Technical Cookies
Information Notice - Technical Cookies
Last updated: August 2024
-------------------------------------------
PRIVACY NOTICE PURSUANT TO ARTICLE 13 OF EU REGULATION 2016/679
FIVERS Studio Legale e Tributario (hereinafter also just "FIVERS") informs that it is the Data Controller of the personal data collected on this website ("Site"), pursuant to Articles 4, no. 7) and 24 of the EU General Regulation no. 679/2016 on the protection of individuals with regard to the processing of personal data (hereinafter, "GDPR"). In the following, the terms "Data Subject" or "User", whether in the singular or plural, shall mean, in the aggregate, natural persons over the age of majority; natural persons of fourteen years of age in their own right; and minors under the age of fourteen years authorised by those exercising parental authority.
Processing of personal data shall mean any operation or set of operations which is performed upon personal data or sets of personal data, whether or not stored in a database, whether or not by automatic means, such as collection, recording, organisation, structuring storage, processing, selection, blocking, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction.
Identification and contact details of the data controller.
As required by the Transparency Guidelines WP 260/2017, the identification details of the data controller and all contact details are provided in the first instance.
FIVERS - Studio Legale e Tributario
Via Paleocapa 5
20121 Milano
Codice fiscale e P. Iva 08432520966
Tel +39 02 3041 331
e-mail: info@5rs.it
PEC: segreteria@pec.5rs.it.
Definition of 'cookie'.
Cookies are short text fragments (letters and/or numbers) that allow the web server to store information on the client (the browser, e.g. Internet Explorer, Chrome, Firefox, Opera...) to be reused during the same visit to the site (session cookies) or later, even days later (persistent cookies). Cookies are stored, according to user preferences, by the individual browser on the specific device used (computer, tablet, smartphone).
Similar technologies, such as, for instance, web beacons, transparent GIFs and all forms of local storage introduced with HTML5, can be used to collect information on user behaviour and the use of services.
A cookie cannot retrieve any other data from the user's hard drive nor can it transmit computer viruses or acquire email addresses. Each cookie is unique to the user's web browser. Some of the functions of cookies may be delegated to other technologies. The term 'cookies' refers to all online tracking technologies.
Various types of cookies can be distinguished according to their characteristics and use:
Strictly necessary technical cookies. These cookies are indispensable for the proper functioning of a website and are used to manage various services related to websites (such as, for example, a login or access to reserved functions on the sites). The duration of the cookies is strictly limited to the working session or they can be used for a longer period of time in order to remember the visitor's choices. Deactivation of strictly necessary cookies may affect the user and browsing experience of the website.
Analytics and performance cookies. (not operational on this Site). These are cookies used to collect and analyse traffic and usage of a website anonymously. Although they do not identify the user, these cookies make it possible, for example, to detect whether the same user returns at different times. They also make it possible to monitor the system and improve its performance and usability. Deactivating these cookies can be done without any loss of functionality and will be dealt with in detail later.
Profiling cookies (not operational on this Site). These are persistent cookies used to identify (anonymously and non-anonymously) your preferences and improve your browsing experience. For more information on these cookies that are not used by the Website, please visit the appropriate section on www.garanteprivacy.it/cookie.
Purpose of processing and purposes of technical session cookies.
The cookies used on the Site are exclusively for the purpose of carrying out computer authentication or session monitoring and the storage of specific technical information concerning users accessing the servers of the Data Controller that manages the Site. In this perspective, some operations on the Site could not be carried out without the use of cookies, which are therefore technically necessary in such cases. By way of example, access to any reserved areas of the Site and the activities that may be performed therein would be much more complex to carry out and less secure without the presence of cookies that enable the user to be identified and maintain his or her identification during the session.
Technical' cookies may also be used without the consent of the person concerned. Among other things, the same European body that brings together all the Privacy Authorities of the various Member States (the so-called European Data Protection Board - EDPB) has clarified in its Opinion 4/2012 (WP194) entitled "Exemption from consent for the use of cookies" that there are cookies for which it is not necessary to obtain the prior and informed consent of the user:
1. cookies with data filled in by the user (session identifier), lasting one session or persistent cookies limited to a few hours in some cases;
2. authentication cookies, used for the purpose of authenticated services, lasting one session;
3. User-centred security cookies, used to detect authentication abuse, for a limited persistent duration;
4. session cookies for media players, such as 'flash' player cookies, lasting one session;
5. session cookies for load balancing, lasting one session;
6. persistent cookies for customising the user interface, lasting one session (or slightly longer);
7. cookies for sharing content via third-party social plug-ins, for logged-in members of a social network.
The Data Controller therefore informs that only technical cookies (such as those listed above) necessary to navigate within the Site are operational on the Site as they allow essential functions such as authentication, validation, management of a navigation session and fraud prevention and allow, for example: identification of whether the user has regularly accessed areas of the site that require prior authentication or validation of the user and management of sessions relating to the various services and applications or the storage of data for access in secure mode or control and fraud prevention functions.
Third-party cookies.
By visiting a website, you may receive cookies from sites operated by other organisations ('third parties') that may reside in Italy or abroad.
An example present on most websites is the presence of YouTube videos, Google APIs, the use of Google Maps, and the use of 'social plugins', such as to connect to social media like LinkedIn, X, Meta, etc. These are parts of the visited page generated directly by these sites and integrated into the page of the host site. The most common use of social plugins is to share content on social media in order to enhance the visitor's user experience.
The presence of these plugins involves the transmission of cookies to and from all sites operated by third parties. The management of information collected by 'third parties' is governed by the relevant policies to which please refer. For the sake of greater transparency and convenience, the web addresses of the various disclosures of the third parties whose social plug-ins are used by FIVERS (Linkedin and Google) and the methods for managing the relevant cookies are given below, specifying that the Data Controller has no responsibility for the operation on this Site of third-party cookies.
• Google information: on the use of data at the link http://www.google.com/policies/technologies/cookies/ and full information at the link http://support.google.com/analytics/answer/6004245
• Google (configuration): guidance on the general out-out for Google services (Maps, YouTube...) is available at http://support.google.com/accounts/answer/61416?hl=it
• Linkedin information: https://www.linkedin.com/legal/cookie-policy
• Linkedin (configuration): https://www.linkedin.com/settings/
Mandatory or optional consent for the operation of cookies that do not pursue marketing purposes.
It is not compulsory to acquire consent to the operation of technical cookies only. Their deactivation and/or denial of their operation will result in the impossibility of proper navigation on the Site and/or the impossibility of using the services, pages, functions or content available therein.
Retention periods and duration of technical cookies.
Technical cookies have a duration equal to that of the user's browsing session on the Site.
Disclosure of personal data to third parties and dissemination.
Personal data linked to technical cookies are not disclosed to third parties or disseminated.
Transfer of personal data outside the European Economic Area.
Personal data linked to technical cookies are not transferred outside the European Economic Area.
Exercise of rights by the data subject.
Pursuant to Articles 13(2)(b) and (d), 15 to 22 of the GDPR we inform the data subject that:
1. has the right to ask FIVERS for access to, rectification or cancellation of their personal data or restriction of their processing, or to object to their processing, in the cases provided for;
2. has the right to lodge - in Italy - a complaint with the Italian Data Protection Authority, if a competent authority, following the procedures and indications published on the Authority's official website at www.garanteprivacy.it;
3. alternatively, it has the right to lodge a complaint with another competent European privacy authority located in the place of habitual residence or domicile in Europe of the person alleging a violation of his or her rights, following the appropriate procedures and directions;
4. any rectification or erasure or restriction of processing carried out at the request of the data subject - unless this proves impossible or involves a disproportionate effort - will be communicated by FIVERS to each of the recipients to whom the personal data have been transmitted. FIVERS may inform the data subject of such recipients if the data subject so requests.
The exercise of rights is not subject to any formal constraints and is free of charge. Only if further copies of the data are requested by the data subject, FIVERS may charge a reasonable fee based on administrative costs. If the data subject makes the request by electronic means, and unless otherwise specified by the data subject, the information shall be provided in a commonly used electronic format. The specific address of FIVERS for sending requests to exercise rights as recognised by the Regulation is: info@5rs.it. No other formalities are required. Acknowledgement will be given within the time limits set out in Article 12(3) of the Regulation ("The data controller shall provide the data subject with information on the action taken in respect of a request pursuant to Articles 15 to 22 without undue delay and, at the latest, within one month of receipt of the request. That period may be extended by two months, if necessary, having regard to the complexity and number of the requests. The data controller shall inform the data subject of this extension, and of the reasons for the delay, within one month of receipt of the request. If the data subject makes the request by electronic means, the information shall be provided, where possible, by electronic means, unless otherwise specified by the data subject")
According to the Transparency Guidelines WP 260/2017 issued by the EU Data Protection Working Party, in the indication of the data subject's rights, the data controller must specify a summary/summary of each right in question and must provide separate indications on the right to portability.
Specific information on the right to portability of personal data.
FIVERS shall inform the data subject about the specific right to portability. Article 20 of the General Data Protection Regulation introduces the new right to data portability. This right enables the data subject to receive personal data provided to the Firm in a structured, commonly used and machine-readable format, and - under certain conditions - to transmit it to another data controller without hindrance.
Only personal data that (a) concern the data subject, and (b) have been provided by the data subject to FIVERS on the basis of consent; (c) are processed electronically in the context of the conclusion of a contract are
portable.
Since the processing is based neither on consent nor on a Contract, the right to portability does not apply.
Summary information on the other rights of the data subject.
The GDPR confers on the data subject a number of rights, which under the Transparency Guidelines WP 260 it is mandatory to summarise in their main content within the notice. These rights are summarised below:
Right of access (to one's own personal data only): Right to obtain from the data controller confirmation as to whether or not personal data concerning the data subject are being processed and if so, to obtain access to the personal data and to be informed about the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular if recipients in third countries or international organisations; where possible, on the period for which the personal data are to be stored or, if this is not possible, on the criteria used to determine that period; where the data have not been collected from the data subject, the right to receive all available information as to their source; the right to receive information on the existence of an automated decision-making process, including profiling, and meaningful information on the logic used, as well as the importance of such processing for the data subject and the envisaged consequences thereof.
Right of rectification and integration: The data subject shall have the right to obtain from the controller the rectification of inaccurate personal data concerning him/her without undue delay. Having regard to the purposes of the processing, the data subject shall have the right to obtain the integration of incomplete personal data, including by providing a supplementary declaration. The controller shall inform each of the recipients to whom the personal data have been transmitted of any rectification, unless this proves impossible or involves a disproportionate effort. The controller shall inform the data subject of such recipients if the data subject so requests.
Right to erasure: the data subject has the right to obtain from the data controller the erasure of personal data concerning him/her without undue delay (and where the specific reasons of Art. 17(3) of the Regulation which on the contrary relieve the data controller of the obligation to erasure) if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; or if the data subject withdraws consent and there is no other legal basis for the processing; or if the data subject objects to the processing for marketing or profiling purposes, also by withdrawing consent ; if the personal data have been processed unlawfully or concern information collected from minors, in breach of Art. 8 of the GDPR. The controller shall inform each of the recipients to whom the personal data have been transmitted of any deletion unless this proves impossible or involves a disproportionate effort. The data controller shall inform the data subject of such recipients if the data subject so requests.
Right to restriction of processing: the data subject has the right to obtain from the data controller the restriction of processing (i.e. within the meaning of the definition of 'restriction of processing' given in Article 4 of the Regulation: 'the marking of personal data stored with the aim of limiting their processing in the future') when one of the following cases occurs the data subject disputes the accuracy of the personal data, for the period necessary for the controller to verify the accuracy of the personal data; the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead that their use be restricted although the controller no longer needs the personal data for the purposes of the processing, the personal data are necessary for the establishment, exercise or defence of a legal claim; the data subject has objected to the marketing processing, pending verification as to whether the legitimate reasons of the controller prevail over those of the data subject. If the processing is restricted, such personal data shall be processed, except for storage, only with the consent of the data subject or for the establishment, exercise or defence of a legal claim or for the protection of the rights of another natural or legal person or for reasons of substantial public interest The data subject who has obtained the restriction of processing shall be informed by the controller before the restriction is lifted. The controller shall inform each recipient to whom the personal data have been transmitted of any restriction, unless this proves impossible or involves a disproportionate effort. The controller shall inform the data subject of such recipients if the data subject so requests.
Right to object: the data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her carried out by the controller or in the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or carried out for the purposes of the legitimate interests of the controller or a third party (including profiling). Furthermore, where personal data are processed for direct marketing or commercial profiling purposes, the data subject has the right to object at any time to the processing of personal data concerning him/her carried out for such purposes.
The right not to be subject to automated decisions, including profiling: the data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects him or her in a similar way, except where the automated decision is necessary for the conclusion or performance of a contract between the data subject and a data controller; is provided for by law, subject to measures and safeguards; and is based on the data subject's explicit consent.
For your convenience, however, you will find below a link to Articles 15 to 23 of the Regulation on the rights of the data subject.