The company Alberti Fontana Peron Cera s.t.a., with registered office in Vicenza, Piazza Araceli 2, tax code 04187270246, EconomicAdministrative Index (REA) no. VI-385980, (“AFPC” or the “Company”), in accordance with art. 13 GDPR, and in relation to your personal data (“PD”) which come into its possession for the purpose or at the time of instructing the company to act on your behalf, wishes to provide you with the information set out below.
This privacy statement applies to all the professional services and services in general offered and/or provided to our current or potential customers. This is the case, regardless of the Professional providing the service and/or the platform through which we offer and/or supply the service: paper-based mail, website, email, telephone or social network, other forms of communication or transmission
1 - Data Controller and Data Protection Officer
1.1 The Data Controller (“Controller”) is AFPC, represented by the lawyer, Stefano Peron or the lawyer, Nicola Cera or the lawyer, Francesco Fontana or the lawyer, Nicola Alberti, (hereinafter individually and jointly referred to as “Professional/s”), all duly authorised representatives of AFPC, with address for service at the company’s registered office.
1.2 The Controller has not appointed a Data Protection Officer (“DPO”) as the legal conditions requiring the mandatory appointment of a DPO are not met.
2 –Purposes of data processing
2.1 Processing is primarily aimed at permitting the tasks assigned to the professional involved, both in and out-of-court, to be performed fully and correctly and also at drawing up estimates or assessing opportunities to bring an action. More precisely, these principal processing purposes (“Principal Purposes”) include the following:
- to provide the professional services requested;
- to comply with legal obligations, relating to tax and accounting, employment law, welfare and social security or insurance, including current anti-money laundering legislation;
- to handle payments of proforma invoices and invoices issued by AFPC, also through credit institutes, insurance, factoring or leasing companies;
- to comply with any other legal obligations to which AFPC or the Professional is subject, as laid down in current legislation.
- teaching, scientific and literary activities, publications on specialised magazines;
- newsletters, selection or invitation to attend events, congresses and meetings;
- greetings, commemorative or celebrative cards;
- information supplied regarding opening/closing hours at the AFPC offices and the scheduling of meetings.
2.4 If the processing of particular data is fundamental to operations connected with our working relationship or in order to provide specific services and perform legal obligations, the supply of these data will be mandatory and since the processing thereof is only permitted with the data subject’s prior written consent (arts. 9 and 10 GDPR), you will be obliged to give your consent also to such processing.
3 –Processing methods
3.1 Within the meaning and for the purposes envisaged in articles 12 et seq. GDPR, AFPC informs you that the PD which you have given us will be registered, processed and stored in our paper-based and electronic files (including portable devices). PD will be processed initially and primarily with the use of paper-based media (with regard to collection, storage and use by drawing up and utilising letters, legal documents, invoices, etc.). AFPC also uses electronic or automated tools when performing the tasks assigned to it, whenever it is necessary to draw up documents or correspondence (typically computers are used for word processing) and to send them to court offices (including arbitration offices), opposing parties and their defence counsel, internal working associates, colleagues providing address for service and technical experts (via fax and e-mail).
3.2 The processing of PD may consist of any operation or series of operations included amongst those indicated in art. 4, paragraph 1, point 2, GDPR.
3.3 Your PD may, for the purposes of handling our working relationship in a proper manner and performing legal obligations, be inserted in the Controller’s internal documentation and, if necessary, also in accounts and registers kept in accordance with the law.
4 –Legal basis of processing
4.1 AFPC processes your PD lawfully, whenever such processing:
- is necessary to provide the professional services requested, for the performance of a contract to which you (or the companies or bodies of which you are a member, director, agent, representative or attorney) are a party, or to deal with pre-contractual measures at your request;
- is necessary for compliance with a legal obligation to which AFPC or the Professional is subject;
- is based on express consent, referring to activities connected with the Additional Purposes.
4.3 Finally, your express consent is not required – and, if given, shall be considered as confirmation that the processing in question is lawful – when the processing relates to the preparation of or engagement in activities connected with the Principal Purposes.
5 – Consequences of failure to supply PD
5.1 The failure to provide PD relating to the performance of the contract to which you are a party (or the companies or bodies of which you are a member, director, agent, representative or attorney) or relating to compliance with a legislative obligation (for example, obligations connected with the keeping of accounting and tax registers and accounts) will prevent the conclusion of the contract or, in certain cases, will suspend or prejudice the performance thereof.
5.2 Data which are not essential to the performance of the contract will be recognised and considered as additional information and the supply of such data, if requested, will be discretionary.
6 –Storage of PD
Your PD, processed for the Principal and/or Additional Purposes, will be stored throughout the term of the contract and thereafter, for the period of time for which AFPC and/or the Professional is obliged to store them for tax or other purposes, envisaged by legislation or regulations and kept for the periods laid down by the statute of limitations.
7 –Disclosure of PD
7.1 Your PD may be disclosed to:
a) external professionals (including, for example: lawyers, accountants, employment consultants, data processing centres, etc.) that provide services useful for the achievement of the Principal and/or Additional Purposes, who/which – if the legal conditions are met – will act as external data processors;
b) the Controller’s employees, working associates and assistants, in their capacity as persons authorised to process data and/or internal data processors and/or system administrators, or the DPO, if appointed;
c) external companies or other subjects not referred to under the letters above (for example, credit institutes, professional practices, consultants, insurance companies for the supply of insurance services, factoring or leasing companies, etc.) that provide services useful for the achievement of the Principal and/or Additional Purposes, which – if the legal conditions are met – will act as external data processors;
d) subjects who process data in the performance of specific legal obligations;
e) judicial or administrative authorities, including arbitration authorities, for compliance with legal obligations;
f) editors and managers of magazines or newspapers for the Additional Purposes.
7.2 The Controller may also disclose your PD to an e-mail address and message transmission management service.
8 – Profiling and dissemination of PD
We also wish to inform you that your PD will not be the subject of dissemination and will not be disclosed without your express consent, nor will they be the subject of any fully automated decision-making process, including profiling, with the exception of necessary communications that may require data to be transferred to public bodies, consultants or other subjects in compliance with legal obligations. More precisely, your data may be disclosed to:
a) Public offices or bodies or supervisory bodies in compliance with legal and/or contractual obligations;
b) Banks and/or credit institutes for the handling of payments stemming from the contractual relationship.
9 –Transfer of PD
9.1 Your PD are stored on servers situated at the Data Controller’s offices in Vicenza (Italy). 9.2 Your PD will not be transferred either in member states of the European Union or in non-member states of the European Union, unless such operations are necessary for the attainment of the Principal Purposes.
9.3 Without prejudice to the disclosure or dissemination of data in compliance with legal obligations, PD may be transferred abroad whenever necessary in the pursuit of the Principal Purposes.
9.4 Whenever PD are transferred to a third-party state or to an international organisation, you are entitled to obtain information regarding recognition of the adequacy of guarantees as defined in art. 46 GDPR.
9.5 The Controller benefits from the e-mail address and message transmission management service, through the electronic mail service provided by Google “gmail.com”.
10 - The data subject’s rights
The rights conferred upon you by the GDPR include the right:
- to obtain access from AFPC to your PD and information relating to them; to rectification of inaccurate data or to have incomplete data completed; to erasure of PD concerning you (on one of the grounds set out in art. 17, paragraph 1 of the GDPR and in keeping with the exceptions envisaged in paragraph 3 of that article); to restriction of the processing of your PD (when one of the conditions described in art. 18, paragraph 1 of the GDPR is met);
- to request and obtain from AFPC – provided that the processing is legally based on the contract or the consent, and the processing was carried out by automated means – your PD in a structured and machine-readable format, also in order to transmit those data to another data controller (referred to as right to data portability);
- to object to the processing of your PD at any time, on grounds relating to your particular situation;
- to withdraw your consent at any time, proved that the processing is based on your consent to one or more specific purposes and relates to common personal data (for example, date and place of birth, or place of residence or particular categories of data (for example, data that reveal your racial origin, political opinions, religious convictions, state of health or sex life). The lawfulness of processing based on consent and carried out prior to withdrawal is not, in any event, affected;
- to lodge a complaint with a supervisory authority (Italian Data Protection Supervisor – www.garanteprivacy.it).
11 – Methods to be adopted to exercise rights
As data subject, you are entitled to exercise your rights at any time by sending:
- a registered letter with advice of receipt to Piazza Araceli, 2, 36100 Vicenza;
- an e-mail to the certified e-mail address: firstname.lastname@example.org
12 – Data processed
12.1 Navigation data. The computer systems and software procedures designated to operate this website may acquire, during normal operations, certain personal data that are impliedly transmitted whenever Internet communication protocols are used. This information is not collected to be associated with identified parties, but due to their very nature, may, through processing and association with data held by third parties, allow Users to be identified. This data category includes the IP addresses or domain names of computers used by Users connecting to the site, addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numeric code indicating the status of the reply given by the server (successful, error, etc.) and other parameters relating to the operating system and the User’s computer environment. These data may be used solely for the purpose of obtaining anonymous statistical information relating to the use of the website and to verify that the site is functioning correctly, and will be erased after 1 year. These data may be used to verify possible liability, if it is suspected that computer crimes damaging the site have been committed.
12.2 Data supplied by the User of his/her own free will. The discretionary, express and voluntary transmission by e-mail to the addresses indicated on this website implies the subsequent acquisition of the sender’s address, required in order to reply to requests, as well as any other personal data included in the message. Specific summarised privacy statements will be set out or displayed progressively on the website pages prepared for particular services upon request.