PRIVACY POLICY updated to EU Reg 2016/679

1) Introduction Tabellini Avvocati Associati takes the user’s privacy seriously and is committed to respecting it. This privacy policy (“Privacy Policy”) describes the personal data processing activities carried out by Tabellini Avvocati Associati through the website www.studiotabellini.it and the related commitments made in this regard by the Association. Tabellini Avvocati Associati may process the user’s personal data when the user visits the website and uses the services and functionalities available on the website. In the sections of the Website where the user’s personal data are collected, a specific information notice pursuant to art. 13 /15 of EU Reg. 2016/679 is normally published. Where required by EU Reg. 2016/679, the user’s consent will be requested before proceeding to the processing of his/her personal data. If the user provides personal data of third parties, he/she must ensure that the communication of the data to Tabellini Avvocati Associati and the subsequent processing for the purposes specified in the applicable privacy policy is in accordance with EU Reg. 2016/679 and the applicable legislation.

2) Identification details of the data controller, responsible Data controller:

Tabellini Avvocati Associati Corso Stati Uniti, 61 10129 Torino info@studio-tabellini.it

Tabellini Avvocati Associati Viale dei Parioli, 76 00197 Rome info@studio-tabellini.it

It is possible to obtain information on the data stored with us at any time and free of charge, and to exercise the right to correct, block or cancel the data by communicating via email or telephone to the contact details indicated above.

3) Type of data processed Visiting and consulting the website does not generally involve the collection and processing of the user’s personal data except for navigation data and cookies as specified below. In addition to the so-called “navigation data” (see below), personal data voluntarily provided by the user when interacting with the features of the Website or requesting to use the services offered on the Website may be processed. In compliance with the Privacy Code, Tabellini Avvocati Associati may also collect personal data from third parties in the performance of its activities.

4) Cookies and navigation data The webite uses “cookies”. By using the Website, the user consents to the use of cookies in accordance with this Privacy Policy. Cookies are small files stored on the hard disk of the user’s computer. There are two macro-categories of cookies: technical cookies and profiling cookies.‚Ä®Technical cookies are necessary for the correct functioning of a website and to allow the user to navigate; without them the user may not be able to view the pages correctly or use certain services. Profiling cookies have the task of creating user profiles in order to send advertising messages in line with the preferences expressed by the same during navigation. Cookies can also be classified as:

_ “session” cookies, which are deleted immediately when the browser is closed; _ “persistent” cookies, which remain in the browser for a certain period of time. They are used, for example, to recognize the device that connects to a website to facilitate the authentication process for the user; _ “own” cookies, generated and managed directly by the manager of the website on which the user is browsing; _ “third party” cookies, generated and managed by parties other than the manager of the website on which the user is browsing.

5) Cookies used on the website The website uses the following types of cookies:

1) own, session and persistent cookies, necessary to allow navigation on the website, for internal security and system administration purposes;

2) third party cookies, session and persistent, necessary to allow the user to use multimedia elements on the website, such as images and videos;

3) third-party persistent cookies used by the Website to send statistical information to the Google Analytics system, through which Tabellini Avvocati Associati can carry out statistical analysis of accesses/visits to the Website. The cookies used pursue exclusively statistical purposes and collect information in aggregate form. Through a pair of cookies, one persistent and the other session (which expires when you close your browser), Google Analytics also saves a log of when you visit the Website and when you leave the Website. You can prevent Google from collecting data via cookies and the subsequent processing of the data by downloading and installing the browser plug-in at the following address: http://tools.google.com/dlpage/gaoptout?hl=it

4) Third-party, persistent cookies used by the Website to include the buttons of certain social networks (Facebook, Twitter and Google+) on its pages. By selecting one of these buttons, the user can publish on his or her personal page of the relevant social network the contents of the web page of the Website he or she is visiting. The Website may contain links to other websites (so-called third party websites). Tabellini Avvocati Associati has no access to or control over cookies, web beacons and other user tracking technologies that may be used by third party websites that the user may access from the website; Tabellini Avvocati Associati has no control over the contents and materials published by or obtained through third party websites, nor over the related methods of processing the user’s personal data, and expressly disclaims any responsibility for such eventualities. The user is required to check the privacy policy of third party websites accessed through the Website and to inform himself about the conditions applicable to the processing of personal data. This Privacy Policy applies only to the Website as defined above.

6) How to disable cookies in the browser **We suggest reading the guide for each browser for the procedure of deactivation of cookies.

7) Storage of personal data Personal data are stored and processed through information systems owned and managed by Tabellini Avvocati Associati or by third party technical service providers; for further details please refer to the section “Scope of accessibility of personal data” below. The data is processed exclusively by specifically authorized personnel, including personnel in charge of performing extraordinary maintenance operations.

8) Purposes and methods of data processing Tabellini Avvocati Associati may process your common and sensitive personal data for the following purposes: use by users of services and features on the Website, management of requests and reports from its users, sending newsletters, management of applications received through the Website, etc. In addition, with the further and specific optional consent of the user, Tabellini Avvocati Associati may process personal data for marketing purposes, i.e. to send the user promotional material and/or commercial communications relating to the services of the Association, at the addresses indicated, both through traditional methods and/or means of contact (such as, paper mail, telephone calls with operator, etc.) and automated (such as, communications via internet, fax, e-mail, sms, applications for mobile devices such as smartphones and tablets – cd. APPS-, social network accounts -e.g. via Facebook or Twitter-, telephone calls with automatic operator, etc.). Personal data are processed both in paper and electronic form and entered into the company’s information system in full compliance with EU Reg 2016/679, including security and confidentiality profiles and inspired by the principles of fairness and lawfulness of treatment. In accordance with EU Reg 2016/679 the data are kept and stored for the period of time necessary for the treatment.

9) Security and quality of personal data Tabellini Avvocati Associati is committed to protecting the security of the user’s personal data and complies with the security provisions of the applicable legislation in order to avoid data loss, illegitimate or unlawful use of data and unauthorized access to them, with particular reference to the Technical Regulations on minimum security measures. Moreover, the information systems and computer programs used by Tabellini Avvocati Associati are configured in such a way as to minimize the use of personal and identification data; such data are processed only to achieve the specific purposes pursued from time to time. Tabellini Avvocati Associati uses a number of advanced security technologies and procedures to help protect users’ personal data; for example, personal data is stored on secure servers located in secure, controlled-access areas. The user can help Tabellini Avvocati Associati to update and keep their personal data correct by communicating any changes to their address, qualification, contact information, etc.

10) Scope of communication and access to data The user’s personal data may be communicated to all subjects whose right to access such data is recognized by virtue of regulatory measures; to our collaborators, employees, within the scope of their duties; to all those individuals and/or legal entities, public and/or private when the communication is necessary or functional to the performance of our activities and in the manner and for the purposes described above;

11) Nature of the conferment of personal data The conferment of certain personal data by the user is mandatory in order to allow the Company to manage communications, requests received from the user or to contact the user to follow up on his request. This type of data is marked with an asterisk symbol [*] and in this case the provision of such data is obligatory in order to allow the Company to follow up on the request which, if not provided, cannot be processed. On the contrary, the collection of other data not marked with an asterisk is optional: failure to provide such data will not entail any consequences for the user. The provision of personal data by the user for marketing purposes, as specified in the section “Purposes and methods of treatment” is optional and refusal to provide them will have no consequence. The consent given for marketing purposes is intended to be extended to the sending of communications made through methods and / or means of contact both automated and traditional, as exemplified above.

12) Rights of the data subject 12.1 Art. 15 (right of access), 16 (right of rectification) of EU Reg. 2016/679.

The data subject shall have the right to obtain from the data controller confirmation as to whether or not personal data concerning him or her are being processed and, if so, to obtain access to the personal data and the following information:

  1. a) the purposes of the processing;
  2. b) the categories of personal data in question;
  3. c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations;
  4. d) the expected period of retention of the personal data or, if this is not possible, the criteria used to determine this period;
  5. e) the existence of the right of the data subject to request from the data controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her or to object to their processing;
  6. f) the right to lodge a complaint with a supervisory authority;
  7. h) the existence of an automated decision-making process, including profiling and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of such processing for the data subject.

12.2 Right referred to in Article 17 of EU Reg. 2016/679 – right to erasure (“right to be forgotten”) The data subject shall have the right to obtain from the data controller the erasure of personal data concerning him or her without undue delay, and the data controller shall be obliged to erase the personal data without undue delay, if any of the following grounds apply:

  1. a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  2. b) the data subject withdraws the consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a) and if there is no other legal basis for the processing;
  3. c) the data subject objects to the processing pursuant to Article 21(1) and there is no overriding legitimate ground for processing, or objects to the processing pursuant to Article 21(2);
  4. d) the personal data have been unlawfully processed;
  5. e) the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
  6. f) the personal data have been collected in connection with the provision of information society services as referred to in Article 8(1) of EU Reg. 2016/679

12.3 Right referred to in Art. 18 Right to restriction of processing. The data subject shall have the right to obtain from the data controller the restriction of processing when one of the following cases applies:

  1. a) the data subject disputes the accuracy of the personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
  2. b) the processing is unlawful and the person concerned objects to the deletion of the data; 2. c) the person concerned objects to the deletion of the data.
  3. c) although the data controller no longer needs the personal data for the purposes of processing, the personal data are necessary for the establishment, exercise or defence of legal claims;
  4. d) the data subject has objected to the processing pursuant to Article 21(1), EU Reg 2016/679 pending verification as to whether the legitimate grounds of the data controller prevail over those of the data subject.

12.4 Right referred to in Article 20 Right to data portability. The data subject has the right to receive in a structured, commonly used and machine-readable format the personal data concerning him/her provided to a data controller and has the right to transmit such data to another data controller without hindrance by the data controller

  1. Revocation of consent to treatment The interested party may revoke consent to the processing of personal data by sending a communication to the following address: Tabellini Avvocati Associati – Corso Stati Uniti, 61, 10129 Turin; Viale dei Parioli, 76, 00197 Rome or to the following email address: info@studio-tabellini.it, accompanied by a photocopy of your identity document, with the following text: <<revocation of consent to the processing of all my personal data>>. At the end of this operation your personal data will be removed from the archives as soon as possible.