Dear user / visitor, We welcome you to our Website www.V-lex.it (the “Website”).
Browsing the Site and / or accessing certain sections of the Site and / or any requests for information or services from users of the Site may involve the processing of personal data referable to natural persons (the “Data Subjects”).
This document is intended to provide, in a simple and intuitive way, information on the type of information and personal data collected through the Site, as well as all useful and necessary information so that the interested parties can provide their personal data in a conscious and informed way. with the possibility of requesting and obtaining, at any time, clarifications and / or corrections.
1. What is meant by personal data
Personal data means all information relating to an identified or identifiable natural person, which is already held by the data controller or which the latter could come into possession of. By way of example and not limited to, personal data are considered: name, surname, address, social security number, current account number, date of birth, telephone number, information contained in the identity document, e-mail address and location. Personal data are also those generated through the use of the services offered through the Site, for example: information on the browser and device, IP address, data on the use of the Site, information collected through cookies or other technologies (the “Personal Data”).
2. Who is the data controller
The data controller, as defined in point 7) of Article 4 of the Regulations, is V|LEX – Λvvocati Studio Legale in Milano, Via G. Serbelloni, 1 in the persons of attornays at law Pierluigi Vitolo e Stefano Colussa (the “Owner”).
3. Type of data collected and processed
– Data provided voluntarily by the user
To access the Site it is not necessary to register. However, there are services within the Site for the use of which it is necessary to provide your Personal Data, which will be processed only for the related purposes and for the time strictly necessary. In particular, as regards the data contained in the CVs sent spontaneously by users, we inform you that the Regulation provides that the so-called “Particular” [ie personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as processing genetic data, biometric data intended to uniquely identify a natural person , data relating to the health or sexual life or sexual orientation of the person] can be legitimately processed with the consent of the interested party; consent that is difficult to obtain from individual users.
For this reason, all those who intend to send their CV are invited not to report any sensitive and / or particular data in it.
– Navigation data
In addition to the personal data provided directly by the Data Subjects, during the connection to the Site, the computer systems and software procedures used to operate the Site acquire, during their normal operation, additional Personal Data whose transmission is implicit in the use of the protocols of Internet communication. These are the so-called “Navigation data” by such means the informations that are not collected to be associated with identified subjects, but which by their very nature could, through processing and association with data held by third parties, allow the identification of the same.
This category of data includes the IP addresses or domain names of the computers used by users who connect to the Site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the Site only at the request of the supervisory bodies in charge.
No personal data of users is acquired by the Site in this regard.
Cookies are not used to transmit information of a personal nature, nor are the so-called c.d. persistent cookies of any kind, or systems for tracking users.
The use of so-called session cookies (which are not stored permanently on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe browsing and efficient site.
The so-called Session cookies used on this Site avoid the use of other IT techniques that are potentially detrimental to the confidentiality of users’ browsing and do not allow the acquisition of the user’s personal identification data.
4. Purpose and legal basis of the processing
Depending on the needs expressed from time to time, by accessing the various sections of the Site (and except for specific rules and information for individual operations that involve the provision of specific Personal Data, published from time to time on the Site), the following main purposes are indicated of the processing of Personal Data, whether they are conferred directly by the Data Subjects, or acquired automatically by browsing:
– follow up on any requests made by the users themselves, for example, by spontaneously sending applications, e-mail or traditional messages to the addresses indicated on the Site which entail the subsequent acquisition of the address, including e-mail, of the sender or the relative telephone number necessary to respond to requests, as well as any other Personal Data included in the relative communications;
– fulfill an obligation established by law, by a regulation or by community legislation;
– ascertain, exercise or defend our right in court;
– obtain anonymous statistical information on the use of the Site and to check its correct functioning;
– management, administrative, accounting and tax obligations.
The processing of such data is allowed by the Regulation, as:
– necessary to follow up on requests made by the interested parties themselves;
– in some cases, necessary to fulfill a legal obligation, for example, in the event of communication to authorities, governmental or regulatory bodies;
– necessary to initiate, continue or defend oneself in legal actions;
– for the pursuit of our legitimate interest (for example, to protect our information system).
5. Compulsory or optional nature of providing personal data and consequences of any refusal
Apart from what is specified for navigation data, the user is free to provide Personal Data by sending an e-mail, to submit his application by sending a CV or to join the initiatives of the Data Controller..
Failure to provide Personal Data may make it impossible, in whole or in part, to follow up on user requests.
6. Communication of personal data
These subjects may be considered data controllers pursuant to art. 28 of the Regulations or autonames of the data controllers. Specifically, Personal Data may be disclosed to:
– third parties who carry out part of the processing activities and / or activities connected and instrumental to them on behalf of the Data Controller such as the management of the IT system. These subjects, adequately selected, with experience, skills and reliability, process Personal Data as data processors, pursuant to art. 28 of the Regulation;
– individuals, employees and / or collaborators of the Data Controller or of the data processors who have been entrusted with specific and / or more processing activities on your Personal Data. These individuals have been given specific instructions on the subject of security and correct use of Personal Data.
– public bodies or judicial authorities, where required by law or to prevent or suppress the commission of a crime
A detailed and updated list of these subjects, as well as those who operate as data processors, can be easily found by sending an e-mail to: email@example.com.
7. Processing methods and retention period
Personal Data will be processed for a period of time equal to the minimum necessary to achieve the purposes for which they are collected, without prejudice to a further retention period that may be imposed by law. Personal data will in any case be deleted without undue delay.
In any case, the criteria used to determine the applicable retention period are: (i) time necessary to achieve the related purpose; (ii) time necessary to complete the relationship with the interested party; (iii) time accepted by the interested party and / or (iv) time required by applicable laws on the matter. At the end of the retention period, the data will be deleted, or destroyed in a secure way where possible, or made anonymous.
8. Transfer of personal data to third countries or international organizations
Personal Data will be processed by the Data Controller within the territory of the European Union.
If for technical and / or operational reasons it becomes necessary to make use of subjects located outside the European Union, the transfer of your Personal Data to these subjects, limited to the performance of specific processing activities, will be regulated in accordance with the provisions provided for by Chapter V of the Regulations. Therefore, all the necessary precautions will be taken in order to guarantee the most complete protection of Personal Data, basing this transfer: (a) on adequacy decisions of the recipient third countries expressed by the European Commission; (b) on adequate guarantees expressed by the third party recipient pursuant to Article 46 of the Regulation; (c) on the adoption of binding corporate rules, so-called corporate binding rules.
In any case, it is possible to request more details from the Data Controller if the Personal Data have been transferred outside the European Union by requesting evidence of the specific guarantees adopted.
9. Rights of interested parties and methods of exercise
As required by articles 15 et seq. of the Regulation, the interested parties may, when the legal conditions are met, access their Personal Data, request their correction and updating, if incomplete or incorrect, request their cancellation, limitation of processing, as well as oppose their processing for legitimate reasons and specific.
Furthermore, the interested parties have the right to receive their data in a structured format, commonly used and readable by an automatic device. If the interested party has given consent to the processing of personal data for one or more purposes for which it was requested, he or she may, at any time, revoke it totally and / or partially without prejudice to the lawfulness of the processing based on the consent given before the revocation.
You can exercise your rights at any time by sending an e-mail to the e-mail address: firstname.lastname@example.org or by sending a letter to be sent by ordinary mail, with notice of delivery, at the headquarters of V -lex Law Firm.
Without prejudice to any other administrative or judicial appeal, the interested parties have the right to lodge a complaint with the Guarantor for the Protection of Personal Data, if they believe that the processing of their data is carried out in violation of the Regulations.
Further information is available on the website www.garanteprivacy.it