Pursuant to Articles 13 and 14 Regulation EU 2016/679, we hereby provide you with the following information about the processing of your personal data, i) which is collected through this website and/or ii) processed whilst providing our professional services as lawyers further to instructions having been given to act either in and out of court (even if such data has not been collected through this website). Legal services are provided by our lawyers individually, who do not belong either to a law firm or to a partnership. This notice concerns exclusively the website www.grlegal.it and does not concern other websites that may be accessed by users through links that are present on this website. The contents of this document may be supplemented, where necessary, by other specific information that will from time to time be provided by each of our lawyers to the data subjects upon their personal data being collected and/or acquired.

Data Controller

The data controllers for the personal data provided and/or collected through the www.grlegal.it website or the e-mails milano@grlegal.it, padova@grlegal.it and roma@grlegal.it are Luca Giove and Aurelio Richichi. The data controller for the processing of personal data provided after one of our lawyers has been instructed to act either in and out of court in specific cases (even if such data has not been collected though this website) is the lawyer who has thus been instructed to act, whose details are indicated in our website link “Our  People”. In the case of activities being carried out jointly by two or more lawyers, such lawyers shall be joint data controllers. In case of a request containing personal data being forwarded directly to a single lawyer (even via e-mail), the data controller shall be only such lawyer.

The processing of data collected through this website

This website is of a merely informative nature and describes the activities carried out by our lawyers. The data processed through this website concerns solely data: i) voluntarily submitted in hard copy and/or soft copy through our lawyers’ e-mail addresses; ii) data provided voluntarily by users through their contact forms, such as addresses and other identifying information (name, surname, etc.), information on their educational and career path contained in their curricula vitae, or other personal data that has been voluntarily provided by such users, which will be processed – depending on the purpose that will be specified by such users upon contacting us – to send information concerning our activities, to select staff, to provide legal advice and/or assistance.

Use of Cookies: We do not use cookies for the processing of personal data, nor do we use so-called persistent cookies of any sort whatsoever, including systems for tracking users permanently. The use of so-called session cookies (which are not stored permanently on the user’s computer and disappear when the browser is closed) is strictly limited to transmitting session identifiers (consisting of random numbers generated by the server) that are necessary to allow for the safe and efficient exploration of websites. Modern browser programmes allow users to delete cookies from their hard drive, block cookies or receive a warning before a cookie is installed. Even though cookies enhance the use of a website by visitors, it will have to be the latter who decide whether to allow a cookie to be registered on their computer.

Anonymous Browsing Data: Computer systems used for making websites work acquire, during the course of normal activity, personal data whose transmission is implicit in the use of Internet communication protocols. This is data which is originally anonymous and which is not collected for the purpose of associating it with specific users, but which, by its very nature could, through the processing and association thereof with data held by third parties that is not in our possession, allow users to be identified. This category of data includes the IP addresses of computers used by users who connect to this website, the time of request, the method used to submit the user’s request to the server, the size of the file obtained in reply, the numerical code indicating the status of the server’s response (successful, error, etc..) and other parameters regarding the user’s operating system and computer environment. This data may be used for the sole purpose of obtaining anonymous statistical information about the website and check the correct functioning thereof. The data may be used to ascertain liability in case of possible computer crimes committed against the website.

Data processed for the purpose of carrying out instructions received from a client

The personal data that is processed can, depending on the situation, consist in personal data (name, surname, date of birth, address, etc.), contact details (e.g. telephone number, email etc.), data disclosing criminal convictions, as well as ongoing criminal proceedings (judicial data), special categories of personal data and/or any other data connected with the performance of professional appointments or the fulfilment of legal obligations (for example those connected with anti-money laundering legislation, etc.)

The processing of personal data by each lawyer is intended solely for the purpose of the proper and complete performance of the instructions received by the latter in relation to work to be conducted either in or out of court and the related legal, administrative and accounting obligations. The data collected for the purpose of carrying out a professional assignment may be communicated by the data subject through this website or may be collected by our lawyers or communicated to them by other means (e.g. fax, telephone, e-mail, during personal meetings etc.) or contained in written or verbal communications or hard or soft documents. The data thus processed may refer both to the client or a third party and may include data identifying the latter, data records, data relating to civil or criminal wrongdoing, as well as data of a sensitive nature, in which case the data controller will obtain the express consent of the data subject pursuant to the law.

Method of data processing

Data will be collected with or without the aid of electronic means and may also be processed by automated means. In any event, data will be collected with instruments that are designed to guarantee the safety and confidentiality thereof (and in compliance with the principles of fairness, lawfulness and transparency) solely for the duration of the assignment and/or of the request received from a client, unless the law permits or requires data to be preserved after the termination of the said assignment. The personal data will, after the assignment had been terminated, be kept for the purpose of fulfilling the related legal, administrative and accounting obligations and fulfilling the obligations provided for under the law – including accounting obligations – for the term foreseen under the applicable legislation and, in any case, for a term not exceeding 10 years (i.e. the term provided for under the statute of limitations).

Personal data (with the exception of browsing data) and/or, where applicable, sensitive o judicial data, may or may not be conferred, however the refusal to do so may result in our lawyers’ inability to carry out the activities needed to perform the instructions given to them or to fulfil the client’s specific requests. Personal data may be disclosed to those in charge of processing personal data (e.g,. secretarial staff, trainees and other members of staff indicated on this web page in “Our People” section) and may be made available to service providers, contractors (including technical consultants, translators, etc.), persons working in the justice sector, counterparts and their lawyers, arbitration panels and, in general, all those public and private entities to whom such data must be disclosed for the proper performance of the professional assignment and/or for the fulfilment of a client’s request and/or in observance of the obligations provided for under the law (including, for administrative and/or accounting purposes). Personal data shall not be disseminated. Personal data may be transferred to countries within the European Union and to third countries for the purposes stated in this notice, but only with the data subject’s consent or should the transfer be necessary to carry out the requested professional activities.

Rights of data subjects

Articles 15-22 confers upon the data subject certain rights, including the right to: i) ask the professional to access the data subject’s personal data and information concerning the latter; rectify inaccurate data or integrate incomplete data; delete personal data concerning the latter (upon one of the conditions indicated in Article 17, paragraph 1 of the Regulation occurring, in compliance with the exemptions provided for under paragraph 3 of the said Article); restrict the processing of the data subject’s personal data (upon one of the situations indicated in Article 18, paragraph 1 of the Regulation occurring); ii) request and obtain from the professional – in those situations in which the legal basis for processing the data is the contract or consent, and it is done by automated means – the data subject’s personal data in a structured and readable format by automatic devices, also for the purpose of disclosing such data to another data controller (the so-called right to portable personal data); iii) object at any time whatsoever to the processing of data subject’s personal data upon particular situations that concern him or her occurring; iv) revoke his or her consent at any time whatsoever, limited to the cases in which the processing is based on consent for one or more specific purposes and concerns common personal data (for example date and place of birth or place of residence), or particular categories of data (e.g. data revealing the data subject’s racial origin, political opinions, religious convictions, health status or sexual life). Data that has been processed with the data subject’s consent prior to the revocation of such consent leads, however, such processing to be lawful; v) lodge a complaint before a supervisory authority (for the Italian territory, the Data Protection Authority – www.garanteprivacy.it).The data subject is entitled, moreover, to request the updating, rectification and integration of such data, as well as the deletion or transformation thereof into in an anonymous form or the blocking of data processed in violation of the law. The data subject is entitled to stop, for legitimate reasons, the processing of such data.

The data subject may exercise his or her rights under Articles 15-22 of the Regulation by contacting the lawyer retained by him or her without any formality whatsoever, sending an email to the relevant lawyer’s e-mail address indicated in this website (section “Our People”). As regards all requests sent by e-mail to the addresses milano@grlegal.itpadova@grlegal.it and roma@grlegal.it the data controllers are Luca Giove and Aurelio Richichi. Data subjects may exercise their rights by contacting the latter at the following e-mail addresses: a.richichi@grlegal.it and l.giove@grlegal.it. If you believe that your rights have been infringed by the data controller and/or a third party, you have the right to lodge a complaint with the Data Protection Authority and/or other competent supervisory authority under the Regulation.