This policy is made pursuant to Article 13 of the Regulation (EU) 2016/679 – GDPR for the processing of personal data and in accordance with the Italian provisions contained in the Code regarding the processing of personal data (Legislative Decree 30 June 2003, no. 196 and subsequent amendments) and it is aimed at providing users of the website www.slss.it [“the Site”] and the social network account pages (Facebook) – (LinkedIn) [“Social Pages”] with full information regarding how their personal data is processed.

This policy refers exclusively to the Site and Social Pages and may not be extended to internet services or sites managed by third parties that may be reached through the Site.

The Controller

The Controller is the Professional Association Stigi Stiefel Trulli Studio Legale, VAT no. and Tax Code no. 09381781005, represented by its members and legal representatives Michael Louis Stiefel, Andrea Stigi and Tommaso Trulli, based in Rome, Via Fasana No. 21, tel. 0664520925, e-mail privacy@slss.it.

The Controller has not appointed a Data Protection Officer (DPO).

Types of personal data processed

Navigation data

Computer systems and software procedures for the operation of websites automatically acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This includes, for example, the IP addresses or domain names of the computers used by parties connecting to the site, the uniform resource identifier (URI) notation addresses of the requested resources, the time of the request, etc. Such data are not collected by the Controller to be associated with specific users, but by their very nature could allow for the identification of users, through processing and associations with data held by third parties. The Controller uses such data for the sole purpose of obtaining anonymous statistics on the use of the Site and to ensure its proper functioning; Information is retained for processing time. However, the data could be used to establish liability in the event of cybercrimes against the site. Such information and data are processed to satisfy the rightful interest of the Controller both for security reasons and for protection against illegal acts, and to improve the services offered through the website and ensure the best user experience.

Data provided voluntarily by the user

Users may send requests to the Controller on a purely voluntary basis by contacting it through the addresses obtained from the site and communicating their personal data such as first name, last name and e-mail address. The information provided with the message may contain additional data that will inevitably be acquired and processed by the Controller: if a user prefers to limit the collection of data, he or she should communicate only such data that are strictly necessary for the purpose for which he or she is contacting the Controller. The processing of the data takes place to respond to the messages of the concerned parties and to carry out pre-contractual steps at the request of the concerned parties.

In the event of spontaneous candidacies for employment with the Controller, the data received will be processed for the execution of pre-contractual steps prompted by the concerned party and, should there be particular data (e.g. relating to health, political, philosophical or religious convictions), such data will be processed to comply with duties or to allow for the exercise of rights of the Controller or of the concerned party in employment and social security matters, as required by law.

In any case, the data will be retained for as long as it takes to handle requests and deleted within 3 months of the last communication.

Cookies

Cookies are small text files sent by the Site or from third-party websites to the devices of the Data Subject, where they are stored, and then transmitted again on subsequent visits. The Site does not use first-party profiling cookies to send advertisements in line with the preferences expressed by the user in the context of web browsing.

The Site uses only technical and analytical cookies to satisfy the legitimate interest of the Controller to allow the operation of the Site and to process statistics and analysis on visits in aggregate and anonymous form. In particular, the Site uses the Google Analytics service, provided by Google Inc. – Google Italy Ltd., with a reduction in the identifying power (anonymization of the IP address) and the exclusion of the possibility of crossing the collected information with others that it may already have.

Cookies used by the Site do not require the user’s prior consent, and are used to satisfy the rightful interest of the Controller to improve the services offered through the website and ensure the best user experience.

The user, however, using the instructions below and aware of the possibility that some features of the Site may be in all or part compromised, can freely decide to disable and/or delete them, by setting up their browser to do so.

Below is the list of the most common browsers with links to settings for managing cookies:

Safari 2 or higher: https://support.apple.com/it-it/guide/safari/sfri11471/mac

Opera 10.5 and above: https://help.opera.com/en/latest/web-preferences/#Cookies

Firefox 3.5 is superior: https://support.mozilla.org/it/kb/Gestione%20dei%20Cookie

Google Chrome 10 and above: https://support.google.com/accounts/answer/61416?hl=it

Internet Explorer: https://support.microsoft.com/it-it/help/17442/windows-internet-explorer-delete-manage- cookies

In any case, browsers provide “private” browsing mode, enabling which cookies are always deleted after the closing of each browsing session.

In addition to the above, one can disable Google Analytics Cookies by downloading the deactivation add-on to the following web address: https://tools.google.com/dlpage/gaoptout.

Social buttons and Social Pages

The Site, to improve the user experience, uses the Facebook Social button that allows the user of the Site to be directed straight to the Account pages of the Controller present on the respective social network.

Social network providers are third parties with respect to the Controller regarding the data of the Interested parties interacting with their respective social pages, they are to be considered themselves independent Controllers of processing. To learn the purpose, the mode and scope of the processing of personal data, as well as the possible installation of Cookies by these parties, as well as related rights and settings to protect privacy, the user will have to refer to the privacy policy provided by the relevant social network; Facebook: www.facebook.com/policy.php LinkedIn:

The Professional Association Stigi Stiefel Trulli Studio Legale, however, in some cases may be considered the Controller or co-controller of processing of data of users interacting with the respective Social Pages.

In particular, with reference to “insights” – aggregated statistical information that helps the Controller understand user interactions with Facebook Social Pages –Stigi Stiefel Trulli Studio Legale and the Social Network provider are accountable for the processing according to the terms available at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

At the same time, when the Professional Association Stigi Stiefel Trulli Studio Legale interfaces directly with users of the Social Network it is considered the Controller of the relative data processing.

In these cases, the processing of the data is carried out to respond to the messages of the concerned parties and for the execution of pre-contractual steps taken at the request of the latter parties, as well as to satisfy a legitimate interest of the Controller in improving the services offered and ensuring the best user experience. Under no circumstances will tools for direct profiling or marketing be used, nor will the data be used for this purpose.

Possible recipients or categories of recipients

If necessary, the data collected will be processed exclusively by persons authorized to do so and who are properly instructed, as well as by Auditors and Processors who are linked to the Controller by specific agreements and carry out activities in support of the Controller. The data may also be disclosed to third parties (Public Bodies, Police Forces or other Public and Private Subjects), but solely to fulfill contractual obligations or to comply with domestic laws or with EU regulations or legislation.

Transfer to Third Countries

The data are processed in countries belonging to the European Union. If transferred to countries outside the European Union, the data will only be transferred to countries deemed capable of providing an adequate level of protection of personal data, subject to the European Commission’s adequacy assessment, or in the presence of adequate guarantees and provided that the concerned parties maintain effective rights and means of redress, as required by current legislation.

Rights of the Concerned Parties

In relation to the processing described in this Notice, the concerned party, as required by European Regulation 679/2016, may exercise the rights enshrined in Articles 15 to 21 and, in particular, the right to ask the Controller for access to personal data, the correction or deletion of the personal data, as well as the limitation of the processing that concerns her or him. The concerned party may also object to the processing for legitimate reasons, as well as exercise the right to data portability.

For the exercise any of these rights, the concerned party may make his or her requests to the Controller by any means deemed appropriate and, in any case, by contacting the Controller as indicated below:

telephone: 39 06 6452 0925;

e-mail: privacy@slss.it;

Via Fasana No. 21 – 00195 – Rome, Italy

The concerned party also has the right to complain to an oversight authority, particularly in the Member State where he or she usually resides, works, or, in the place where the alleged breach occurred, which in Italy corresponds to the Guarantee Authority for the Protection of Personal Data, Piazza Venezia No. 11 – 00187, Rome (RM) – mail: garante@gpdp.it – mail pec: protocollo@pec.gpdp.it, whose references are also found on the website: www.garanteprivacy.it, or to bring the matter before the appropriate Court (art. 79 of the Regulation).

Last update,

Rome, 12.04.2020

Stigi Stiefel Trulli Studio Legale