This document describes how the website www.jacobacci-law.com (hereinafter the "Site
") is managed, with reference to the personal data of the users (hereinafter "Personal Data
") that visit it. This information (hereinafter the "Policy
") is provided pursuant to Article 13 of EU Regulation 679/2016 (hereinafter "GDPR
") and the applicable national legislation on privacy and personal data protection, and is available in this section to those who interact with the Site. Please also note that the Policy refers only to the Site and is not applicable to sites that are accessible through links and/or sites managed by third parties.
1. DATA CONTROLLER
The Data Controller of the Personal Data managed by the Site is Studio Legale Jacobacci & Associati, Corso Emilia, 8 - 10152 - Turin, e-mail/pec firstname.lastname@example.org
(hereinafter the "Data Controller
In managing the Site, the Data Controller relies on the work of Jacobacci & Partners S.p.a., which has been formally appointed as Data Processor pursuant to article 28 of the GDPR.
2. TYPES OF DATA PROCESSED
Data provided directly by the user
: the Data Controller processes Personal Data such as the name, surname and e-mail address communicated by the user by filling in the appropriate sections on the Site and, where necessary, after providing consent to the processing ("Contact us" and "Work with us"). The user assumes responsibility for sharing the data of third parties through the Site and that he/she has been authorised to communicate and disseminate the same.
: the computer systems and softwareprocedures that allow the Site to function collect certain information relating to the user, the transmission of which is necessary for the functioning of internet communications. This category includes, by way of example, the IP addresses or domain names of the computers used by the user to connect to the Site, the URI addresses of the resources that are requested (Uniform Resource Identifier
), the time of the request, the method used to forward the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.), the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit, and the details of the itinerary followed within the Site. This type of data is processed anonymously only for statistical purposes and to allow the proper functioning of the Site.
or "first parties") or other websitesor webservers(so-called "third parties") place and store on the user's terminal device so that they can be sent back to the same sites the next time the user visits. Cookiesplay a fundamental role in the operation and provision of internet services and make it easier to use this Site and to customize navigation within the Site.
In particular, the Site uses:
- Technical cookies: strictly necessary to allow the Site to function and to allow the user to take advantage of the functions offered. These cookiesmake it possible to memorise the session in progress, ensure that the Site functions correctly and detect any problems of a technical nature. Session cookiesareused, which are deleted when the user closes the browser, and persistent cookies, which are deleted after a set period of time.
- Analytical cookies(Google Analytics): for the sole purpose of collecting statistical information in aggregate form to allow the Data Controller of the Site to analyse information relating to the number of users consulting the Site and their behavior exhibited by the same. This type of cookieallows the Data Controller to optimize and improve the functioning of the Site with respect to user needs.
The use of all cookieson the Site is anonymous.
4. PURPOSE OF PROCESSING
Personal Data is collected by the Data Controller through the Site solely for the following purposes:
- Contact: responding to contact requests made by the user by filling in the "Contact Us" and "Work with Us" sections. In this case, if consent to processing is requested and denied by the user, it will not be possible to manage contact requests or to proceed with the use of Personal Data included in the user’s CV for the possible selection of collaborators;
- Security: to guarantee an adequate level of security of the Site in order to avoid that, during navigation, the Site or the users are exposed to damages due to unforeseen events or unlawful acts;
- Statistics: collection of data and information in an anonymous and aggregate form in order to ensure the proper functioning of the Site;
- Defense: exercise of the right of defense by the Data Controller in case of abuse or illegal activities carried out by the user during navigation.
5. RETENTION PERIOD
The user's Personal Data will be processed by the Data Controller for the period of time necessary to achieve the purposes of the processing referred to in Article 4 above, after which they will be stored only in order to comply with the legal obligations in force, for administrative purposes and/or to assert or defend a right and, in any case, not beyond the time limits established by law for the prescription of rights.
Any further information regarding the period of storage of Personal Data and the criteria used to determine this period may be requested by writing from the Data Controller.
6. PROCESSING METHODS
Personal Data are subject to electronic and/or automated processing for the time necessary to achieve the purposes for which they are collected by the Data Controller or by persons duly authorized and/or appointed to perform such tasks, constantly identified and/or appointed, properly trained and made aware of the constraints imposed by law, as well as through the use of security measures to ensure the protection of confidentiality and to avoid the risk of loss or destruction, unauthorized access, or treatment that is not allowed or not in accordance with the purposes mentioned above.
7. COMMUNICATION OF DATA TO THIRD PARTIES
For the purposes indicated above, the data collected may be made accessible or communicated:
- to employees and collaborators of the Data Controller, in their capacity as authorised processors, within the scope of their respective duties and in accordance with the instructions received. These individuals are in any case subject to the obligations of confidentiality and privacy;
- third parties who carry out activities in outsourcingonbehalf of the Data Controller to whom certain activities, or part of them, are entrusted, which are functional to the supply and distribution of the services offered through the site (e.g. hosting companies, programmers, system engineers and database administrators, technical assistance centres) or those whose activity is connected to, instrumental to or supportive of that of the Data Controller (e.g. management software);
- to all those public and/or private subjects, natural and/or legal persons (legal, administrative and fiscal consultancy firms, credit recovery companies, Judicial Offices, Chambers of Commerce, Chambers and Offices of Labour, etc.), if the communication is necessary or functional to the correct fulfilment of the contractual obligations undertaken, as well as the obligations deriving from the law;
- to all those subjects (including Public Authorities) who have access to Personal Data by virtue of regulatory or administrative measures.
8. TRANSFER OF DATA
Personal Data is managed and stored on servers located in Europe. In any case, it is understood that the Data Controller, if necessary, will have the right to process Personal Data outside the EU (EEA). In this case, the Data Controller undertakes that the transfer of data outside the EU will take place in compliance with the applicable legal provisions by entering, if necessary, into agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission.
9. RIGHTS OF THE INTERESTED PARTY
Pursuant to Articles 15 et seq. of the GDPR and the applicable national legislation on privacy and personal data protection, the user has the right to:
- Obtain from the Data Controller confirmation as to whether or not personal data concerning himself/herself are being processed and, if so, to obtain access to the Personal Data and the following information:
Obtain from the Data Controller the rectification of inaccurate Personal Data concerning himself/herself without undue delay. Taking into account the purposes of the processing, the user has the right to integrate incomplete Personal Data, also by providing a supplementary declaration.
Obtain from the Data Controller the cancellation of the Personal Data concerning himself/herself without undue delay, and the Data Controller is obligated to cancel the Personal Data without undue delay within the limits and in the cases provided for by the laws in force.
Obtain from the Data Controller the limitation of the treatment.
Receive in a structured, commonly used and machine-readable format the Personal Data concerning himself/herself that was provided to the Data Controller and has the right to data portability and therefore to transmit such data to another data controller without hindrance by the Data Controller to whom he/she provided them if the processing is based on consent or on a contract and the processing is carried out by automated means.
Oppose at any time, for reasons related to his or her particular situation, the processing of Personal Data concerning himself or herself if the processing is necessary for the performance of a task carried out in the public interest or in connection with the exercise of official authority vested in the Data Controller or if the processing is necessary for the pursuit of the legitimate interests of the Data Controller or of third parties.
If you believe that your rights have been violated by the Data Controller, you may lodge a complaint with the Italian Data Protection Authority (Piazza Venezia 11, 00187 Rome (RM) - www.garanteprivacy.it) and/or any other competent supervisory authority under the GDPR.
- the purpose(s) of processing;
- the categories of Personal Data in question;
- the recipients or categories of recipients to whom the Personal Data have been or will be disclosed, in particular if they are recipients in third party countries or international organisations;
- where possible, the expected period of retention of Personal Data or, if this is not possible, the criteria used to determine that period;
- where the data are not collected from the data subject, all available information on their source;
- the existence of an automated decision-making process, including profiling.
Following the exercise of the rights referred to in points 2), 3) and 4), the Data Controller shall inform each of the recipients to whom the Personal Data have been transmitted of any rectification or cancellation or limitation of processing within the limits and in the forms provided for by current legislation.
In order to exercise the rights listed above vis-à-vis the Data Controller, the interested party must submit a written request by sending a registered letter with return receipt to Studio Legale Jacobacci & Associati with registered office in Turin, Corso Emilia n. ,8 or by sending a PEC to email@example.com .
This information notice may be modified and/or updated at any time. If the Data Controller intends to process the user's Personal Data for purposes other than those provided for in the preceding art. 4, it undertakes to provide, prior to such further processing, adequate information regarding such different purposes and to carry out such further processing in compliance with the regulations in force, collecting specific consent where necessary.