Privacy policy

1. Data controller

Pursuant to current legislation and the provisions of Art. 13 of EU Regulation 2016/679 and Italian Legislative Decree 196/2013, as amended by Italian Legislative Decree 101/2018, we hereby inform you that the data controller for the data you provide by using this website (“Site”) is GSCD S.r.l. with registered office in Strada Maggiore 24, 40125 Bologna, Italy, VAT No. IT03976351209, hereinafter also “the Company”, which you may contact for any need regarding the processing of personal data at the following contact information:

Phone: +39 051 238105

Email: segreteria@gscdavvocati.com

2. Type of data collected and purpose of processing  

Browsing data

The computer systems and software procedures used to run the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These data are not gathered for association with identified subjects, but by their very nature, when processed or associated with data held by third parties, they might allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who log onto the website, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used when submitting the request to the server, the size of the file obtained in reply, the numerical code indicating the server’s response status (concluded successfully, error, etc.) and other parameters relating to the user’s operating system and IT environment.

These data are used exclusively for the following purposes:

• allowing access to and browsing of the Site;
• obtaining statistical information on the use of the Site;
• monitoring the proper functioning of the Site and improving our services offered.

Browsing data are processed for the time strictly necessary to fulfil the specific purposes.

Data contributed voluntarily by users

You are not required to provide personal data in order to view the Site. However, you can send enquiries by using the contact data indicated on the Site or by filling in the relevant form. These operations entail the acquisition by the Company of personal data that will be used exclusively to fulfil the user’s request.

Cookies – No IT techniques for the direct acquisition of personal data identifying the user or user tracking or profiling systems are used on the Site in any way. The current IT systems do not use any type of persistent cookies, but only statistical tools and technical session cookies that transmit personal information, which is not retained after the end of the browsing session. Sometimes third-party cookies may still be activated using functions that allow you to interact with social networks, which may then track your browsing. This may happen if you use the functions for sharing to Facebook, LinkedIn and Twitter. In this respect, please always refer to the privacy statements provided by the respective social networks.

3. Legal bases of processing, purposes and mandatory or optional nature of providing data

The Company processes your personal data if one or more of the following conditions set out in EU Regulation 2016/679 apply:

1. processing is carried out on the basis of the legitimate interest of the data controller. It is effectively in the legitimate interest of the Company to respond to requests for information from users. The same interest coincides with the legitimate interest of the user of the Site who expects a response to a request.
2. The processing is necessary to perform pre-contractual measures;
3. The processing is necessary to fulfil a legal obligation to which the data controller is subject.

The provision of your data is:

• Optional for the purposes under points a) and b). If you do not provide this information, the Company will not be able to respond to requests for assistance or information.
• Mandatory for purposes set out under point c). Without the required data, it will not be possible to fulfil legal obligations.

4. Methods of processing personal data

The processing is carried out by the Company through the use of computerised, electronic, manual and automated tools for storing, managing and transmitting the data, applying approaches strictly related to the specific purposes.

5. Communication and dissemination of personal data

The data shall be processed by personnel appointed and instructed by the Company using procedures and technical and IT tools suitable for protecting the confidentiality and security of your personal data. Your personal data may be disclosed to third parties acting on behalf of the Data Controller, and in accordance with its instructions, as Data Processors. The data subject may request a complete and updated list of the persons appointed as data processors by contacting one of the addresses listed below. Personal data will not be disseminated.

6. Personal data storage periods

The information and personal data of users collected by this site, including data freely provided to have informational material or other communications sent, by sending e-mails to the addresses indicated in the contact section, will be kept for a period of time limited to the fulfilment of the purposes for which they are collected. Once the purposes have been fulfilled, all personal data shall be deleted, unless otherwise requested by authorities, storage requirements stipulated by law, or unless otherwise specified in particular sections of the website.

7. Data transfer outside the EU

Personal data will not be transferred to third parties located in non-EU countries. The Data Controller may, if necessary, in case transfer your data to third parties that may be based outside the European Union/EEA, which provide an adequate level of data protection, as established by specific decisions of the European Commission:
https://www.garanteprivacy.it/web/guest/home/provvedimenti-normativa/normativa/normativa-comunitaria-e-internazionale/trasferimento-dati-estero.

Your personal data shall be transferred to countries not covered by an adequacy decision only after the conclusion of specific agreements with such parties, containing appropriate safeguards and guarantees for the protection of your personal data, known as “standard contractual clauses”, also approved by the European Commission by decision 2021/914 of 4 June 2021, or if the transfer is necessary to use the services on the Site or to process your requests.

8. Security Measures

The Company takes appropriate security measures to safeguard the confidentiality, integrity, completeness and availability of your personal data. Technical, logistical and organisational measures are put in place to prevent damage or loss, even accidental, alteration, improper or unauthorised use of processed data.

9. Changes to this privacy policy

The Company may amend or simply update all or part of this Privacy Policy. Any changes or updates to the Privacy Policy shall be available to all users in the Privacy Policy section of the Site. Updates shall be binding as soon as they are published on the Site. If you do not wish to accept these changes, you may discontinue using our site.

10. Your rights 

We inform you that as a data subject, you may exercise the following rights in relation to your personal data:

RIGHTS OF THE DATA SUBJECT Articles 15-22 of EU Reg. 2016/679

Art. 15 The data subject’s right of access: the data subject has the right to obtain confirmation as to whether or not personal data relating to him are being processed, where that is the case, to obtain access to the personal data and related information (categories of data, purposes, possible recipients, storage period or criterion, etc.)

Art. 16 Right to rectification: the data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Art. 17 Right to erasure (‘right to be forgotten’): the data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller has the obligation to erase personal data without undue delay where one of the grounds set out in Art. 17(1)(a), (b), (c), (d), (e), (f), (2), (3)(a), (b), (c), (d) or (e) applies.

Art.18. Right to restriction of processing: The data subject has the right to obtain from the data controller the restriction of processing when one of the cases referred to in Art. 18(1)(a), (b), (c), (d), (2) and (3) applies.

Art. 19 Notification obligation regarding rectification or erasure of personal data or restriction of processing: The controller shall inform each of the recipients to whom the personal data have been transmitted of any rectification or erasure or restriction of processing carried out pursuant to Art. 16, Art. 17(1) and Art. 18, unless this proves impossible or involves a disproportionate effort. The data controller shall inform the data subject of those recipients if the data subject so requests.

Art. 20 Right to data portability: the data subject has the right to receive in a structured, commonly used and machine-readable format the personal data concerning him or her that he or she has provided to a data controller, and has the right to transmit such data to another data controller without hindrance by the data controller to whom he or she has provided them in the cases referred to in Art. 20(1)(a), (b), (2), (3) and (4).

Art. 21 Right of opposition: the data subject has the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her, pursuant to Art 6(1)(e) or (f), including profiling on the basis of these provisions. Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her carried out for such purposes, including profiling insofar as it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, the personal data will no longer be processed for those purposes.

You may exercise your rights with reference to the personal data processed by GSCD S.r.l. at any time, by sending a request to exercise your rights, preferably by registered mail with advice of receipt to Strada Maggiore 24, 40125 Bologna, Italy or by sending a request to the certified mail address gscdavvocati@pec.it or to the controller’s contact details indicated above.

Version of 27.06.2022