Privacy Policy
|
Privacy Policy Last Update: 03.06.2025 |
| What is this document? Through this privacy notice drafted pursuant to art. 13 European Regulation no. 679/2016 ("General Data Protection Regulation" or "GDPR") and in observance of the principles contained therein, the Associated Studio CRCLEX intends to inform each user ("the User") of the processing of personal data collected through the website crclex.com |
Data Controller and Contact Details
Associated Law Firm CRCLEX (hereinafter "Data Controller", for the purposes of Art. 4(7) GDPR)
with elected domicile at Piazza del Duomo 20, 20122 Milan
Processing Purposes, Legal Basis, Personal Data Processed and Retention Period
The Data Controller acquires personal data for the following purposes, as specified below, where the legal basis and duration of data processing are also highlighted.
| Purpose | Personal Data | Legal Basis | Retention Period |
|---|---|---|---|
| Contact |
✓ Personal Information (Name, surname) ✓ Contact details (Email address, phone number) |
Performance of pre-contractual measures [Art. 6, 1, lett. b) GDPR] | For the period necessary for the response. |
| Newsletter sending | ✓ Contact details (Email address) | Consent [Art. 6, 1, lett. a) GDPR] | Until withdrawal of consent and no more than 24 months from the date of last contact. |
| Job application |
✓ Personal Information (Name, surname) ✓ Contact details (Email address, phone number, address) ✓ Professional information (CV) |
Performance of pre-contractual measures [Art. 6, 1, lett. b) GDPR] | 2 years |
| Allow the Data Controller to comply with formalities required by law, including those of a fiscal nature. |
✓ Personal Information (Name, surname) ✓ Contact details (Email address, phone number) |
Legal obligation [Art. 6, 1, lett. c) GDPR] | According to applicable regulations. |
| Improve the website by analyzing how Visitors or Users navigate and/or use the website. | ✓ Website navigation data | Legitimate interest of the Data Controller in the proper maintenance of the Website [Art. 6, 1, lett. f) GDPR] | Not applicable (aggregated or anonymous data). |
| Prevention of fraudulent activities and exercise of the Data Controller's rights before the Judicial Authority |
✓ Personal Information (Name, surname) ✓ Contact details (Email address, phone number) |
Legitimate interest not to suffer damage as a result of unlawful conduct by others, as well as the constitutionally guaranteed right of action [Art. 6, 1, lett. f) GDPR] | 10 years |
The provision of data for purposes A) and C) is necessary to use the requested services. Failure to provide such information makes it impossible to provide the requested service.
The provision of data for the purposes referred to in point B) is optional.
The provision of data for the purposes referred to in points E) and F) is necessary to allow the Data Controller to satisfy its legitimate interest, without prejudice to the User's right to object at any time.
The provision of data for the purpose referred to in point D) is mandatory to allow the Data Controller to comply with the regulatory obligations to which it is subject.
Processing Methods
Processing takes place through automated and/or manual computer and telematic tools designed to guarantee security measures suitable to prevent access, disclosure, loss, incorrect, unlawful or unauthorized use of data.
Data Access
The User's personal data will be processed by the Data Controller's internal staff specifically authorized pursuant to art. 29 of the GDPR.
Personal data may also be shared with the following external subjects:
- Internet service providers and platforms used by the Data Controller as organizational tools, communication and/or promotion channels (e.g. Brevo for newsletter sending whose privacy policy is available here);
- consultants and other service providers who perform services for us or on our behalf and require access to such information to perform such work;
- public entities to whom such data must be communicated mandatorily by law provisions or Authority orders.
Such subjects act as independent data controllers or data processors. In the latter case, the Data Controller has entered into a specific agreement pursuant to art. 28 GDPR (Appointment as Data Processor).
The list of data processors is available by sending a request to the Data Controller at the email address digital@crclex.com.
Data Processing Location
Personal data is processed at the Data Controller's headquarters, as well as on the servers hosting the Website. Personal data is stored on servers located in EU territory and will never be transferred outside of them. The Data Controller guarantees that when using cloud providers established outside the EEA, the processing of personal data by these recipients is carried out in accordance with applicable law. Transfers are made through adequate safeguards, such as adequacy decisions, standard contractual clauses approved by the European Commission or other safeguards provided for by the GDPR.
Data Subject Rights
The User can exercise all the rights provided for by arts. 15-21 of the GDPR at any time and without unjustified limitations, by contacting the Data Controller at the email address digital@crclex.com. Requests are filed free of charge and processed by the Data Controller within 30 days.
In particular, the User can:
- Obtain confirmation that processing is taking place (Art.15);
- Obtain rectification of inaccurate or incomplete data (Art. 16);
- Obtain erasure of data without unjustified delay (Art. 17);
- Restrict processing to only part of the personal data (Art. 18);
- Receive a copy of personal data in the controller's possession, in a commonly used format readable by automatic device; obtain transfer without obstacles to another Controller (Art. 20);
- Object at any time to the processing of personal data (Art. 21);
Complaints
The User can always file a complaint with the competent Authority (Data Protection Authority), pursuant to Art. 77 of the GDPR, if they believe that the Data Controller processes their Personal Data in violation of applicable regulations.
Amendments
The Data Controller reserves the right to modify and update this Privacy Policy following any new national or European legislation on the protection of personal data.