The Data Processor
Pursuant to Article 13 of the General Data Protection Regulation EU 2016/679 (GDPR), Canella Camaiora Società tra avvocati, with offices in Via Merlo, 3 – 20122 Milan is the Data Processor of your personal data. The Data Processor informs you that the Personal Data you provide in relation to existing legal relationships, or during your interactions with the Data Processor as a User will be processed in compliance with the legislation mentioned above. This Processing will be conducted in a lawful manner and in compliance with the principles of Article 5 of the General Data Protection Regulation EU 2016/679. Additional information on the above may be made available at a later date, including verbally.
A Data Protection Officer has not been appointed.
An updated list of Data Processors and individuals authorised to process data is kept at the organization’s registered office.
Data to be processed
Article 4 of the General Data Protection Regulation EU 2016/679 (GDPR) defines defines “personal data” as any information relating to an identified or identifiable natural person (the “Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Specifically, these are data willingly provided by you for the execution of an existing legal relationship with the Data Processor.
Added to the above are the navigational data, computer systems and software procedures used to operate this website which may acquire, during the course of their normal functioning, your personal data, the transfer of which is implicit in the use of internet communication protocols. This information is not collected with the intent of associating it with identified data subjects but it could, by its very nature, and when combined and associated with data held by third parties, identify users. This category of data includes IP addresses or domain names of computers used by users connecting to the website, the URI (Uniform Resource Identifier) address of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (e.g. successful, failed, etc.) and other parameters relating to the operating system and the user’s IT environment. These data are used only to obtain anonymous statistical information on the use of the website and to verify that it is functioning correctly; they are deleted immediately after processing. For further information please refer to our Cookies Policy. The data may be used to establish responsibility in the event of potential cyber crimes which may damage the website, or to comply with a request from a public authority.
The processing of your personal data serves to:
manage existing and/or prospective legal relationships;
comply with the obligations arising from the aforementioned legal relationship(s);
manage and organise any legal relationship, whether the latter is existing or still being defined;
fulfil regulatory, audit and/or financial obligations;
protect contractual rights and obligations;
carry out statistical analysis for operational purposes;
promote marketing and commercial communication activities, whether by email, phone or on social media, and including through partner organisations, regarding the services provided by the Data Processor.
Duration of the Processing
The personal data relating to points 1, 2, 3, 4, 5 and 6 will be stored for the time required to perform the Data Processor’s proposed services, and for up to a maximum of 10 (ten) years. Once this period has elapsed the data will be destroyed. Data processed for the purposes of company auditing will be stored, in compliance with legal obligations, for a period not exceeding 10 (ten) years. With regard to the data provided for the purposes outlined in point 7, these will be processed for a period of up to a maximum of 2 (two) years, the which may only be extended with the client’s consent, following the renewal of a contract. You may at any time revoke your consent to the processing of personal information.
Nature of data provision
The processing of data is obligatory in points 1–6, i.e. for the fulfilment of legal obligations as connected to the relationship established, and for any other purpose connected to compliance with legal obligations, regulatory bodies, and EU legislation, upon the user’s request. By refusing to provide your data to the Data Processor, you prevent the latter from fulfilling such obligations and thus to provide the services requested. For the purposes outlined in point 7, communications will be sent by post, by email or via social media. The Data Subject may at any point exercise the rights pursuant to Article 7, Paragraph 3, and the Articles 15 et seq. of EU Regulation 2016/679 – in other words, the termination of such communication, including by expressing their desire to receive such information by another means, where available. The provision of your data and consent to its processing for the purposes referred to in point 7 are entirely optional. Failure to provide personal data for the purposes outlined above will mean that you are unable to receive newsletter communications promoting the company’s services, whether by post or by email.
Data processing methods
The data will be processed and stored exclusively for the aforementioned purposes in both paper and IT formats, as well as being included in relevant databases and processed with tools that ensure the ongoing integrity, security and confidentiality of the data, as per the provisions of EU Regulation 2016/679. The appropriate technical and organisational measures will be taken to guarantee a level of data protection that is compliant with the provisions of EU Regulation 2016/679. Access will be given only to those persons with written authorisation for the processing of personal data. Personal data may also be communicated and/or collected from/transferred to third parties (such as in the event of data acquisition from Sub-Processors or other Agents). The latter will have the same responsibilities with regard to the processing of personal data, and will be required to comply with the obligations applicable to the legal relationship in place.
Disclosure to third parties and/or sharing of data
For the purposes outlined in points 1 to 7 above, the Company informs you that your personal data may be passed on to named external organisations in the event that it is required to comply with a legal obligation, or to comply with the contractual obligations of an agreement we have/will have with you, as well as to comply with specific requests you make, including prior to the contract’s termination.
The types of organisations to whom the Data Subject’s personal data may be disclosed include those listed below:
Regulatory bodies, legal authorities, institutions, freelance professionals, professional organisations, local authorities and/or other organisations in charge of processing data, in order to comply with the day-to-day operation of the Data Processor’s administrative, auditing and management activities, and as part of the services it provides (legal obligations);
Banking and financial institutions, freelance professionals, consultancy and law firms, to whom the disclosure of the aforementioned data is required for the normal operation of the Data Processor’s services and, specifically, relating to the fulfilment of the contractual obligations as part of the agreement with the Data Subject (contractual obligations);
Personal data collected will not otherwise be shared any under circumstances.
Transferring information abroad
Personal data will be transferred exclusively in Italy and within the European Union.
Rights applicable under EU Regulation 2016/679
The Data Subject may at any point exercise their rights under Article 7, Paragraph 3, as well as Articles 15 et seq. of EU Regulation 2016/679:
a) the right to access their personal data;
b) the right to have personal data rectified or erased, or limit the extent of processing;
c) the right to oppose such processing;
d) right to data portability;
e) the right to revoke their consent, where available (the withdrawal of consent does not compromise the legitimacy of any processing conducted on the basis of the consent granted prior to its being revoked);
f) the right to lodge a complaint with the supervisory authority; (Data Processing Regulator)
Details of the Data Processor
The Data Subject may exercise the rights outlined above either by contacting 0297383076, sending a fax to 0297383083, or addressing an email to firstname.lastname@example.org.
The Data Processor is Canella Camaiora Società tra avvocati, with offices in Via Merlo, 3 – 20122 Milan. A list of external Data Controllers will be kept up to date and made available to the Data Subject upon request.
Further information regarding the processing of personal data may be communicated during processing, including verbally.