Privacy Policy

PRIVACY POLICY

www.tonucci.com

Art. 13 of Regulation EU 2016/679 General Data Protection Regulation

Index

Premise

Information on the processing of personal data

1. Identity and contact details of the Data Controller

2. Types of personal data processed

3. Optional nature of the User’s decision to provide personal data

4. Purposes and legal basis for processing

(a) Contact us

(b) Recruiting

(c) Marketing and soft spam

5. Data processing procedures

6. Data processing recipients

7. Transmission of data outside the EU

8. Storage period

9. Link to other sites

10. “Profiling” and/or customization tools

11. Rights of the data subjects

12. Complaint before the Data Protection Authority

13. Data Protection Officer (DPO)

14. Right to review

Premise

With this note, the law firm Tonucci & Partners, with registered office in Via Principessa Clotilde no. 7 – 00196 Roma, acting ad data controller, hereby informs the users visiting the website www.tonucci.com (hereinafter the “Website”) of the policy adopted regarding personal data protection, underlining its commitment and attention in the protection of privacy of the users of the Website (the “Users”). We invite you to read carefully our Privacy Policy, which applies both to simple navigation within the Website and to related services.

Visitors may browse the Website freely and are not obliged to register, except in certain areas of the same, in which the User can freely and expressly provide a set of personal data in order to access specific services. Therefore, where the Users intend to provide their personal data in order to access such additional services, they will be expressly informed pursuant to Regulation (EU) 2016/679 – General Data Protection Regulation (the “GDPR”) and Legislative Decree no. 196 of 30 June 2003 – Data Protection Code (the “Data Protection Code”) of the purposes and methods for and with which the data will be used by Tonucci & Partners, as well as of the right to request, at any time, that the data provided are erased or updated. Please note that the term “personal data” means “any information relating to an identified or identifiable natural person” and the term “processing” means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”. By browsing this Website you acknowledge that you have read and understood this Privacy Policy.”.

Information on the processing of personal data

Tonucci & Partners hereby provides you with the following information, pursuant to art. 13 of the GDPR.

1. Identity and contact details of the Data Controller

Tonucci & Partners, with registered office in Via Principessa Clotilde no. 7 – 00196 Roma, tel. 06362271 fax 063235161, info@tonucci.com, tonucci.partners.pec@legalmail.it, C.F. e P.Iva n. 0500841196 (lo “Studio”).

2. Types of personal data processed

You do not need to be registered to access the Website. However, some services may require you to register (e.g. to contact us, to subscribe to our newsletter service, etc.).

Furthermore, in order to allow normal and efficient navigation and use of the Website, Tonucci & Partners will collect some personal data of the Users relating to connection and navigation within the Website. With reference to the data relating to navigation within the Website collected through the use of “cookies”, please see also point 10 below regarding Profiling Tools. Where necessary, the Firm will acquire the User’s specific consent to the use of the data. Here is an exemplification of the type of information we process through the Website:
  • ID data: name, surname, date of birth, etc.;
  • Contact details: residential address, e-mail address, phone number;
  • Connection data: internet protocol (IP) address, device number/ID, data about your internet connection and service provider, the equipment you use to access the Websites, login data, your browsing history, and other usage and technical details.

3. Optional nature of the User’s decision to provide personal data

Some of the personal data requested on the Website (such as your first and last name, telephone number and e-mail address) may be marked as “mandatory” [e.g., indicated with an (*)] as they are necessary to access the services granted by the Website you wish to use (e.g., if you submit a request for information). Failure to provide this data marked as “mandatory” may prevent the Firm from allowing access to the services requested (e.g. if you do not provide your e-mail address, the Firm will not be able to send you our newsletter). Failure to provide data marked as “optional” will have no consequence.

The users are required to indicate only personal data relating to themselves on the Websites. If personal data of third parties is indicated, the Users must expressly declare and recognise that they have obtained consent from third parties for processing of the corresponding personal data by the Firm.

4. Purposes and legal basis for processing

The data are collected and processed for purposes strictly related to the usage, management and updating of the Website, the services offered within it and their presentation to Users. The specific purposes for processing of data are described in detail in this paragraph.

(a) Contact us

The data submitted through the “Contact us” form or by means of other contact services (e.g. by e-mail, fax, phone and hard mail) will be processed by Tonucci & Partners to address the Users’ requests for information.

The processing of data for this purpose does not require the Users’ consent, as it is necessary in order to take steps at the request of the User prior to entering into a contract (art. 6, par. 1, letter b) of the GDPR).

(b) Recruiting

The data submitted through the “Work with us” form or by means of other contact services (e.g. by e-mail, fax, phone and hard mail) will be processed by Tonucci & Partners to manage your application within our recruiting and staff selection activity.

The personal data provided for the above-mentioned purpose (e.g. the data present in you CV) may include some “special categories of personal data”, including data concerning health, handicap status, membership of political, philosophical, trade union associations, belonging to sheltered groups, reason for exemption from military service, etc.). The processing of data for this purpose does not require the Users’ consent, as it is necessary in order to take steps at the request of the User prior to entering into a contract (art. 6, par. 1, letter b) of the GDPR and in compliance with decision no. 146 issued on June 5, 2019 of the Italian Data Protection Authority “Provvedimento recante le prescrizioni relative al trattamento di categorie particolari di dati, ai sensi dell’art. 21, comma 1 del d.lgs. 10 agosto 2018, n. 101”).

Furthermore, should you grant us with adequate and specific consent, your data will be used by Tonucci & Partners to:

(c) Marketing and soft spam e soft spam

To allow your subscription to our update service – through the use of both automated and non-automated means, such as newsletters and e-mails – regarding the main judicial and legislative news as well as conventions, webinars and events regarding the areas of practices of the Firm and its professionals.

If you subscribe to our “Newsletter”, you will only receive commercial communications on the e-mail address specified at the time of subscription. The processing of your data for this purpose will require the Users’ consent (art. 6, par. 1, letter a) of the GDPR). If the User is a client of the Firm, Tonucci & Partners may contact the client via e-mail for direct marketing of services similar to those already supplied to the User (the so-called “soft spam”) in compliance with article 130, par. 4 of the Privacy Code, provided that the client has always the chance of objecting to the sending of such communications as of now and in any subsequent communication, following the instructions contained in the box below and/or in paragraph 11.

Please note that failure to grant us consent for the purpose (c) will not affect in any way the ability to contact the Firm for any kind of information or request.

We remind the Users that they may at any time withdraw their consent and/or object to such processing by (i) (with reference to the Newsletter service) clicking on the specific link available in all the e-mails; (ii) sending a notice to info@tonucci.com o tonucci.partners.pec@legalmail.it. Should you unsubscribe to the Tonucci & Partners Newsletter, you will no longer receive any kind of commercial communication, in any way whatsoever.

5. Data processing procedures

The Users’ data are processed by digital and electronical means, in compliance with the legislation in force and in any event in such a manner as to ensure their security and confidentiality and prevent unauthorized disclosure or use, alteration or destruction. All the information collected is sent via a protected connection to prevent it from being intercepted by third parties.

6. Data processing recipients

The Users’ data will be processed (solely within their respective areas of competence) by persons in charge of the processing expressly authorized by the Firm, pursuant to art. 29 of the GDPR.

Within the aforementioned purposes, recalled in the tab below, your data may come to the knowledge of the following third parties:

Purpose

Recipients

(a)

(i) (i) the company entrusted by Tonucci & Partners with the management Firm’s IT systems; (ii) companies that provide Tonucci & Partners with services strictly related to the management of the relationship with our clients (e.g. suppliers of management applications).

(b)

(i) (i) the company entrusted by Tonucci & Partners with the management Firm’s IT systems; (ii) companies that provide Tonucci & Partners with services strictly related to the management of the relationship with our clients (e.g. suppliers of management applications).

(c)

(i) (i) the company entrusted by Tonucci & Partners with the management Firm’s IT systems; (ii) companies that provide Tonucci & Partners with services strictly related to the management of the relationship with our clients (e.g. suppliers of management applications); (iii) companies that provide Tonucci & Partners with services strictly related to our marketing activites (e.g. providers of information communication platforms).

Where appropriate, these suppliers have been appointed by the Firm as data processors according to art. 28 GDPR. A complete list of the data processors can be obtained by sending an e-mail to the contact details indicated below.

Users’ data will never be disseminated.

7. Transmission of data outside the EU

Your personal data will not be the subject of any transfer to countries not belonging to the European Union.

8. Storage period

Users’ data will be stored for as long as it is necessary to fulfill the purposes listed at paragraph 4 of this Privacy Policy and in compliance with the consents granted, if any. Thereafter, the data will be destroyed or anonymized.

In particular, data will be stored in accordance with the principles indicated in the tab below.

Purpose

Storage period

(a)

Your data will be processed for the time necessary to correctly manage the User’s request. In any case, your personal data will not be stored for a period of time longer than 3 years following your request of information.

(b)

Your data will be processed for the time strictly necessary to decide whether or not to proceed with your hiring, and in any case for a time not exceeding the needs of recruitment. In any case, your personal data will not be kept for a period of time longer than 1 year following their collection.

(c)

Your personal data will be processed throughout the period of your subscription to the newsletter service, in compliance with the consents granted by the Users and without prejudice to their right to withdraw their consent at any time.

9. Link to other sites

La presente This Privacy Policy is only applicable to the website www.tonucci.com and is not valid for any other websites that may be consulted by the User via links originating from the same. The Firm cannot be held responsible for the personal data provided by the Users to third parties or to any other website that may be linked to the Website.

10. “Profiling” and/or customization tools

Tonucci & Partners does not carry out any promotional and/or commercial communication activity without the User’s prior explicit consent. The Websites uses cookies which may be technical cookies (i.e. to facilitate browsing and use of the Website), and profiling cookies (i.e. to analyse users and their behaviour and preferences). For a detailed explanation on the cookies used by the Websites and how to disable them, please read our Cookie Policy.

11. Rights of the data subjects

By sending a notice to info@tonucci.com o tonucci.partners.pec@legalmail.it you may at any time exercise the rights provided for by articles 15 to 22 of the GDPR, such as requesting information on which data we are processing, in which manner and for which purpose we are using them, amending the data you have provided us or erasing them, asking us to limit use of your data, and requesting receipt or transmission of your data, all of the above without prejudice to the possibility of changing the user’s consent (if provided).

You may at any time object to processing of personal data concerning you for marketing purposes.

Should a right provided under the GDPR be exercised, the Data Controller reserves the right to verify the identity of the User by requesting to send a copy of an identity document attesting the legitimacy of the request. Once the identity has been confirmed, the copy received will be immediately deleted.

12. Complaint before the Data Protection Authority

Should you consider the processing of your data infringes the GDPR, you may in any event lodge a complaint before the Italian Data Protection Authority (www.garanteprivacy.it), or to the Data Protection Authority of the Member State of your habitual residence, place of work or place of the alleged infringement.

13. Data Protection Officer (DPO)

You can contact the DPO appointed by the Firm pursuant to art. 37 of the GDPR at dpo@tonucci.com.

14. Right to review

The Firm reserves the right to review, amend or simply update, totally or in part, its current Privacy Policy at its sole discretion, in any way and/or at any time, without any need to submit advance notice, even in view of changes in the laws or regulations on the protection of personal data. Users shall be notified of any amendment or updating of the Privacy Policy as soon as adopted and shall be binding upon their publishing on the Website. Please access this section regularly to verify the latest Privacy Policy.


COLLECTING PERSONAL DATA

Such as, e.g. the addresses in the URI-Uniform Resource Identifier notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the serve (success, error, etc.) and other parameters related to the operating system and the User’s computer environment. These data are collected for the sole purpose of obtaining anonymous statistical information on the use of the Website and to monitor its correct functioning, and are deleted immediately after their processing. Data may be used to ascertain responsibility in case of hypothetical cybercrimes to the detriment of the Website: with the exception of this possibility, the data will be deleted after the time necessary for the provision of the services outlined on the Website.


Articles 15 to 22 of the GDPR acknowledge specific rights, like:

Rights

Content

Right to object to the processing

The Users have the right to object to certain types of processing of personal data, including processing based on the legitimate interests of the Firm or processing carried out for direct marketing purposes.

Right to be informed

The Users have the right to receive clear, transparent and easily understandable information on how their personal data are used and how to exercise their rights.

Right of access to personal data

The Users have the right to access their personal data (to the extent that they are actually processed by the Firm) and to request, at any time, further information regarding the processing (e.g. which data concerning them are processed, the purpose of the processing, the categories of data, the recipients or categories of recipients to whom the data are transferred, the storage period or the criteria used to determine such period).

In this way, Users will gain awareness and will be able to verify whether the Firm is processing their personal data in compliance with current legislation on the protection of personal data.

Right to rectification and update

The Users have the right to obtain the rectification of their personal data if they are inaccurate or incomplete.

Right to erasure

Also known as the “right to be forgotten”, it allows the Users to request the deletion or removal of their personal data where there are no binding reasons for the Firm to keep them.

An absolute right to erasure does not exist. Such right shall therefore be balanced with the needs of the Firm (e.g. the deletion of data that the Firm must keep in order to comply with a legal obligation or for the purposes of establish, exercise or defend legal claims).

Right to restriction of processing

The Users have the right to “block” or restrict the further processing of their personal data. If the processing has been subject to restriction, the Firm may still retain the Users’ personal data, but may not process them further. Should a User exercise this right, the Firm will draw up special lists containing the details of those who have requested to restrict the processing of their personal data, so as to ensure that the restriction is complied with.

Right to data portability

The Users have the right to receive their personal data in a structured, commonly used and machine-readable format, and to use them for their own purposes within various services.

This right is limited to data collected in the context of the conclusion or execution of a contract with the User or on the basis of the User’s consent.