Dear User,
Lawyers Francesca Sani, Francesca Baroncelli Poggi, Camilla Amunni, Eleonora Verdelli, and Silvia Papalini, with offices in Florence (FI), Piazza Franco Nannotti no. 11, tel. +39 055 0469320, act as Data Controllers (hereinafter “Data Controller/s”) and protect the personal data provided by the Data Subjects during navigation and use of the web page https://www.firenzelegale.it/, ensuring confidentiality and compliance with applicable regulations, as well as the necessary level of protection from any event that may put them at risk of violation.
As required by Article 13 of the European Union General Data Protection Regulation (GDPR), before proceeding with processing, the user of the above-mentioned web page (hereinafter also referred to as “Data Subject”) is informed that their personal data, collected through the website, are processed by the Data Controller as generalized above, using IT and/or telematic tools, for the purposes indicated below in this notice.
For any questions regarding the processing of personal data, you can contact the Data Controllers by writing to info@firenzelegale.it
1. Types of Personal Data Processed
The following personal data of the Data Subject will be processed:
- first name, last name, email address, phone number, and information contained in the request sent by the Data Subject.
2. Purpose and Legal Basis of Processing
Personal data will be processed for the following purposes:
- to be contacted by the Data Controller in case of requests for online legal advice, appointments, quotes, or training courses via the contact form or by sending a request to the contact details provided on the website.
The legal basis for the processing referred to in point a) is:
Art. 6 para. 1 lit. b) GDPR: “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”.
3. Processing Methods
The personal data being processed are collected directly by the Data Controller or by third parties expressly authorized by the latter, or communicated by the Data Controller to such third parties appointed as processors for the purpose of achieving the objectives set out in point no. 2.
The processing of personal data will mainly be carried out using IT tools by the Data Controller or by external parties specifically appointed as data processors, in accordance with the GDPR.
The Data Controller periodically carries out checks to ensure that no unnecessary personal data is processed, collected, stored, or retained in relation to the processing and the purposes set out in point no. 2 of this policy.
The Data Controller does not make automated decisions that may affect the Data Subject. All decision-making processes associated with the purposes of the processing described above are carried out with human intervention.
4. Recipients of Personal Data
Personal data processed for the purposes outlined in point no. 2 of this policy may be disclosed to:
- internal personnel of the Data Controller, duly authorized for the relevant parts of processing;
- external entities such as:
-
- providers of IT infrastructure and solutions;
- web service providers;
- consultants and/or suppliers and/or other professionals, to the extent necessary for the performance of their duties;
- Public Authorities, for compliance with legal obligations and/or requests from authorities.
The disclosure concerns categories of personal data whose transmission to the above third parties is necessary to carry out the activities and purposes set out in point no. 2 of this notice. The updated list of External Data Processors is kept at the Data Controller’s office and may be requested by the Data Subject.
For processing carried out for the purpose referred to in point no. 2 letter a), the consent of the Data Subject is not required.
In no case will personal data be communicated to other categories of third parties (in addition to those mentioned above) or be subject to dissemination.
5. Transfer Outside the EU/EEA
The Data Controller does not transfer the personal data of the Data Subject abroad (meaning outside the European Economic Area).
In some cases, personal data may be processed abroad and the transfer will take place based on the principles and assumptions set out in Chapter V of the GDPR, as well as based on adequate security guarantees.
6. Data Retention Period
Personal data will be processed by the Data Controller for the entire duration of the relationship and for the time necessary to achieve the purposes for which they were collected as per point no. 2 letter a) of this notice.
Upon expiration of the above period, the Data Controller will proceed with the deletion of your personal data.
Longer retention periods may apply in the event of specific legal obligations or if the Data Controller receives requests from public authorities or for the protection of its own rights or those of the Data Subject.
7. Rights of the Data Subject
Pursuant to EU Reg. 2016/679, the Data Subject has the right to:
- obtain confirmation of whether or not the Data Controller is processing their personal data;
- access their personal data and learn their origin (when not obtained directly from the Data Subject), the purposes of the processing, the data of the recipients, the retention period or, if not available, the criteria used to determine it;
- obtain the rectification of inaccurate personal data;
- obtain the deletion of their personal data from the databases of the Data Controller if they are no longer necessary for the purposes for which they were collected, or if the processing is unlawful, and in other cases under Article 17 GDPR;
- restrict the processing of their personal data, for example, where its accuracy is contested, for the time necessary for the Data Controller to verify it, and in other cases under Article 18 GDPR;
- receive their personal data in a structured, commonly used, and machine-readable format, also for transmission to another Data Controller (data portability).
The Data Subject may exercise their rights by contacting the Data Controller in writing at the address https://www.firenzelegale.it/
The Data Controller must proceed without delay and, in any case, no later than one month from receipt of the request. The term may be extended by two months, in which case the Data Controller will inform the Data Subject within thirty days of the reasons for the extension.
8. Complaint
The Data Subject has the right to lodge a complaint with the Data Protection Authority.
If the Data Subject resides in a different EU member state or the breach of data protection law occurs in another EU country where the Data Controller is not established, the complaint should be addressed to the supervisory authority of that member state.
Filing a complaint does not preclude the Data Subject’s right to pursue other legal remedies.
9. Provision of Data and Consequences
Providing personal data is optional; however, if the Data Subject does not provide the requested personal data, the Data Controller will not be able to carry out the processing activities for the purposes indicated in point no. 2 of this notice.