Below are some definitions, in order to help the user understand the information on the processing of personal data.

1 - Data controller
Pursuant to art. 4, point 7, of EU Regulation 2016/679 – GDPR, the data controller is “the natural or legal person, public authority, service or other body which, individually or together with others, determines the purposes and means of the processing of personal data”.
With regard to this website, the data controller is: FDL.

2 - Data processor
Pursuant to art. 4, point 8, of EU Regulation 2016/679 – GDPR, the data processor is “the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller”.

3 - Place of data processing
The place where personal data is processed, generated by the use of the website, is considered the place of processing of personal data. The place of processing of personal data is at the operating headquarters of FDL, located in Piazza Borromeo, 12, Milan (MI), 20123.
If necessary, the data connected to the web service may be processed by the data processor or subjects appointed by it for this purpose at the relevant office.

The purpose of this website notice is to:

1. provide information regarding the methods, timing, and nature of the information that the Data Controller must provide to users when connecting to the FDL web page, regardless of the purpose of the connection, in accordance with Italian and European legislation;

2. verify the correct functioning of the site, and for security reasons;

3. provide the user with information about the Firm and its areas of activity, the professionals who operate within the structure and who have consented to the inclusion of their personal data on the FDL website platform, inform users through the “Network” and “Media” sections, and ensure contact with the Firm;

4. recontact the user following the voluntary and spontaneous sending of requests through the use of the email address provided on the site or the use of the telephone or fax number.

If FDL intends to further process personal data for a purpose other than that for which it was collected, it will first provide the data subject with all necessary information and obtain their consent where required.

The personal data collected through the website www.fdl-lex.it are processed for the aforementioned purposes in order to provide a service regarding the methods, timing, and nature of the processing at the time of voluntary connection to the site, as well as to verify the correct functioning of the site, for security reasons, and to provide information about the Firm and its activities. In such cases, the information will be processed based on the legitimate interests of the Data Controller. The personal data contained within the requests sent spontaneously by the user will be used to recontact the user only to fulfill the requested service.

At the time of the first contact with the user, more detailed and specific information will be provided regarding the processing of personal data.

Pursuant to Article 4, point 2, GDPR, «processing» means: “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”.

Like all websites, this site also uses log files in which information collected automatically during user visits is stored.
The information collected may be the following:
- internet protocol (IP) address;
- type of browser and device parameters used to connect to the site;
- name of the internet service provider (ISP);
- date and time of visit;
- web page of origin of the visitor (referral) and exit;
- possibly the number of clicks.

Personal data are processed using manual and IT tools with logic strictly related to the purposes for which they were acquired and, in any case, in such a way as to guarantee the security and confidentiality of the data. For security purposes (spam filters, firewalls, virus detection), the data recorded automatically may also include personal data such as the IP address, which could be used, in accordance with the laws in force on the matter, in order to block attempts to damage the site itself or to cause damage to other users, or in any case harmful activities or constituting a crime. These data are never used for user identification or profiling, but only for the protection of the site and its users; this information will be processed based on the legitimate interests of the data controller. The collection of personal data is limited to the minimum necessary for each specific purpose of the processing. The processing of personal data is limited to the purposes for which they were collected. The storage of personal data is limited to the minimum necessary for each specific purpose of the processing. Personal data are not provided to commercial third parties. The sale or rental of personal data is not carried out.

Cookies are small strings of text used to store certain information that may relate to the user, their preferences, or the device used to access the Internet (computer, tablet, or mobile phone) and are mainly used to adapt the operation of the site to the user's expectations, offering a more personalized browsing experience and storing previously made choices.
A cookie consists of a small set of data transferred to the user's browser by a web server and can only be read by the server that performed the transfer. It is not executable code and does not transmit viruses.
Cookies do not record any personal information and any identifiable data will not be stored.
By accessing any of the elements below the banner on the home page of the Site, users/visitors expressly accept FDL's policy on the use of Cookies.

FDL uses the following types of Cookies:

• Strictly necessary cookies.
These are essential for the operation of the Site. They include, for example, those that allow users to access protected areas of the Site, use the shopping cart, or the e-mail billing service.

• Cookies for performance analysis.
This type of Cookies helps to recognize and count the number of visitors, as well as to check how they move around the FDL Site when used. This control allows a better functioning of the Site itself, for example allowing users to easily find what they are looking for.

• Cookies for functionality analysis.
These are used to recognize users when they return to visit the FDL Site. They promote the personalization of content according to the user's tastes, storing their previous preferences (for example, the language chosen for navigation or the geographical location).

• Targeting cookies (or advertising cookies).
These Cookies record users' visits to the FDL Site, the pages visited, and the links made by the users themselves. This information will be used to make the FDL Site and the advertisements that appear on it as close as possible to the interests of users. To this end, we may also share this information with third parties.

Please note: FDL Law Firm declines all responsibility in relation to the use of third-party cookies (including, for example, advertising networks and external service providers such as internet traffic analysis services), over which our company has no control. For more information on these cookies, to give consent to their use or to deny it, please click on the links in the table on this page.

Users/visitors are advised that it is possible to block Cookies through the function in the browser settings, which will allow them to refuse the setting of all or some Cookies. However, if users block all Cookies (including those strictly necessary), it may not be possible to access all or some of the content on the FDL Site.

Apart from what is specified for navigation data, the user is free to provide personal data by spontaneously sending their requests to FDL, as well as on the LinkedIn platform profile. It should be noted that failure to provide personal data may make it impossible to obtain the requested service. The provision of personal data for these purposes is therefore entirely optional and does not prejudice the use of other services guaranteed by the data controller for browsing the website.

The data of users and visitors to the Data Controller's site are used exclusively for activities strictly connected and instrumental to the operation of the site.
Users' Personal Data may be communicated to and processed by collaborators and/or employees of the Data Controller, in their capacity as authorized/appointed data processors, within the scope of their respective functions and in accordance with the instructions given by the Data Controller.
In some cases, external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies) who act on behalf of the Data Controller, duly appointed, if necessary, as Data Processors pursuant to Article 28 of the GDPR on the protection of personal data, may have access to the data. The updated list of data processors can always be requested from the Data Controller.
It is specified that users' data will not be disseminated, nor will they be in any way subject to automated decision-making processes, including profiling.

The management and storage of personal data will take place on servers located within the European Union of the Data Controller and/or third-party companies appointed and duly named as data processors. Currently, the server is located at the Data Controller's headquarters indicated above. The data will not be transferred outside the European Union.
It is in any case understood that the Data Controller, should it become necessary, will have the right to move the location of the servers within the European Union and/or to countries outside the EU. In this case, the Data Controller ensures from now on that the transfer of data outside the EU will take place in accordance with the applicable legal provisions, stipulating, if necessary, agreements that guarantee an adequate level of protection and/or adopting the standard contractual clauses provided by the European Commission.

In order to ensure compliance with the principles of necessity and proportionality of processing, personal data are processed for the period of time strictly necessary to achieve the purposes indicated in this privacy policy, as well as on the basis of legal and regulatory provisions.

Each user and/or visitor may exercise their rights against the data controller or the data processor, by contacting the data controller of personal data using the following contact details:
T +39 02.72.14.921, F +39 02.80.52.565, mail: info@fdl-lex.it.
To guarantee the correct exercise of rights, the data subject must be identifiable in an unequivocal manner. The company undertakes to provide a response within 30 days and, if it is impossible to meet these deadlines, to justify any extension of the terms provided. The response will be free of charge except in cases of groundlessness (e.g. there are no data concerning the requesting data subject) or excessive requests (e.g. repetitive over time) for which a contribution to expenses may be charged.

The data subject may also lodge a complaint with the supervisory authority, as well as revoke the consent given.
In the event of a personal data breach suffered by the company (Data Breach), in compliance with Article 33 of the GDPR, the data controller will proceed to notify the competent supervisory authority within 72 hours from the moment in which it became aware of the fact and will also communicate the event to the data subject, except for the cases of exclusion provided for by the legislation in Article 34, paragraph 3 of the GDPR.

The data subject has the right to obtain information on:
• the origin of personal data and the categories of data processed;
• the purposes and methods of processing;
• the retention period of personal data;
• the logic applied in the case of processing carried out with the aid of electronic instruments;
• the identification details of the Data Controller and the Data Processor of personal data;
• the subjects and categories of subjects to whom personal data may be communicated or who may become aware of them in their capacity as data processors or persons in charge, including in Third Countries
• the existence of the profiling process.

The data subject has the right to obtain:
• confirmation of the existence or not of their personal data and that such data are made available in an intelligible form;
• the updating, rectification, integration of data and the limitation;
• the deletion (right to be forgotten), the transformation into anonymous form or the blocking of data processed in violation of the law (including those for which storage is not necessary in relation to the purposes for which they were collected or subsequently processed);
• the attestation that the operations referred to in the above points have been brought to the attention of those to whom the data have been communicated or disseminated, except in the case where such fulfillment proves impossible or involves the use of means manifestly disproportionate to the right protected by the company;
• the portability of data (direct transmission from one data controller to another)
• the copy of the data being processed.
The data subject has the right to object to the processing of personal data in the cases provided for by Article 21 of the GDPR.

This document constitutes the privacy policy of this site.
It may be subject to changes or updates. In the event of significant changes and updates, these will be reported with specific notifications to users.

The document was updated on 3/08/2018 to comply with the regulatory provisions on the matter, and in particular in compliance with EU Regulation 2016/679.

FDL Law Firm (FDL)