Pursuant to art. 13 of EU Regulation no. 2016/679 of April 27, 2016 (“GDPR”) and Italian Legislative Decree 196/2003, as amended by Italian Legislative Decree 101/2018 (“Privacy Code”), we hereby inform you on how we process the personal data provided to us also through the website www.casellaeassociati.com (the “Site”).
1. Data Controller
The data controller is Avv. Prof. Paolo Casella e Associati – Studio Legale, with registered office in via della Guastalla n. 15, 20122, Milan (hereinafter “Controller”), who can be contacted at the e-mail address: email@example.com.
2. Purpose and Legal Basis of the Processing
The Controller may process personal data for the following purposes:
- browsing of the Site, in relation to the possibility of detecting user data that are technically necessary therefor;
- response to information requests and execution of requested services;
- fulfillment of legal obligations, regulatory obligations or obligations imposed by a competent authority.
The legal basis of the processing is, as applicable, the execution of the services requested, or the fulfillment of legal or regulatory obligations applicable to the Controller.
3. Failure to Provide
The provision of personal data for the purposes listed above is optional; however, failure to provide said data will make it impossible for the Controller to provide the information or services requested.
4. Recipients and Data Transfer
The Controller may transfer or otherwise make personal data accessible to:
a) its employees and staff, who will process them exclusively for the purposes set forth above, in their capacity as “persons duly authorized to data processing”; and
b) third parties who will process them on behalf of the Controller as “data processors”, such as, by way of example, professionals, consultants and outsourcers.
Personal data will not be transferred to third countries or international organizations, except when necessary in relation to the purposes set forth above.
5. Methods of Processing and Conservation
Personal data will be processed with manual, paper, IT and/or telematic tools, possibly automated or designed to store, manage or transmit the data, according to the principles of fairness, lawfulness, transparency and protection of confidentiality, in compliance with the GDPR and the Privacy Code.
Personal data are not subject to any automated decision-making process, including profiling; they will be kept by the Controller for the time strictly necessary for the pursuit of the purposes for which they were collected and will be eliminated at the request of the interested party.
6. Rights of the interested parties
Articles 15 et seq. of the GDPR grant the interested parties certain rights to protect the confidentiality of their personal data, including the right to ask the Controller for access to said data and correction or deletion of the same, the limitation of the processing that concerns them, or to oppose the processing of such data, in addition to the right to data portability; interested parties can exercise these rights with a written request sent to the e-mail address: firstname.lastname@example.org.
Furthermore, if they believe that the processing carried out by the Controller breaches applicable provisions of the GDPR, interested parties can lodge a complaint with the Autorità Garante per la protezione dei dati personali (www.garanteprivacy.it), or with any other competent supervisory authority.