Privacy en
ACT OF INFORMATION ON THE PROCESSING OF PERSONAL DATA
Dear Visitor,
the Privacy Policy, compliance with which is very important to us, requires us to provide you, as a visitor to www.studiomorabito.eu, with some information on the processing of your data collected through this Site. We want to do this in the simplest and clearest way, so that you can easily find below the essential information about who we are, what data we process, why, how and for how long we process it. At the bottom of this page you will find a Glossary of all terms indicated with a capital letter together with their definitions.
- DATA CONTROLLER.
- The Data Controller is Studio Legale Tributario Morabito, in the person of its legal representative pro tempore Avv. Simone Morabito, with registered office in Turin, Piazza Statuto no. 10, VAT no. 11494680017, PEC: simonemorabito@pec.ordineavvocatitorino.it, professional association, which provides consultancy and services in the tax and legal field.
- The Data Controller will process Personal Data according to the principles of lawfulness, correctness, transparency, purpose limitation and storage, data minimisation, accuracy, integrity and confidentiality.
- This information is provided pursuant to Article 13 of EU Regulation 2016/679.
-
PURPOSE, LEGAL BASIS AND DATA SUBJECT OF PROCESSING.
- The Data Controller will perform the Processing with the following purposes.
- enable the Visitor to navigate the Site;
- respond to Visitor requests submitted via the Contact Form;
- research/statistical analysis on aggregated or anonymous data, without the possibility of identifying the Visitor, aimed at measuring the operation of the Site, measuring traffic and assessing usability and interest of the Site (in this case the Owner does not process Data);
- fulfillment of legal obligations to which the Owner is subject;
- need to ascertain, exercise or defend a right in court or whenever the Authorities exercise their functions.
- The Processing will cover Navigation Data, Cookies, Identifying, Personal and Particular Data.
- The legal bases for Processing are as follows, divided by Data categories:
- Browsing Data and Cookies: legitimate interest;
- Identifying and Personal and Particular Data provided by the Visitor in requests via the Contact Form: fulfillment of pre-contractual measures taken at your request or based on your consent (from time to time, for the Personal and Particular Data you provide to enable us to respond to your requests via the contact form).
- The Data Controller will perform the Processing with the following purposes.
-
Cookie.
- The site uses the following Cookies:
- technical.
third-party analytics
- technical.
- Users can selectively disable the action of Google Analytics by installing the opt-out component provided by Google on their browsers;
- Duration – some cookies (so-called session cookies) remain active only until the browser is closed. Other cookies (so-called persistent cookies) “survive” when the browser is closed and are available on subsequent visits by the user, and their duration is set by the server when they are created; in some cases an expiration date is set, in other cases the duration is unlimited.
- Management – the Visitor can decide whether or not to accept cookies using their browser settings.
- The usability of the content is also possible by disabling cookies completely, and disabling “third-party” cookies in no way affects the navigability of the Site.
- The setting can be defined specifically for different sites and web applications. In addition, the best browsers allow different settings to be defined for various types the cookies.
- The site uses the following Cookies:
-
MODE OF TREATMENT.
- Personal Data will be:
- collected electronically;
- recorded in digital format at servers in the exclusive availability of the Owner;
- protected from the risks of destruction, modification, deletion and unauthorized access through efficient security measures of a physical, logical and organizational nature
- further processed, including on paper, to the extent and within the time strictly necessary to execute the purposes indicated above.
- Personal Data will be:
-
COMMUNICATION TO RECIPIENTS AND DISSEMINATION.
- Data acquired through the Site will be disclosed to Recipients to the extent strictly necessary in connection with the above purposes.
- The categories of Recipients are as follows:
- subjects necessary for the operation and delivery of the services offered by the Site, who act as Data Processors, by virtue of written agreements entered into with the Controller;
- appointees and persons authorized by the Data Controller who have committed to confidentiality or have an appropriate legal obligation of confidentiality (e.g., employees and associates of the Data Controller).
- The Data Controller may also need to disclose Data to fulfill legal obligations or to comply with orders from Authorities.
- No Personal Data will be subject to Dissemination and will not be transferred outside the Member States of the European Union.
-
DATA RETENTION PERIOD.
- The Data Controller will retain the Data for the minimum time necessary to achieve the Purposes set out in 2.1.
- Holders will retain Personal Data with the following timeframes:
- Browsing Data: maximum 60 days;
- Identifying and Personal Data provided by the Visitor in requests through the Contact Form: will be retained for a period of ten years from the completion of the service requested by the Data Subject.
- Except for the above, the Data Controller will retain Personal Data up to the maximum time allowed by Italian law to protect its rights and/or interests.
-
MANDATORY AND OPTIONAL NATURE OF THE COMMUNICATION OF PERSONAL DATA.
- The communication of Navigational Data is mandatory and indispensable to allow the Owner to let the Visitor use the Site.
- The communication of Identifying, Personal and Particular Data provided by the Visitor in requests via the Contact Form is, on the other hand, optional and bound to the Visitor’s consent.
-
CONSEQUENCES OF REFUSAL TO DISCLOSE PERSONAL DATA.
- The Visitor may not refuse to communicate Navigational Data, to the extent that it consists of Personal Data.
- If the Visitor refuses to communicate Identifying, Personal, and possibly Particular Data, in requests via the Contact Form, the Owner may not be able to fulfill such requests, in whole or in part.
-
RIGHTS OF THE DATA SUBJECT.
- The Data Subject has the right to:
- access his/her Personal Data held by the Data Controller;
- Request its rectification and/or deletion (“oblivion”);
- request Limitation or object to the Processing;
- request the portability of the Data;
- propose a complaint to a Supervisory Authority
- The Data Subject also has the rights referred to in Article 7 of the Privacy Code not expressly mentioned above (i.e. that of obtaining confirmation of the existence of Personal Data concerning you and their communication in an intelligible form, the indication of their origin, the identification details of the data processors, the transformation into anonymous form of Personal Data or their blocking if processed in violation of the Privacy Regulations).
- The Data Subject has the right to:
-
CHANGES TO THE TREATMENT INFORMATION ACT.
- This Information Act is effective as of May 24, 2018.
- The Data Controller reserves the right to modify its content, in whole or in part, also due to changes in the legislation on the protection of Personal Data
- In the aforementioned case, the Data Controller will publish on the Site the updated version of this Information Act, and from that moment it will be binding: the Data Subject is therefore invited to visit this section regularly.
GLOSSARY
- “Authority” means an entity or organization, public or private, with administrative, judicial, police, disciplinary, or supervisory powers in any way related to the Firm’s activities.
- “Supervisory Authority” means the independent public authority established by a state of the European Union, or by the European Union itself, responsible for overseeing the application of the Privacy Regulations (for Italy, the Garante per la Protezione dei Dati Personali, http://www.garanteprivacy.it).
- “Authorized” means natural persons authorized to process Data under the direct authority of the owner or manager, and who have committed to them to confidentiality, or have an appropriate legal obligation of confidentiality.
- “Privacy Code” means Legislative Decree 196/2003 as amended and/or supplemented.
- “Committee” means the European Data Protection Board, established by Article 68 of the GDPR and governed by Articles 68 to 76 of the GDPR, replacing WP29 as of 25/5/2018.
- “Communication” means“the giving of knowledge of personal data to one or more determined parties other than the data subject, the owner’s representative in the territory of the State, the person in charge and the persons in charge, in any form, including by making them available or consulting them” (as defined in Article 4, paragraph 1 letter l of the Privacy Code).
- “Cookies”: short text fragments (letters and/or numbers) that allow the web server to store information on the browser to be reused during the same visit to the site (session cookies) or later, even days later (persistent cookies). Cookies are stored, based on user preferences, by the individual browser on the specific device used (computer, tablet, smartphone). The following categories are considered:
- Technical Cookies: these are cookies that are indispensable for the proper functioning of the site and are used for the sole purpose of “carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or User to provide such service” (see Art. 122, c. 1, of the Privacy Code).
- Analytical Cookies: these are cookies used to anonymously collect and analyze site traffic and usage. These cookies, while not identifying the user, allow, for example, to detect whether the same user returns to log on at different times. They also make it possible to monitor the system and improve its performance and usability. Deactivation of such cookies can be performed without any loss of functionality.
- “Data” means one or more of the categories specified, in this Agreement, as Personal Data, Identifying Data, Particular Data.
- “Browsing Data”: these are the data that the computer systems and software procedures used to operate the site acquire, in the course of their normal operation, and whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the Site: except for this eventuality, data on web contacts do not persist for more than seven days.
- “Personal Data” means“any information relating to a natural person who is identified or identifiable, even indirectly, by reference to any other information, including a personal identification number,” (as defined in Article 4, paragraph 1 lett. b of the Privacy Code) or, as of 5/25/2018, “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is any natural person who can be identified, directly or indirectly, by reference in particular to an identifier such as a name, an identification number, location data, an online identifier, or to one or more characteristic elements of his or her physical, physiological, genetic, mental, economic, cultural or social identity,” as defined in Art. 4, subsection 1, no. 1, of the GDPR).
- “Identifying Data”: the “personal data that allow the direct identification of the data subject” (as defined in Article 4, paragraph 1 letter c of the Privacy Code).
- “Particular Data”: the so-called “sensitive” Personal Data (“capable of revealing racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership in parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, as well as personal data capable of revealing health and sex life”, as defined in Art. 4, paragraph 1 lett. d of the Privacy Code); “judicial” (“personal data capable of revealing measures referred to in Article 3, paragraph 1, letters a) to o) and r) to u), of Presidential Decree 14 November 2002, no. 313, on criminal records, registry of administrative penalties dependent on crime and related pending charges, or the quality of defendant or suspect under Articles 60 and 61 of the Code of Criminal Procedure,” as defined in Article 4, paragraph 1 lett. e of the Privacy Code); “genetic” (“personal data relating to the hereditary or acquired genetic characteristics of a natural person which provide unambiguous information about the physiology or health of that natural person, and which result in particular from the analysis of a biological sample of that natural person,” as defined in Art. 4, subsection 1, no. 13, of the GDPR); “biometric” (“personal data obtained by specific technical processing relating to physical, physiological or behavioral characteristics of a natural person that enable or confirm their unambiguous identification, such as facial image or dactyloscopic data,” as defined by Art. 4, subsection 1, no. 14, of the GDPR); “health-related” (“personal data relating to the physical or mental health of a natural person, including the provision of health care services, which reveal information relating to his or her state of health,” as defined by Art. 4, subsection 1, no. 15 of the GDPR), as well as Data “revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, […] relating to a person’s health or sex life or sexual orientation” (Art. 9.1 GDPR), and “personal data relating to criminal convictions and offenses or related security measures” (Art. 10 GDPR).
- “Recipient” means“the natural or legal person, public authority, service or other body receiving communication of personal data,” as defined in Article 4, subsection 1, no. 9, of the GDPR.
- “Dissemination” means“the giving of knowledge of personal data to unspecified persons, in any form, including by making them available or consulting them” (as defined in Article 4, paragraph 1 letter m of the Privacy Code).
- “GDPR” means the EU Regulation 2016/679 “on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).”
- “Persons in charge”:“the natural persons authorized to carry out processing operations by the owner or the person in charge,” as defined in Article 4, paragraph 1 letter h of the Privacy Code.
- “Data subject” means“the natural person, to whom the personal data refer” (as defined in Article 4, paragraph 1 letter i of the Privacy Code) or, as of 25/5/2018, “identified or identifiable natural person”, as defined in Article 4, subsection 1, no. 1, of the EU Regulation 2016/679 (so-called “GDPR”).
- “Limitation” means“the marking of personal data stored with the aim of limiting their processing in the future,” as defined in Article 4, subsection 1, no. 3, of the GDPR.
- “Contact Form”: the section on the main page of the Site through which the Visitor can send inquiries.
- “Privacy Legislation” means Legislative Decree No. 196/2003 as amended and/or supplemented (“Privacy Code”), as well as the General Measures issued pursuant to Article 154 paragraph 1 lett. c) and h), EU Regulation 2016/679 (“GDPR”) and additional applicable legislation of any rank, including the opinions of WP29 and, as of 25/5/2018, the Committee.
- “Profiling” means“any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects of that natural person’s professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements,” as defined in Article 4, subsection 1, no. 4, of the GDPR.
- “Publication” means the action by which the Firm communicates information on the Site, without the implementation of procedures that require the Visitor to view it.
- “Data controller” means“the natural person, legal person, public administration and any other entity, association or body entrusted by the controller with the processing of personal data” (as defined in Article 4, paragraph 1 letter g of the Privacy Code), or, as of 25/5/2018, “the natural or legal person, public authority, service or other body that processes personal data on behalf of the controller”, as defined in Article 4, subsection 1, no. 8, of the GDPR, as well as the persons entrusted and/or authorized by the controller.
- “Site” means the web pages exposed through the domain www.studiomorabito.eu, subdomains included.
- “Data controller” means“the natural person, legal person, public administration and any other body, association or body which is responsible, even jointly with another controller, for decisions regarding the purposes, methods of processing of personal data and the instruments used, including the security profile” (as defined in Art. 4, paragraph 1 lett. f of the Privacy Code), or, as of 25/5/2018, “the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; when the purposes and means of such processing are determined by Union or Member State law, the data controller or the specific criteria applicable to its designation may be established by Union or Member State law,” as defined by Art. 4, subsection 1, no. 7, of the GDPR, as well as the individuals entrusted and/or authorized by it.
- “Processing” means“any operation or set of operations, carried out with or without the aid of electronic means, concerning the collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, erasure and destruction of data, including data not registered in a database” (as defined in Article 4, paragraph 1 lett. a of the Privacy Code), or, as of 25/5/2018, “any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction,” as defined by Art. 4, subsection 1, no. 2, of the GDPR.
- “Visitor” means the natural person who uses a device and navigates, through the Internet network, the pages of the Site.
- “WP29” means the Working Party on the Protection of Individuals with regard to the Processing of Personal Data, established under Article 29 of Directive 95/46/EC, whose tasks are set out in Article 30 of Directive 95/46/EC and Article 15 of Directive 2002/58/EC.