Information on personal data ex art. 13-14 EU Regulation 2016/679 (GDPR)
With this document the law firm lawyers Tamola Nicholas T&R and Russo Daniela discloses how to manage the website, owned by the avv. Russian Daniela (P.IVA 08231700967), and in particular, the objectives and the way in which personal data of users who consult are collected, recorded and used.
The current document refers exclusively to the website www.studiolegaletr.com, (hereinafter “law firm T&R site”) and not to other web sites accessed via links on the pages of the site.
The law firm T&R site is controlled and operated by lawyers Tamola Nicola and Russo Daniela who, under art. 26 of Reg. EC 2016/679, are joint holders of the treatment of the personal data collected there. Interested parties may exercise their rights under EU Reg. 2016/679 against and against each controller.
The internal agreement between the Controllers of the processing, which regulates the respective responsibilities regarding the obligations and the exercise of rights deriving from EU Reg. 2016/679, may be made available to interested parties who make a written request to the following address: via Sant’Antonio Maria Zaccaria n.1 – 20122 Milan (Italy) – or via pec: nicola.tamola@milano.pecavvocati.it or daniela.russo@milano.pecavvocati.it.
The lawyers Tamola Nicola and Russo Daniela, as data controllers of personal data, pursuant to and for the effects of the EU Reg. 2016/679, hereinafter also ‘GDPR’, inform the users of the site that the aforementioned legislation provides the protection of data subjects regarding the processing of personal data and that such data shall be processed in accordance with laws and privacy obligations provided therein.
Lawyers Tamola Nicola and Russo Daniela, co-owners of the processing of personal data, elect domicile in via Sant’Antonio Maria Zaccaria n.1, 20122- Milan.
The treatments take place electronically and will be made available to third parties (external processors) within the European Union, regularly under contract by the owners and that offer adequate security necessary for the provision of essential services to meet the needs of users.
Such external managers, the list of which is available upon request, may belong to groups of entities that support the holders in the provision of services offered through this site (such as, but not limited to: consultants, software developers and website operators etc.). They will also be used for purposes of statistical analysis and direct marketing, anonymously, as specified by the cookie policy.
Therefore, these are legitimate and necessary treatments to ensure users a service that meets their expectations.
The data will be kept for the duration of the services requested by users or for longer periods, where this is required by law.
At any time users can exercise the rights provided for in articles 15-22 of the GDPR by contacting the Data Controllers.
The information entered on the form “contact form” (including email address) may be disclosed to a third party company that act as an external Manager and supporting the holders in the management of the site and in the execution of the request of the user.
In the case of a request for cancellation of their data, users are advised that it may not be possible to continue to provide the service requested.
Finally, Users are informed that may propose complaint to the data protection authority, if they felt that there has been a violation of their rights.
Legal basis
This site deals with data based on consensus. With the use or consultation of this site visitors and users agree explicitly to this privacy statement and consent to the processing of their personal data in relation to methods and for the purposes described below, including any disclosure to third parties, if necessary for the provision of a service.
The consent of minors is valid starting from the age of 16 years; before that age the consent must be provided by who has the parental responsibility or carers.
The provision of data, and then the consensus on the treatment of the data is optional, User can deny consent and can revoke a consent already provided (via the “contact” form). However with the denial of the consensus might be impossible the delivery of some services and your browsing experience may be compromised.
Purposes of treatment
Like all websites, this site also makes use of log files in which information collected in an automated manner is kept during user visits. The information collected can be the following:
-
internet protocol (IP) address;
-
type of browser and device parameters used to connect to the site;
-
name of the Internet service provider (ISP);
-
date and time of visit;
-
web page of origin of the visitor (referral) and exit;
-
country of origin;
-
possibly the number of clicks.
The collection of data and information is carried out for the following purposes:
a) in aggregate, anonymous form only, in order to verify the proper functioning of the site. None of this information is related to the individual-user of the site;
b) for security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly also include personal data such as the IP address, which could be used, in accordance with applicable laws, in order to block attempts at damage to the site itself or to damage other users, or in any case harmful activities or constituting a crime. Such data are never used for the identification or the profiling of the user, neither crossed with other data nor provided to third parties, but only used for the purposes of safeguarding of the site and its users;
c) communicate information to third parties who perform functions necessary or instrumental to the service, such as the management of comments on the site;
d) for statistical analysis of users ‘ navigation.
Methods of treatment
The personal data of users/visitors to the site may be used in the following ways:
-
through electronic computers using software systems operated by third parties;
-
by electronic calculators using software systems operated or programmed directly;
-
temporary treatment in anonymous form;
Each treatment takes place in accordance with the modalities laid down in articles. 6, 32 of EU reg. 2016/679 (GDPR) and through the adoption of appropriate security measures.
Communication
The data of users/visitors to the site will be disclosed only to persons competent and duly appointed for the performance of services which are necessary for the proper management of the relationship, with a guarantee of protection of the rights of the data subject.
Security measures
This site processes the data of users in a lawful and correct manner, adopting the appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data. Processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In particular, the site management software is constantly updated, and regularly scanned in order to check for viruses and dangerous codes. In addition, owners, in some cases, may have access to the data categories of persons involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external subjects (as suppliers of third party technical services, mail carriers, hosting providers, IT companies, communication agencies).
Conservation Period
The data will be kept for the times defined by the relevant legislation, which are specified below pursuant to art. 13, co. 2, lett. a) of EU Reg. 2016/679:
• ten years, starting from the termination of the contractual relationship, for documents and related data of a civil, accounting and tax nature, as required by the law in force;
• for the duration of the contract or – even if the contract continues to be in force – until the withdrawal of the specific consent by the interested party to the accessory and secondary marketing and profiling treatment (including the communication to third parties for the same purposes), and therefore the retention times in this case are linked to the choice of the interested party to proceed with the revocation.
Cookies and their management
1 – Technical cookies
Technical cookies described below don’t require consent therefore are installed automatically as a result of your access to the site.
• Necessary Cookie: cookies that allow the site to work correctly even allowing you to have an experience of functional navigation. For example, they keep the user connected when browsing by preventing the site requires you to connect multiple times to access the following pages.
• Cookies for Saving Preferences: Cookies enhance remember the preferences selected by the user during navigation, for example, allow you to set the language.
• Cookie Statistics and Audience Measurement: cookies which help us to understand, through data collected anonymously and aggregated, as users interact with the website providing information related to the sections you visit, the time spent on site, any malfunctions.
2 – Third-party cookies
Through this site are also installed cookies managed by third parties.
If you wish to have information about these third-party cookies and how to manage consent, please access the links in the tables below. In addition, by accessing the page http://www.youronlinechoices.com/it/ you can learn about behavioral advertising as well as disable or enable cookies from the companies listed that work with the managers of the websites to collect and use information useful for the use of advertising.
2.1 – Statistical cookies and third-party audience measurement
These cookies provide anonymous / aggregated information on how visitors navigate the site. Below are links to the respective cookies policy pages to manage consent.
-
Company
-
Service
-
Type
-
Insights
-
Adobe
-
Adobe Analytics: system of statistics
-
Analytical cookies
-
privacy policy
-
Nielsen
-
SiteCensus: system of statistics
-
Analytical cookies
-
privacy policy
-
Google
-
Google Analytics: system of statistics
-
Analytical cookies
-
privacy policy
-
Duda
-
Duda Analytics: system of statistics
-
Analytical cookies
-
Shinystat
-
Shinystat: system of statistics
-
Analytical cookies
-
privacy policy
2.2 – Social media sharing cookies
These third-party cookies – if there are links on the site – are used to integrate some common features of the main social media and provide them within the site. In particular, they allow registration and authentication on the site through facebook and google connect, sharing and commenting on social media pages, enabling the “like” features on Facebook and the “+1” on G +. Below are links to the respective cookies policy pages to manage consent.
-
-
Company
-
Type
-
Insights
-
Facebook
-
social media
-
privacy policy
-
G +
-
social media
-
privacy policy
-
Youtube
-
social media
-
privacy policy
-
Twitter
-
social media
-
privacy policy
-
Linkedin
-
social media
-
privacy policy
-
Pinterest
-
social media
-
-
privacy policy
2.3 – Remarketing cookies
These third party cookies are used to send advertisements to users who visited the site while browsing on Google Display network websites and/or use the app on the Google Display network while surfing on Google. Information on how to disable the use of cookies by Google you will find Google ads preferences page.
-
Company
-
Type
-
Insights
-
Google
-
Remarketing
-
privacy policy
-
Facebook
-
Remarketing
-
privacy policy
3 – Remember that you can manage your cookie preferences even through the browser
If you are using Internet Explorer: in Internet Explorer, click on “Tools” and select “Internet Options”. On the Privacy tab, move the cursor up to block all cookies or down to allow all cookies, and then click OK.
If you use the Firefox browser: Choose the “Tools” menu of the browser and select the “Options” menu. Click on the “Privacy” tab. In the “Retention rules” drop-down list, select the desired level. Tick the “Accept cookies” box to enable cookies, or uncheck to disable them. Choose how long cookies can be stored.
If you use the Safari browser: Click in the Safari menu, select the “Edit” menu and select “Preferences”. Click on “Privacy”. Set the “Block cookies” setting and click OK.
If you use the Google Chrome browser: Click the Chrome menu in the browser toolbar. Select “Settings”. Click on “Show advanced settings”. In the “Privacy” section, click on “Content settings”. In the “Cookies” section, select “Prevent all sites from saving data” and then click OK.
If you use any other browser or do not know the type and version of browser you are using, you must click “Help” in the browser window at the top, from here you can access all the necessary information.
In case of doubts or concerns about the use of cookies, you can always intervene to prevent the setting and reading, for example by changing the privacy settings in your browser in order to block certain types. Since each browser, and even browser versions, also differ significantly from each other, if you prefer to act independently through the preferences of your browser you can find detailed information on the procedure required in the guide of your browser.
For an overview of the action modes for the most common browsers, visit www.cookiepedia.co.uk.
Advertising companies also allow you to opt out of receiving targeted ads, if desired. This does not prevent the setting of cookies, but interrupts the use and collection of some data by these companies. For more information and cancellation options, visit: www.youronlinechoices.eu
Data controllers
The Data Controllers, pursuant to art. 26 Reg. UE 2016/679 are the lawyers Tamola Nicola and Russo Daniela – Via Sant’Antonio Maria Zaccaria n.1, 20122 – Milan (MI) Tel. +39 02 39438698. Pec: nicola.tamola@milano.pecavvocati.it and daniela.russo@milano.pecavvocati.it; e-mail: info@studiolegaletr.com.
The interested parties have the right to obtain from the Owners the cancellation (right to be forgotten), the limitation, the updating, the correction, the portability, the opposition to the processing of personal data concerning them, and in general can exercise all the rights provided for by the articles 15-23 of the EU Reg. 2016/679 (GDPR).
Rights of the interested party – Articles 15-23 of the EU Reg. 2016/679
Exercise of rights by the interested party
Pursuant to articles 13, paragraph 2, letters (b) and (d), from 15 to 22 of EU Reg. 2016/679, the interested party is informed that:
a) has the right to request data controllers to access personal data, correct or delete them or limit their processing or to oppose their processing, in the cases provided for;
b) has the right to propose, in Italy, a complaint to the Guarantor for the protection of personal data, following the procedures and indications published on the official website of the Authority on www.garanteprivacy.it;
c) alternatively, have the right to submit a complaint to another competent authority in place of the usual European privacy residence or domicile in Europe who disputes a violation of their rights, following procedures and recommendations;
d) any corrections or cancellations or limitations of the processing carried out at the request of the interested party – unless this proves impossible or involves a disproportionate effort – will be communicated by the Data Controllers to each of the recipients to whom the personal data have been transmitted.
The exercise of rights is not subject to any form constraint and is free. Only in case of request for further copies of the data requested by the data subject, the Data Controllers will be able to charge a reasonable fee based on administrative costs. If the interested party submits the request by electronic means, and unless otherwise indicated by the interested party, the information will be provided in a commonly used electronic format.
The specific address of the Data Controllers to transmit istances to exercise rights as recognized by the Regulations is as follows: info@studiolegaletr.com. No other formalities are required. The response will be given in accordance with Article 12, paragraph 3 of EU Reg. 2016/679 (“The data controller shall provide the data subject with regard to the action taken regarding a request pursuant to Articles 15 to 22 without undue delay and, in any case, no later than one month after receipt of the request, this deadline may be extended by two months if necessary, taking into account the complexity and the number of requests. this extension, and the reasons for the delay, within one month from receipt of the request If the interested party submits the request by electronic means, the information is provided, where possible, by electronic means, unless otherwise indicated by the interested party “).
Specific information on the right to the portability of personal data.
The Data Controllers inform the data subject about the specific right to portability. Article 20 of EU Reg. 2016/679 introduces the new right to data portability. This right allows the data subject to receive the personal data provided to the Data Controllers in a structured format, commonly used and readable by automatic device, and – under certain conditions – to transmit them to another data controller without impediments.
Are portable, the only personal information that (a) concern the interested party, and (b) have been provided by the data subject to the Data Controllers; (c) are processed electronically in connection with the stipulation of a contract.
Data portability includes the right of the data subject to receive a subset of personal data concerning him / her processed by the Data Controllers and to keep them for further use for personal purposes. This conservation can take place on a personal support or on a private cloud, without necessarily involving the transmission of data to another owner. Portability is a sort of integration and strengthening of the different right of access to personal data, also provided for by art. 15 of the EU Reg. 2016/679.
In the case the interested party asks for the portability together with the direct transmission of his data to another data controller, please note that this right is subject to the condition of technical feasibility: the art. 20, co. 2, Reg. UE 2016/679 provides that data can be transmitted directly from one owner to another at the request of the party concerned, and where this is technically possible. The technical feasibility of transmission from one holder to another must be assessed on a case-by-case basis. Recital 68 of EU Reg. 2016/679 clarifies the limits of what is “technically feasible“, specifying that “it should not imply the obligation for the owners to adopt or maintain technically compatible processing systems“. Therefore, the direct transmission of data from the law firm T & R – Avv.ti Tamola Nicola and Russo Daniela, to another holder can take place if it is possible to establish a communication between the systems of the two owners (transferer and receiver) and in a secure way, and if the receiving system is technically capable of receiving incoming data. If technical impediments preclude direct transmission, the law firm T & R – Avv. Tamola Nicola and Russo Daniela, will give complete information and detailed explanation to the interested party. With regard to the interoperability of formats to ensure portability, the law firm T & R – Avv.ti Tamola Nicola and Russo Daniela will comply with the provisions of paragraph 1021, letter (b) of Law 205/2017 (“presence of adequate infrastructure for the interoperability of the formats with which the data are made available to the interested parties“) if effective after May 25, 2018 and in any case within the limits set by the Guidelines on the portability of data WP242 issued by the Group of European guarantors (“The expectation is that the owner transmits personal data in an interoperable format, but this does not impose any obligation on the other holders to support this format“).
In accordance with the WP242 Data Portability Guidelines, holders who comply with a portability request have no specific obligation to verify the quality of the data before transmitting them. Moreover, portability does not require T & R – Avv.ti Tamola Nicola and Russo Daniela Law Firm to maintain data for a period longer than necessary or further than specified. Above all, it does not impose any further obligation to retain personal data for the sole purpose of fulfilling a potential request for portability.
The exercise of the right to data portability (or any other right under the Regulation) does not affect any of the other rights. The party can continue to enjoy and benefit from the service provided by the law firm T&R – Avv.ti Tamola Nicola and Russio Daniela even after both carried out an operation of portability. Portability does not delete data automatically stored on systems T&R – law firm Messrs Tamola Nicola and Russo Daniela, and does not affect the retention period originally expected for data transmission. The interested party can exercise the rights as long as the treatment carried out by the law firm T & R – Avv.ti Tamola Nicola and Russo Daniela continues.
The law firm T&R – Avv.ti Tamola Nicola and Russo Daniela, undertakes to fulfil user requests for portability within 30 days of receipt of the request and, pursuant to art. 12, paragraph 3 of Reg. EU 2016/679, the right to encounter the request within a period longer than three months in cases of increased complexity. The demand for portability must be addressed to the following, specific e-mail address: info@studiolegaletr.com.
Summary information on other rights.
The Regulation confers a series of rights that under the Guidelines on transparency WP 260 is required to summarize their main content within the policy. Below these rights you summarize and synthesize:
Right of access (only personal data): the right to obtain by the data controller confirmation whether or not an ongoing processing of personal data concerning the data subject and if so, to obtain access to personal information and be informed about the purpose of the processing; on the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients in third countries or international organisations; whenever possible, the period of storage of personal data or, if not possible, on the criteria used to determine that period; If the data has not been collected from the data subject, entitled to receive all available information about their origin; right to receive information on the existence of an automated decision-making process, including the profiling and significant information on the logic used, as well as the importance and expected consequences of such treatment for the person concerned.
Right of rectification and integration: the person concerned is entitled to obtain from the holder of the treatment correction of inaccurate personal data concerning him without undue delay. Taking into account the purposes of the processing, the data subject shall have the right to obtain personal data incomplete integration, even providing a supplementary statement. The holder communicates to each of the recipients to whom personal data have been transmitted any adjustments, unless this proves impossible or involves a disproportionate effort. The holder shall inform the interested recipients if the party concerned so requests.
Right to cancellation: the data subject has the right to obtain from the data controller the deletion of personal data concerning him without undue delay (and where the specific reasons of Article 17 paragraph 3 of the Regulations do not exist, on the contrary they raise the holder from the obligation of cancellation) if personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; or if the interested party revokes the consent and there is no other legal basis for the treatment; or if the interested party opposes the treatment for marketing or profiling purposes, also by revoking the consent; if the personal data have been processed unlawfully or concern information collected from minors, in violation of art. 8 of EU Reg. 2016/679. The data controller shall inform each of the recipients to whom the personal data have been transmitted of any cancellations, unless this proves impossible or involves a disproportionate effort. The data controller informs the recipient of these recipients if the party concerned so requests.
Right to limit the processing: the data subject has the right to obtain from the data controller the processing limitation (i.e., according to the definition of “treatment limitation” provided by article 4 of EU Reg. 2016/679: “the marking of personal data retained with the aim of limiting the processing in the future“) when one of the following hypotheses occurs: the data subject disputes the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such data personal data; the processing is illegal and the interested party opposes the cancellation of personal data and asks instead that its use is limited; although the data controller no longer needs it for processing purposes, personal data are necessary for the data subject to ascertain, exercise or defend a right in court; the interested party opposed the marketing treatment, pending verification of the possible prevalence of the legitimate reasons of the data controller with respect to those of the interested party. If the processing is limited, such personal data shall be processed, except for storage, only with the consent of the interested party or for the assessment, exercise or defense of a right in court or to protect the rights of an other natural or legal person or for reasons of significant public interest The party who has obtained the limitation of processing is informed by the data controller before such limitation is revoked. The data controller shall inform each of the recipients to whom the personal data have been transmitted of any limitations, unless this proves impossible or involves a disproportionate effort. The data controller informs the recipient of these recipients if the data subject requests it.
Opposition right: the interested party has the right to oppose at any time, for reasons connected with his particular situation, to the processing of personal data concerning him / her carried out by the owner or for the performance of a task in the public interest or connected to the exercise of public authority for which the data controller is invested or carried out for the pursuit of the legitimate interests of the data controller or third parties (including profiling). Furthermore, if the personal data are processed for direct marketing or commercial profiling purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him / her for such purposes.
Right not to be subjected to automated decisions, including profiling: the data subject has the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects that affect it or which significantly impacts significantly on his person, except in cases where the automated decision is necessary for the conclusion or execution of a contract between the data subject and a data controller; is required by law, in compliance with measures and precautions; is based on the explicit consent of the person concerned.