02-92853067
Stefano Ricci Stefano Ricci

Privacy Policy

Law Firm Avv. Stefano Ricci
Head Office: Via Pietro Colletta 7 – 20135 Milano (MI) – VAT Number 04850500960
Phone: 02-92853067 – Email: stefano@ricci.legal

Browsing Data

The IT systems and software procedures responsible for the operation of the Site acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature, through processing and association with data held by third parties, could allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and IT environment (such as the name and type of device connecting to the Site). Providing such data is not mandatory, and if the User chooses not to provide such data, they will not be able to browse the Site or access its functionalities.

Purpose of Processing

This data is used to obtain anonymous statistical information on the use of the Site, to check its correct functioning, to improve the quality of services offered, and to optimize the functionality of the Site. Such data is processed to the extent strictly necessary and proportionate to ensure the security of the networks and the information that transits through them.

Legal Basis

Article 6(1)(f) GDPR – Legitimate interest of the data controller in maintaining the Site securely and ensuring that it is not used in ways that harm others’ rights or as a channel for the commission of illegal activities or potential fraud (cf. Recital 47 of the GDPR).

Retention Period

The personal data mentioned in this section is retained for up to 6 months from the date of collection unless the data subject objects, which they can do at any time following the methods indicated in the “Rights of the Data Subject” section of this policy.

Cookies

The data is managed through a cookie management tool, and the cookie policy is shown as an overlay upon first access to the website.

Possible Recipients or Categories of Recipients of Personal Data and Transfer of Personal Data to a Third Country or Outside the European Economic Area

Only authorized individuals, duly instructed (including with regard to security measures and confidentiality obligations) in accordance with Article 29 GDPR, may access the data. This may include employees of the data controller handling user requests via the form present on the site.

Further access to the data may be granted, as independent data controllers or processors under Article 28 GDPR, to professionals and consultants appointed by the Controller. Specifically, but not limited to, the data may be accessed by:

  • Entities providing IT system and communication network management services (including email accounts or payment providers);
  • Companies supporting the controller in the administration of the Site (e.g., the Internet service provider) or in providing the services requested by the user;
  • Couriers and shippers handling product shipments;
  • Competent authorities fulfilling legal obligations and/or requests from public bodies;
  • Other companies within the business group for internal administrative purposes based on the legitimate interest of the controller;
  • Other companies during corporate operations such as acquisitions or splits, provided that it is contractually ensured that such information remains confidential and protected.

To obtain an updated list of entities that may access personal data, a request can be made using the contact details provided.

The controller guarantees that personal data will never be disseminated. If it becomes necessary to transfer the data to a third country outside the EEA, the controller guarantees that such transfer will occur only in the presence of an adequacy decision by the European Commission or other appropriate safeguards provided for by personal data protection regulations (such as the stipulation of standard contractual clauses with the recipient ensuring that the user’s personal data is subject to the same level of protection guaranteed by the controller).

Rights of the Data Subject

Exercising the rights indicated in this section is free of charge and not subject to any formality, except for requests that are manifestly unfounded or excessive under Article 12(5) of the GDPR.

Concerning the processing described in this policy and under the GDPR, the user may exercise the following rights:

  • Right of access to their personal data and all information specified in Article 15 of the GDPR;
  • Right to rectify inaccurate personal data and to complete incomplete data;
  • Right to erase personal data except for those contained in documents that must be mandatorily retained by the Company and unless there is an overriding legitimate reason to proceed with processing;
  • Right to restrict processing under one of the scenarios outlined in Article 18 of the GDPR;
  • Right to object to the processing of personal data, without prejudice to the need and mandatory nature of the processing for establishing the relationship;
  • Right to withdraw consent for non-mandatory data processing without affecting the lawfulness of processing based on consent before its withdrawal.

The Data Subject also has the right to lodge a complaint with the Data Protection Authority (www.garanteprivacy.it) or the Supervisory Authority of the EU Member State where the Data Subject habitually resides, works, or where the alleged violation occurred in relation to a processing activity considered non-compliant.

For any requests, the user can use the contact details provided.

Policy Modifications

Any future changes to this policy will be published on this page. Users can review and stay updated.