Privacy and cookie policy

Dear User,

The lawyers Francesca Sani, Francesca Baroncelli Poggi, Camilla Amunni, Eleonora Verdelli, and Silvia Papalini, with their office in Florence (FI), Piazza Franco Nannotti n. 11, tel. 055 0469320, act as data controllers (hereinafter “Data Controller(s)”) and protect the personal data provided by Data Subjects during the navigation and use of the web page https://www.firenzelegale.it/, ensuring its confidentiality and guaranteeing compliance with the regulations in force, as well as the necessary level of protection, from any event that could put it at risk of violation.

As required by Art. 13 of the General Data Protection Regulation of the European Union (GDPR), before proceeding with the processing, the user of the aforementioned web page (hereinafter also “Data Subject”) is informed that their personal data, collected through the website, are processed by the Data Controller as specified above, through IT and/or telematic tools, for the purposes indicated below in this policy.

For any questions regarding the processing of personal data, you can contact the Data Controllers by writing to info@firenzelegale.it

1. Type of personal data processed

The computer systems and software procedures used to operate this page acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

Consequently, the following personal data of the Data Subject may be processed, by way of example:

Navigation data: this category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment. This data, necessary for the use of web services, is also processed for the purpose of: obtaining statistical information on the use of the services (most visited pages, number of visitors by time slot or day, geographical areas of origin, etc.); checking the correct functioning of the services offered.

Data provided voluntarily by sending requests to the contact form on the site and/or to the contact details provided by the Controller: this category includes personal identification and contact data – for example, name, surname, e-mail address, telephone number – and any data that the User voluntarily provides through the contact tools made available.

Cookie: a “cookie” is a text file created by a website on the user’s computer when they access the site, with the purpose of storing and transporting information.

Cookies are sent from a web server (which is the computer on which the visited website is running) to the user’s browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and stored on the latter’s computer; they are then re-sent to the website at the time of subsequent visits.

Many of the operations that are normally carried out on a website could not be performed without the help of cookies, which, in such cases, are therefore technically necessary.  This type of cookie is called technical or functionality cookies. In other cases, the site uses cookies to facilitate and simplify navigation by the user or to allow them to use specifically requested services.

Session cookies, stored in temporary memory and deleted when the browser is closed, are used exclusively to “carry out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide that service”, and allow the website to be used efficiently, keeping track of the display of the pages that compose it so as not to request information already acquired and/or released by the user’s browser during the same connection session.

These cookies can be further divided into navigation or session cookies, which guarantee the normal consultation and use of the website (allowing, for example, to make a purchase or authenticate to access reserved areas); analytics cookies, similar to technical cookies where used directly by the site manager to collect information, in aggregate form, on the number of users and how they visit the site itself; functionality cookies, which allow the user to navigate according to a series of pre-selected criteria (for example, the language, the products selected for purchase) in order to improve the service provided to them.

Cookies can also be classified according to their origin, as: first-party cookies, i.e., cookies generated and managed directly by the operator of the website on which the user is Browse; third-party cookies, which are generated and managed by parties other than the operator of the website on which the user is Browse.

For the installation of technical or session cookies, the prior consent of the data subjects is not required, without prejudice, however, to the obligation for the Data Controller to provide, pursuant to Regulation (EU) 2016/679, this mandatory information, which the site manager, if he uses only such devices, may provide in the manner he deems most appropriate.

This website uses technical, first-party and third-party cookies.

In particular, within the website, the Data Controller uses the following third-party cookies:

Google Maps (Google)

The Controller uses interactive Google maps to provide a useful way for website visitors to reach it. The Google Maps tools are integrated on the site on the basis of Google’s terms of service and privacy policy visible at the following link: https://policies.google.com/privacy?hl=en-US.

Cookie settings

By default, many browsers automatically allow the use of cookies, but they also offer the ability to control most cookies, including whether or not to accept them and the procedure for deleting them.

For more information on controlling cookies, see the “Tools” (or similar) section of your browser.

You can set your browser to receive a warning before accepting a cookie, giving you the option to decide whether or not to receive it. You can also completely disable cookies.

How to disable cookies?

Most browsers (Internet Explorer, Firefox, Chrome, etc.) are configured to accept cookies. The cookies stored on your device’s hard drive can still be deleted and it is also possible to disable cookies by following the instructions provided by the main browsers at the following links:

• Chrome
• Firefox
• Safari
• Internet Explorer
• Edge
• Opera 

Social buttons

On the website https://www.firenzelegale.it/ there are special “buttons” (called “social buttons/widgets”) that depict the icons of social networks (for example, Facebook). They allow users who are Browse the Controller’s web page to access the relevant social networks with a “click”. In this case, the social network acquires the data relating to the user, while the Controller will not share any navigation information or user data acquired through its site with the social network accessible thanks to the social buttons/widgets. These services release “third-party cookies”. Below are the links to the privacy policies of the most used social networks and websites to which the buttons refer:

for Facebook: https://www.facebook.com/help/cookies   

for Instagram: https://privacycenter.instagram.com/policies/cookies/

for Linkedin: https://www.linkedin.com/legal/cookie-policy

2. Purposes and legal basis of the processing

Personal data will be processed for the following purposes:

1. to allow the use of this website, as well as to carry out the maintenance and technical assistance necessary for its proper functioning;
2. to be contacted by the Controller in case of a request for online consultation, appointments, quotes or training courses by filling out the contact form or by sending the request to the contact details on the site (specific information available at the following link);

The legal basis for the processing referred to in letter a) of this point is:

Art. 6 par. 1 lett. f) GDPR: “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child”;

The legal basis for the processing referred to in letter b) of this point, as well as the information relating to the provision of data, are contained in the specific policies on the site and prepared for the related services.

3. Processing Methods

The personal data being processed are collected directly by the Data Controller or by third parties expressly authorized by them, or communicated by the Data Controller to such third parties appointed as data processors for the pursuit of the purposes referred to in point 2.

The processing of personal data will be carried out mainly with the aid of IT tools by the Data Controller or by external subjects specifically appointed as data processors, in compliance with the provisions of the GDPR.

The Data Controller periodically carries out checks to ensure that personal data that is not necessary for the processing and its related purposes as indicated in point 2 of this policy is not processed, collected, stored or kept.

The Data Controller does not adopt automated decisions likely to influence the Data Subject. All decision-making processes associated with the processing purposes described above are carried out with human intervention.

4. Recipients of personal data

The personal data processed for the purposes referred to in point 2 of this policy may be communicated:

• to internal subjects of the Controller’s organization, duly authorized for the parts of the processing of their respective competence;
• to external subjects such as:

• • providers of IT infrastructure and solutions;
  • web service providers;
  • consultants and/or suppliers and/or other professionals, to the extent necessary to carry out their assignment;
  • Public authorities, for any legal obligations and/or requests from the authority.

The communication concerns the categories of personal data whose transmission to the aforementioned third parties is necessary for the performance of the activities and for the purposes referred to in point 2 of this policy. The updated list of External Processors is kept at the headquarters of the Data Controller and can be requested by the Data Subject.

For the processing carried out for the purpose referred to in point 2 letter a), the consent of the Data Subject is not required.

With regard to the processing activities for the purpose referred to in point 2 letter b), more information is contained in the specific policies on the site and prepared for the related services.

In no case will personal data be communicated to other categories of third parties (in addition to those mentioned above) and will not be subject to dissemination operations.

5. Transfer outside the EU/EEA

The Data Controller does not transfer the Data Subject’s personal data abroad (abroad meaning all countries not belonging to the European Economic Area).

In some cases, personal data may be processed abroad and the transfer will take place on the basis of the principles and conditions set out in Chapter V of the GDPR, as well as on the basis of adequate security guarantees.

6. Retention period/Data Retention

Personal data will be processed by the Data Controller for the entire duration of the relationship with the same and for the time necessary to achieve the purposes for which they were collected as per point 2 letter a) of this policy.

With regard to the processing activities for the purposes referred to in point 2 letter b), more information is contained in the specific policies on the site and prepared for the related services.

Upon reaching the aforementioned terms, the Data Controller will delete the data concerning you.

Longer retention periods may be applied in the presence of specific legal obligations or if requests are received by the Data Controller from public authorities or for further needs to protect the rights of the Data Controller or the Data Subject.

7. Rights of the Data Subject

Pursuant to EU Reg. 2016/679, the Data Subject has the right to:

• obtain confirmation of the processing carried out by the Data Controller on personal data concerning them;
• access their personal data and know its origin (when the data is not obtained directly from the Data Subject), the purposes of the processing, the data of the subjects to whom it is communicated (recipients), the data retention period or, failing that, the useful criteria for determining it;
• obtain the rectification of their personal data;
• obtain the cancellation of their personal data from the Data Controller’s databases if they are no longer necessary for the purposes for which they were collected or if the processing is unlawful and in the other cases referred to in Art. 17 GDPR;
• limit the processing of their personal data, for example, where its accuracy is contested, for the period necessary for the Data Controller to verify its accuracy and in all other cases referred to in Art. 18 GDPR;
• obtain their personal data in electronic format, also in order to be able to communicate it to another Data Controller (portability).

The Data Subject may assert their rights by contacting the Data Controller by written communication to the address https://www.firenzelegale.it/

The Data Controller must proceed in this sense without delay and, in any case, no later than one month from receipt of the request. The term can be extended by two months, and in this case the Data Controller will, always within thirty days, inform the Data Subject about the reasons that make the extension necessary.

8. Complaint

The Data Subject has the right to lodge a complaint with the Personal Data Protection Authority.

In the event that the Data Subject resides in a different member state or the violation of the data protection legislation occurs in another EU country with respect to the one where the Data Controller is based, the Data Subject must lodge a complaint with the Authority responsible for supervising compliance with the legislation on the protection of personal data of the aforementioned country.

The lodging of the complaint is without prejudice to the possibility for the Data Subject to bring any other legal action.

9. Changes to this policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time by giving notice to users on the page https://www.firenzelegale.it/.

Please therefore consult this page often, referring to the date of the last modification indicated at the end of the document. In the event of non-acceptance of the changes made to this Privacy Policy, the Data Subject may request the Data Controller to delete their personal data. Unless otherwise specified, the previous Privacy Policy will continue to apply to the personal data collected up to that moment

***

Policy updated on 23/06/2025