PRIVACY PRIVACY NOTICE
Pursuant to and for the purpose of the legislation applicable to protection of personal data (“Privacy Legislation”), including EU Regulation 2016/679 (“GDPR”), Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (“Privacy Code”), Morri Rossetti e Associati – Studio Legale e Tributario(hereinafter, the “Law Firm”, or the “Data Controller”), as data controller, informs users (hereinafter the “Users” or, in the singular, the “User”) of the website www.osservatorio-labour.it/en (the “Website”), that will process their personal data collected through the Website itself in the modalities and for the purposes described in this privacy notice (the “Privacy Notice”).
The User, by browsing the Website, acknowledges that he/she has read and understood the contents of this Privacy Notice.
1. WHO IS THE DATA CONTROLLER AND THE DATA PROTECTION OFFICER?
The Data Controller is Morri Rossetti e Associati – Studio Legale e Tributario with registered office in Milan, Piazza Eleonora Duse no. 2, 20122, fiscal code and VAT no. 04110250968 to be contacted at the following e-mail address: info.privacy@morrirossetti.it.
The Data Protection Officer, domiciled at the Law Firm, can be contacted at the following e-mail address: dpo.privacy@morrirossetti.it.
2. WHICH PERSONAL DATA SHALL BE COLLECTED?
The Law Firm will process exclusively the following types of personal data of Users who browse and interact with the web services of the Website and, in particular:
1. Personal data collected implicitly while a User is browsing the Website
The computer systems, cookie technology and software procedures that are used to run the Website collect, during their normal functioning, certain data whose transmission is implicit when using the Internet. This kind of information is not acquired for purposes directly linked to identifiable data subjects but could, due to its nature, be processed and aggregated with the data held by third parties, in such a way as to make User identification possible.
This category of data includes, for example, the IP addresses or the domain names of the computers used by the Users who connect to the Website, the pages visited by the Users within the Website, the domain names and addresses of the websites from which the User accessed to the Website (through referrals), the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used in submitting the request to the web server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server, and other settings relating to the type of browser (e.g. Internet Explorer, Google Chrome, Firefox), operating system (e.g. Windows) and computer environment of the User.
These data are also collected by means of cookie technology, namely text files and numbers that are installed while browsing a website, in the memory of the device (PC, smartphone or tablet) connected to the Internet through the browser application installed therein. For further details regarding the cookies used on the Website, we invite the Users to read the Cookie Policy available at the following link: https://www.osservatorio-labour.it/en/informativa-cookie/.
2. Personal data directly provided by the User
These data are provided directly by the User to the Law Firm – such as, but not limited to: name, last name, e-mail address – following the subscription to the newsletter service.
3. WHAT ARE THE PURPOSES AND THE LEGAL BASIS OF THE PROCESSING? HOW LONG IS THE RETENTION PERIOD OF YOUR PERSONAL DATA?
Personal data provided (indirectly or directly) by the User will be processed by the Data Controller for the following purposes (the “Purposes”):
| Purposes of the processing | Legal basis of the processing | Retention period | Nature of the provision of the personal data |
| a) To fulfil legal, accounting and tax obligations to which the Law Firm is subject. | Art. 6(1)(c) of the GDPR: legal obligation to which the Data Controller is subject. | The personal data collected for this Purpose will be retained only for as long as is strictly necessary to achieve the Purposes for which they were collected and, in any case, no longer than 10 years after their collection. | The provision of the personal data implicitly provided by the User occurs automatically by browsing the Website. Therefore, if the User does not intend to provide any personal data by browsing the Website, please do not visit this Website, do not otherwise use this Website or do not send any request of subscription to the newsletter through the Website. |
| b) To allow Users to browse the Website. | Art. 6(1)(f) of the GDPR: the Data Controller’s legitimate interest to: 1. inform the User, through the contents of the Website, and to promote with them the Law Firm's publications as well as the Law Firm’s professional context, the activities carried out and the services offered by the Law Firm; 2. improve the quality and the structure of the Website, as well as to create new services, functionalities and/or features thereof. | The personal data collected for this Purpose will be processed and retained for the duration of browsing and, when the browser is closed, in any case, no longer than 24 months after their collection. | |
| c) To carry out the maintenance and technical assistance necessary to ensure the proper functioning of the Website and the connected services connected. | Art. 6(1)(f) of the GDPR: the Data Controller’s legitimate interest to: (i) prevent the occurrence of fraud or other crimes through the use of the Website; (ii) improve the quality and the structure of the Website, as well as to create new services, functionalities and/or features of the Website; (iii) manage and process statistical surveys on the use of the Website (after personal data anonymization). | The personal data collected for this Purpose will be processed and retained for the duration of browsing and, when the browser is closed, in any case, no longer than 24 months after their collection. | |
| d) To enable the Law Firm to exercise its rights in court and suppress unlawful conduct. | Art. 6(1)(f) of the GDPR: the Data Controller’s legitimate interest to: (i) prevent the occurrence of fraud or other crimes through the use of the Website; (ii) manage the Data Controller or a third party's litigation in court. | The personal data collected for this Purpose will be retained only for as long as is strictly necessary to achieve the Purposes for which they were collected and, in any case, no longer than 10 years after their collection. | |
| e) To enable the Law Firm, following the User's subscription to the Law Firm’s newsletter service, to send – by email – to the User purely informative and/or informational communications regarding the publications by the Law Firm's professionals, as well as communications regarding any event invitations and/or conferences organized and/or otherwise supported by the Law Firm, also in collaboration with third parties, or where the Law Firm's professionals are appointed as speakers. | Art. 6(1)(f) of the GDPR: the Data Controller’s legitimate interest to provide constant updates regarding relevant news in the field of interest of its clients or potential clients. | The personal data collected for this Purpose will be retained until the time when the User decides to unsubscribe to the newsletter service. | The provision of the personal data directly provided by the User is optional. However, such data are necessary to finalize the subscription to the newsletter and, therefore, to receive it. In case of refusal or failure to provide such personal data, it will not be possible to receive the Law Firm's newsletters and/or communications regarding specific industries. |
If the legal basis for the processing is the legitimate interest of the Data Controller, the Law Firm ensures that it has first carried out an assessment to ensure the proportionality of the processing in order to ensure that its legitimate interest does not override the interests or the fundamental rights and freedoms of the Users, taking into account the reasonable expectations of the Users in relation to the specific processing activity carried out.
Users may request further information on the above assessment by sending an email to: info.privacy@morrirossetti.it.
The Data Controller also informs the User that he/she has the possibility to object, at any time, for the processing of his/her personal data on the basis of the Law Firm’s legitimate interests.
In particular, in the event that the User, in the future, wish to stop receiving the communications with informative and informational purposes send by the Law Firm, he/she can unsubscribe from the newsletter, by selecting "Unsubscribe" link, at the bottom of the email communications.
In the event that the Law Firm decides to process the personal data collected for any other purposes inconsistent with the purposes for which the personal data were originally collected or authorized, the Law Firm will inform the User in advance and, where required, the Data Controller will gather his/her consent for such processing activity, if needed.
At the end of the retention periods, the personal data will be erased, unless there are further legitimate interests of the Law Firm and/or further legal obligations that make it necessary, after minimization, to retain them.
4. HOW ARE THE PERSONAL DATA PROCESSED?
In relation to the mentioned Data Controller’s Purposes, the processing of personal data may consist in the activities indicated in Article 4(1)(2) of the GDPR, namely: collection, recording, organization, storage, consultation, processing, disclosure by transmission or otherwise making available, restriction, erasure and destruction of personal data.
The processing may be carried out using automated tools, with a logic strictly related to the Purposes and, in any case, with means that ensure the personal data’s compliance with the requirements and prescriptions of security and confidentiality, and with the specific obligations provided in the law, applicable from time to time.
5. TO WHOM WE DISCLOSE THE PERSONAL DATA?
User‘ personal data will be processed by the Law Firm’s staff, specifically designated as authorized persons for the processing, where necessary to carry out the Purposes referred to in the above section 3 of this Privacy Notice.
Furthermore, Data Controller informs the Users that, in order to carry out the Purposes, their personal data may be disclosed to additional recipients or categories of recipients, acting as autonomous data controllers or, if needed, expressly appointed as data processors, including but not limited to:
· Law Firm’s supervisory and/or control bodies, judicial authorities, as well as any other entities to which the disclosure is required by the law for the fulfillment of the said Purposes;
· the IT companies involved in the maintenance and management of the Website;
· the hosting providers offering services for hosting the Website;
· media agencies involved in market research activities that may be carried out by the Data Controller, using, in an anonymous form, the Users' browsing data.[MRA3]
The complete and updated list of the recipients or the categories of recipients is kept at the registered office of the Law Firm and can be consulted upon request to be sent to the contact details indicated in the following section 8 of this Privacy Notice.
Users‘ personal data will not be disclosed to the public or to undefined persons.
6. DO WE TRANSFER THE PERSONAL DATA TO COUNTRIES OUTSIDE THE EU?
The processing and storage of Users’ personal data will take place on servers of the Law Firm located within the European Union and/or of third-party companies duly appointed as data processors.[MRA4]
Any transfer of Users’ personal data outside the European Union may take place only under the terms and with the guarantees provided for by the Privacy Legislation and, in particular, pursuant to Articles 44 - 49 of the GDPR.
7. THIRD PARTIES WEBSITES
The terms of this Privacy Notice shall be applicable solely and exclusively to the Website and not to the other websites owned by the Data Controller or owned by third parties that the User should access through links that may be contained in the Website. Should the User access to another website, we recommend to the User to read the information regarding the processing of personal data applicable to such website.
Furthermore, the Law Firm does not have the access to the personal data of visitors/users of its websites or to the Users' social network accounts, but it has access only to aggregated and anonymous data that it may use to evaluate the performance and effectiveness of its services.
Consequently, this Privacy Notice does not apply to such websites, apps and platforms.
The owners of the aforementioned websites will, therefore, remain the solely and exclusively data controllers and data processors of their users' personal data, and the Law Firm remains uninvolved to such activity as well as in any liability, loss, cost, which may arise from a failure or an inaccurate fulfilment.
Therefore, before providing your personal data or your consent to the processing of them, we recommend you to carefully read the relevant privacy Privacy Notices and terms of use of such websites.
8. WHAT ARE YOUR RIGHTS IN CONNECTION TO THE PROCESSING OF YOUR PERSONAL DATA, HOW CAN YOU EXERCISE THEM AND HOW CAN YOU CONTACT US?
The User, as data subject, in accordance with the law, will always have the right to withdraw at any time his/her consent, where given, as well as to exercise, at any time, the following rights:
1. the “right of access” i.e. the right to obtain confirmation as to whether or not personal data concerning the User are being processed and the communication of such data in an intelligible form;
2. the “right to rectification” i.e. the right to request the rectification or, if interested, the integration of personal data;
3. the “right to erasure” i.e. the right to request the erasure or the anonymization of personal data that have been processed unlawfully, including data whose storage is unnecessary for the Purposes for which they were collected or further processed;
4. the “right to restriction of processing” i.e. the right to obtain from the Data Controller the limitation of the processing in certain cases provided for under the Privacy Legislation;
5. the right to request the Data Controller to indicate the recipients to whom it has notified any rectification or erasure or restriction of processing (carried out in accordance with Articles 16, 17 and 18 GDPR, in fulfillment of the notification obligation unless this proves impossible or involves disproportionate effort);
6. the “right to data portability” i.e. the right to receive (or transmit directly to another data controller) personal data in a structured, commonly used and machine-readable format;
7. the “right to object”, i.e. the right to object, in whole or in part:
a) the processing of personal data carried out by the Data Controller for its own legitimate interest;
b) the processing of personal data carried out by the Data Controller for direct marketing or profiling purposes.
In the above cases, where necessary, the Data Controller will inform the third parties to whom the User‘s personal data have been disclosed of the his/her exercise of rights, unless it is not possible or is too onerous and, in any case, in accordance with the provisions of the Privacy Legislation.
The User is entitled to exercise his/her rights at any time in the following manner:
· by e-mail, to the address: info.privacy@morrirossetti.it;
In any case, the Law Firm – where it has reasonable doubts concerning the identity of the data subject making the request referred to in Articles 15 - 21 of the GDPR – may request the provision of additional information necessary to confirm the identity of the data subject.
9. HOW CAN YOU LODGE A COMPLAINT THE ITALIAN DATA PROTECTION AUTHORITY?
The Data Controller hereby informs the User that, pursuant to the Privacy Legislation, he/she has the right to lodge a complaint with the competent supervisory authority (in particular in the Member State of User’s habitual residence, place of work or place of the alleged breach), if he/she is of the opinion that his/her personal data are being processed in a way that would lead to breaches of the GDPR.
In order to facilitate the exercise of the right to lodge a complaint, the name and contact details of the European Union Supervisory Authority are available at the following link: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.
Lastly, should the User wish to lodge a complaint with the Supervisory Authority having competence for the Italian territory (i.e. “Autorità Garante per la protezione dei dati personali”), the same can use the complaint form available at the following link: https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524.
10. PRIVACY NOTICE UPDATES
This Privacy Notice will be subject to periodic updates and such amendment will be provided on the Website.
Last update: 31 10 2022
