Data Protection Policy

Web-Site Data Protection Notice
in accordance with artcles 13 and 14 of the Regulation (EU) 2016/679 (GDPR)

Serantoni e Associati (hereinafter, “Firm“), is attentive to the data protection and the respect of personal information collected for the exercise of its professional activity.

This page contains informations relating to the processing1 of users’ personal data (hereinafter “Users”) who consult and use the services offered through the web-site https://www.studio-serantoni.it (hereinafter, “Web-Site”), in compliance with the provisions introduced by the EU Regulation 2016/679 (GDPR) and of Legislative Decree 101/2018.

The policy is provided only for the Site and not for other websites that may be consulted by the Users through the links (hypertext links) present on the Web-Site. The existence of one or more links to a site not belonging to the Firm, does not imply the approval or acceptance of responsibility by the Firm, regarding the content or use of a third party web-site.

1. GENERAL INFORMATION

The consultation of the Web-Site takes place as a simple visitor.

2. DATA CONTROLLER OF THE PROCESSING

The Processing Data Controller is the Firm Serantoni e Associati, site in Bologna (BO), Piazza Minghetti, 4/D, fiscal code and V.A.T. 03939290379 (herinafter “Firm” or “Data Controller“).

You can contact the Data Controller:

  • at the telephone number +39 051 239789
  • at the fax number +39 051 223913
  • or by writing to the registered office
  • or by sending an e-mail to the address: privacy@studio-serantoni.com.

3. PURPOSE OF THE PROCESSING OF PERSONAL DATA OF DATA SUBJECT

The Data Controller processes the Users’ Personal Data, for the following purposes:

  1. to allow Users to browse the Web-Site (through technical cookies,);
  2. to collect useful information on the number of Users and how they visit the Site, in order to optimize it, analyze its performance and adapt the professional offer (through statistical cookies);
  3. to process requests for information on services and evaluation of CVs forwarded by Users (through the processing of data spontaneously sent by the User via the addresses indicated in the “Contacts”, “Careers” etc. pages).

4. CATEGORIES OF PERSONAL DATA PROCESSED

  1. Browsing data 2.
    For the purposes referred to in letters a) and b) of the article 3, browsing data are processed.
    For futher information see the Cookie Policy.
  2. Data provided voluntarily by the Users3.
    For the purposes indicated in letter c) of the article 3, the categories of personal data that the User decides to share are processed.

5. NATURE OF THE PROVISION OF SUCH DATA

The provision of data by Users is necessary for the purposes specified above. Any refusal to provide the personal data requested may determine:

  • for the purposes referred to in the article 3 letter a), the impossibility of using the services offered by the Web-Site;
  • for the purposes referred to in the article 3 letter b), the impossibility of activating analytical cookies;
  • for the purposes referred to in the article 3 letter c),the impossibility to answer to information requests.

6. LEGAL BASIS FOR DATA PROCESSING

With regards to the purpose referred to in the article 3 letter a), for the what entails data acquired from purely technical cookies, the legal basis is represented by the legitimate interest of the owner to check the correct functioning of the Web-Site.

With regard to the purpose referred to in the article 3 letter b), for the what entails data acquired from other cookies, the legal basis is represented by the consent (preference) expressed by the User.
With regard to the purposes referred to in the article 3, letter c), the legal basis is determined by the need to provide the services requested by Users.

7. LEGAL TERMS FOR DATA CONSERVATION

The conservation period of Users’ browsing data over time is described in detail in the Cookies Policy.

The data related to the communications sent via e-mail to the Firm, that will be provided spontaneously, will be stored and processed for the time necessary for the performance of the services requested, with respect to the purposes listed above, in any case the conservation period will not exceed 2 years from the last contact received.

8. SUBJECTS TO WHOM PERSONAL DATA MAY BE COMMUNICATED OR SUBJECTS WHO MAY COME TO KNOWLEDGE AS PROCESSOR OR AUTHORIZED PERSONS, AND THE SCOPE OF DIFFUSION OF DATA

The browsing data will be processed by the Firm and may be shared with IT service providers which are linked to the management and functioning of the Web-Site and / or to third parties. For further details, please refer to the Cookies Policy.

The data provided voluntarily by Users may be shared with suppliers and/or third parties whenever it is deemed necessary for the provision of the services requested by Users.

9. TRANSFER OF DATA ABROAD

The management and storage of browsing data referred to in article 4 letter a), will take place on servers located within the European Union of the Data Controller and/or third party companies appointed and duly appointed as Data Processors. The servers are currently located in Italy.

With regards to the browsing data mentioned in art. 4 letter b) as well as the management of preferences and consents expressed by Users, the Firm uses services (cookies and consent software) whose suppliers are, partially located outside the European Union or the European Economic Area, in so-called third countries or process personal data in such countries. In some of these countries the level of data protection corresponds to that of the European Union (for example as regards the USA where the data collected by analytical cookies managed by Google are transferred); in others (countries) the level of data protection does not correspond to that of the European Union. In such cases, appropriate precautions have been taken to ensure an adequate level of data protection for any type of transfer. These include, among many others, the European Union’s standard contractual clauses or the internal binding corporate rules on data protection (for more details on transfers see the Cookie Policy).

The management and storage ofthe personal data provided spontaneously by Users referred to in article 4 letter b), will be carried out on servers, located within the European Union, of the Data Controller and / or ThirdParty companies in charge and duly appointed as Data Processors. Currently the servers are located in Italy.

10. USERS RIGHTS

Users may exercise, towards the Data Controller, the rights expressly recognized in Articles 15 and following of the GDPR, by using the contact details of the Data Controller mentioned in this policy, including:

  1. to obtain the confirmation of existence or not-existence of personal data concerning them, even if not registered yet, and their communication in an understandable form;
  2. to obtain the informations about: a) the origin of personal data; b) the purposes and methods of the data processing; c) the logic applied in case of the processing carried out with the aid of electronic instruments; d) the identification details of the Data Controller, of the Processors pursuant to art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or can learn about them as processors or authorized persons;
  3. to request and obtain – in the event that the legal basis is a contract or consent – that the data are transmitted in a structured and legible format by an automatic device, also in order to communicate such data to a new data controller (so-called right to portability);
  4. to obtain: a) the updating, adjustment or, when there is interest, the integration of data; b) the deletion (so-called right to be forgotten), the transformation into anonymous form or blocking of data processed unlawfully, including data whose conservation is unnecessary for the purposes for which data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disclosed, except in the case where such fulfilment is impossible or involves an obvious disproportion relative to the protected right use of means;
  5. to proceed to: a) the opposition, for the whole or for a part, by legitimate reasons of personal data processing provided, even if appropriate to the purpose of the collection; b) the request to be informed about the existence of a decision-making process aimed at sending advertising material or carrying out market research or commercial communications. Once the opposition to the data processing has been received at the address indicated in the epigraph, the personal data will no longer be processed, except to the extent permitted by applicable laws and regulations;
  6. to limit the processing of data, i.e. to allow processing within the limits of data conservation, for the assessment, exercise or defense of a right in court or to protect the rights of another natural or legal person or for reasons of relevant public interest of the Union or of a Member State, in the cases provided for by the GDPR.

At last, Users have the right to complain to the Guarantor Authority, which may be exercised:

  1. by recorded delivery addressed to “Garante per la Protezione dei Dati personali”, Piazza Venezia 11, 00187 Rome;
  2. by e-mail to: garante@gpdp.it, or protocollo@pec.gpdp.it; fax to the number: 06 / 69677.3785.

1 By Processing of personal data,it is to be intended any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, elaboration, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise the making available, alignment or combination, restriction, erasure or destruction.

2 By browsing data we are to be intended the IP addresses or domain names of the computers used by the Users who connect to the Web-Site, the URI addresses (Uniform Resource Identifier) of the requested resources, the time of request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the User’s IT environment.

3 By Data voluntarily sent by the User are to be intended the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. These data are used for the sole purpose of carrying out the service or provision requested.