PURPOSES OF PROCESSING
Browsing all pages of www.sghslawfirm.com and www.sghs-lawfirm.com is free and unrestricted. No data is processed or collected without forms, plugins, or other accessories, except for the option to leave comments under the publications (an optional choice for users if they want to leave comments under one or more articles).
In this case, the data freely provided and without an obligation to provide truthful information are submitted by the user and processed solely by SGHS LAW FIRM for the following purposes:
- Allowing the User to interact and submit questions. The user can express their desire not to receive responses, communications, not to be contacted, and not to consent to data processing by sending an email to email@example.com.
TYPES OF DATA COLLECTED AND PROCESSED
Notwithstanding the personal autonomy and the individual’s freedom to provide or not provide their data to the Data Controller/author of the blog, providing data when leaving comments includes: name and email.
Failure to provide, even partially, any of this data will result in the user being unable to leave their comment.
CONTENT FROM THIRD-PARTY PLATFORMS
Facebook, Twitter, Linkedin. These are third-party platform services that collect traffic data related to the site where they are installed. The collected data includes account name, email, and user usage data. For processing methods, location, and other details, please refer to the respective Privacy Policies of each platform.
DATA CONTROLLER, PROCESSORS, AND DATA PROCESSORS
The data controller is SGHS LAW FIRM AVVOCATI ASSOCIATI GOLDANIGA SAVONA & Partners, based in Bergamo.
The data processor is lawyer Marta Savona, with an office in Bergamo, Passaggio San Bartolomeo n. 3; email: firstname.lastname@example.org.
Upon authorization and for technical reasons, the Data Controller, processor, and processors may authorize third parties to access the site for limited periods and for technical needs. The technicians of Siteground, the chosen hosting service, also have access to the site, but only with the authorization of the Data Controller.
LOCATION AND TRANSFER OF DATA TO THIRD COUNTRIES
The collected data is processed at the offices of the Data Controller, mainly in Bergamo, or in the places where the Data Controller, processor, and processors are located at the time of access with credentials to the site. The Data Controller will not transfer personal data to third countries.
The provided data will be processed and stored by the Data Controller and processor for purposes strictly related to the above-mentioned purposes and will be kept by the Data Controller for the duration of service provision and the purposes of the blog (publication of articles and the duration of the website). There are no plans to close the site, as both the domain and hosting have already been renewed until 2019. Therefore, the retention period corresponds to the duration of the website. However, in the event of cessation and/or closure of the site and/or deletion of all connected pages from the web, the data collected from the User will be deleted and destroyed without being passed on to third parties, subject to the conditions set by the hosting service.
RIGHTS OF THE DATA SUBJECT
The data subject may at any time exercise their rights with the Data Controller in accordance with Legislative Decree 193/2006 and Regulation (EU) 2016/679. The undersigned SGHS LAW FIRM provides the following rights:
1. RIGHT OF ACCESS BY THE DATA SUBJECT – Art. 15 Reg. (EU) 2016/679
The data subject has the right to obtain from the Data Controller confirmation as to whether or not personal data concerning them is being processed and, if so, access to the personal data and the following information:
- Purposes of the processing;
- Categories of personal data involved;
- Recipients or categories of recipients to whom the personal data has been or will be disclosed, particularly recipients in third countries or international organizations;
- If possible, the envisaged period for which the personal data will be stored or, if not possible, the criteria used to determine that period;
- The existence of the right to request from the Data Controller rectification or erasure of personal data or restriction of processing concerning the data subject or to object to such processing;
- The right to lodge a complaint with a supervisory authority;
- If the data is not collected from the data subject, any available information as to its source;
- The existence of automated decision-making, including profiling, referred to in Art. 22, paragraphs 1 and 4, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
2. Where personal data is transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Art. 46 relating to the transfer.
3. The Data Controller shall provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, the Data Controller may charge a reasonable fee based on administrative costs. If the data subject makes the request electronically, unless otherwise requested, the information shall be provided in a commonly used electronic format.
4. The right to obtain a copy referred to in paragraph 3 must not adversely affect the rights and freedoms of others.
RIGHT TO RECTIFICATION – Art. 15 Reg. (EU) 2016/679
The data subject has the right to obtain from the Data Controller the rectification of inaccurate personal data concerning them without undue delay. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.
RIGHT TO ERASURE (“RIGHT TO BE FORGOTTEN”) – Art. 17 Reg. (EU) 2016/679
The data subject shall have the right to obtain from the data controller the erasure of personal data concerning him or her without undue delay, and the data controller shall have the obligation to erase personal data without undue delay if one of the following grounds applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The data subject withdraws consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a), and where there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2).
- The personal data have been unlawfully processed.
- The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the data controller is subject.
- The personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
- Where the data controller has made the personal data public and is obliged, pursuant to paragraph 1, to erase them, the data controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform other data controllers processing the personal data that the data subject has requested erasure by such data controllers of any links to, or copy or replication of, those personal data.
- The paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
1. For exercising the right of freedom of expression and information.
2. For compliance with a legal obligation which requires processing by Union or Member State law to which the data controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
3. For reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) and Article 9(3).
4. For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) to the extent that the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
5. For the establishment, exercise, or defense of legal claims.
RIGHT TO RESTRICTION OF PROCESSING – Art. 18 Reg. (EU) 2016/679
The data subject shall have the right to obtain from the data controller the restriction of processing where one of the following applies:
- The data subject contests the accuracy of the personal data, for a period enabling the data controller to verify the accuracy of the personal data.
- The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
- The data controller no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims.
- The data subject has objected to processing pursuant to Article 21(1), pending the verification whether the legitimate grounds of the data controller override those of the data subject.
- Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
- The data subject who has obtained the restriction of processing pursuant to paragraph 1 shall be informed by the data controller before the restriction of processing is lifted.
RIGHT TO DATA PORTABILITY – Art. 20 Reg. (EU) 2016/679
- The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a data controller, in a structured, commonly used, and machine-readable format, and have the right to transmit those data to another data controller without hindrance from the data controller to which the personal data have been provided, where:
• The processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) or on a contract pursuant to Article 6(1)(b); and
• The processing is carried out by automated means.
• In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one data controller to another if technically feasible.
• The exercise of the right to data portability pursuant to paragraph 1 shall be without prejudice to Article 17. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
• The right to data portability pursuant to paragraph 1 shall not adversely affect the rights and freedoms of others.
RIGHT TO OBJECT – Art. 21 Reg. (EU) 2016/679
1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to the processing of personal data concerning him or her based on Article 6(1)(e) or (f), including profiling based on those provisions. The data controller shall no longer process the personal data unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.
2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, including profiling to the extent that it is related to such direct marketing.
3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
4. The right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information at the latest at the time of the first communication with the data subject.
5. In the context of the use of information society services and without prejudice to Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.
6. Where personal data are processed for scientific or historical research purposes or statistical purposes in accordance with Article 89(1), the data subject shall have the right to object to the processing of personal data concerning him or her, unless the processing is necessary for the performance of a task carried out in the public interest.
GENERAL RULES FOR EXERCISING RIGHTS
We hereby inform you that the rights mentioned in the above paragraphs can be exercised at any time by sending an email to the following address: email@example.com, along with a valid digital copy of your identity document.
The computer systems and software procedures used to operate the website acquire certain personal data as part of their normal operation. The transmission of such data is implicit in the use of Internet communication protocols. These pieces of information are not collected to be associated with identified individuals, but due to their nature, they could, through processing and association with data held by third parties, allow users to be identified. This category of data includes:
- IP addresses or domain names of the computers used by users connecting to the website;
- URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (e.g., success, error, etc.), and other parameters related to the user’s operating system and computer environment.
This data is used solely for the purpose of obtaining anonymous statistical information about the use of the website and to ensure its proper functioning. The data is deleted immediately after processing.
Strictly necessary cookies: These cookies are essential to complete a transaction or fulfill a user-initiated request. For example, they are useful for remembering the information provided by the user while navigating the site to respond to a specific user request or to manage the login status during the session.
Functional cookies: These cookies allow the website to remember choices made by the user in order to optimize functionality. For instance, functional cookies enable the site to remember specific user settings, such as country selection and, if set, the permanent login status.
Analytical cookies: These cookies enable the collection of data on the user’s use of the website, including the elements clicked on during navigation, to improve the site’s performance and design. They may be shared with our third-party analytics providers but are solely used for purposes related to our website.
Targeting cookies: These cookies, which require user consent, remember information about the user’s use of the website to enable us to provide promotional and targeted information to the user.
How to disable or remove cookies?
The process to control and delete cookies varies depending on the browser used. To find out how to do this with a specific browser, you can use the Help function in the menu, where it explains step-by-step how to control and delete cookies. If the User gives consent to cookies through one of the methods described in the brief information presented at the time of first accessing a page on www.sghslawfirm.com or by following the instructions provided, they can give their unique consent for SGHS LAW FIRM and the indicated third parties to install the aforementioned cookies on their device and carry out the consequent profiling processes, or deny this consent to SGHS LAW FIRM and any other company.
Additionally, the User can personalize, modify, or revoke their consent, in whole or in part, through the options we propose below. This website does not use profiling cookies.
Agreement to cookies may be negated by selecting the below links:
Google Analytics – Cookie statistici http://www.google.com/policies/technologies/cookies/
Google Adwords – Cookie di profilazione https://www.google.com/intl/it/policies/technologies/types/
Facebook – Cookie di profilazione https://www.facebook.com/help/cookies?ref_type=sitefooter
Google+ – Cookie di profilazione https://www.google.com/intl/it_ALL/policies/privacy/
Linkedin – Cookie di profilazione https://www.linkedin.com/legal/cookie-policy
For more information and disable cookies from third parties: http://www.youronlinechoices.com/ch-it/
Cookies may also be managed by internet browser’s setting: Internet Explorer Firefox Safari Chrome Opera
This reminds you that if you have made your choices while browsing the pages of SGHS LAW FIRM from a different device or simply using a different browser, we will not be able to recognize your options, and we will present the information again, asking you to make your choices once more.
Furthermore, if you are a registered user of our services or register later, or if you have made different choices regarding profiling during registration, these options will be valid only when you navigate our site pages after authenticating yourself.