Privacy Policy

 

This Policy is issued pursuant to art. 13 of Regulation (EU) 2016/679 (General Data Protection Regulation, hereinafter “GDPR” in order to provide  the necessary information regarding the processing of personal data of users who visit the website www.cptlegal.eu (the “Website”).

It should be noted that this Policy must be considered as referring and applicable only to the Website, without extending to pages or websites accessible through links and / or managed by third parties. Users are therefore invited to read the related third-party privacy policies for a more detailed understanding of the processing activities carried out through these third-party websites.

The processing of the Website users’ personal data will be carried out in full compliance with the current legislation on the protection of personal data.

 

1) Data controller and location of data processing

The data controller is Avv. Alessandro Pagliai with registered office in Viale del Poggio Imperiale 32, Florence CAP 50125, VAT number 06710190486. 

Contacts:

Email: pagliai@cptlegal.eu – info@cptlegal.eu

Telephone: 055.8895666

The processing is carried out at the registered office of the Data Controller and at the offices of identified external parties.

 

2) Categories of data processed

Navigation data collected automatically by the Website

The systems and computer procedures that allow the functioning of the Website  acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected in order to be associated with individual interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) ​​addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.

Data provided voluntarily by the user

The optional, explicit and voluntary sending of e-mails to the addresses indicated on this site and / or the compilation of data collection forms, involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data inserted. Therefore, the user who prefers to avoid the collection of their data by the Data Controller is invited not to submit any request, or at least, to provide as little personal data as possible.

See the information for contacts at the link inserted in the footer (lower part on all pages of the site).

Cookies

The Site, in order to facilitate the browsing experience of users, uses Cookies. To find out more about the cookies used, see the cookie policy at the following link inserted in the footer (lower part on all pages of the site).

 

3) Purpose of the processing, legal basis and mandatory or optional nature of the processing

The personal data provided through the Website are processed by the Data Controller within the limits and for the sole purpose of providing the services accessible through the Site, in particular for:

  1. allowing users to know and learn more, by browsing the Site,  about the activities carried out and the services offered by the Data Controller;
  2. responding to any requests sent by users via the reference email address or via the contact form of the Website;
  3. monitoring the correct functioning of the Website through aggregate or anonymous data, therefore without the possibility of identifying the user;
  4. the fulfillment of a legal obligation to which the Data Controller is subject to;
  5. ascertaining, exercising or defending a right in court or whenever the judicial authorities exercise their judicial functions.

 

The legal basis for the processing of personal data for the purposes referred to in points 1. and 2  is providing a service or responding  to a request that does not require consent under applicable law.

The purpose referred to in point 3 does not involve the processing of personal data.

The purposes referred to in points 4 and 5  represents a legitimate processing of personal data pursuant to current legislation as, once the personal data has been provided, the processing is necessary to fulfill a legal obligation to which the Data Controller is subject  or to exercise his right of defense in court.

Apart from what is specified for navigation data, providing personal data for the purpose listed above is optional, but failure to provide them may make it impossible to reply to a user’s request or fulfill a legal obligation to which the Data Controller may be subject to.

It should be noted that the withdrawal of consent does not affect the legitimacy of the processing carried out before the withdrawal itself.

 

4) Processing methods – Conservation

The processing will be carried out in an automated and manual form, with methods and tools aimed at guaranteeing maximum security and confidentiality, by persons specifically appointed for this in compliance with the provisions of the applicable legislation. The data will be kept only for the time strictly necessary to achieve the purposes for which the data were collected and, in any case, within the limits of the law.

 

5) Scope of communication and disclosure 

The personal data being processed will not be disclosed, expect for the purposes indicated in point 3) to:

  • subjects that provide services for the management of the information system used by the Data Controller and of the telecommunications networks;
  • professionals, firms or companies authorized by the Data Controller to process personal data in the context of assistance and consultancy relationships (eg collaborators of the Data Controller);
  • judicial authorities in the exercise of their functions when required by applicable law.

The subjects belonging to the aforementioned categories perform the function of a data processor or operate in total autonomy as separate data controllers. The list of data processors is constantly updated and available at the office of the data controller indicated in point 1.

Any further communication or disclosure will take place only with the explicit consent of the users.

 

6) Transfer of personal data

Personal data will not be transferred to third countries or international organizations.

If for technical and/or operational reasons it becomes necessary to use of subjects located outside the European Union, or if it becomes necessary to transfer some of the data collected to technical systems and services managed in cloud and located outside the Union European Union, the processing will be carried out in compliance with the provisions of Regulation (EU) 2016/679. In these cases, the Data Controller will update the information on the processing. All necessary precautions will be taken in order to guarantee the protection of personal data by basing this transfer: a) on adequacy decisions of the recipient third countries expressed by the European Commission; b) on adequate guarantees expressed by the third party recipient pursuant to art. 46 of Regulation (EU) 2016/679; c) on the exceptions relating to specific situations referred to in art. 49 of Regulation (EU) 2016/679.

 

7) Security measures

The Data Controller will take all the necessary security measures in order to minimize the risk of destruction or loss, even accidental, of the data, of unauthorized access or processing that is not permitted or does not comply with the purposes indicated in this document.

 

8) Data subjects’ rights

Users of the Website, in their capacity as interested parties, have the rights provided by articles 15-22 of the GDPR.  In particular, the right to:

  • ask for confirmation of the existence or not of their personal data;
  • obtain information on the purposes of the processing, the categories of personal data, the recipients or categories of recipients to whom the personal data have been or will be communicated and, when possible, the retention period;
  • object to the processing at any time and also in the case of processing for direct marketing purposes;
  • object to an automated decision-making process relating to individuals, including profiling;
  • ask the data controller to access personal data and to rectify or delete them or limit the processing that concern users or to oppose their processing, in addition to the right to data portability, i.e. receive them from a data controller , in a structured format, commonly used and readable by an automatic device, and transmit them to another data controller without hindrance;
  • withdraw the consent at any time without prejudice to the lawfulness of the processing based on the consent given before the withdrawal.

 

Furthermore, users have the right to lodge a complaint with the competent Supervisory Authority:  Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).

The rights listed above may be exercised at any time, freely and without difficulty, by sending the relevant request to the contact details of the Owner indicated in point 1).

 

9) Changes to the privacy policy

The Data Controller reserves the right to modify, update, add or remove parts of this privacy policy at his own discretion and at any time. Users are required to periodically check for any changes. In order to facilitate this verification, the privacy policy  will contain at the bottom of the page the indication of the last update.  The use of the Website, after the publication of the changes, will constitute acceptance of the same.

 

10) Social plug-in

Our web pages may contain Social Networks plug-ins (eg Linkedin.com, managed by LinkedIn Corporation). If you access one of our web pages equipped with a similar plug-in, the internet browser connects directly to the social network and the plug-in is displayed on the screen thanks to the connection with the browser. Before using these plug-ins, we invite users to check  the privacy policy of the social networks themselves, on their official pages.

 

Effective date: September 25, 2022