Data Controller

Please find below a description of how the website is operated in respect of the processing of the data concerning the users visiting it. This policy is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (hereinafter also referred to as the “Regulation”).
The Controller is Studio Legale Maltoni Associato, hereinafter also referred to as the “Firm”, based at via Sant’Eufemia 2 – 20122 Milan, represented by Attorneys Alberto Maltoni and Andrea Maltoni.

Data and processing methods

No services are offered or rendered by the Firm through this website, and any data provided by third parties through the Firm’s contact details and addresses are handled by personnel from the Firm. No data from the web are disclosed or disseminated to third parties. The personal data provided by users submitting requests to the Firm will be used for the sole purpose of performing any requested service or work and will only be disclosed to third parties if this is necessary for that purpose, either in order to perform the service or due to law requirements.
The personal data are processed also using automated tools for as long as necessary to achieve the purposes for which they were collected, and are stored for as long as required by law in order to comply with tax requirements and with the obligations towards those who benefited from the Firm’s services. Specific security measures are taken to prevent loss of data, illegal or improper use and unauthorised access.

Browsing data

During their normal operation and for the duration of the connection, the IT systems and software procedures used to operate this website will acquire some personal data whose transmission is inherent in the use of Internet communication protocols.
This information is not collected in order for it to be associated with identified data subjects; however, because of its very nature, it may make it possible to identify users through processing and associations with data held by third parties.
This category of data includes the IP addresses or domain names of the computers used by users connecting to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used for submitting the request to the server, the size of the file obtained in response, the numeric code indicating the server response status (successful, error, etc.), and other parameters regarding the user’s operating system and IT environment.

These data can be used:

1. to comply with requirements imposed by national and Community legislation as well as with orders given by Supervisory and Monitoring Bodies;
2. to establish liability in case of potential computer crimes against the website and for investigations in case of litigation, if any.

Except for these cases, at present the collected data will remain on the servers for as long as compatible with the law and the expressed needs, without prejudice to the stated rights of the data subject.
The data are also used to obtain anonymous statistical information on website usage and to monitor proper functioning of the website.

Data provided by the user on a voluntary basis

If email is optionally, explicitly and voluntarily sent to the addresses stated on this website, this will involve subsequent acquisition of the sender’s address, which is required in order to respond to requests, as well as of any other personal data included in the message. Personal data will be used for sending any responses, on the assumption that if the sender sends any requests, he or she has given his or her implicit prior consent.

Rights of the data subject

Right of access

The data subject can obtain from the Firm confirmation as to whether or not personal data concerning him or her are being processed and, where that is the case, access to them and to the information laid down in Article 15 of the Regulation.
Personal data will not be transferred to a third country or to an international organisation. If requested, the Firm can provide you with a copy of the Personal Data undergoing processing. If the request in question is made by electronic means, and unless otherwise stated, the information shall be provided to you by the Firm in a commonly used electronic form.

Right to rectification

The data subject can obtain from the Firm the rectification of inaccurate Personal Data concerning him or her and – taking into account the purposes of the processing – have incomplete personal data completed, by means of providing a supplementary statement.

Right to erasure

The data subject can obtain from the Controller the erasure of personal data concerning him or her for any of the grounds laid down in Article 17 of the Regulation, including, but not limited to, if the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, or if consent on which the processing of personal data is based was withdrawn and there is no other legal ground for the processing. The Firm cannot erase personal data if processing thereof is necessary, for instance, for compliance with a legal obligation, for reasons of public interest, for the establishment, exercise or defence of legal claims.

Right to restriction of processing

The data subject can obtain restriction of processing of personal data where one of the cases laid down in Article 18 of the Regulation applies, including, for instance: the accuracy of the personal data undergoing processing is contested by the data subject or the personal data are required by the data subject for the establishment, exercise or defence of legal claims, although the Firm no longer needs them for the purposes of the processing.

Right to data portability

If the processing of the personal data concerning the data subject is based on consent or is necessary for the performance of a contract or in order to take steps prior to entering into a contract and the processing is carried out by automated means, the data subject can:

• request to receive the personal data, which he or she has provided, in a structured, commonly used and machine-readable format (e.g.: a format which can be read by a computer and/or tablet);
• transmit the personal data concerning him or her which he or she has received to another Controller without hindrance from the Firm.

The data subject can also request to have the personal data transmitted directly from the Firm to another controller named by the data subject, where technically feasible for the Firm. In this case, the data subject shall be responsible for providing us with all the correct contact details of the new controller to which he or she intends to transfer the personal data by giving us an appropriate authorisation in writing.

Right to object

The data subject can object at any time to processing of personal data concerning him or her if processing is carried out for the performance of a task carried out in the public interest or for the purposes of the legitimate interests pursued by the Controller. If the data subject decides to exercise his or her right to object, the Firm shall no longer process the personal data unless there are legitimate grounds for the processing (grounds which override the interests, rights and freedoms of the data subject), or the processing is necessary for the establishment, exercise or defence of legal claims.

Automated individual decision-making, including profiling

The Regulation provides that the data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, of the personal data concerning him or her, which produces legal effects concerning him or her or significantly affects him or her, unless the aforesaid decision:

1. is necessary for entering into, or performance of, a contract between you and the Firm;
2. is authorised by Italian or European law;
3. is based on the data subject’s explicit consent.

In the cases referred to in letters a) and c), the Firm shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, and the data subject can exercise the right to obtain intervention on the part of the Firm, to express his or her point of view and to contest the decision.

Right to lodge a complaint with the Data Protection Supervisory Authority

Without prejudice to the data subject’s right to go to any other administrative body or law court, if he or she thinks that the Controller’s processing of the personal data concerning him or her is carried out in breach of the Regulation and/or the applicable legislation, he or she can lodge a complaint with the competent Data Protection Supervisory Authority.
For all questions regarding the processing of the personal data concerning the data subject and/or for exercising the rights provided for by the Regulation, the data subject can refer to the following address: studiomaltoni@avvocatimaltoni.it