This document refers solely to the site www.grimaldialliance.com (hereinafter the “Site”), and not to any other websites consulted by the User via links contained in the pages of such Site.
The Site is controlled and managed by Grimaldi Studio Legale, with offices in Milan – 20122, Corso Europa, 12, (Italy), VAT number IT04063930962, e-mail email@example.com, in its capacity as Data Controller of the Personal Data collected via the Site (hereinafter “Grimaldi Alliance” or the “Data Controller”).
Types of processed data
The types of data and information collected by Grimaldi Alliance are the following:
- navigation data (automatically collected);
- data voluntarily provided by the User;
IT systems and software procedures used to operate the Site acquire, during their normal course of operation, some Personal Data whose transmission is implicit in the communication protocols of the Internet.
Such information is not collected in order to be associated to identified subjects concerned, but because of its nature it could, by means of processing and association with Personal Data held by third parties, allow for the identification of Users.
This category includes IP addresses and domain names of computers used by Users who connect to the Internet site, and other parameters related to the operating system and the IT environment of the User.
Such Personal Data are used for the sole purpose of collecting anonymous statistical information on the use of the Site and to check its correct functioning and are kept only as long as is strictly necessary for the statistical analysis.
The Personal Data could be used in order to ascertain responsibility in case of hypothetical computer-related crimes to the detriment of the Site.
Data voluntarily provided by the User
Grimaldi Alliance gathers Personal Data voluntarily provided by the Users via the “contacts” page when:
- the Users send e-mails containing information requests regarding the law firm (to firstname.lastname@example.org; email@example.com; firstname.lastname@example.org);
- the Users voluntarily send their CVs.
Furthermore, Grimaldi Alliance collects Personal Data voluntarily provided by Users who fill out the form in order to receive newsletters.
Use of cookie
No Personal Data of Data Subjects is acquired by the Site through profiling cookies or other tracking tools.
Purpose of the data treatment
Personal Data will be processed in order to allow navigation and consultation of the site, in compliance with law obligations.
Furthermore, the User’s Personal Data will be treated for the purposes of replying to the requests submitted to Grimaldi Alliance via the sending of e-mails at the Site’s “contacts” page, in order to reply to spontaneous applications and to send the newsletters requested by filling out the relevant form.
Notwithstanding the information provided vis-à-vis navigation data, Users are free to provide their Personal Data. However, the lack thereof does not allow Grimaldi Alliance to send newsletters or to take into consideration the information requests and job offers.
Data retention period and processing methods
Personal Data are processed through automated systems for a period of time that is strictly necessary to attain the purposes for which they have been collected. Personal Data processed to fulfil Users’ requests will be retained for as long as needed to provide the requested services and, where applicable, for the additional periods established by specific legal provisions, in accordance with current legal and tax obligations.
Should the User delete his/her account, thereby ceasing to use the newsletter services, the User’s Personal Data will be deleted, except in case of contractual, administrative, fiscal, accounting or legal obligations subsequent to the suspension of the service. As soon as said obligations will be fulfilled, User’s Personal Data will be in any case deleted.
Specific safety measures are adopted in order to prevent loss of Personal Data, unlawful use, misuse and non-authorized access. The technical security measures implemented by Grimaldi Alliance include antivirus and anti-ransomware systems, firewalls and access passwords, in addition to physical security measures designed to prevent access to the premises in which data is kept.
Rights of persons involved
Among the rights recognized to the Data Subjects by the Data Controller are the following:
- to have access to their personal data and policy relating thereto; to obtain the rectification of inaccurate data or the integration of incomplete data; to request the deletion of personal data concerning him/her (upon the occurrence of one of the conditions indicated in Article 17, paragraph 1 of the Regulation and in compliance with the exceptions provided for in paragraph 3 of the same article); to obtain the restriction of the processing of personal data conferred (upon the occurrence of one of the hypotheses indicated in Article 18, paragraph 1 of the GDPR);
- to request and obtain from the Data Controller - where the legal basis for the processing is a contract or consent, and the processing is carried out by automated means - the personal data provided in a structured, machine-readable format, also for the purpose of communicating such data to another data controller (so-called right to data portability);
- to oppose at any time the processing of personal data provided in the event of special situations concerning the user;
- to revoke at any time the consent given, limited to cases where processing is based on consent for one or more specific purposes and concerns common personal data (e.g. date and place of birth or place of residence), or special categories of data (e.g. data revealing the user's racial origin, political opinions, religious beliefs, state of health or sex life). Processing based on consent and carried out prior to the revocation of such consent shall, however, remain lawful;
- to lodge a complaint with a supervisory authority (Italian Data Protection Authority - www.garanteprivacy.it).
In order to exercise the above mentioned rights, make a report or to receive information on the processing modalities of Personal Data, requests may be made via the “contacts” page of this Site or by writing to the Data Controller to the address email@example.com.
Subjects authorized to process data
Processing connected to services of this Website take place and are handled by the personnel instructed by Grimaldi Alliance, properly identified and trained, and possibly by its professionals. Personal Data could also be processed by third-party, external services providers (e.g. technical assistance), acting on behalf of Grimaldi Alliance, duly appointed as data processors, who will process Personal Data in compliance with the purpose for which Personal Data have been originally collected.
Data Protection Officer
The contact data of Grimaldi Alliance’s Data Protection Officer (“DPO”), Atty. Claudio Rizzo, are as follows:
- address – Milano - 20122, Corso Europa, 12 (Italia);
- telephone number – +39 0230309330;
- e-mail – firstname.lastname@example.org.
Transfer abroad of Personal Data
Personal Data will not be transferred to non-EU countries.