Who are we and what do we do with your personal data?
Lexia Avvocati, headquartered in Milan, via del Lauro 9, 20121, tax code 97882440585 (here also called the “Data Controller”), as data controller, is concerned with the confidentiality of your personal data and with ensuring that they are protected from any event that might put them at risk of being breached.
For this purpose, the Controller implements policies and practices concerning the collection and use of your personal data and the exercise of your rights under applicable law. The Controller takes care to update the policies and practices adopted for the protection of personal data whenever necessary and, in any case, if there are regulatory and organizational changes that may affect the processing of your personal data.
How does the Data Controller collect and process your information?
Personal information about you will be processed for:
1) Site navigation
Some operations could not be performed without the use of cookies, which, in some cases, are therefore technically necessary. In other cases, the site uses cookies to facilitate navigation by the user or to enable the user to take advantage of specifically requested services.
Cookies may remain in the system for long periods of time and may also contain a unique identification code. This allows the sites that use them to keep track of the user’s navigation within the site itself, for statistical or advertising purposes, that is, to create a personalized profile of the user from the pages he or she has visited and then show and/or send him or her targeted advertising (so-called Behavioural Advertising).
2) Communication to third parties and recipients
The communication of your personal data is made mainly to third parties and/or recipients whose activities are necessary to carry out the activities inherent to the aforementioned purposes, and also to respond to certain legal obligations. Any communication that does not respond to these purposes will be subject to your consent.
In particular, your data will be disclosed to third parties/recipients for:
- the execution of the service (e.g., IT service providers);
- communications towards the financial administration, and public supervisory and control bodies towards which the Controller must fulfill specific obligations arising from the specificity of the activity performed;
The personal data that the Controller processes for this purpose are:
- navigation data (IP address, URL)
3) IT security reasons
The Data Controller processes, including through its suppliers (third parties and/or recipients), your personal data (e.g. IP address) or traffic data collected in the case of services displayed on the Website to the extent strictly necessary and proportionate to ensure the security and ability of a network or the servers con-nexed to it to withstand, at a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of the personal data stored or transmitted.
For these purposes, the Owner provides procedures for handling personal data breaches (data breaches).
What are cookies and for what purposes they can be used
A “cookie” is a small text file created by some websites on the user’s computer at the time the user accesses a particular site, for the purpose of storing and transporting information. Cookies are sent from a web server (which is the computer on which the visited website is running) to the user’s browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc.) and stored on the user’s computer; they are, then, re-sent to the website at the time of subsequent visits.
Some operations could not be accomplished without the use of cookies, which, in some cases, are therefore technically necessary. In other cases, the site uses cookies to facilitate navigation by the user or to enable the user to take advantage of specifically requested services.
Cookies may remain in the system for long periods of time and may also contain a unique identification code. This allows the sites that use them to keep track of the user’s navigation within the site itself, for statistical or advertising purposes, that is, to create a personalized profile of the user from the pages he or she has visited and then show and/or send him or her targeted advertising (so-called Behavioural Advertising).
What cookies are used and for what main purpose
The Owner reports below the specific categories of cookies used, the purpose and the consequence of de-selecting them:
COOKIE TYPE | FIRST/THIRD PART | PURPOSE | Tempi di STORAGE TIMES | CONSEQUENCES IN CASE OF DESELECTION |
Technical cookies | First part | Website Management. They enable the safe and efficient operation and exploration of the website | Day 1 session | These are cookies necessary for the use of the website; if they are blocked, it is not possible to browse the website |
Third part | Term referred to the third party | |||
Functionality cookies | Third part | Facilitate navigation and service provided to the user based on a set of criteria selected by the user | Term referred to the third party | It is not possible to retain the choices made by users while browsing |
Cookie analytics | First part | Collect information in aggregate form about users’ browsing, in order to optimize the browsing experience and services themselves | 14 months | It is no longer possible for the Owner to acquire the aggregate information |
Third part | Term referred to the third party | |||
Profiling cookies | Third part | Create profiles related to the user in order to proceed with sending advertising messages in line with the preferences expressed by the user in the context of navigation | Term referred to the third party | Profiling activities aimed at sending advertising messages cannot be carried out |
Third-party cookies
Third-party cookies, which are cookies created by a website other than the one the user is currently visiting, also operate on this website.
To view the complete and always-updated list of third-party cookies, uncheck and enable cookies, please see the “cookie preferences” page.
What happens if you do not provide your information?
Please see the consequences of deselecting individual cookies as listed in the table above.
How, where and how long is your data stored?
How we process your data
The processing of personal data is carried out through computer procedures by internal persons, specially authorized and trained. They are allowed access to your personal data to the extent that it is necessary for the performance of the processing activities concerning you.
The Data Controller periodically verifies the means by which your data are processed and the security measures provided for them, the constant updating of which it provides for; verifies, also through the authorized persons in charge of the processing, that no personal data whose processing is not necessary are collected, processed, archived or stored; verifies that the data are stored with the guarantee of integrity and authenticity and their use for the purposes of the processing actually carried out.
Where we process your data
Data are stored in computer and telematic archives located within the European Economic Area.
Personal data (first name, last name, email, company affiliation) entered for newsletter subscription are stored in computer and telematic archives located outside the European Economic Area, specifically in the USA, managed by the Mailchimp platform. The Owner guarantees that appropriate security measures are respected, for more information you can write to privacy@lexia.it.
For how long we process your data
Cookies:
Please review the personal data retention periods as shown in the table above.
Site Navigation:
Personal data are retained for as long as necessary to enable navigation of the site, but no longer than 30 days, except in cases where events occur that involve the intervention of the competent Authorities, including in collaboration with third parties/recipients entrusted with the Owner’s data information security activities, to carry out any investigations into the causes that led to the event, as well as to protect the interests of the Owner relating to any liability related to the use of the site and its services.
What are your rights?
At any time, free of charge and without special charges and formalities for your request, you can:
- obtain confirmation of the processing carried out by the Data Controller;
- access your personal data and know their origin (when the data are not obtained from you directly), the purposes and aims of the processing, the data of the subjects to whom they are communicated, the storage period of your data or the useful criteria for determining it;
- update or rectify your personal data so that they are always exact and accurate;
- delete your personal data from the databases and/or archives, including backup archives of the Data Controller in the event, among others, that they are no longer necessary for the purposes of the processing or if it is assumed to be unlawful, and always if the conditions provided for by law are met; and in any case if the processing is not justified by another, equally legitimate reason;
- limit the processing of your personal data in certain circumstances, such as where you have disputed its accuracy, for the period necessary for the Controller to verify its accuracy. You must also be informed, in a reasonable time, when the period of suspension has expired or the cause for the restriction of processing has ceased to exist, and thus the restriction itself lifted;
- obtain your personal data, if received or processed by the Controller with your consent and/or if their processing is on the basis of a contract and by automated means, in electronic format also for the purpose of transmitting them to another data controller.
The Controller must do so without delay and, in any case, no later than one month after receipt of your request. The deadline may be extended by two months if necessary, taking into account the complexity and number of requests received by the Controller. In such cases, the Controller will, within one month of receipt of your request, inform you and make you aware of the reasons for the extension. To exercise your rights, write to privacy@lexia.it.
How and when can you object to the processing of your personal data?
For reasons related to your particular situation, you can object at any time to the processing of your personal data if it is based on legitimate interest by sending your request to the Controller, at privacy@lexia.it.
You are, in addition, entitled to the deletion of your personal data if there is no legitimate reason overriding the one that gave rise to your request.
To whom can you file a complaint?
Regardless of any other action in administrative or judicial proceedings, you may file a complaint with the competent supervisory authority or the one that performs its duties and exercises its powers in Italy where you have your habitual residence or work or if different in the member state where the violation of Regulation (EU) 2016/679 (GDPR) occurred.