PRIVACY POLICY FOR PERSONAL DATA PROCESSING
pursuant to articles 13 and 14 of EU Regulation 2016/679 (GDPR)
1. DATA CONTROLLER
Studio Legale Ometto e Calzavara
Data Controller: Avv. Pier Giorgio Ometto
Registered office: Via Roma 128, Pianiga (VE), Italy
Email: info@studiolegaleomettoecalzavara.com
Website: www.studiolegaleomettoecalzavara.com
2. DATA PROTECTION OFFICER CONTACT DETAILS
Currently, no Data Protection Officer (DPO) has been appointed as the requirements of article 37 of the GDPR do not apply. For any matters related to personal data processing, you may contact the Data Controller directly at the above contact details.
3. PURPOSES AND LEGAL BASIS FOR PROCESSING
Personal data collected through this website is processed for the following purposes:
A) Management of contact requests and legal consultations
Data processed: name, surname, email address, telephone number, subject of the request and content of communications
Legal basis:
Art. 6, paragraph 1, letter b) GDPR (performance of pre-contractual measures taken at the request of the data subject)
Art. 6, paragraph 1, letter f) GDPR (legitimate interest of the controller to provide legal assistance)
Collection methods:
Automated chat system (bot) available on the website, active 24 hours a day
"Contact us" buttons and links on the site that allow direct email sending to info@studiolegaleomettoecalzavara.com
B) Legal compliance and professional obligations
Data processed: all data provided within the professional relationship
Legal basis: Art. 6, paragraph 1, letter c) GDPR (compliance with legal obligations) and art. 6, paragraph 1, letter f) GDPR (legitimate interest for compliance with professional obligations of the legal profession)
4. CATEGORIES OF DATA PROCESSED
Identification Data
Name and surname
Email address
Telephone number
Communication-related data
Subject of the request
Content of communications and consultations
Date and time of communications
Sensitive data: This website does not intentionally collect special categories of personal data (formerly sensitive data). However, given the nature of legal activity, communications may contain sensitive data related to the data subject's legal situation. Such data will be processed exclusively for purposes strictly related to the requested professional service.
5. PROCESSING METHODS
Personal data is processed using automated and manual tools, with logic strictly related to the indicated purposes and, in any case, in a manner that ensures the security and confidentiality of the data.
Processing is carried out through:
Computer systems and management software
Paper archives
Electronic communication systems
Automated chat bot for initial collection of requests
6. DATA COMMUNICATION AND DISCLOSURE
Communication to third parties
Personal data may be communicated to:
Professional partners for international consultations:
Cristiana Cesarotto - for consultations related to the Saudi Arabian market
Stefania Alessi - for consultations related to the Saudi Arabian market
Communication occurs based on the legitimate interest of the controller to provide a complete and qualified service, particularly for assistance in expansion to Middle Eastern markets.
Other subjects:
Technical consultants and experts when necessary for professional service
Judicial and supervisory authorities when required by law
IT service providers for system maintenance (with data protection agreements)
Disclosure
Personal data is not subject to disclosure.
7. DATA TRANSFER TO THIRD COUNTRIES
Website hosting
The website is hosted on Hostinger servers, whose data centers are located in:
Europe: France, Germany, Lithuania, United Kingdom, Netherlands
Other areas: USA, India, Indonesia, Singapore, Brazil
For transfers to non-EU countries, Hostinger applies adequate guarantees as required by the GDPR.
International consultations
Data may be transferred to Saudi Arabia for specialist consultations through the professional partners mentioned above, based on specific contractual guarantees compliant with articles 44 et seq. of the GDPR.
8. RETENTION PERIOD
Personal data will be retained for the time strictly necessary for the purposes for which it was collected:
Information requests without follow-up: maximum 6 months from collection
Clients and professional relationships: for the entire duration of the relationship and for the subsequent 10 years, in compliance with retention obligations required by professional legal regulations
Data for tax compliance: 10 years from termination of the relationship
9. DATA SUBJECT RIGHTS
In accordance with articles 15-22 of the GDPR, the data subject has the right to:
Access (art. 15): obtain confirmation of the existence of their data and receive a copy
Rectification (art. 16): obtain correction of inaccurate or incomplete data
Erasure (art. 17): obtain deletion of data (right to be forgotten)
Restriction (art. 18): obtain restriction of processing
Portability (art. 20): receive data in structured format and transmit it to another controller
Objection (art. 21): object to processing for legitimate reasons
Withdrawal of consent: when processing is based on consent
How to exercise rights
Rights may be exercised by sending a request to:
Mail: Via Roma 128, Pianiga (VE), Italy
Limitations on rights
The above rights may be limited when their exercise would prejudice:
Professional confidentiality obligations of the lawyer
The right of defense in court
Retention obligations required by law
10. RIGHT TO LODGE A COMPLAINT
The data subject has the right to lodge a complaint with the competent supervisory authority:
Garante per la protezione dei dati personali
Piazza Venezia, 11 - 00187 Roma, Italy
Tel: +39 06.696771
Email: protocollo@gpdp.it
PEC: protocollo@pec.gpdp.it
11. COOKIES AND SIMILAR TECHNOLOGIES
Technical cookies
The site uses exclusively technical cookies necessary for the functioning of the site and the automated chat system. These cookies do not require consent under current regulations.
Absence of profiling cookies
The site does not use profiling, analytics or third-party cookies for advertising purposes.
12. DATA SECURITY
Adequate technical and organizational measures have been implemented to ensure an appropriate level of security for the risk, including:
Communication encryption (HTTPS protocol)
Backup and recovery systems
Data access controls
Staff training on data protection
13. CHANGES TO THE PRIVACY POLICY
This privacy policy may be modified at any time. Changes will be published on this page with indication of the last update date.
Last update date: 26/7/2025
Version: 1.5
For any clarification regarding this privacy policy or the processing carried out, please contact the Data Controller at the above contact details.