Privacy Policy

The Law Firm Ascone Poltronieri Mulato & Partners is committed to protecting the Privacy and Personal Data of users browsing the website www.app-avvocati.it in compliance with Regulation (EU) 2016/679 (“GDPR”) and applicable national legislation.

I. The Data Controller provides the website user with the following information:

 a) INFORMATION ABOUT THE DATA CONTROLLER

The Data Controller pursuant to Art. 24 of the GDPR is the Law Firm Ascone Poltronieri Mulato & Partners (VAT No. 12712728150967), with registered office in Milan, Via Vitruvio 5. The user/visitor of the website may exercise their rights pursuant to Articles 15 to 22 of the EU Regulation by writing to the following email address: studio@app-avvocati.it

 b) INFORMATION ABOUT THE DATA PROTECTION OFFICER

The Data Controller does not fall within the cases requiring the mandatory appointment of a Data Protection Officer under Art. 37 GDPR (DPO).

 c) and d) PURPOSES OF PROCESSING, LEGAL BASIS AND LEGITIMATE INTEREST

Personal data are processed for the following purposes and legal bases: 

  1. To respond to requests for information on the services offered by the Firm (submitted by filling in a specific Form in which the necessary data are voluntarily entered), to be contacted again or to receive an initial free consultation – the legal basis for processing is the
    performance of pre-contractual measures at the request of the data subject pursuant to Art. 6(1)(b).
  2. Possible storage of data for organizational and documentation purposes – the legal basis for processing is the legitimate interest of the Data Controller pursuant to Art. 6(1)(f).
  3. To safeguard the proper functioning and security of the website in the interest of the Firm and users/browsers – the legal basis for processing is the legitimate interest of the Data Controller pursuant to Art. 6(1)(f).
 
 e) RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Users’/visitors’ personal data may be disclosed to the following categories of recipients: 
  1. Persons who process data under the authority of the Data Controller and who have legitimate access to personal data as a result of a written assignment for data processing (pursuant to Arts. 29 GDPR and 2-quaterdecies of the Privacy Code);
  2. Companies, consultants or professionals possibly appointed for the installation, maintenance, updating and, in general, management of the hardware and software used by the Data Controller to provide its services (such as, for example, web hosting companies and IT support
    providers with whom the Data Controller has entered into a Data Processing Agreement pursuant to Art. 28 GDPR);
  3. Competent authorities in the event of the verification of criminal offences through the website.
 
 f) TRANSFER OF DATA

Data may be processed or stored on platforms also located in non-EU countries (e.g., social media, YouTube, cloud services), in compliance with the safeguards provided by the GDPR (e.g., Standard Contractual Clauses, adequacy decisions, etc.).

II. In addition to the information referred to in Section I, the Data Controller provides the user/browser with the following additional information necessary to ensure fair and transparent processing:

 a) DATA RETENTION

Data are retained for no longer than necessary for the purposes for which they were collected and processed and/or to establish or defend legal claims before judicial authorities.

In particular, data are retained for the time strictly necessary to respond to the user’s request for information sent to the Firm by completing and submitting the relevant Form for one or more consultancy and assistance services offered by the Lawyers and, where applicable, to comply with
legal or tax obligations if a professional relationship arises. In the absence of a professional engagement, data will be deleted within 12 months from the last contact.

 b) RIGHT OF ACCESS TO PERSONAL DATA, RECTIFICATION, ERASURE, DATA PORTABILITY, RESTRICTION OR OBJECTION TO PROCESSING BY THE DATA SUBJECT

The Data Subject may exercise the rights referred to in Articles 15 to 22 of the GDPR, where applicable; in particular, the right of access (Art. 15) allows the Data Subject to obtain confirmation as to whether or not personal data concerning them are being processed and, if so, access to such data; the right to rectification and completion (Art. 16) allows the Data Subject to request correction of data concerning them; the right to erasure/right to be forgotten (Art. 17) provides the Data Subject with the right to request and obtain the deletion of personal data concerning them when at least one of the following applies: 1) the data are no longer necessary for the purposes for which they were collected; 2) withdrawal of consent where required; 3) objection to processing; 4) unlawful processing; the right to restriction (Art. 18) applies where the accuracy of the data is contested for the period necessary to verify their accuracy, or where the processing is unlawful and the Data Subject opposes erasure and requests restriction instead; the right to data portability (Art. 20) allows the Data Subject to receive their personal data in a structured, commonly used and machine-readable format and to have those data transmitted to another Data Controller indicated by them; the right to object (Art. 21) allows the Data Subject to object at any time to the processing of their data where the legal basis no longer applies; the right not to be subject to automated decision-making (including profiling) (Art. 22) that produces legal effects concerning them or similarly significantly affects them, except where such decision is necessary for entering into or performing a contract, is authorized by EU law, or is based on the Data Subject’s explicit consent.

 c) RIGHT TO REVOKE EVENTUAL CONSENT

The processing of the Data Subject’s data is based on the following legal grounds: performance of pre-contractual measures at the request of the Data Subject pursuant to Art. 6(1)(b), and the legitimate interest of the Data Controller pursuant to Art. 6(1)(f). The processing of data is not based on the Data Subject’s consent.

 d) RIGHT TO LODGE A COMPLAINT

The Data Subject has the right to lodge a complaint with the Supervisory Authority regarding the processing of their personal data if such processing does not comply with the EU Regulation, using the following link: www.garanteprivacy.it.

 e) DATA PROVISION AND CONSEQUENCES OF REFUSAL

The provision of data by the user/browser is optional but necessary to interact with the Firm through the relevant Form and, where applicable, to use the services offered. Failure to provide the minimum required information (name, email) will make it impossible to receive a response or assistance.

 f) SPECIFIC PROCESSING ACTIVITIES

In carrying out the processing purposes described herein, the Data Controller does not perform automated decision-making processes pursuant to Art. 22(1) and (4).

Additional information for the user/visitor

  • Types of data collected
 

Through this website, the Firm collects exclusively the following personal data voluntarily provided by the user through contact forms:

  1. First name
  2. Last name
  3. Email address
  4. Phone number
  5. Subject of the message or brief description of the request
  6. Use of the Google Calendar service in the “Bandi” section for bookings
 
  • Methods of processing
 

Processing is carried out using electronic and/or paper-based tools, in compliance with the principles of lawfulness, fairness, transparency and security set out in the GDPR.

  • Changes to this policy
 

This Privacy Policy may be subject to changes. Users are advised to consult it periodically. Any significant changes will be communicated on the website.