INFORMATION ON THE PROCESSING OF PERSONAL DATA PURSUANT TO ART. 13 OF REGULATION (EU) 2016/679

​

Avv. Dr. Gian Marco Solas, contactable at the following e-mail addresses: gmsolas@sustainab-law.eu, PEC: gmsolas@pec.it, as data controller of personal data pursuant to the Italian legislation applicable pro tempore regarding the protection of personal data, i.e. Legislative Decree 196/2003 and subsequent amendments, as harmonized with the GDPR by Legislative Decree 101/2018 (the “National Legislation”) and Regulation (EU) 2016/679 – General Data Protection Regulation (“GDPR”) (hereinafter the National Regulation and the GDPR are collectively referred to as the “Applicable Regulation”), recognizes the importance of protecting your personal data and considers their protection one of the main objectives of your business.

 

Avv. Dr. Gian Marco Solas and his team are constantly committed to respecting and protecting your privacy and wants you to feel safe while simply browsing the site, even if you decide to register by providing your personal data to use the services made available.

This page therefore provides the main information on the processing of personal data of Users (hereinafter also "Data Subjects") who browse the website www.sustainab-law.eu ("Site"). Any other pages that you can consult via links on the Site, such as Facebook, Instagram, Twitter and YouTube or other web pages, are not the subject of this privacy policy; therefore, before interacting with these areas we invite you to carefully read the usage policies of these sites.

I inform you that the processing of your personal data will be based on the principles set out in the articles. 5 and 25 GDPR, including those of lawfulness, correctness, transparency, purpose and storage limitation, data minimization, accuracy, integrity, confidentiality and "privacy by design and by default". Your personal data will, therefore, be processed in accordance with the legislative provisions of the Applicable Regulations and the confidentiality obligations set out therein.

​

CONTENT

1. Data Controller and “Data Protection Officer” (DC/DPO)
2. Personal Data being processed
a. Browsing data
b. Data provided voluntarily by the interested party
c. Cookies and similar technologies
3. Purpose of the processing
4. Failure to provide personal data and consequences. Basis of lawfulness of processing in relation to individual purposes.
5. Minimum age
6. Recipients of Personal Data
7. Storage of Personal Data
8. Security measures for Personal Data
9. Transfer of data abroad
10. Rights of the interested party
11. Right to complain to the Supervisory Authority
12. Changes

​

1. DATA CONTROLLER AND “DATA PROTECTION OFFICER” (DC/DPO)

In light of the Applicable Regulations, the owner of the processing of personal data collected through the Site is Avv. Dr. Gian Marco Solas, contactable at the following email addresses: gmsolas@sustainab-law.eu, PEC: gmsolas@pec.it.

The Data Controller has not, for now, formally designated a Data Protection Officer (RPD/DPO) pursuant to art. 37 of Regulation (EU) 2016/679, since it does not fall within the mandatory cases.

​

2. PERSONAL DATA SUBJECT TO PROCESSING

“Personal Data” means any information relating to an identified or identifiable natural person in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more elements specific to his or her physical, physiological, psychic, economic, cultural or social identity.

The Personal Data collected by the Site are as follows:

a) Navigation data

The computer systems and software procedures used to operate the Site acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified interested parties, but which by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning, to identify anomalies and/or abuses, and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site or third parties. Except for this eventuality, data on web contacts currently do not persist for more than seven days.

​

b) Data provided voluntarily by the interested party (User)

Through the Site, you have the possibility to voluntarily provide the following Personal Data: name, surname and e-mail address. The data controller will process these data in compliance with the Applicable Regulations, assuming that they refer to you or to third parties who have expressly authorized you to provide them on the basis of an appropriate legal basis that legitimizes the processing of the data in question. With respect to these hypotheses, you act as an independent data controller, assuming all legal obligations and responsibilities. In this sense, it grants the broadest indemnity on this point with respect to any dispute, claim, request for compensation for damage resulting from treatment, etc. that may reach us from third parties whose Personal Data has been processed through your use of the Site in violation of the Applicable Regulations.

c) Cookies and similar technologies

The data controller collects Personal Data through cookies. More information on the use of cookies and similar technologies is available here.

​

3. PURPOSE OF PROCESSING

The data processing that we intend to carry out may have the following purposes:
1. Allow the provision of the Services requested by you, such as:
• creation of a personal account via the Site;
• processing of purchases, i.e. executing requests to purchase products offered on the "Shop" section of the Site, according to the General Conditions of Sale, which are accepted by the User during registration on the Site, as well as fulfilling subsequent reports and requests assistance;
• verification of the status of financial transactions (e.g. "suspended", "in progress" etc.) in relation to the payments made by you;
1. fulfill any legal, accounting and tax obligations;
2. assert or defend rights in court, in case of abuse in the use of the Site and/or our Services or for disputes of a contractual or non-contractual nature;
3. improving and personalizing our products and services, as well as our business generally, for example by tracking your product preferences, purchase history and interactions with the Site;
4. carrying out data analysis and scientific and market research;
5. sending commercial communications containing news, information and updates on our products and services, offers and promotions and events or commercial communications that may be of interest to you (email), personalizing your experience with us according to your interests or habits purchase and improve our services, in particular through profiling.

​

​

4. FAILURE TO PROVIDE PERSONAL DATA AND CONSEQUENCES. BASES OF LEGALITY OF PROCESSING IN RELATION TO INDIVIDUAL PURPOSES.

​

The provision of your personal data and, in particular, your personal data, your e-mail address, your postal address and telephone number is necessary to achieve the aforementioned purposes. Some of the aforementioned data may be essential to fulfill obligations deriving from laws or regulations or for the provision of other services rendered on the Site and requested by you.
Any failure to provide certain necessary data, identified on the Site with the character (*), could make it impossible to execute the product purchase contract or correctly fulfill legal and regulatory obligations.
Failure to indicate the data may therefore constitute, depending on the case, a legitimate and justified reason for not executing the contract for the purchase of products on the Site or the provision of services via the Site. The indication of further Personal Data, other than those of mandatory provision, is instead optional and does not entail any consequences regarding the purchase of products on the Site.
The legal basis for the processing of Personal Data for the purposes referred to in section 3(a) is art. 6.1.b) of the GDPR, as the processing is necessary for the execution of pre-contractual measures adopted at the request of the interested party, for the execution of the services contract and/or to respond to requests from the interested party. The provision of Personal Data for these purposes is optional, but failure to provide it would make it impossible to activate the Services provided by the Site.
The purpose referred to in section 3(b) represents processing of Personal Data carried out pursuant to art. 6.1.c) of the Regulation, for compliance with a legal obligation. Once the Personal Data has been provided, the processing is indeed necessary to fulfill a legal obligation to which the data controller is subject.
The processing for the purposes referred to in section 3 (c-d-e) is carried out pursuant to art. 6.1.f) of the Regulation, on the basis of the lawfulness of legitimate interest.
The processing for the segmented and personalized marketing purposes referred to in section 3(f) is carried out, pursuant to articles. 6.1.a) and 7 of the GDPR, only with your prior, free and free explicit consent, which may be revoked at any time, without prejudice to the lawfulness of the processing carried out prior to the revocation of the aforementioned consent.
To avoid any doubt, we will ask for your explicit consent (so-called opt-in) if in the future we decide to share your data with any third party for marketing purposes.

​

5. MINIMUM AGE

​

We place great importance on protecting the safety and privacy of children. We do not knowingly collect or use personal data from anyone under the age of sixteen (16) or any age limit established by the law of your country of residence. By registering on the Site, you confirm that you have reached the age of majority in your country of residence.

​

6. RECIPIENTS OF PERSONAL DATA

Your Personal Data may be shared, for the purposes referred to in section 3 above, with:
1. subjects who typically act as data controllers pursuant to art. 28 of the Regulation, namely:
or shippers/couriers;
or companies that provide marketing campaign management services to us;
or people, companies, bodies or professional firms that provide us with assistance and consultancy in accounting, administrative, legal, tax, financial and debt collection matters relating to the sale of goods and provision of services;
o subjects with whom it is necessary to interact for the provision of the Services (for example hosting providers) or subjects delegated to carry out technical maintenance activities (including maintenance of network equipment and electronic communications networks); (collectively “Recipients”); the list of data controllers who process data can be requested from the Data Controller.
2. subjects, bodies or authorities, independent data controllers, to whom it is mandatory to communicate your Personal Data pursuant to legal provisions or orders from the Authorities.

​

7. STORAGE OF PERSONAL DATA

​

Generally, we keep your personal data, in compliance with the principles of minimization and limitation of conservation, only for the period necessary to pursue the purposes for which they were collected.

Therefore, we keep your personal data for the time necessary for the execution of the contract, for the provision of legal or conventional guarantees or in accordance with the retention periods required by law (no more than 10 years from the end of the contractual relationship).

In relation to processing that requires consent (e.g. direct marketing), the data will be retained until you revoke your consent to the processing of personal data and, in any case, no later than 24 months.
Limited to data collected for profiling purposes, the data will not be kept for a period exceeding 12 months, unless consent is expressly renewed.

Further information regarding the data retention period and the criteria used to determine this period can be requested by writing to the Data Controller.

​

8. SECURITY MEASURES FOR PERSONAL DATA

We give great importance to the security of all personal data associated with our users. Therefore, we have implemented security measures to protect your personal data from accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access.

For the best possible protection of your personal data outside the limits of our control, your device must be protected (for example, with an updated antivirus system) and your Internet provider must take appropriate measures for transmission security of data on the network (for example, firewalls and anti-spam filters).

While we take reasonable protective measures, we cannot guarantee that the personal data you provide will be 100% secure, nor that any data breach will not occur.

By using this Site, you accept the security implications inherent in online transactions and will not attribute to us or their data controllers any data breach that is not due to negligence.

​

9. DATA TRANSFERS ABROAD

Your data is not transferred to third countries or international organizations.

If Avv. Solas decides, however, to transfer your personal data to third countries or international organisations, without prejudice to the updating of this information, it will respect the following alternative conditions:

1. the presence of an "adequacy decision" by the Commission pursuant to art. 45 “GDPR”, which guarantees a level of data protection substantially equivalent to that guaranteed within the Union;
2. the third country or the international organization has provided adequate guarantees to protect the interested party (standard clauses, codes of conduct and certifications referred to in art. 46, paragraph 2, GDPR) and the interested parties have enforceable rights to means of effective remedies;
3. one of the hypotheses falling within the specific exceptions referred to in the art. 49 GDPR (e.g. consent of the interested party, execution of a contract with the interested party, execution of a contract in favor of the interested party, exercise or defense of a right in court, data coming from a public register etc.).
 

10. RIGHTS OF THE INTERESTED PARTY

We inform you that, at any time, you may exercise the following rights:

• right of access to one's personal data pursuant to art. 15 GDPR, i.e. the possibility to request access and copies of all your data in our possession;
• right to rectification of personal data pursuant to art. 16 GDPR, i.e. the possibility of requesting the correction of any inaccuracy in the data concerning you, where the latter does not conflict with the current legislation on data retention;
• right to erasure ("right to be forgotten") of your personal data pursuant to art. 17 GDPR, where the latter does not conflict with current legislation on data retention;
• right to limit processing pursuant to art. 18 GDPR;
• right to data portability pursuant to art. 20 GDPR, i.e. the right to obtain the data concerning you in a structured, commonly used and machine-readable format, as well as to request its transmission to another data owner, when technically feasible;
• right to object to the processing of personal data concerning you pursuant to art. 21 GDPR;
• right to withdraw consent: where applicable, you have the right to withdraw your consent to data processing at any time. For example, if you would like to stop receiving electronic commercial communications, you can change your account settings on the Site, use the “unsubscribe” link included in our emails, or contact us directly, so we can stop sending you further emails. communications.

Furthermore, in the event that a violation of your personal data occurs (so-called "data breach") and the same is likely to present a high risk for your rights and freedoms, this will be communicated to you, without unjustified delay, in compliance of what is foreseen by the art. 34 GDPR.

All the above rights, for the content of which please refer to the aforementioned articles of law, may be exercised by request to be sent to the Data Controller at the addresses indicated above. The form for exercising your rights is available on the website of the Personal Data Protection Authority.

Furthermore, if the data controller decides to outsource the processing and appoint a Data Processor, he will ensure, through precise instructions and an agreement/appointment pursuant to art. 28 GDPR, that the latter is able to carry out its tasks in such a way that our company has no difficulty in following up on the exercise of the rights in question within the times set by the GDPR. The exercise of the above rights may be delayed, limited or excluded, in accordance with the provisions of the art. 2-undecies of Legislative Decree 196/2003.

The request to exercise your rights will be carried out in compliance with the legal deadlines, it being understood that we may ask you for proof of your identity and we reserve the right to request the payment of expenses, where permitted by law, for example in the event that your request is manifestly unfounded or excessive.

​

11. RIGHT TO COMPLAIN TO THE SUPERVISORY AUTHORITY

Without prejudice to any other administrative or jurisdictional appeal, if you believe that the processing of personal data relating to you, carried out through this site, is in violation of the provisions of Regulation (EU) 2016/679 GDPR, you will have the right to lodge a complaint with a Supervisory authority, in particular in the Member State in which he habitually resides, works or the place where the alleged infringement occurred.

More information and a complaint form are available on the website of the Personal Data Protection Authority.

​

12. MODIFICATIONS

This Privacy Policy is in force from (insert date of publication on the site)

The data controller reserves the right to modify or simply update its content, in part or completely, also due to changes in the Applicable Regulations.

The data controller will inform you of such changes as soon as they are introduced and they will be binding as soon as they are published on the Site. Our company therefore invites you to regularly visit this section to become aware of the most recent and updated version of the "Privacy Policy" so that you are always updated on the data collected and the use we make of it, without prejudice to the fact that we will notify you in the event of changes via a pop-up on the site or a specific email.