Owner of the data
The data controller is Attorney Raffaele Gammarota, with a studio In Milan, in Lepetit street n. 8, T.C (tax code) GMMRFL75B19G535J and VAT number 01374710331 (following “the Owner”).
Data protection officer
The data protection officer (DPO) is Attorney Margherita Gallù, with a studio in Rome, in Giuseppe Trabacchi street n. 43, available at the following email address: email@example.com .
Personal data processed abd their storage
Specified below the data processed on this Site.
In the course of normal operation, the ICT (information and communications technology) systems and procedures involved in the running of this site automatically acquire certain items of persona data whose transmission is implicit in communication protocol via Internet.
This data category includes IP addresses or domain names of users’ computers and devices, addresses in URI/URL (Uniform Resource Identifier/Locator) notation for requested resources, time of request, method used in submitting the request to the server, the size of the resulting file, the code number showing the response’s status given by the server (success, error, etc.) and other parameters for the operative system and the user’s computing environment.
It consists of information not collected to be matched against identified interested parties but could by their nature be used to identify the users, by means of processing operations and in combination wit other data in possession of third parties.
These data, required to the use of web services, are also used for:
- Obtaining statistical information on the use of the services (most visited pages, visitors’ number per time frame or daily, visitors’ geographic areas etc.):
- Checking the proper functioning of the services provided.
Navigation data do not last longer than seven dates (except when required by the Judicial authority to carry out criminal investigation, such as computer crimes investigations).
Data sent by the User
Optional, explicit, and voluntary submitting of messages to the Holder’s contact addressed, as well as any private message sent from the User to the Holder’s social media profiles, involves the Sender’s data acquisition, required for the reply, as well as all his personal data inside the message.
We also use temporary session cookies limited to the necessary information for a safe and efficient navigation of our websites.
The storage of session cookies inside of devices or browser is under the User’s control, wherever on servers, at the end of the HTTP sessions, cookies information remains logged with a maximum seven-day-longer storage time, on a par with other navigation data.
Purpose of personal data processing on a legal basis
The Holder legally processes User’s personal data pursuant to article 6 of the Regulation, for the following purposes:
- browsing this website, in relation to the opportunity of collecting the User’s personal data required (on a technical level) during the website browsing.
- legal obligations, i.e., to comply with obligations of laws or regulations, of an Authority or of European law.
The provision of data for processing purposes above-mentioned is optional but necessary, since the failure to provide these data could result in the User’s impossibility to browse this website and to benefit from the features offered from the Holder in this same website.
With reference to the purposes above indicated (number 1 in this paragraph), the legal basis for processing is indeed the performance of the services given through this website and requested by the User; with reference to the purposes above indicated (number 2 in this paragraph), the legal basis for processing is the fulfilment of a legal obligation the Holder is subject to.
Method of data processing
The Holder is going to process personal data collected through manual and computerized instruments, with a strictly related logic related to the purposes they are processed for and to guarantee security and privacy of the same data.
Personal data are going to be stored for the strictly required time for the pursuit of the purposes they were stored for, as stated above. Yet, it is understood that in the case in which the consent is revoked, i.e., when the User objects to data processing, personal data are going to be deleted.
Employees and/or collaborators could learn about the User’s personal data collected through this website, by means of their roles (ex. system administrators). These people, formally appointed by the Holder as “authorized to the process” are going to process the User’s personal data just for the purposes shown in this policy according to the instructions given by the Holder and in compliance with the provision of GDPR (General Data Protection Regulation).
Also, collected information could be disclosed to third parties in the quality of “External Processors” who will be able to process personal data on behalf of the Holder, who could be, for example, suppliers of computer and logistic services functional to the website functioning, outsourcing or cloud computing service providers, professionals and advisors who can provide functional performances for the purposes mentioned above.
Lastly, personal data could be communicated to all the people to which the communication is required by law. The User will be able to obtain a list of the persons in charge appointed by the Holder for processing, asking the Holder at any time.
Treatment place for personal Data
Personal data treatments associated to this website take place in the Holder’s headquarters and in the Managers’ headquarters and are handled by the personnel authorized to the process only or by the persons appointed for occasional maintenance operations.
Data transfer abroad
Personal data are going to be processed inside the territory of the EU.
Whenever, for technical and/or operational issues, it is necessary to make use of persons located outside of the EU, or it is necessary to transfer any collected data towards technical systems and services in cloud and located outside the EU territory, the treatment is going to be set according with Title V of the Regulation and authorized depending on specific decisions of the EU. Are going to be adopted every necessary precaution in order to guarantee the personal data utter protection basing this transfer on: a) adequacy decisions of third-country recipients casted by the European Commission; b) appropriate safeguards casted by the recipient third party pursuant to the article 46 of the Regulation; c) the introduction of binding corporate rules (BCR).
This website has external links to third-party websites. The Holder clears that they have no control over these websites, which also have their own privacy policies, and therefore that they do not take any responsibility for personal data processing made on other websites. The Holder, thus, suggests the User to check these other websites’ privacy policies before browsing there.
Rights of data subjects
Users interested in their personal data processing can exercise their rights explicitly recognized in article 15 and ss. of the Regulation, which are:
- the right to obtain from the controller (the Holder) confirmation as to whether personal data concerning them (the User) are being processed and eventually to obtain access to their personal data (article 15);
- the right to obtain the rectification of any inaccurate personal data concerning the User and the integration of their incomplete data (article 16);
- the right to obtain the erasure of the personal data concerning the User (“right to be forgotten” article 17);
- the right to obtain a restriction for their personal data processing under certain conditions (article 18);
- the right to receive the personal data given by the Holder in a structured, commonly used, and machine-readable format, and the right to transmit those data to another Holder without hindrance from the controller (Holder) to whom the User has provided their personal data (“right to data portability” article 20);
- the right to object to processing of personal data any time, on grounds relating to their particular situation (article 21);
- the right not to be subject to a decision based solely on automated processing, including profiling (article 22);
The persons concerned are also entitled and have the right to:
- obtain communications in case their own personal data is subject to violations;
- withdraw their consent for personal data processing in any time;
- lodge a complaint with a supervisory authority (Data Protection Authority – website: www.garanteprivacy.it ).
To exercise their rights, any person concerned can contact the Holder’s email address firstname.lastname@example.org .
This document will be subject to regular updates, as a result of any legislative changes or variations in performed processing, which are going to be posted on the website www.iuscounsel.com .