Privacy and Cookie Policy

Privacy Policy pursuant to Articles 13 and 14 of EU Regulation 2016/679 and the Italian Privacy Code (Legislative Decree no. 196/2003), as amended by Legislative Decree no. 101/2018

Introduction

For Studio Legale Sanzo Vascello (hereinafter also referred to as the “Firm” or the “Controller”), the protection of privacy and the security of personal data are of utmost importance. Data are collected and processed with the greatest care, adopting appropriate technical and organizational measures to ensure their protection.

This Privacy Policy explains the purposes and methods of processing personal data, pursuant to Articles 13 and 14 of EU Regulation 2016/679 (“GDPR”) and the applicable national legislation.

Data Controller

The processing of personal data is carried out by:
Studio Legale Sanzo Vascello
Address: Via Giovanni Boccaccio, 18 – 20123 Milan (Italy)
Tel: +39 02 50041248
Email: info@sanzovascello.it
VAT no. 11523640966

For any request concerning the processing of personal data, the Controller may be contacted at the above details.

Types of Data Processed

Browsing Data

The IT systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category includes, by way of example: IP addresses or domain names of the devices used by users, URI/URL addresses of the requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, numerical code indicating the server’s response status (successful, error, etc.), as well as other parameters relating to the user’s operating system and IT environment. Such data are processed solely for the purpose of:

  • allowing the correct use of web services;
  • obtaining anonymous statistical information on site usage;
  • verifying the correct functioning of the site;
  • establishing liability in the event of cybercrimes.

Data Provided Voluntarily by the User

The voluntary and optional sending of messages to the Firm’s contact addresses involves the acquisition of the sender’s contact details (such as name, surname, email address, and telephone number), as well as all personal data included in the communications. Such data are processed exclusively in order to respond to requests received and for purposes strictly connected to the legal services offered by the Firm.

Client Data

In the context of its legal consultancy and assistance activities, the Firm collects and processes additional personal data and/or special categories of data (pursuant to Article 9 GDPR), necessary for the performance of the professional mandate.

Purposes and Legal Basis of Processing

 

↓ Requests

↓ Legal basis

A. Management of information requests, contacts, and quotations

 Performance of pre-contractual and contractual measures (Art. 6.1.b GDPR)
B. Performance of the professional mandate and management of client relationships

 Performance of the contract and legal obligations (Art. 6.1.b and 6.1.c GDPR)
C. Compliance with legal, accounting, tax, and professional obligations

 Legal obligation (Art. 6.1.c GDPR)
D. Judicial and extrajudicial protection of the Firm’s and clients’ rights

 Legitimate interest (Art. 6.1.f GDPR)
E. Sending of institutional communications and updates

 Consent (Art. 6.1.a GDPR)
F. IT security and prevention of abuse or fraudulent activity

 Legitimate interest (Art. 6.1.f GDPR)

Nature of Data Provision

The provision of data for purposes A, B, C, D, and F is mandatory; failure to provide such data may make it impossible to establish or continue the professional relationship. The provision of data for purpose E (optional communications) is instead voluntary and subject to the data subject’s consent.

Recipients of Data and Prohibition of Transfer to Third Parties

Personal data may be communicated only to third parties providing services functional to the purposes indicated above (e.g., IT and hosting providers, professional consultants, competent authorities where required by law), appointed as Data Processors pursuant to Article 28 GDPR. In any case, personal data will not be transferred or communicated to third parties for commercial or promotional purposes and will not be disseminated.

Data Retention

Personal data are retained for as long as strictly necessary to achieve the purposes of the processing, in compliance with legal obligations and professional standards. In particular:

  • client data are retained for the entire duration of the contractual relationship and, subsequently, for the period required by tax, accounting, and professional regulations;
  • data collected through the website for contact purposes are retained for a maximum of 24 months;
  • data processed for communication/marketing purposes are retained until consent is withdrawn;
  • upon expiry of the retention periods, data will be deleted or anonymized.

Rights of Data Subjects

Data subjects may exercise the rights provided for in Articles 15–22 GDPR, and in particular:

  • right of access, rectification, and updating;
  • right to erasure;
  • right to restriction of processing;
  • right to data portability;
  • right to object to processing based on legitimate interest;
  • right to withdraw consent given;
  • right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personaliwww.garanteprivacy.it).

Requests may be sent to: info@sanzovascello.it

Security Measures

The Firm adopts appropriate technical and organizational measures to ensure the protection of processed personal data, aimed at preventing loss, unlawful use, unauthorized access, and improper disclosure.

Cookie Policy

This website uses only technical cookies, essential for the proper functioning of the services provided.

Technical cookies include:

  • session and navigation cookies;
  • preference and customization cookies (e.g., language);
  • functional cookies (e.g., user settings);
  • statistical cookies used in aggregate form by the site manager.

No profiling cookies are used for advertising purposes.

Technical cookies remain active only for the duration of the session or as long as necessary to provide the requested service.
By continuing to browse, clicking on links, scrolling the page, or confirming the banner at first access, the user accepts the use of cookies.

Any external content (e.g., YouTube, Vimeo, Facebook) activates its own cookies only in case of interaction, according to the respective policies.

Policy Changes

The Controller reserves the right to amend or update this Policy, also to comply with regulatory or technical changes. Any substantial changes will be communicated to users, for example through a banner or notice on the website.

 

Last Update: 01.09.2025