Here is how Storari Studio Legale – Avvocato Alessio Storari processes the user's personal data through the website www.storaristudiolegale.it (“Website”) according to the General Data Protection Regulation (EU) n. 2016/679 (“GDPR”) and d. lgs. n. 196/03 (“Privacy Code”).

By surfing this webpage the user agrees to the processing of his or her personal data.

INFORMATION AND ACCESS TO PERSONAL DATA (ART. 13 GDPR) – CONSENT

1) the processing of personal data by private actors is allowed as the data subject has freely given consent to the processing of his or her personal data; data subject consent has been preceded by the following note on the processing of personal information under article 13 GDPR, formerly regulated in article 13 Privacy Code;
2) the legal ground for the processing is the consent (article 6, §1, a), GDPR); moreover, the processing is necessary for the performance of the contract (article 6, §1, b), GDPR); the refusal to consent, even partially, or to provide the personal data requested could entail the non-acceptance and the non-execution of the contract or related tasks as well as the failure to carry on those currently underway; 
3) personal data acquired, even from third parties, will be processed in compliance with the law and professional secrecy obligation, including identification, registration and reporting obligations appointed by the anti-money laundering legislation, as well as to fulfill tax and invoicing obligations; e.g. personal data could be processed by colleagues and professionals appointed to address tax and invoicing duties, accountants and their assistants;
4) any operation or set of operations which is performed on personal data or on sets of personal data, including the computerised-telematic management and even beyond the conclusion of the assignment (e.g. collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction) will ensure an adequate level of security and secrecy. I expressly agree to the use of online storage tools, even the so-called “cloud” storage tools, specifically Dropbox Business, a service provided by Dropbox, offered by the American company Dropbox, Inc., headquarter in San Francisco, California, in the United States of America;
5) to fulfill assignment and within the limits and for the purposes referred to in point 3), personal data might be communicated and/or processed by appointees, colleagues and partners of the law firm, also for the accounting management and maintenance of electronic instruments; personal data might also be communicated to fulfill the assigned tasks or to comply with legal obligations, and they might be communicated to public and/or private subjects and to judicial authorities; personal data are not subject to dissemination nor to any automated decision-making, including profiling; 
6) personal data could be transferred to European Union Countries, to a third Country or to an international organisation in compliance with the GDPR, specifically through the Dropbox Business service offered by the American company Dropbox, Inc., headquarter in San Francisco, California, in the United States of America, which guarantees that “Dropbox Business is certified as being compliant with the most widely accepted security and privacy standards and regulations in the world, such as ISO 27001/2, ISO27018/17 and SOC 2. Our cross-functional team of data protection specialists has put together a series of insights and resources to help you on your path to GDPR compliance". Dropbox policies can be checked online at:
- https://www.dropbox.com/en_GB/security/GDPR (“Dropbox's General Data Protection Regulation (GDPR) Guidance Centre”);
- https://help.dropbox.com/accounts-billing/security/standards-regulations?fallback=true (“Standards and regulations that Dropbox Business and Dropbox Education comply with”)
- https://assets.dropbox.com/documents/en/legal/data-processing-agreement-dfb-013118.pdf (“Data Processing Agreement”);
- https://www.dropbox.com/business/trust/compliance/certifications-compliance (“Complying with standards and regulations”);

Please be aware of the Court of Justice of the European Union Judgment in Case C-311/18 - Data Protection Commissioner v Facebook Ireland and Maximillian Schrems: pursuant to article 49, §1, a), GDPR; the European Data Protection Board issued guidelines on article 49 GDPR derogations which are applied on a case-by-case basis; data subject has been informed and is aware of the risks involved in the transfer of data to the United States of America pointed out in the aforementioned judgement and explicitly agrees to such transfer.

7) under article 5, §1, lett. e) GDPR, once the tasks have been carried out, related data will be kept for no longer than necessary for the purposes for which the personal data are processed, within a ten-year period;
8) the data controller is lawyer Alessio Storari, C.F. STR LSS 79M03 L781L, born in Verona on August 3, 1979, whose law firm is in 37126 – Verona, via Tonale n. 16, full contact details in the footnote or in any case at the addresses available at the Bar Association, currently the Bar Association of Verona. The data controller shall appoint “persons who, under the direct authority of the controller or processor, are authorised to process personal data” under article 4, n. 10, GDPR;
9) the data subject shall have the right to exercise his or her rights under articles 15-22 GDPR by sending a request to the contact details mentioned in article 8); particularly the data subject shall have the right to obtain from the controller the rectification of inaccurate personal data, the erasure of personal data, or a restriction of processing, access to the personal data, and to obtain from the controller a copy of the personal data undergoing processing, the right to object at any time to processing of personal data, the right to data portability, the right to lodge a complaint with a supervisory authority, the right to withdraw consent, without affecting the lawfulness of processing based on consent given before its withdrawal; 
10) the data subject has been informed that decisions, which produce legal effects, could be based on automated processing, if the decision is necessary for entering into, or for the performance of, a contract between the data subject and a data controller or if the decision is authorised by Union or Member State law to which the controller is subject;
11) GDPR and Privacy Code can be found here: https://www.garanteprivacy.it/web/guest/home_en;

Google Analytics
Google Analytics is a web service provided by Google Inc. (“Google”): please check the following policies:
https://policies.google.com/privacy
https://tools.google.com/dlpage/gaoptout

Data provided by the user
By sending messages through the Webiste, the user agrees to the processing of the personal data provided.

Cookies
The Website uses cookies, in combination with pixels, local storage objects, and similar devices (collectively, "cookies" unless otherwise noted) to distinguish you from other users of the Website.

You don't need to allow cookies to visit every page of the Website, but enabling cookies allows for a more tailored browsing experience and is required for certain parts of the Website to function. Most of the time, cookies don't provide the Website with any of your personal data.

A cookie is a small file of letters and numbers stored on your browser or hard disk. When you visit the Website, strictly necessary cookies will be placed on your device. You can change the cookie settings that will be placed when you visit our Website by changing the settings on your browser.

First and third-party cookies: whether a cookie is 'first' or 'third' party refers to the domain placing the cookie.

Third-party cookies are cookies that are set by a domain other than that of the Website. If a user visits a website and another entity sets a cookie through that website, this would be a third-party cookie.

Persistent cookies: these cookies remain on the user's device for the period of time specified in the cookie. They are activated each time the user visits the website that created that cookie.

Session cookies: these allow website operators to link the actions of the user during a browser session, which starts when the user opens the browser window and finishes when he or she closes the browser window. Session cookies are created temporarily: once the browser is closed, all session cookies are deleted.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. If you use your browser settings to block all cookies (including strictly necessary cookies), you may not be able to access all or parts of the Website.

Internet browsers allow you to change your cookie settings. These settings are usually found in the 'options' or 'preferences' menu of your internet browser.

Purposes and means of the processing
Personal data can be processed by automated services and Cloud services, particulary Dropbox Business, provided by Dropbox Inc. (see above).

Rights
The data subject shall have the right to exercise his or her rights under articles 15-22 GDPR by sending a request to the contact details mentioned in article 8); particularly the data subject shall have the right to obtain from the controller the rectification of inaccurate personal data, the erasure of personal data, or a restriction of processing, access to the personal data, and to obtain from the controller a copy of the personal data undergoing processing, the right to object at any time to processing of personal data, the right to data portability, the right to lodge a complaint with a supervisory authority, the right to withdraw consent, without affecting the lawfulness of processing based on consent before its withdrawal.

For any issue about privacy, write to: studio@storaristudiolegale.it.

This Privacy Policy is periodically updated.

--

Professional insurance:

Alessio Storari R.C. AIG n. IPA0003709

Sara Uboldi R.C. Generali s.p.a. n. 370632778

Martina Vivirito Pellegrino R.C. Generali s.p.a. n. 390444203

Maria Irene Severino R.C. Generali s.p.a. n. 410025602

--

Here you can find our ethical code: http://www.consiglionazionaleforense.it/deontologia