PRIVACY - Raffaelli e Segreti

Privacy Policy

On this page are provided information related to the processing of the personal data transmitted through the website available at the address www.raffaellisegreti.it (the “Website”) owned by Raffaelli Segreti Studio Legale, professional partnership with legal seat in Via Cappuccio 11, 20123 Milano, and VAT code n. 07328130963 (the “Firm”) or by the conferral of a mandate for professional advice or assistance to the Firm itself.

This information notice is also provided pursuant to Art. 13 of the EU Regulation 2016/679 (the “GDPR”). The information notice is provided only with regard to the Website and to the mandates for professional advice and assistance conferred and it does not regard other websites potentially accessed by the user through links on the Website. The personal data will be processed in observance of the GDPR and the Italian Legislative Decree 196 of June 30, 2003, as amended by the Italian Legislative Decree 101 of August 10, 2018.

1 – DEFINITIONS

Personal Data: any information relating an identified or identifiable person; it is deemed as identifiable the person who can be identified, directly or indirectly, with particular regard to an identification such as a name, an identification number, location data, an online identifier or one or more features of his/her physical, physiological, genetic, psychic, economic, cultural or social identity.

Privacy Legislation: the EU Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016, the Italian Legislative Decree 196 of June 30, 3003 as amended by the Italian Legislative Decree 101 of August 2018, as well as any other further integration or amendment.

Personal Data Processing: any operation or set of operations, which is performed, whether or not by automatic means, upon Personal Data or sets of Personal Data such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, broadcasting or otherwise making available, alignment or combination, restriction, cancellation or destruction.

2 – DATA CONTROLLER

The data controller pursuant to the Privacy Legislation is the Firm, which can be contacted at the e-mail address segreteria@raffaellisegreti.it, at the registered certified e-mail (PEC) raffaellisegreti@pec.it or at the phone number 02-65560091.

3 – PLACE OF DATA PROCESSING

The Personal Data Processing takes place at the legal seat of the Firm and is exclusively carried out by their employees, collaborators, associates or partners of the Firm.

4 – TYPES OF DATA PROCESSED

Data automatically collected by the website

The information systems and software procedures implemented for the operation of the Website may acquire, during the course of their normal execution, Personal Data, the transmission of which is implied in the use of the internet communication protocols. Such information is not collected in order to be associated with identified data subjects; however, due to its nature such information could permit the identification of users, through processing operations and associations with data held by third parties. This category of data includes IP addresses or domain names of the computers used by users who access the website, URI (Uniform Resource Identifier) notation addresses of the resources requested, the time at which the request is submitted, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the state of the reply given by the server (sent, error, etc.), and other parameters relating to the user’s operating system and information environment. This data is only used to retrieve anonymous statistical information on the use of the website and to control that it works properly. Such data will therefore be deleted immediately after being processed. Such data may be used to ascertain any liability in the case of any alleged computer crimes to the detriment of the website. Except in the case of an alleged computer crime, for the time being data concerning the access to the website shall be kept for no more than seven days.

Data voluntarily supplied by the user

a) the optional, express and voluntary sending of electronic e-mails to the e-mail addresses specified on the Website shall imply the subsequent acquisition of the sender’s e-mail address, which is necessary for replying to any of his/her request, as well as the acquisition of other Personal Data, if any, contained in such e-mail.

Similarly, the user’s request of submission of information material by the Firm shall lead to the acquisition of user’s e-mail address, which is necessary for the transmission of the communications as requested.

b) the optional, express and voluntary sending of information through the fulfillment of the form “Contact Us” on the Website shall imply the acquisition of the name, sonance and e-mail address of the sender, necessary for replying to his/her requests, as well as of any other, Personal Data, if any, indicated in the part related to the “request”.

c) the sending of curricula to the e-mail address on the Website shall imply the acquisition of all the Personal Data herein contained, which shall be used for the sole purpose of the assessment of candidates’ profiles and their selection. It is, therefore, necessary that together with the curriculum vitae, the person interested shall also give his/her consent to the Personal Data Processing. Such Personal Data shall not be disclosed to any third parties. If the selection is unsuccessful, they will be deleted after seven days. It is possible to contact the Firm at the e-mail address segreteria@raffaellisegreti.itto check the personal data and to request to obtain an integration, update or amendment or to exercise any other rights provided for by Articles 15-22 of the GDPR. The eventual sending of special categories of Personal Data (relating, in particular, to the racial or ethnic origin, religious or other beliefs of a similar nature, political opinions, membership of political parties, trade unions, or other religious, philosophical, political or trade union associations or organizations, as well as Personal Data relating to physical or mental health or condition or sexual life) shall imply that such data will be immediately deleted, unless the data subject gives his/her written consent for his/her data to be processed by the Firm.

d) the sending of information related to activities with regard to which professional services by the Firm are requested and which imply the acquisition of the Personal Data therein contained, necessary for building a collaborative relationship with the client and provide the required service.

5 – COOKIES

No personal data of the users is collected by the Website through the use of cookies. Such files will be stored in the memory of the user’s computer to facilitate any subsequent access to the Website. Cookies are not used to transmit personal information. Persistent cookies and user tracking systems are not used. The use of the so-called session cookies (which are not stored permanently in the user’s computer, or which are lost upon the closing down of the browser) is strictly limited to the transmission of session identification data (consisting of casual numbers generated by the server) necessary to permit the safe and efficient exploration of the Website. Reception of cookies used on the Website can be interrupted by the user at any time by changing his/her browser settings, as follows.

Internet Explorer: http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies
Chrome: https://support.google.com/accounts/answer/61416?hl=it
Firefox: https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie
Safari: https://support.apple.com/kb/PH17191?locale=it_IT

Please note that after this operation, some features of the website may not work properly.

6 – OPTIONAL SUPPLY OF DATA

Apart from what has been specified above with regard to surfing data, the user shall be free to choose whether to supply or not his/her Personal Data to the Firm. The user shall in any case consider that the lack of supply of Persona Data could imply the impossibility to obtain the information or the services requested.

7 – PROCEDURES OF THE DATA PROCESSING AND STORAGE

The Personal Data shall be processed by the Firm through informatic and/or manual and paper means,

always in such a way as to guarantee the security and confidentiality of the data, in compliance with the provisions of the Privacy Legislation.

In order to reach the purposes hereinafter indicated, the Processing includes: the collection, recording, storage, extraction, consultation, use, transmission, comparison and deletion of data of the data subjects.

The Personal Data storage for the time-period strictly necessary for pursuing the purposes they are collected for and, as the case may be, for a longer time necessary for complying with potential legal and fiscal obligation upon the Controller due to the legal relationship built with the data subjects. In any case, the Personal Data, shall not be storage for a time-period longer than 10 years (saved for different, justified and demonstrable reasons).

8 – PURPOSE OF THE PROCESSING AND LEGAL BASIS

The Personal Data shall be processed for the following purposes and on the following legal basis:

1 – Sending information and/or informative material and/or offers of services

The Personal Data shall be used by the Firm for the transmission of information and/or informative material and/or offers of professional services, with the purpose of responding to a specific request of the data subjects in this regard and with the final aim of rendering a professional service to them.

Legal basis: the processing of Personal Data carried out for this purpose is based on the contractual relationship established (or being established) between the data subjects and the Firm.

2 – Professional assistance services

The Personal Data shall be used for the performance of the professional mandate of assistance and legal advice received by the data subjects. For the purpose of performance of the professional mandate received, the Firm may also process Personal Data (including data belonging to the particular categories referred to in Article 9 of the GDPR and data relating to criminal convictions and offences or to related security measures pursuant to Article 10 of the GDPR) of both the data subjects as well as of their employees, suppliers and/or clients (hereinafter, collectively, the “Clients“), which are acquired during the establishment, management, execution and/or conclusion of the legal assistance and consultancy relationship provided in favour of the data subjects. The processing of the Clients’ Personal Data is carried out in compliance with this privacy policy.

This purpose includes: (i) establishment, management, execution and/or conclusion of the legal assistance and advice relationship; and (ii) fulfillment of the obligations deriving from national and/or community regulations or given by authorities legitimated to do so by law.

The Firm’s processing of Clients’ Personal Data is necessary to fulfil the professional assignment entrusted and to comply with the obligations provided for by tax and/or administrative law provisions.

Legal basis: the processing of Personal Data carried out for this purpose is based on the contractual relationship established between the data subjects and the Firm.

3 – Response to contact requests (received through forms) and evaluation of the applications

The Personal Data shall be used to provide as answer to the contact requests received by filling in the appropriate form on the Website by data subjects, as well as, in case of receipt of curricula, for the purpose of evaluating the candidates’ profile and their selection.

Legal basis: the processing of Personal Data carried out for this purpose is based on the explicit consent given by the data subjects when filling in the form or sending the curriculum vitae.

4 – Legitimate interest of the Controller

Where not covered by other purposes set out in this information policy, the data collected automatically through the Website may be used by the Controller to assess the performance of its economic/entrepreneurial activity.

Legal basis: the data processing carried out for this purpose is based on the Controller’s legitimate interest in the free economic initiative (pursuant to Article 41 of the Constitution of the Italian Republic).

9 – DATA TRANSMISSION

Personal Data shall not be broadcasted by the Controller, however they might be communicated to:

a – persons charged with data processing by the Controller, such as employees, collaborators and partners which are involved with the professional services or with the organization and management activities of the Firm;

b – external persons who supply services to the Firm and who, therefore, are nominated responsible for the data processing, such as information services providers, advertising agencies, technical consultants. In any case, those personal shall have access only to the data strictly necessary for carrying out their activities;

c – subjects who supply the Controller with services related to specific agreements and as independent controller of the data processing, such as legal, fiscal and accounting consultants, auditors;

d – entities and public authorities governmental and/or judicial, with regard exclusively to the performance of the legal obligations borne by the Controller.

10 – RIGHTS OF DATA SUBJECTS

The data subject may exercise the following rights provided by the Privacy Legislation. Any request to exercise a right provided for by the Privacy Legislation shall be sent by e-mail to the address segreteria@raffaellisegreti.it.

A – Right of access

The data subject has the right to obtain from the Controller the confirmation whether a processing of Personal Data concerning him/her is taking place and, if so, to obtain access to his/her Personal Data and to the following information:

purpose of the processing;
categories of Personal Data in question;
receivers or receiver categories to whom the Personal Data have been communicated or will be communicated;
storage time-period of the data or criteria used for establishing such period;
list of his/her rights (rectification, cancellation, opposition);
should the data not have been collected from the data subject, all the information available on their origin;
presence of an automated decision-making process.

In case of exercise of the access right, the person interested by the Processing shall receive an electronic – format copy of their Personal Data object of the processing.

B – Right of rectification

The data subject has the right to obtain from the Controller the rectification of his/her incorrect Personal Data and to integrate his/her incomplete data, all without unjustified delay.

C – Right to erasure

The data subject has the right to obtain from the Controller of the processing the erasure of his/her Personal Data without unjustified delay in the following cases:

the Personal Data are no longer necessary with regard to the purposes for which they were collected and/or processed;
decides to revoke his/her consent (if the processing was exclusively based on it);
opposes to the processing and there are not relevant legitimate reasons for anyway proceeding with such processing;
the Personal Data have been unlawfully processed;
the Personal Data shall be erased in order to perform a legal obligation provided by Eu law or the laws of Italy.

It shall however be noted that before complying with the erasure request provided by the data subject, the Controller could evaluate such request in accordance with the exceptions foreseen by GDPR, among these latter: freedom of expression and information; fulfillment of an obligation provided by law; public interest; scientific or historical research or with statistic purposes; judicial reasons.

D – Right of restriction of processing

The data subject can request the Controller the restriction of the processing of his/her Personal Data in the event:

the accuracy of the data is contested. In this case the restriction shall last for the time necessary to allow the Controller to carry out the appropriate amendments;
the processing is unlawful and the data subject, instead of requesting the Personal Data cancellation, simply requests a restriction of their use;
the Personal Data are necessary for the assessment, exercise or defense of legal claims and the Controller no longer needs it for the purposes of processing;
the data subject has objected the processing pursuant to art. 6.1 letter e) (performance of a public task entrusted to the controller) or letter f) (legitimate interest of the controller) of the GDPR. In this case, the restriction will last as long as necessary to verify the legitimate reasons of the Controller against those of the data subject.

E – Right to data portability

If the processing is based on consent or an agreement and is executed by automated means, the data subject has the right to receive on a format compatible with an automatic device his/her Personal Data and has the right to transfer such data to a different controller of the processing, without impediment from this Controller.

The data subject shall also have the right to have the personal data transmitted directly from this Controller to another one, where technically feasible.

F – Right to object

The data subject has the right to object to the processing of his/her Personal Data should such processing being carried out pursuant to Article 6.1 letter e) (performance of a public task entrusted to the controller) or letter f) (legitimate interest of the controller) of the GDPR. In that case, the Controller shall refrain from further processing of such data, unless it can demonstrate that there are legitimate reasons or interests for continuing it, thereby overriding the rights of the data subject.

In the case of Personal Data processed for marketing purposes, the data subject’s objection, which is also possible in respect of profiling activities, will be sufficient and the Personal Data will no longer be processed.

In the event of a general exercise of the right to object for marketing purposes, the same shall be deemed to apply to all contact modalities, such as e-mail, telephone, paper mail, etc., saved for the data subject’s possibility to rectify and exercise the right to object limited to one or more modalities.

G – Right of withdraw of the consent

The data subject shall have the right to withdraw his/her consent to the data processing without any obligation to state reasons; in any case, the lawfulness of the processing carried out by the Controller and based on the consent given before revocation remains unaffected.

Upon withdrawal of the consent the processing will be interrupted. In order to withdraw the consent, it is sufficient to provide a clear and unambiguous communication/request to the Controller at the contact details indicated in this information notice. The withdrawal automatically triggers the right to erasure, as a result thereof the Controller will delete the data of the data subject, save for the necessary data storage as required by law or fiscal purposes.

H – Right to raise a complaint

The data subject, should deem that his/her data processing is in breach of the applicable privacy legislation, has the right to raise a complaint to the Italian Authority “Garante per la protezione dei Dati Personali” (www.garanteprivacy.it ).