We reserve the right to change it or simply update it, making sure that you are informed accordingly.
Who is the Data Controller?
The Data Controller of personal data is Avv. Alessandra Stefania Galligani (hereinafter “data controller”), with the office in Italy, Milan, Via Andrea Appiani 9, 20121. For any information regarding the processing of personal data, please send an email to the following address: [email protected].
What does “personal data” mean and what kind of personal information do we collect?
“Personal data” means any information relating, either directly or indirectly, to an identified or identifiable natural person, in this case, you while using our website.
We collect your personal data to the extent that it is necessary to provide you with the service requested. In particular, we collect:
- identification data (e.g. name, surname, date and place of birth, etc.);
- contact data (e.g. phone number, email address, home address, etc.);
- financial data (e.g. bank account)
- special categories of personal data (e.g. data revealing your racial or ethnic origin, sexual orientation, health status, etc.).
Why do we collect and process your personal data?
We collect and process your personal information in order to carry out our job properly and in particular:
- to respond to requests for assistance, information or quote through the section “Contact Us”;
- to send communications of informative or commercial nature;
- to perform contractual obligations and, more generally, to manage our relationship with you;
- to assess CVs which have been sent through the section “Join us” in the context of a recruitment process;
- to fulfil any legal and regulatory obligations we may be subject to;
- to pursue our legitimate interests, provided that they are not overridden by your interests or fundamental rights and freedoms, which require protection of personal data.
What is the legal basis upon which the processing of your personal data depends?
The conditions of lawfulness pursuant to Article 6(1)(a)(b)(c)(f) upon which the processing of your personal data is grounded are the following:
- whether you have given your free, specific and informed consent to the processing of your personal data;
- whether the processing of your personal data is necessary to perform a contract to which you are a party or to take steps at your request before entering into a contract;
- whether the processing is necessary to comply with a legal obligation to which the Data Controller is subject;
- whether the processing is necessary for the purposes of the legitimate interests of the Data Controller except where such interests are overridden by your interests or fundamental rights and freedoms, which require protection of personal data.
How do we process your personal data?
We process your personal data by physical or electronic means, and, in any case, according to logic strictly related to the purposes of the processing.
To ensure the confidentiality and to improve the maintenance of security, integrity and accessibility of your personal data, in accordance with the standards set out by the legal provisions in force, we use a wide range of measures, including physical, electronic and procedural safeguards.
Whom may we share your personal data with?
Your personal data may be shared, for the purposes set out in the section above, with:
- internal collaborators (e.g. our trainees);
- external collaborators, either natural persons or legal entities, that may provide us with assistance and advice on accounting, administrative, legal, tax and financial matters relating to the service requested;
- subjects with whom it is necessary to interact in order to provide you with the service requested (e.g. counterparties and their legal counsel);
- law enforcement bodies, regulators and any other competent authorities, in accordance with legal provisions or good practice;
- subjects who are in charge of carrying out technical maintenance and security activities (e.g. IT consultants).
How long do we keep your personal data?
Generally speaking, we keep your personal data only for the time necessary to achieve the purposes for which it was collected.
Once your personal data is no longer needed, it will be irreversibly anonymised (so that it can be stored) or destroyed securely.
Please find below the average terms of storage relating to the purposes of the processing:
- commercial purposes: personal data which is processed for commercial purposes will be kept for up to 24 months from the moment we obtained your consent (unless you opt-out of receiving any communications from us).
- performance of contractual obligations: personal data which is deemed necessary to fulfil any contractual obligations with you will be kept for the entire duration of the contract itself and, in any case, until the contractual obligations are fulfilled. In the event that it is necessary to deal with legal claims against us or to safeguards our interests, personal data that we reasonably deem necessary to process in this respect may be kept for as long as such legal claims may be pursued.
- assessment of CVs: with reference to the processing of personal data for recruitment purposes, we will keep it for up to 24 months from the moment we receive your CV.
- fulfilment of legal obligations: personal data will be stored for the time necessary to fulfil such legal obligations.
Where do we transfer your personal data?
In order to carry out our job, we may transfer your personal data within and outside the European Union. In the latter case, we make sure that the recipient complies with the legal provisions in force, including the rules specifically prescribed for the transfer of personal data to third countries. In particular, we ensure that such transfers are made on the basis of an adequacy decision or the signature by the Data Controller of Standard Contractual Clauses (i.e. SCCs) approved by the European Commission.
Cookies are small text files which contain information exchanged between the website and your terminal (i.e. your browser) and are stored on your computer when accessing the website or parts of it.
Cookies allow us to ensure the proper functionality of our website. We use different types of cookies, which contain different information and are intended for different purposes:
- Necessary cookies help us make the website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies;
- Statistic cookies help us understand how visitors interact with the website by collecting and reporting information anonymously.
- Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.
Some cookies (i.e. session cookies) are assigned to the user’s device only for the time they access the website and expire automatically once the browser is closed. Other cookies (i.e. persistent cookies) remain on your device for an extended period of time.
You can deactivate all cookies, both first and third-party cookies, by changing the settings on your browser; however, please note that this may render the websites unusable if you block cookies that are essential for providing functionality.
What rights do you have?
As the data subject, you are entitled to the following rights:
- RIGHT OF ACCESS: you have the right to obtain from the Data Controller confirmation as to whether your personal data are being processed and, where that is the case, access to your personal data.
- RIGHT TO RECTIFICATION: you have the right to ask the Data Controller for the correction of your personal data, should it be incorrect or inaccurate.
- RIGHT TO ERASURE (aka RIGHT TO BE FORGOTTEN): under certain circumstances, you have the right to obtain the erasure of your personal data from the Data Controller, who has the obligation to erase your personal data upon your request without undue delay.
- RIGHT TO RESTRICTION OF PROCESSING: under certain circumstances, you have the right to ask the Data Controller to limit the processing of your personal data.
- RIGHT TO DATA PORTABILITY: you have the right to ask for the transfer of your personal data to a different Data Controller.
- RIGHT TO OBJECTION: you have the right to object to the processing of your personal data, at any time, for reasons concerning your particular situation.
- RIGHT TO WITHDRAW YOUR CONSENT: you have the right to withdraw your consent to the processing of your personal data at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
If you wish to exercise any of these rights, please make your request via email to the following address: [email protected].
Please bear in mind that you have also the right to lodge a complaint to the competent supervisory authority (i.e. Garante per la Protezione dei Dati Personali) pursuant to Article 77 of the GDPR (Regulation No. 2016/679), should you believe that the processing of your personal data is being carried out in contrast with the legal provisions in force.