Moscati Law Firm (hereinafter the "Data Controller"), pursuant to art. 13 and 14 of the EU Regulation n. 679/2016,
announces with this communication the information relating to the processing of personal data in the provision of its service.
It is necessary to point out immediately that the entire information must be read bearing in mind that the Data Controller provides a service exclusively aimed at the provision of legal services.
The information is also inspired by Recommendation no. 2/2001 that the European authorities for the protection of personal data, gathered in the Group established by art. 29 of the directive n. 95/46 / EC, adopted on 17 May 2001 to identify some minimum requirements for the collection of personal data online and, in particular, the methods, timing and nature of the information that the data controllers must provide to users. when these connect to web pages, regardless of the purpose of the connection as following consultation of a site, data relating to identified or identifiable persons may be processed.
The information is provided only for the website of the Data Controller and not for other websites that may be consulted by the user via links.
Art. 1. Owner - Responsible for data processing and protection
The Data Controller of your data is the Moscati Law Firm whose Representative of the Data Controller is Avv. Angelo Moscati
with Studio in Traversa Pascoli, 22 Afragola (Na) owner of the portal http://www.studiolegalemoscati.it/, tel. 081 199 76 607
Email info@studiolegalemoscati.it.
The collaborators of the Data Controller, as data processors and persons in charge of the processing, are all specifically assigned to data processing.
Art. 2. Place of data processing Personal data
are processed in the premises of the Data Controller, as well as on IT support by means of the software made available by the various Partners and the devices made available to the subjects authorized to process or protect data.
The treatments connected to the web services of this site are carried out with the help of 1 & 1 Internet SE, Elgendorfer Str. 57, 56410 Montabaur, Germany whose servers are based in Euroa and in the United States, sites that can be consulted at https: // about.1and1.it/i-centri-dati/#page-content, and are only handled by technical personnel in charge of processing and by any persons in charge of maintenance.
Art. 3. Type of data processed
The Data Controller processes exclusively data provided voluntarily by the user, or data acquired by third parties with his explicit consent;
data strictly necessary to process any request, be it information or service provision.
For the provision of the service and / or for pre-contractual activities, the Data Controller processes the following categories of data:
1. Common personal data (any information relating to a natural person, identified or identifiable, even indirectly, by reference to any other information, including a personal identification number) including: personal, banking / financial data, telephone and telematic contacts .
a) Navigation data.
The computer systems of the Site and the Blog collect some Personal Data whose transmission is implicit in the use of the protocols of
Internet communication.
This is information that is not collected to be associated with you, but which by its very nature could, through processing and association with data held by third parties, allow you to be identified.
These data are used in order to obtain anonymous statistical information on the use of the Site and to check its correct functioning; to allow - given the architecture of the systems used - the correct provision of the various functions requested by you, for security reasons and to ascertain responsibility in the event of hypothetical computer crimes against the Site or third parties.
For example, at each access to the pages of the Data Controller's website, the user data will be transmitted through the internet browser and saved in protocol files, the so-called server log files.
The following data will be saved: date and time of access, name of the visited site, IP address, URL of the referrer (URL of origin through which you arrived on the websites of the Data Controller), the amount of data transmitted, related information to the product and version of the browser used.
The IP addresses of the users are deleted or made anonymous at the end of use.
In the case of anonymization, the IP addresses will be modified in such a way that they cannot be attributed to a specific natural person except with an excessive effort in terms of time, costs and labor.
We analyze these log file data sets anonymously in order to improve our offerings, find and eliminate errors faster and to check server capabilities.
In support of this information on the data acquired by browsing the portal of the Data Controller, the interested party is invited to consult the Cookies session which is an integral part of this information.
b) Data provided voluntarily.
Through the Site you have the possibility to voluntarily provide Personal Data such as name, surname and e-mail address or
bank details to make a payment.
The Data Controller will process these data in compliance with the Applicable Law, assuming that they refer to you or to third parties who have expressly authorized you to provide them on the basis of an appropriate legal basis that legitimizes the processing of the data in question.
With respect to these hypotheses, you place yourself as an independent Data Controller, assuming all the obligations and responsibilities of the law.
In this sense, you grant the widest indemnity on this point with respect to any dispute, claim, request for compensation for damage from treatment, etc. that should reach the Data Controller from third parties whose Personal Data have been processed through your use of the Site in violation of the Applicable Law.
c) Data processed in interaction with social networks.
In addition to filling out the appropriate service request form, you can submit this request, if you have a Facebook or Google profile, also by simply clicking on the "Register with Facebook" or "Register with Google" button.
In this case, Facebook or Google will automatically send some of your data to the Data Controller, specified in the appropriate "pop-up" window that is displayed at the time of the request, and there will be no need to fill in other forms on your part.
2. Sensitive data
(personal data suitable for revealing racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, as well as data personal data suitable for detecting the state of health and sexual life of the interested party) including health data in general and genetic data.
Art. 4. Purpose of the treatment
The Data Controller informs that it will process the personal data to be communicated to the extent strictly necessary to fulfill the following purposes:
a) purposes related to the execution of a contract of which you are a party or to the execution of pre-contractual measures adopted at your request;
b) purposes related to the fulfillment of a legal obligation to which the Data Controller is subject;
c) purposes necessary to ascertain, exercise or defend a right in court or whenever the judicial authorities exercise their judicial functions;
d) allow navigation of the Site and the provision of the services of the Data Controller;
e) find specific requests addressed to the Data Controller;
f) fulfill any obligations established by applicable laws, regulations or community legislation, or satisfy requests from authorities;
l) for statistical or research purposes, without it being possible to trace your identity.
The user at any time has the right to revoke his authorization for the use of personal data for these purposes, even partially or for
specific methods of communication.
This operation does not involve additional costs and it will only be necessary to send a communication to the known contacts of the Data Controller.
Art. 5. Processing methods
The information systems and computer programs are configured by minimizing the use of personal data and identification data,
in order to exclude its processing when the purposes can be pursued through anonymous data or with the use of appropriate methods that allow the data subject to be identified only in case of need.
To access the service offered by the Data Controller, the interested party will initially provide only common personal data which will be processed by administrative staff.
The Data Controller will acquire sensitive data exclusively for the purposes referred to in the legal service and only through duly appointed personnel, the only persons authorized to carry out the related processing according to the ordinary procedure.
In fact, the Data Controller takes all possible initiatives and security measures to prevent the appointees from processing data that is not necessary for the accomplishment of the related purpose.
Your personal and sensitive data will be recorded, processed, managed and archived with the aid of electronic IT tools and only possibly in paper form. In any case, the chosen method will not affect the security and confidentiality of the data which remain guaranteed.
Personal data are managed with automated tools for the time strictly necessary to achieve the purposes of the processing.
Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access.
In this sense, there is a widespread distribution of responsibilities and the possible activities on the data are defined through regulations and operating instructions to the persons in charge.
The Data Controller has undertaken to guarantee training and refresher courses on privacy issues, potential dangers and responsibilities related to data processing. Furthermore, all operators who access the computerized systems are identifiable, bound by professional and / or official secrecy and in any case authorized to process them.
In cases where special laws provide for the processing of data in anonymous form (protection of victims of acts of sexual violence and pedophilia, seropositivity, use of narcotic drugs, psychotropic substances and alcohol, intervention of voluntary termination of pregnancy, birth in anonymity, services offered by family counseling, responsible procreation choices, etc.) the data are obscured at the time of their creation in accordance with the provisions of the law in force and are not subject to processing.
Art. 6. Security Measures
The processing of personal data is guaranteed by the application of suitable and preventive security measures that make it possible to minimize the risk of destruction or loss, even accidental, of the data, of unauthorized access or processing that is not permitted or does not comply with the purpose of the collection.
Organizational choices and operating procedures regarding security in the processing of personal data are also defined by the processing of sensitive personal data using electronic tools. The security system for personal data identifies the organizational choices and operational methods regarding security in the processing of personal data, in particular with regard to: "the list of personal data processing;" access to authorized personnel based on the purpose of the processing; "the analysis of the risks affecting the data;" the measures to be taken to ensure the integrity and availability of the data; "the description of the criteria and methods for restoring the availability of data following destruction or damage;
"the provision of training interventions for data processors, to make them aware of the risks affecting the data, of the measures available to prevent harmful events, of the profiles of the regulations on the protection of personal data most relevant in relation to the related activities, of the responsibilities that derive from it and the methods for updating on the minimum measures adopted by the Data Controller; "the description of the criteria to be adopted to ensure the adoption of the minimum security measures in case of processing of personal data entrusted outside the structure of the Data Controller or transferred abroad;
"for personal data suitable for revealing the state of health and sexual life, the identification of the criteria to be adopted for the encryption or for the separation of such data from the other personal data of the interested party. The user, if registered, is undertakes to keep their personal access credentials confidential and not to share them with third parties.
The user also undertakes, once logged in on the website of the Data Controller with his own credentials, not to leave the relative terminal unattended.
The Data Controller assumes no responsibility for the illicit use of said access credentials, except of course in the case in which the abuse is attributable to his responsibility.
Art. 7. Recipients of the Treatment
The subjects who will process your personal data are: - subjects appointed within the structure of the Data Controller, necessary for the provision of the services offered; - subjects who typically act as data controllers, i.e .:
i) persons, companies or professional firms that provide assistance and advice to the Data Controller in accounting, administrative, legal, tax and financial matters;
ii) subjects delegated to carry out technical maintenance activities; iii) credit institutions, insurance companies and brokers;
iii) parent companies, subsidiaries and affiliates of the Data Controller, limited to the pursuit of administrative-contractual purposes connected to the performance of organizational, administrative, financial and accounting activities;
- persons authorized by the Data Controller to process Personal Data who are committed to confidentiality or have an adequate legal obligation of confidentiality; (e.g. employees and collaborators of the Data Controller);
- subjects, bodies or authorities to whom it is mandatory to communicate your personal data by virtue of legal provisions or orders of the authorities;
- judicial authorities in the exercise of their functions when required by the Applicable Regulations.
The display of personal data takes place only by authorized subjects according to specific methods, relating to the content of the contract signed by the data subject and in compliance with the purposes already described.
The designation is carried out by means of an "appointment deed" inserted in the agreements, conventions or contracts that provide for the entrusting of personal data processing externally to the Company.
7.1 Internal Data Processors
The Data Controller, in consideration of the complexity and multiplicity of the institutional functions of the Company, designates as Data Processors: "each Manager in charge of an Operating Unit of the Company, for the paper databases and for the electronic databases of the individual structures; "the Manager in charge of the IT Service for centrally managed electronic databases; "all external subjects who, in any way, use the Data Controller's database on behalf and in the interest of the Data Controller for purposes related to the exercise of its corporate functions (Article 9). The designation of the internal Managers is linked to the assignment of the structure assignment and is considered accepted by signing the contract. The Data Controller must inform each Data Processor, as identified by the Regulations, of the responsibilities entrusted to him in relation to the provisions of the regulations in force. Each The Manager must guarantee: - the timely and full compliance with the duties of the Company provided for by the Code, including the safety profile; - compliance with the provisions of this Regulation as well as the specific instructions given by the Data Controller; - interaction with the Guarantor in the event of a request for information or other investigations; - the adoption of suitable measures re to ensure, in the organization of services and services, respect for the rights, fundamental freedoms and dignity of the interested parties, as well as professional secrecy, without prejudice to the provisions of current legislation and the corporate security system regarding processing of sensitive data and minimum security measures.
The Data Processor, in relation to the implementation of security measures, has the following duties:
"to draw up and update the list of the types of treatments carried out (census - art. 16);" request the Head of the IT Service to assign to each Person in charge of the treatment an individual personal identification code that cannot be reused for access to data;
"keep the passwords for access to data by the Officers;" check with the Head of the IT Service the effectiveness of the protection and antivirus programs as well as define the measures for access to the premises and the security measures against the risk of intrusion ; "ensure that all security measures regarding the Company's data are applied within the Company itself and externally, if there is access to them by third parties such as Data Processors;" inform the Data Controller in the eventuality risks have been identified. "All those who, in any way, manage, individually and separately with respect to the single structure to which they belong, personal data of third parties, individually assume the quality of autonomous" Controllers "of the treatment.
7.2 External Data Processors
All external subjects who carry out processing operations on the Company's databases, on behalf and in the interest of the same, for purposes related to the exercise of company functions, are appointed "external managers" of the processing. The external Managers have the obligation: "to process the data lawfully, fairly and in full compliance with current legislation on privacy;" to comply with the security measures provided for by the Privacy Code and to take all the measures that are suitable for preventing and / or avoiding the communication or dissemination of data, the risk of destruction or loss, even accidental,
unauthorized access or unauthorized processing or processing that does not comply with the purposes of the collection; "to appoint internally the persons in charge of processing;" to ensure that the data processed are only disclosed to the personnel in charge of processing; "to process the personal data, including of a sensitive and health nature, of the Patients exclusively for the purposes set out in the contract or agreement;" to comply with the instructions given by the Data Controller; "to specify the places where the data is physically processed.
In the event of non-compliance with the aforementioned provisions, the external data processors must be considered autonomous "owners" of the processing and therefore subject to their respective obligations and therefore respond directly and exclusively for any violations of the law.
7.3 Persons in charge of processing
Every employee in charge of a specific service and required to carry out technical processing operations is to be considered, to all effects, "Appointed" pursuant to art. 30 of the Privacy Code.
The Appointee, in carrying out the operations strictly connected to the fulfillment of his functions, must scrupulously comply with the instructions given by the Data Controller and the Manager, undertaking to adopt all the security measures provided for by this Regulation as well as any other measure that is suitable to prevent and / or avoid the communication or dissemination of data, the risk, even accidental, of destruction or loss, of unauthorized access or unauthorized treatment or treatment not in accordance with the purposes of the collection.
The Person in charge collaborates with the Data Controller and the Manager by reporting any risk situations in the processing of data and providing all information necessary for the performance of the control functions.
In particular, the Person in charge must ensure that, during the processing, the data are: - processed lawfully and fairly; - collected and recorded for specific, explicit and legitimate purposes, and used in other processing operations in terms compatible with these purposes; - accurate and, if necessary,
updated, relevant, complete, not excessive and, if sensitive data, indispensable with respect to the purposes for which they are collected or subsequently processed;
- kept in a form that allows the identification of the data subject for a period of time not exceeding that necessary for the purposes for which they were collected or subsequently processed.
The Person in charge is required to maintain complete confidentiality on the data of which he has become aware during the performance of his activity, undertaking to communicate the data exclusively to the subjects indicated by the Data Controller and the Manager, only in the cases provided for by law and / or in the carrying out the business activity.
The designation of the Appointee is carried out by means of the employee's preposition, with a hiring provision or service order, to the single service unit for which the permitted processing area is identified by means of the data registration forms.
The Officers must receive suitable and analytical instructions, also for homogeneous groups of functions, regarding the activities on the data entrusted (insertion, updating, cancellation, etc.) and the obligations to which they are required.
Art. 8 Nature of the provision of data and consent
The consent to the processing of personal data is as voluntary as it is essential for the provision of the requested service, that is the main purpose of the data processing (including related administrative activities), since failure to consent would prevent you from using the service.
The consent to the processing of sensitive data is expressly expressed through the specific signing of the relative conferment.
Below are some special cases of acquiring consent to the processing of data on the basis of special laws or relating to specific categories of reports:
a) Minors The consent to the processing of the data of a minor must be signed by at least one parent exercising parental authority.
b) Persons Subject to Guardianship Power The guardian submits the consent form for the processing of data on behalf of the protected user, addressing it to the user and completing it with their personal data and signature; attaches to this form the documentation issued by the Judicial Authority or, alternatively, a self-declaration of guardianship.
c) Person Who Cannot Sign The user who cannot sign the consent form due to illiteracy, temporary or permanent physical impediment, without a legal representative, can express his consent verbally or by other means (gestures), of which the The operator acknowledges (perhaps with the help of a family member who knows the patient's ways of expressing himself) with the aid of audiovisual recording tools that will be archived and used exclusively in the event of disputes.
Art. 9 Transfer of data abroad
Your personal data may also be transferred to other countries belonging to the European Union, exclusively to allow the employees in charge of the Data Controller to carry out their work in execution of the contract.
Your personal data may also be transferred to a country not belonging to the European Union exclusively to allow you to perform the work in execution of the contract, if, due to the nature of the service requested by the Data Subject, it is necessary to identify a appointed in a non-EU country, impossible to predetermine.
Art. 10 Rights of the interested party
As a subject interested in the processing of personal data, the interested party may at any time avail himself of the faculties and rights provided for by art. 13, paragraph 2, letter re a) b) c) d) e), 15, 16, 17, 18, 20 and 21 of EU Regulation 679/2016.
In particular, you are responsible for:
The right to obtain confirmation of the existence or not of personal data concerning you;
The right of access, that is to have communication of data concerning you upon simple request;
The right to object which provides for the possibility of opposing the processing of personal data for legitimate reasons.
The right of rectification, i.e. modification and updating of data;
The right to be forgotten, i.e. to have the data concerning you deleted.
In order to implement the right to be forgotten, the following distinction must be made:
- if the processing of the data requires an express consent, the revocation of the latter will be sufficient to obtain the cancellation, to be understood as automatic, of the data;
- if the processing of data requires consent for conclusive facts, the cancellation can be implemented, upon request, only if the personal data are no longer necessary with respect to the purposes for which they were collected or processed.
The right to limit the processing that minimizes the use of data processing to what is necessary for the purposes of the same.
However, this right is provided only in the following mandatory cases:
- if the interested party contests the accuracy of the personal data and for the time strictly necessary to verify its accuracy;
- where, in the presence of unlawful processing, the interested party opposes the cancellation of the data;
- where, if the Data Controller no longer needs to keep the data, there is an interest on the part of the interested party in their conservation for the purpose of exercising or defending a right in court;
- in case of opposition to the processing, but only for the time necessary to establish the primacy between the interest of the Data Controller and the right of the data subject.
The limitation can be revoked at any time and the Data Controller will inform the interested party before the revocation is effective.
The right to portability of the data provided by the interested party which allows the interested party to receive the personal data concerning him in a commonly used format.
The right to withdraw consent to the processing of data for the primary purposes of the processing at any time.
The revocation of the consent could however make it impossible to provide the service and in any case does not affect the lawfulness of the treatment based on the consent given before the revocation; Requests should be sent via e-mail to the address: info@studiolegalemoscati.it.
Art. 11 Data retention period
The data retention period is provided by the Data Controller within 10 years from the last legally relevant processing or from the acquisition of consent to the processing itself.
For any further clarification, the interested party can connect to http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1812198