Information to Data Subjects - Privacy Policy of the Website

Art. 13 and seq. General Data Protection Regulation no. 2016/679 ("GDPR")

Introduction: scope of this privacy & cookie policy

Dear User,
when you access and navigate on this website (hereinafter 'Website') some of your personal data is acquired, stored and managed (in technical terms 'processed'), through the computer, smartphone or other device you are using, through the analysis and saving of your IP address, browsing data, 'cookies' and other online identifiers such as 'pixels'.
The site then allows you to access information, products and services of Studio Legale Guzzoni - hereinafter also only SLG - by filling in contact forms and other data collection tools, or - where present - with access to user areas. For this reason, in compliance with the applicable legislation and the protection, confidentiality and security obligations that it imposes, SLG clarifies below the reasons and the ways in which your data are processed.

Data Controller

Data processing operations will be performed as Data Controller by Studio Legale Guzzoni, with legal seat in SLG VAT number 07929560964, that can be contacted at the following addresses:

  • by writing an e-mail to;
  • by post, at the address of the legal seat as provided.

Categories of data processed

The categories of data processed through the Website are:

  • informations related to the User's browsing activities, including the so-called online identifiers and data related to the device in use;
  • personal identification data and contact data such as name, surname, e-mail address and telephone number in case of use of the contact form of the Website, or by sending communications to the Data Controller to the address mentioned above;
  • - other categories of data, in case of further implementation of purposes on the Website.

Purposes, legal basis and data retention periods

PurposesLegal basisData retention period

User access to the pages of the Website, to its functionality and interaction tools with the Data Controller

Performance of pre-contractual and contractual activities, or (in some cases) exercise of legitimate interest

For the duration the user remains on the Website, and in any case until the expiration of the longer stored online ID.

Feedback to contact requests or requests for information sent by the user

Performance of pre-contractual and contractual activities, or (in some cases) exercise of legitimate interest

For a maximum of 10 years from the last interaction between the user and the Data Controller

Analysis and improvement of the functionality of the Site and the presentation of products and services to the user

Consent of the user, or (in some cases) exercise of the legitimate interest of the Data Controller

Until the expiry of the online ID stored longer, save for requests ofor cancellation or anonymization activities

Other information on how we process your data

The processing of personal data is based on principles of correctness, lawfulness and transparency, for maximum protection of confidentiality and user rights, and takes place through technological tools suitable for guaranteeing protection and security of information until their cancellation or anonymization.
If the user wishes more information about the balance between the legitimate interests pursued by SLG and his fundamental rights and freedoms, he can ask for clarifications at the addresses indicated, and in particular at the e-mail address, having the right to receive adequate feedback as soon as possible and in any case within the time required by law.
In the event of litigation with the user or with third parties, or control of the competent Authorities, the conservation may be extended until the expiry of the last applicable prescription period.
The user's personal data will not be disseminated in any way, except for the acquisition of express and prior consent or within the limits of what is provided for or imposed by law.

Consequences of failure to provide data

The provision of personal data from time to time indicated as mandatory is necessary to pursue the related purposes: not providing such data makes it impossible to proceed with the related processing.
The provision of other personal data is optional: failure to provide such additional data may make it impossible to access all or part of the Website's functions or characteristics in whole or in part.

Automated decision-making processes

With the expression "automated decision-making processes" the legislation indicates (art. 22 GDPR) "any form of automated processing of personal data" that it uses to evaluate certain aspects of the person, and in particular "to analyze or predict (... ) the professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements "of the user in his capacity as" Data Subject".
The Website does not process any personal data through automated decision-making processes.

Categories of subjects that process data on behalf of the Data Controller

Within the limits of the obligations, tasks or purposes indicated above, personal data may be made available and / or communicated to:

  • employees and / or collaborators of the Data Controller;
  • Judicial, administrative and / or public security authorities, in compliance with regulatory provisions;
  • other third parties who provide management, maintenance or intervention services on the Site and / or on other tools used by the Data Controller.
The complete list of Data Processors, Sub-processors, Joint Controllers and independent Data Controllers to whom the data are made available and / or communicated can be requested from the Data Controller at any time, at the indicated references.

Transfer of data outside the European Economic Area

Personal data may be transferred to countries outside the European Economic Area exclusively for technical needs, in any case to subjects based in countries recognized as "adequate" by the European Commission, or to subjects adhering to the so-called "EU-US Privacy Shield" (agreement for the transfer of personal data to and from the United States of America), or with the stipulation of specific Standard Contractual Conditions in the text approved by the European Commission.

Rights regarding the processing of personal data

The user, as a "Data Subject" according to the GDPR, can at any time exercise the rights attributed to him by the Regulation.
In particular, the user has the right to:

  • access his/her personal data;
  • obtain the correction or cancellation of the same or the limitation of the processing that concerns him/her;
  • oppose the processing;
  • data portability, where provided by the law;
  • withdraw consent, where provided: the withdrawal of consent does not affect the lawfulness of the treatment based on the consent given before the revocation;
  • lodge a complaint with the supervisory authority.
For Italy - as the Data Controller’s home state - the supervisory authority is the “Autorità Garante per la protezione dei dati personali”, based in Rome.
The exercise of the aforementioned rights can take place by sending a request to the Data Controller's references, as indicated above, and in particular to the e-mail address

What are cookies and other tools used by the Website

Cookies are small text files that are transmitted from the Website to the devices of users who visit it, and which are then retransmitted to the Site on subsequent visits; they may have different characteristics and be used for different purposes, both by the Website’s Data Controller and by third parties who provide technical services to the Data Controller or directly to the user.
This Website uses cookies, which can be "technical", which do not require the consent of the user, and therefore are automatically installed following the opening of the site, and in particular: "session" cookies, if they are deleted from the device when the browser and / or the navigation tab is closed, or "persistent" cookies, if they remain in the device's memory even after the Website is closed. Cookies can be "first-party" if installed, analyzed and managed directly by the Data Controller through the Website, or "third-party", where features and services offered by third parties are used.
The Website might also use cookies, both first and third party, classified as "profiling", with the user's consent, through which the browsing experience and access to the Data Controller’s offerings are personalized and improved.
Further tools, classifiable as "online identifiers" according to the GDPR, can also be used within the Website, which allow analysis and monitoring of its functions and allow the user access to specific services.

Cookie list:

The specific and complete list of cookies used by the Site, both first and third party, can be requested at the e-mail address

How to manage cookies settings:

The user can manage the personalized settings for the installation of cookies on the first access to the Website, through the options made available within the banner on the homepage.
Subsequently, the user can always prevent the receipt of cookies by default and / or from time to time through the settings available in the browser used on his device, thus preventing the installation of cookies that are not technically necessary.
The settings can generally be changed according to the following procedure:

  • selecting the item "Options" or "Preferences" in the "Tools" or "View" or "Edit" menus;
  • by accessing the "Privacy" or "Protection" or "Cookie" item or tab;
  • by selecting the preferred settings.
Users are invited to collect more information on the use of cookies to visit the pages and / or

Last updated on: 9 June 2020
Powered by BeLite