This document describes the methods used to manage the website www.studiobonacina.com (hereinafter, the “Site”) in relation to the processing of personal data of users who consult the Site, as well as the processing of personal data of those who, as clients or for any other reason, have relationships or contacts with Studio Legale Bonacina or otherwise provide Studio Legale Bonacina with their personal data, for the purposes and on the further terms and conditions of this information notice, or whose personal data are processed Studio Legale Bonacina (hereinafter “Data Subjects”).
This information is provided pursuant to Section 13 of (EU) Regulation no. 2016/679 (hereinafter “GDPR”).
1. Data Controller
The Data Controller is Avv. Stefano Bonacina (the “Data Controller”),Via Savarè 1, Milan, tel./Fax (+39) 02 99202030, e-mail: firstname.lastname@example.org. The updated list of any data processors is available at the offices of the Data Controller.
2. Where and how data are processed
Data relating to the web services of this Site, as well as data collected by Studio Legale Bonacina for any other reason pursuant to this information notice, are processed at the offices of the Data Controller and are handled by internal technical personnel, specifically appointed in writing as Person in charge of the processing, pursuant to the GDPR and/or by personnel outside the Data Controller’s organisation, duly appointed, in writing, as Processor, pursuant to Section 28 of the GDPR.
All personal data are processed both in paper format and, mainly, in electronic format. Data will be stored in a form that allows the identification of the user only for the time strictly necessary to achieve the purposes for which they were originally collected and, in a any case, within the limits provided by law. Specific security measures are observed to prevent the loss of data, their unlawful or improper use and unauthorised accesses to the data, in compliance with the provisions of the GDPR.
3. Purposes of the processing
Personal data are processed by the Data Controller for the following purposes:
- within the limits and only for the purposes to provide services accessible via the Site as well as to allow users to be acquainted with and examine in depth the activities, events and other, institutional and training, initiatives organised and carried out by the Data Controller;
- to manage and develop, with regard to the previous point, questions and requests for interaction with Studio Legale Bonacina, its professionals and entities within the organisation of the Data Controller;
- to offer a platform of scientific insights, through the contributions proposed by Studio Legale Bonacina;
The carrying out of the activities under letters a), b) and c) above does not require the Data Subject’s consent, being the services or performances, in most cases, carried out at the direct request of the parties concerned pursuant to Section 6, paragraph 1.
4. Provision of data and consequences in case of failure to provide data
The provision of personal data for the above purposes is optional and the failure to provide said data will have the only consequence to prevent the Data Controller from managing and processing the Data Subject’s requests or from sending the communications mentioned above.
5. Types of data processed
i. Navigation data
IT systems and software procedures set up for the correct functioning of this Site collect, during their normal operation, certain personal data, which are transmitted in the context of the use of Internet communication protocols.
Said data are not collected in order to be associated with identified persons, but may, on account of their nature, allow users to be identified through processing and associations with other data held by third parties.
This category of data includes IP addresses or the domain names of computers used by persons accessing the Site, URIs (Uniform Resource Identifiers), the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the digital code indicating the state of the server’s response (successful, error, etc.) and other parameters relating to the operating system and to the user’s IT environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to verify its correct operation and are deleted immediately after processing. The data may be used to ascertain responsibility in the event of any IT crimes against the Site.
ii. Data provided voluntarily by users or collected from third parties
The optional, explicit and voluntary submission of an email address as well as of the relevant message to the addresses indicated on this Site, as well as the transmission of messages through the published collection forms, results in the collection of the sender’s address and of other personal data that may be included in the request, which are necessary for responding to requests.
Specific summary reports may be shown or displayed, from time to time and when strictly necessary, on the pages of the Site dedicated to particular on-demand services.
In addition to the foregoing, further personal data (such as personal details, data concerning professional activity, position and/or role within the company, contact details such as business and/or private telephone number, e-mail address) provided to the Data Controller or anyway collected by the Data Controller from third parties, will be processed by the Data Controller in compliance with this information notice and within the limits imposed by the GDPR.
6. Recipients and Categories of Recipients
Data will not be circulated or assigned to third parties unless with the consent of the Data Subject. Should disclosure to third party suppliers or partners of Studio Legale Bonacina be necessary for organisational or administrative requirements or to support the services provided, the Data Controller shall appoint said entities as processors pursuant to the GDPR.
It is understood that the personal data of Data Subjects may be freely disclosed to third parties, such as the police, whenever this is permitted by the law or required by an order or decision of a competent authority.
7. Retention period
Personal data will be retained only as long as strictly necessary to achieve the purposes for which they had been collected and processed. Upon completion of the processing purpose, or in case of exercise of the right to object to the processing or withdrawal of the consent given, the Data Controller will be anyway entitled to further retain, in whole or in part, personal data for the purposes permitted by the GDPR (such as the need to enforce a right in court proceedings). As a rule, personal data will be stored for 2 years from their recording, or for 12 months for profiling purpose, without prejudice to the legitimate interest of the Data Controller pursuant to the GDPR, or any longer period that may be established in the future with reference to cases regulated from time to time by the applicable laws or by the competent authorities.
8. Link to other Websites
9. Rights of the data subjects
9.1 Right of access, erasure, restriction and data portability
Data Subjects have the rights provided for in Sections from 15 to 20 of the GDPR. By way of example, each Data Subject may:
- obtain confirmation of the processing or non-processing of personal data concerning him or her;
- if his or her data are being processed, obtain access to personal data and information relating to the processing as well as request a copy of the personal data;
- obtain the rectification of inaccurate personal data and have incomplete personal data completed;
- obtain the erasure of personal data concerning him or her where one of the grounds provided for by Section 17 of the GDPR applies;
- obtain restriction of processing where one of the cases provided for by Section 18 of the GDPR applies;
- receive personal data concerning him or her which he or she has provided to a controller in a structured, commonly used, machine-readable and interoperable format, and request their transmission to another controller, if technically feasible.
9.2 Right to object
Each Data Subject shall have the right to object at any time to processing of his or her personal data carried out to pursue a legitimate interest of Data Controllers. In case of objection, his or her personal data will no longer be processed, unless legitimate reasons exist for the processing, which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.
9.3 Right to withdraw consent
Where personal data are processed based on consent, each Data Subject has a right to withdraw at any time the consent given, without affecting the lawfulness of any processing based on said consent and carried out before the withdrawal. Consent may be withdrawn by writing an email to the address email@example.com
With reference to the processing of personal data for the purposes under Section 3, letter e) the Data Controller may not ask for the Data Subject’s consent, provided that the latter has been duly informed and has not refused to allow such use, initially or during subsequent communications. Upon collection and in any communication sent for the purposes under this paragraph, the Data Subject will be informed of the possibility to object to the processing at any time, smoothly and free of charge.
9.5 Right to lodge a complaint with a Supervisory Authority.
Every Data Subject has the right to lodge a complaint with a Supervisory Authority if he or she considers that the processing of personal data relating to him or her infringes his or her rights under the GDPR, according to the methods set out on the website of the Supervisory Authority accessible from the following link: www.garanteprivacy.it.