- THE DATA CONTROLLER
By consulting the website www.replegal.it (“Site”) and/or by sending an e-mail to one of the e-mail addresses indicated on the Site, the personal data referred to identified or identifiable persons might be processed.
This document describes the manner by which the Site is managed with reference to the processing of their personal data belonging to users consulting it.
It is an information notice issued in accordance with section 13 of the EU Regulation 679/2016 (“GDPR”).
The data controller in respect of the aforementioned data processing is R&P Legal Studio Associato, a law firm with registered office in 10121 Torino, Via Amedeo Avogadro no. 26 (“R&P Legal” or “Data Controller”).
- TYPES OF DATA PROCESSED
2.1 BROWSING DATA
The electronic systems and the software procedures enabling this Site to operate acquire, during its normal use, certain personal data; the transmission of the same is implicit in the use of internet communication protocols.
This information is not being collected in order to be associated to well-identified data subjects, but its nature, by means of processing and associations with data held by third parties, could make the users identification possible.
The category of data could be listed as follow: (i) IP addresses or domain names of computers used by users connecting to the Site, (ii) addresses in URI (Uniform Resource Identifier) notation for resources requested, (iii) the time of request, (iv) the method used to submit the request to the server, (v) the dimension of the file obtained in response, (vi) the numerical code indicating the status of the response given by the server (success, error etc) and (vii) other parameters regarding the user’s operating system and the IT environment.
This data is used only to glean anonymous statistical information on the use of the Site and to check that it operates correctly and this data is deleted immediately after processing.
2.3 DATA PROVIDED BY USERS OF THEIR OWN FREE WILL
In addition to the data indicated at precedent section 2.1 and 2.2, the Data Controller will also process the personal information that users might spontaneously provide by sending an e-mail to the Data Controller addresses indicated on the Site – such as the user e-mail address and any other personal data – in order to reply to the latter requests.
Data being processed on a voluntary basis comprises data identifying the user such as the user’s e-mail address, the user’s name and surname, the user’s profile image and the user’s country of origin.
2.4 DATA PUBLISHED ON SOCIAL MEDIA
For example, we process personal data posted on third party social media that we access through the social media features enabled by you at the time of the registraction on those platforms. We may use and republish the data published bv the users, through the social media sharing tools, in accordance with the GDPR and the social media terms and conditions accepted by you.
- THE TYPE OF DATA COLLECTED AND THE CONSEQUENCES OF ANY REFUSAL TO RESPOND
Except as provided for the browsing data which are necessary to allow the Users to correctly use the Site and for the cookie, the users are free to provide their personal data in order to ask for a Data Controller legal or commercial reply or to file its own application to cover specific roles within the sphere of the R&P Legal firm.
However, the refusal to allow their data to be processed would make impossible for users to obtain any reply from R&P Legal.
- MANNER OF DATA PROCESSING
The personal data is processed using computerised, automated manual systems.
The Data Controller adopts specific security measures in order to ensure that data is processed in compliance with the applicable law, paying particular attention to the prevention of loss of data, unlawful or incorrect use or unauthorised access to databases.
- PURPOSES AND THE LEGAL BASIS OF THE PROCESSING, DATA RETENTION
5.1 To respond to requests received through the communication channels available through the Site (email, telephone, fax).
The legal basis for this processing is the R&P Legal’s legitimate interest in communicating with the public and responding to the requests made by potential customers, suppliers and other interested parties. The data retention period shall be equal to the time necessary to process the requests. This data retention period may be longer if the data subject data’s are processed for other purposes (e.g. as a client).
5.2 R&P Legal newsletters.
R&P Legal will send a periodic newsletter relating to our practice areas, if it is requested by the data subject at the time of the registration. The legal basis for this processing is the consent of the data subject. The data retention period begins from the data subject’s subscription of the newsletter until the data subject’s request of cancellation from the mailing list.
5.3 To prevent or control unlawful conduct or to protect and enforce rights.
For example, R&P Legal could use the data subject’s data to prevent or prosecute offences or violations of intellectual/industrial property rights (including of third parties) or computer crimes or crimes committed through telematic networks. The legal basis for such processing is the legitimate interest of R&P Legal as the data controller. The data retention period is equal to the time reasonably necessary to enforce R&P Legal’s rights from the time that R&P Legal becomes aware of the unlawful act or its potential commission.
In relation to the purposes indicated above, the processing of personal data is made through computerise, automated manual systems with logic strictly related to the purposes and, in any case, to ensure the security and confidentiality of the data in accordance with the law.
- THE DATA SUBJECT’S RIGHTS
As per Articles 15 et seq. of GDPR, each data subject has the right to receive from the other party information on the existence of the processing of his/her personal data, as well as to access his/her own data, to obtain the rectification, integration, updating, erasure or blocking of the data; each data subject will also has the right to obtain a copy of his/her data, the limitation of the processing and/or, moreover, to oppose against processing, as well as the right to data portability and to bring a complaint with the competent supervisory authorities under the conditions and within the limits given in the art. 13 of the GDPR.
The data subject has the right to withdraw his consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal
In order to exercise the aforementioned rights, it is necessary to write to the Data Controller, at the following e-mail address email@example.com , indicating “Privacy – Data Subject’s Rights” as object. Such e-mail address is protected from spam bots. If you want to see the Site, you have to necessary enable Java Script.
- TRANSFERS OF DATA
The personal data processed are stored at R&P Legal and its suppliers in Italy.
Your data may also be stored in the European Union, and in the USA by R&P Legal providers to whom personal data are transmitted on the basis of agreements, signed in accordance with art. 28 of the GDPR, which include standard contract clauses in accordance with the European Commission’s decision on standard contractual clauses or on the basis of the European Commission’s adequacy decision on the level of data protection (Privacy Shield). The updated list of third-party suppliers, acting as data processors pursuant to art. 28 GDPR, is available on request by sending a message to firstname.lastname@example.org.
- COMMUNICATION OF DATA
We may share your personal data:
- with other users of the Site and R&P Legal social media accounts. If you use the R&P Legal social media channels available through the Site, you may interact with other users, who will be notified of your comments, your location and other information you wish to share, in accordance with the policies and the terms and conditions of the social media on which you have an account;
- with service providers. R&P Legal uses third party services (cloud, content management system, analysis, hosting, navigation functions) acting as data processors on the basis of agreements, signed in accordance with art. 28 of the GDPR, which include standard contract clauses in accordance with the European Commission’s decision on standard contractual clauses or on the basis of the European Commission’s adequacy decision on the level of data protection (Privacy Shield). These providers shall process only the personal data necessary for the performance of their duties and may use them only for the purpose of performing their services on our behalf or to comply with legal requirements;
- with judicial authorities and public bodies. Where permitted or required by law, we may share data requested by a judicial authority, a public body or a government agency in order to protect or exercise our rights or those of third parties, or to comply with legal obligations.
*** *** ***