DATA PROTECTION POLICY
This policy is an information notice given pursuant to Article 13 of Regulation (EU) No 2016/679 (general data protection regulation, hereinafter the “GDPR”) and to applicable laws and regulations concerning cookies.
This data protection information notice is given by Jenny.Avvocati – Studio Legale Associato (the “Firm”), with registered office in via Durini 27, 20122 Milan, Italy, tax code and VAT number e p. IVA 12908840155, data controller within the meaning of Article 4(7) of the GDPR. The data controller can be contacted also via email at the address firstname.lastname@example.org.
The information notice is given for the website www.jenny.it (the “Website”) and is addressed to those subjects who access it, both through PCs or mobile devices (the “Data Subjects”). Other websites, if any, accessible by means of hyperlinks inserted in the Website are not covered by this information notice. In the event that Data Subjects access such websites by means of hyperlinks, the relevant processing will be performed in full autonomy by the data controllers thereof. Jenny.Avvocati does not assume any liability for the abovementioned processing.
The data processing will be carried out by the Firm, as independent data controller and/or by the data processors, if any, appointed from time to time by the Firm and/or by persons authorised to perform processing activities by the Firm and/or by data processors.
- PROCESSING OF BROWSING DATA
The IT systems and software procedures used to operate the Website acquire, during their normal operation, some personal data of the Data Subject whose transmission is implicit in the communication protocols of the Internet.
This is information that is not directly associated with identified users, but which by its nature could, through processing and associations with data held by third parties, allow the identification of such users.
This category of data includes IP addresses or domain names of computers used by users connecting to the Website, URIs (Uniform Resource Identifiers) of requested resources, information about access, information about location, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..), information about the user’s visit including clickstream URL data, within and from the Website, the duration of the visit to certain pages and the interaction on those pages and other parameters related to the operating system and computer environment of the user.
The data collected during the browsing of the Website by the Data Subject are processed in order to (i) manage the Website and resolve any functioning problems, (ii) ensure that the content of the Website is presented in the most effective way for the Data Subject and his/her devices, developing, testing and making improvements to the Website, (iii) as far as possible, to keep the Website safe and protected, (iv) to obtain anonymous statistical information on the use of the Website and to control its correct functioning, (v) to identify anomalies and/or abuses in the use of the Website. The data could also be used to ascertain liability in the event of possible IT crimes committed against the Website or third parties and may be disclosed to judicial authorities, if they expressly request so. Except in the latter case, data are currently stored for a maximum period of two months. Such processing activities are lawful, since there is a legitimate interest of the Data Controller and they do not breach the fundamental rights and freedoms of the Data Subjects.
- MODALITIES OF PROCESSING
Processing activities are performed through IT devices in the manner necessary to pursue the purposes for which data were collected.
The processing of data is carried out using procedures that protect their confidentiality and will consist of its collection, recording, organisation, storage, interrogation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction, including the combination of two or more of the above activities. The data will also be processed with IT and electronic tools and stored with the adoption of appropriate security measures in accordance with the provisions of current laws and regulations, in order to reduce the risk of data destruction or loss, also accidental, unauthorized access, or processing not authorised or not in accordance with the purposes of collection. The security measures will be adapted over time in accordance with the law and with technical developments in the sector.
- DISCLOSURE AND DISSEMINATION OF DATA
The Firm does not disseminate the data of the Data Subject. However, the processing of data may involve the disclosure of data to third parties, other than employees and collaborators of the Firm authorised to perform processing activities.
In carrying out the data processing activities described in this information notice, the Firm also avails itself of the cooperation of specialised third parties, who may become aware of the data, including for example IT (e.g. data hosting, system protection services), telematics and storage service companies, to whom tasks or services of a technical or organizational nature are entrusted, and who act as data processors of the Firm or independent data controllers.
The recipients of data are all located within the European Economic Area (“EEA”).
The data processors appointed by the Firm and the employees and collaborators authorised to process data will be given adequate instructions, with particular reference to the adoption of adequate security measures, in order to ensure the confidentiality and security of the data. In any case, only those personal data necessary for the performance of their specific tasks will be disclosed to them. The data processors contractually undertake to ensure compliance with current legislation aimed at the protection of the personal data of Data Subjects and to adopt all the necessary measures for the adequate protection of Data Subjects’ data.
A cookie is a small text file which is sent to the browser and stored on the user’s terminal equipment when such user visits a website.
Cookies can be classified as follows:
- session cookies, i.e. temporary cookies which remain in the cookie folder of the user’s browser until the navigation session ends;
- persistent cookies, i.e. cookies which remain in the cookie folder of the user’s browser for a longer period (depending on the lifetime of each cookie).
As far as the purposes of cookies are concerned, it is possible to distinguish between:
- technical cookies (used exclusively for the purpose of carrying out the transmission of a communication on an electronic communications network, or insofar as this is strictly necessary to the provider of an information society service that has been explicitly requested by the contracting party or user to provide the said service);
- profiling cookies (aimed at creating user profiles and used to send ads messages in line with the preferences shown by the user during navigation);
- analytics cookies (cookies used for statistical analysis relating to the use of website and to monitor the operation thereof).
Lastly, it is possible to distinguish between the so-called first party cookies (received from the website which the user is visiting) and the so-called third party cookies (i.e. cookies received from a website or web servicers other than the website that the user is visiting).
The Website only uses technical cookies.
- FURTHER PROCESSING PERFORMED THROUGH THE WEBSITE
Without prejudice to the foregoing, the collection of personal data, if any, is carried out in certain areas of the Website, accompanied by further data protection notices supplementing this. Such additional notices expressly require, where necessary, the consent to the processing of the concerned data.
The voluntary and optional sending of messages to addresses mentioned on the Website entails the subsequent acquisition of the communicated e-mail address, necessary to reply to the requests. Also other personal data contained in the message are acquired and they will be processed with the purpose of replying to the sender’s requests, with the modalities indicated in the data protection notice available here.
- DATA SUBJECTS’ RIGHTS
The Data Subject can exercise the following rights vis-à-vis the Firm:
- right to access:
The Data Subject may ask, at any time, which data concerning him/her are being processed by Jenny.Avvocati, the purpose of the processing, the categories of personal data concerned, the recipients or categories of recipients to whom data are disclosed, the period of retention or the criteria used to determine this period and their origin if the data are not collected from the Data Subject.
- right to rectification:
The Data Subject may request the rectification of inaccurate data or, taking into account the purposes of the processing, the completion of incomplete personal data, as provided for by Article 16 of the GDPR.
- right to erasure and right to be forgotten:
The Data Subject may request the erasure of data processed by Jenny.Avvocati in the cases provided for by Article 17 of the GDPR, e.g. when personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed. Jenny.Avvocati, however, will not proceed with the cancellation of the data if the processing is necessary to comply with a legal obligation to which Jenny.Avvocati is subject (e.g. keeping of accounting records) or if it is necessary for establishing, exercising or defending a right in court.
- right to restriction of processing:
The Data Subject may request that data processing be restricted, in the cases provided for by Article 18 GDPR, for example when the data subject contests the accuracy of personal data, for the period necessary for Jenny.Avvocati to verify the accuracy of such data.
- right to data portability
Upon request of the Data Subject, Jenny.Avvocati will deliver to the Data Subject the data concerning him/her processed by automated means, in a structured, commonly used and machine-readable format. However, this right is limited to data processed by Jenny.Avvocati for the execution or performance of a contract with the Data Subject, or on the basis of his/her consent. If technically feasible, and if the Data Subject requests so, Jenny.Avvocati will transmit the data directly to another data controller.
- right to object:
- The Data Subject has the right to object, at any time, to the processing of data, including profiling, which takes place on the basis of the legitimate interest; this right is however provided only for reasons related to the particular situation of the data subject, who must declare them. In case of objection, Jenny.Avvocati may continue the processing if it demonstrates the existence of compelling legitimate grounds (i) to proceed with the processing that prevail over the interests, rights and freedoms of the Data Subject or (ii) to establish, exercise or defend a right in court.
- The Data Subject also has the right to object at any time to the processing of his/her personal data for direct marketing purposes, including profiling linked to such direct marketing.
- right to lodge a complaint:
The Data Subject who believes that the processing of data carried out by Jenny.Avvocati breaches the applicable legislation on the protection of personal data has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).