SLS Avvocati (hereinafter also referred to as the “Law Firm”), with registered office in Corso Vittorio Emanuele II 15, 20122 – Milan (MI), Italy, in its capacity as Data Controller under Italian Legislative Decree 196/2003 and pursuant to EU Regulation 679/2016, recognises the importance of personal data confidentiality and protection as fundamental rights of the individual. Therefore, our first objective is to process data according to the strictest principles of lawfulness, fairness, purpose and storage limitation, minimisation, accuracy, integrity and at the same time ensure maximum transparency on the procedures and security measures adopted.
In light of the above, and in fulfillment of legal obligations, we issue the following information, provided pursuant to Art. 13 of EU Regulation 679/2016 (hereinafter the “GDPR”).
INFORMATION PURSUANT TO ART. 13 of the GDPR
The Data Controller is the law firm SLS Avvocati, in the person of Mr Natale Maria Sala (hereinafter also referred to as the “professional”), with registered office in Corso Vittorio Emanuele II 15, 20122 – Milan (MI), Italy. The Data Controller can be contacted via e-mail [email protected] or via certified e-mail [email protected]
This document describes the methods for managing the website www.slsavvocati.com (hereinafter also referred to as “the “Website”) and processing the data of the Website’s users, as well as processing the data of those who, in their capacity as Clients or other capacity, have contact with or a relationship with the Law Firm or otherwise provide the Law Firm with their data for the purposes and under the additional terms and conditions of this document, or in relation to which SLS Avvocati performs data processing operations.
The Law Firm processes the data of data subjects as well as third party data provided by Clients to the extent that such processing is necessary in order to discharge the professional assignments received.
The IT systems and software procedures responsible for the functioning of this Website acquire, during normal operation, certain data, the transmission of which is implicit in the use of Internet communication protocols. Such information is not collected in order to associate it with identified subjects, but by its very nature it could, with the use of processing and association with other data, including data held by third parties, enable users to be identified.
This data category includes the IP addresses or domain names of the computers used by users who connect to the Website, URI identifiers (Uniform Resource Identifiers) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment.
Such data are used only in order to obtain anonymous statistical data on use of the Website and to check that it is working properly and are deleted immediately after processing. Data may be used to ascertain responsibility in the case of hypothetical IT crimes against the Website. This category also includes data processed using cookies, in accordance with § 4 of the policy.
Data voluntarily provided by the user or collected by third parties
The optional, explicit and voluntary sending of an e-mail and its message (including the sending of CVs) to the e-mail addresses indicated on the Website, and the sending of messages through the published collection forms, entails the subsequent acquisition of the sender’s address and any other data entered in the message which are necessary in order to respond to requests, as well as any other data included in the message.
Specific summary information may be recorded or viewed from time to time and where strictly necessary in the webpages prepared for particular on-demand services.
In addition to the above, any further personal data (e.g. personal details, data concerning professional activity, position and company role, contact details such as company and/or personal phone number, e-mail address) provided to the Controller or in any case collected by the Controller from third parties, will be processed in compliance with this document and within the limits laid down by the GDPR.
Cookies are small pieces of data that enable statistics to be gathered on Website use and give an understanding of the browsing experience and needs.
Cookies can be broken down into two kinds:
First party cookies
This Website uses technical cookies and browsing or session cookies in particular, which are essential so that the user can navigate the Website normally and use the related services correctly. As these are not saved on the user’s computer, they disappear when the browser is closed.
Third party cookies
The anonymous, aggregate information generated by the cookies on Website use by users will be transmitted and stored on the Google servers in the United States. Google will use this information to track and examine Website use, prepare reports on Website activities for the Website administrators and provide other services related to Website activities and Internet use.
The Website is hosted on machines managed by an external company located in Falkenstein (Germany), with the provider Hetzner. Moreover, data is backed up on a server located in Roubaix (France), with the provider OVH.
All data are processed in paper form and, more predominately, in electronic form. Such data are stored in a form that enables the user to be identified only for the time strictly necessary in order to achieve the purposes for which the data were originally collected and, in any case, within the limits of the law.
Specific security measures are observed in order to avoid the loss, unlawful or incorrect use of such data and unauthorised access, in compliance with the provisions of the GDPR.
In order to ensure that the data are always accurate, up-to-date, complete and relevant, we ask data subjects to inform us about any changes that may have occurred to such data by sending an e-mail to [email protected]
The purpose of the data processing is the full and proper discharge of the professional assignment received, whether judicial or non-judicial. Data subjects’ data will also be processed in order to:
Data may be processed using either paper or electronic archives and only using methods that are strictly necessary in order to carry out the above activities.
The Law Firm processes data subjects’ data lawfully, where the processing is:
Providing data for the purposes described above is optional and failure to provide such data will make it impossible for the Law Firm to follow through on requests from the users themselves.
Data subjects’ data will be stored for the duration of the contract or mandate for the professional assignment received and, subsequently, for the time that the professional is subject to obligations to store such data for tax or other purposes, as provided by the law. In particular, with regard to marketing purposes and more specifically the sending of newsletters and/or invitations to cultural or training events, data subjects’ data are stored until consent is withdrawn or until the newsletter or conferencing service is discontinued.
The Controller does not check and is not able to supervise the content or the data processing policies of the third party websites that may be accessed via links on the Website. Therefore, SLS Avvocati cannot be held liable in any way for processing performed through or in relation to third party websites.
Data subjects’ data are not, without express consent, subject to dissemination nor to any fully automated decision-making process, including profiling, except for communications that may be necessary and entail the transfer of data to public bodies, consultants or other persons, including in their capacity as external data processors, in order to comply with legal obligations.
Data subjects, to whom the data refer, may at any time, when the legal conditions are met, exercise the following rights recognised by the GDPR:
Data may be communicated to third parties who are properly designated “Data Processors” and equipped with the appropriate safeguards under the law.
The Law Firm has not appointed a Data Protection Officer.
Last amended on 25/05/2018