PRIVACY POLICY

Pursuant to Articles 13 and 14 of EU Regulation No. 679/2016, we detail below the information regarding the processing of personal data related to the use of the website and subscription to the newsletter.

1. Data Controller

The data controller is Attorney Andrea Maria Mazzaro of the Monza Bar Association, VAT No. 05253270960

2. Purpose of Data Processing

Only the personal data necessary for management and to respond to the requests and reports of the data subjects will be retained.

The Controller will process users' data in order to respond to requests made through the website and/or for sending the newsletter.

Furthermore, by filling out the request form, consent will be given to the processing of personal data for receiving informational communications related to the services offered by the Controller or initiatives via email or other communication means.

The user may revoke the aforementioned consents at any time, as well as exercise their rights of access, rectification, deletion, restriction, opposition, or portability, by sending a notification via regular mail to the Controller's address or via email to the following address:

asanalegal@mphlex.it

3. Data Retention Period

The personal data provided by the data subjects will be retained until deletion is requested by the data subject or until the Controller uses them for sending information. In both cases, the data will then be permanently deleted.

4. Lawfulness of Data Processing

The processing of personal data of the data subjects is based on the legitimate interest of the Controller in responding to requests made through the website or in response to communications sent to the email address asanalegal@mphlex.it and, on consent, to keep the data subjects informed about the Controller's activities, promotions, offers, events, updates.

The rights of the data subjects will always prevail over the legitimate interest of the Controller in collecting and processing personal data. For this reason, only the necessary data will be requested.

5. Data Disclosure to Third Parties

The Controller will not disclose any user data to third parties. They may only be communicated to newsletter sending systems or cloud storage systems without these having the right to use the data for their own purposes other than those instructed by the undersigned Controller. The collected data will not be transferred outside the European Union.

6. Security Measures

The Controller adopts all appropriate and reasonable measures to protect against misuse, loss, or unauthorized access to the personal information we hold. To this end, we have implemented a series of specific technical and organizational measures. These include measures to address any suspected data breaches.

7. Rights of the Data Subject

As a data subject, you have the rights provided for in Articles 13 and following of EU Regulation 679/2016 (GDPR).

Specifically, you have:

pursuant to Article 13 of the GDPR, the right to lodge a complaint with a Competent Authority;
pursuant to Article 15 of the GDPR, the right to access information related to data processing, including: the purposes of processing; the types of personal data processed; the expected retention period of personal data or, if not available, the criteria used to determine it; the recipients or categories to whom the data have been or will be communicated; any data transfers to third countries; if the data were not collected from the data subject, the available information on their origin; the existence of automated decision-making processes, the logic applied to user segmentation for profiling activities, and the significance of such processing for the data subject.
pursuant to Article 16 of the GDPR, the right to obtain the rectification of inaccurate data and the integration of incomplete data;
pursuant to Article 17 of the GDPR, the right to request deletion and to obtain it if certain reasons exist, including: the data are no longer necessary in relation to the purposes for which they were collected; the personal data have been unlawfully processed; the personal data must be deleted as a consequence of a legal obligation established by European Union or Member State law.

8. How to Exercise Your Rights

To exercise the rights listed above, you may write via email to the Data Controller at the following address: