) of the identification of the data controller, data processors, and the representative designated in accordance with Article 5, paragraph 2 of the Privacy Code and Article 3, paragraph 1 of the GDPR; (e) of the entities or categories of entities to which your personal information may be disclosed and which could gain knowledge of it in their roles as designated representatives within the country, as data processors, or as staff members involved in data processing;
iii. To obtain: (a) updating, rectification or, when interested, integration of data; b) the erasure, conversion into an anonymous account, or blocking of data processed unlawfully, including data which need not be kept for the purposes for which the data was collected or subsequently processed;
c) confirmation that those to whom the data is communicated or disclosed are notified of the actions referred to under points (a) and (b), including their content, unless the fulfillment thereof proves impossible or involves using methods that are clearly disproportionate to the right being protected;
iv. To object, in whole or in part: a) for legitimate reasons, to the processing of your personal data, even if pertinent to the purpose for which it was collected; b) to the processing of your personal data for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication through the use of automated call systems without the intervention of an operator via email and/or through traditional marketing methods by telephone and/or regular mail. Please note that the opposition of the data subject, as set out in point (b) above, extends from automated methods to traditional ones for direct marketing purposes. Where applicable, you also have the rights referred to in Articles 16-21 of the GDPR (Right to rectification, right to erasure, right to restrict processing, right to data portability, right to objection), as well as the right to lodge a complaint with a Supervisory Authority.


8. Methods for Exercising Rights

You can exercise your rights at any time by sending:

By clicking here, you can request removal from our mailing lists, and by doing so you will no longer receive commercial information. By clicking here you can request the erasure of all your personal data.


9. Data Controller, Data Processor and Processing Staff

The Data Controller is Tagetik Software S.r.l., with registered offices in Lucca, on Via Delano Roosevelt, No. 103, Tax ID and VAT No. 01234830469.
As per Italian Legislative Decree No. 196/03, the updated list of Data Processors and the staff (authorized) involved in processing is kept at the registered offices of the Data Controller.