Privacy Policy

Pursuant to art. 13 of the EU General Data Protection Regulation (GDPR) 2016/679 (hereinafter referred to as “GDPR”) and to the relevant European and national laws that amend and/or supplement it (hereinafter referred to as “Data Protection Laws”), this privacy policy describes the working of this website with specific regard to the purposes and modalities through which personal data pertaining to the users who visit it are processed; this policy refers solely to the website www.aclaw.it (hereinafter also referred to as the “Website”).

Definitions of personal data and processing

According to art. 4 of the GDPR “personal data” means “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”, whereas “processing” means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”.

Data controller

The data controller is Associazione Professionale Ceccon & Associati - Avvocati (ACLAW) (hereinafter also referred to as the “Firm”), with registered offices at Galleria Borromeo n. 4, 30135 - Padua (Italiy). The data controller may be reached at the following addresses: phone number: +39 0498774630; fax: +39 0498750299; e-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

Type of data processed

1) Navigation data

The IT systems and the software procedures for the operation of this website, while being normally used, collect some personal data whose transmission is implicit while using the Internet communication protocols. The above information is not collected to be associated to any identified persons; yet, its same nature could make it possible to identify users, by means of special processing and associations with other data. The IP addresses or the domain names through which the users connect to the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of request, the procedures used to submit the request to server, the file size of the reply, the numeric code indicating the status of the server's reply (successfully delivered, error and so on) and other parameters relating to the user's operating system or IT environment, fall within this category of data.

2) Data voluntarily provided by the user

Discretionary, explicit and voluntary transmission of electronic mail to the addresses of this site entails the subsequent collection of the sender’s address, necessary in order to reply to requests, and also of any other personal data contained in the message. Specific summary information shall be progressively reported or visualized on the site’s web pages set up for particular on request services. It should be noted that resume’s submission involves the collection of the data included in the resume itself, in addition to the abovementioned data.

Purposes of data processing

Navigation data are merely used to obtain anonymous statistical information on the use of website and to verify its proper operation, thus, it will be deleted immediately after processing. The data may be used to ascertain any liability in case of possible IT-related offences to the prejudice of the website: except for this circumstance, the data about web contacts will not be held for more than seven days.

The Firm processes personal data voluntarily provided by the data subjects exclusively in connection to:

1. newsletter subscription; invitations to events and conferences; subscriptions to mailing lists for dispatch on the Firm’s activities (events organized by the Firm, certifications and awards received, information on careers within the Firm);
2. Request of information about the Firm or contact requests

Legal basis for processing

In relation to the cases described above under a):

- the data subject may sign up to our newsletter through the specific website’s section, in order to receive scientific articles on matters concerning jurisprudence, jurisprudence changes and other law issues related to the Firm’s areas of activity; or

- the data subject may receive information regarding events and conferences organised by the Firm on the basis of the Firm’s legitimate interest in maintaining contacts with the interested party, in cases the data subject had already participated to an event of ours or subscribed to our newsletter, without prejudice to the right to object (“opt-out”); or

- the data subject may be entered into a mailing list as a result of contacts with the Firm or with a professional or collaborator of the Firm (for example, exchange of business cards or other contact that may constitute an active behavior demonstrating interest towards the Firm); in such a case it constitutes a legitimate interest of the Firm to keep in contact with him/her by sending communications concerning the Firm as well as events organized by the Firm and that the Firm thinks could be of interest to the data subject (duly considering the expectations of the data subject), without prejudice to the right to object (“opt-out”).

In relation to the cases described above under b), the Firm shall process personal data insofar as they are necessary to fulfill pre-contractual measures adopted at the request of the data subject and for the limited needs aimed at satisfying or answering his requests.

Lastly, the Firm may process users’ personal data in the pursuit of its own or third parties’ “legitimate interests”, for example for the management of any disputes, claims, complaints, and protection of their information systems, as well as to comply with the applicable laws and regulations.

Processing methods and criteria for data storage

Data processing shall be carried out in an automated and/or manual way, in accordance with art. 32 of the GDPR regarding security measures, by the Data controller and/or the Data processor and/or the people in charge of processing (if appointed), in compliance with art. 29 of the GDPR.

Personal data are automatically processed for as long as is necessary to fulfil the purposes for which they have been collected. Personal data processed for informative purposes will be kept until the user cancel his subscription to the service as well as for the periods of time provided for by specific provisions of law, if applicable. Specific security measures have been adopted to prevent any loss of data, any unlawful or incorrect use of the same and unauthorised access.

Location and transfer of data

Personal data shall be stored within the European Union. Personal data shall not be transferred to Countries or International Organisations not belonging to the European Union which do not ensure an adequate level of protection, recognized, pursuant to art. 45 of the GDPR, on the basis of an adequacy decision adopted by the European Commission. In the event it becomes necessary to transfer personal data to Countries or International Organisations outside the European Union, in relation to which the European Commission has not adopted any adequacy decision pursuant to art. 45 of the GDPR, such transfer shall take place only in the presence of adequate guarantees provided by the recipient Country or the Organization, in compliance with art. 46 of the GDPR and under the condition that the data subject have actionable rights and effective means of judicial redress. In the absence of an adequacy decision by the European Commission, pursuant to art. 45 of the GDPR, or adequate guarantees, pursuant to art. 46 of the GDPR, including the binding corporate rules, cross-border transfer will take place only if one of the conditions indicated in art. 49 of the GDPR.

Cookies

The specific cookie policy can be found at the following link: https://www.aclaw.it/cookies-policy.html

Provision of data

Except as specified with regard to navigation data, the user can freely provide personal data by forwarding e-mail in order to request information material, to submit an application by means of sending a resume, or to participate to the initiatives organised by the Firm. Failure to provide said personal data may involve, in such cases, the impossibility for the Firm to follow up the requests of the users themselves.

Communication of data

Personal data may be communicated or made available, for the abovementioned purposes, to categories of subjects both internal and external who will act, as the case may be, as data processor or persons in charge of processing. Some data may be communicated in anonymous and aggregated form to third parties for statistical purposes. In any case, such data shall not permit the identification of the data subjects. With the exception of cases allowed by the law, or provided in this Privacy Policy, personal data shall not be communicated or disseminated without data subjects’ consent.

Data profiling and diffusion

Personal data shall not be subject neither to diffusion nor to any entirely automated decision-making process, including profiling.

Rights of the Data Subject

Pursuant to Data Protection Laws, the Data Subject shall be entitled to:

• obtain from the Data Controller confirmation of the processing or non-processing of personal data concerning him or her;
• if his or her data are being processed, obtain from the Data Controller access to personal data and information relating to the processing as well as request a copy of the personal data;
• obtain from the Data Controller the rectification of inaccurate personal data and have incomplete personal data completed;
• obtain from the Data Controller the erasure of personal data concerning him or her where one of the grounds provided for by Section 17 of the GDPR applies;
• obtain from the Data Controller restriction of processing where one of the cases provided for by Section 18 of the GDPR applies;
• receive from the Data Controller personal data concerning him or her which he or she has provided to a controller in a structured, commonly used, machine-readable and interoperable format, and request their transmission to another controller, if technically feasible;
• object at any time to processing of his or her personal data carried out to pursue a legitimate interest of Data Controllers. In case of objection, his or her personal data will no longer be processed, unless legitimate reasons exist for the processing, which override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defense of legal claims.
• where personal data are processed based on consent, withdraw at any time the consent given, without affecting the lawfulness of any processing based on said consent and carried out before the withdrawal. Consent may be withdrawn by writing an email to the address This email address is being protected from spambots. You need JavaScript enabled to view it..
• opt-out, where expressly provided for in this Privacy Policy
• lodge a complaint with a Supervisory Authority if he or she considers that the processing of personal data relating to him or her infringes his or her rights under the GDPR, according to the methods set out on the website of the Supervisory Authority accessible from the following link: www.garanteprivacy.it.

Changes to the current Privacy Policy

The Data Controller periodically checks its security and privacy policy, and as the case may be, may modify such policy to reflect changes in legislation and best organizational practices or enhancements to functionality dictated by technology evolution. In the event of changes in policy, the new version will be published on this page of the site.