top of page

Privacy Policy

The purpose of this document is to inform the natural person (hereinafter "data subject") about the processing of his/her personal data (hereinafter "personal data") carried out by the controller, Avv. Emanuele Spina, with registered office in Florence, Viale Giovanni Milton 35, CF SPNMNL75L04D583A VAT No. 05263730482, e-mail address (hereinafter "Controller").

Changes and updates are binding as soon as they are published on the website. If the data subject does not accept the changes to the privacy policy, he/she must stop using this application and may request the controller to delete his/her personal data.


1. categories of personal data processed

The controller processes the following types of personal data voluntarily provided by the data subject:

Contact details:

  • First name, last name, address, e-mail, telephone number, pictures, authentication data, other information provided by the data subject, etc.

  • Tax and payment data: tax number, VAT number, credit card details, bank account details, etc.


The controller processes the following types of personal data collected by automated means:

  • Technical data: Personal data generated by the devices, applications, tools and protocols used, such as information about the device used, IP addresses, browser type, type of internet service provider (ISP). Such personal data may leave traces that can be used to profile individuals, especially in combination with unique identifiers and other information received from the servers.

  • Data on navigation and use of the application: such as pages visited, number of clicks, actions performed, duration of sessions, etc.


The failure of the data subject to provide personal data for which he or she is legally or contractually obliged or which is necessary for the conclusion of a contract with the controller shall result in the controller being unable to establish or continue the relationship with the data subject.

The party communicating personal data of third parties to the controller shall be directly and exclusively responsible for their origin, collection, processing, communication or dissemination.

2. cookies and similar technologies

The Application uses cookies, web beacons, unique identifiers and other similar technologies to collect the data subject's personal data on the pages, on the links visited and other actions that the data subject performs when using the Application. They are stored and then transmitted the next time the user visits the application. You can view the full Cookie Policy at the following address:


3. legal basis and purpose of the processing

The processing of personal data is necessary for the performance of the contract with the data subject, namely:

  • Fulfilment of an obligation arising from the pre-contractual or contractual relationship with the data subject.

  • Registration and authentication of the data subject: to enable the data subject to register, access and be identified in the application, including through external platforms

  • Assistance and contact with the data subject: to respond to the data subject's requests.

Management of payments: Managing payments by credit card, bank transfer or other instruments


For legal obligations, namely

  • Compliance with obligations provided for in applicable rules, laws and regulations, in particular in tax and duty matters on the basis of the data controller's legitimate interest, for marketing purposes by email of the data controller's products and/or services, to directly sell the data controller's products or services using the email provided by the data subject in connection with the sale of a similar product or service

  • Management, optimisation and monitoring of technical infrastructure: identifying and resolving technical problems, improving the performance of the application, managing and organising information in a computer system (e.g. servers, databases, etc.)

  • Security and anti-fraud: ensuring the security of the data controller's assets, infrastructure and networks

  • Statistics with anonymous data: to perform statistical analysis with aggregated and anonymous data in order to analyse the data subject's behaviour, improve the products and/or services offered by the data controller and better meet the data subject's expectations


on the basis of the data subject's consent, for

  • Retargeting and Remarketing: to reach, with a personalised advertisement, the data subject who has already visited or shown interest in the products and/or services offered by the Application using his/her personal data. The data subject can opt out on the Network Advertising Initiative page.

  • Marketing purposes for the controller's products and/or services: Sending information or commercial and/or promotional materials, direct sales of the controller's products and/or services or conducting market research using automated and traditional methods.


Based on the legitimate interest of the Owner, the Application enables interactions with external platforms or social networks whose processing of personal data is governed by their respective privacy policies, to which please refer. The interactions and information collected by this application are in any case subject to the privacy settings chosen by the data subject on these platforms or social networks. This information will only be used - in the absence of explicit consent to process it for other purposes - to enable the use of the application and to provide the requested information and services.

The personal data of the data subject may also be used by the controller to protect itself before the competent courts.

4. processing methods and recipients of personal data.

Personal data are processed using paper and computer tools with organisational methods and logics strictly related to the purposes indicated, and by applying appropriate security measures.

Personal data shall be processed exclusively by

  • Persons authorised by the data controller to process personal data and who have undertaken to maintain confidentiality or are subject to an equivalent legal obligation of confidentiality;

  • Persons acting independently as separate data controllers or persons designated by the data controller as data processors to carry out all processing activities necessary for the pursuit of the purposes set out in this policy (e.g. business partners, consultants, IT companies, service providers, hosting providers).

  • Persons or entities to whom personal data must be disclosed by law or governmental order.


The above entities are required to take reasonable security precautions to protect personal data and may only access personal data that is necessary to perform their assigned tasks.

Personal data will not be shared indiscriminately in any way.


5. Location

If necessary, personal data may be transferred to entities outside the European Economic Area (EEA). Where personal data are transferred outside the EEA, the controller shall take all appropriate and necessary contractual measures to ensure an adequate level of protection for personal data, including, inter alia, agreements based on the standard contractual clauses approved by the European Commission for transfers of data outside the EEA. To obtain information about the specific safeguards adopted, the data subject may contact the controller at the following e-mail address:

6. duration of the retention of personal data

Personal data shall be kept for as long as necessary for the fulfilment of the purposes for which they were collected, and in particular for purposes related to the performance of the contract between the controller and the data subject, they shall be kept for the entire duration of the contractual relationship and, after its termination, for the normal limitation period of 10 years in the case of litigation, for the entire duration of the litigation until the time for appeal has been exhausted 

for purposes related to the legitimate interest of the controller, they are kept until this interest is fulfilled

in order to comply with a legal obligation, with an administrative order and for reasons of legal protection, they shall be kept in compliance with the time limits provided for in the aforementioned obligations and regulations and, in any event, until the expiry of the time limit provided for in the applicable regulations

for purposes based on the consent of the data subject, they are kept until the consent is withdrawn.


After the expiry of the retention period, all personal data shall be deleted or stored in a form that does not allow the identification of the data subject.


7. rights of the data subject

Data subjects may exercise certain rights in relation to the personal data processed by the controller.

In particular, the data subject has the right to be

  • be informed about the processing of his or her personal data

  • withdraw consent at any time

  • restrict the processing of their personal data

  • object to the processing of their personal data

  •  access their personal data

  • review their personal data and request that it be corrected

  • obtain the restriction of the processing of your personal data

  • obtain the erasure of your personal data

  • transfer your personal data to another controller

  • lodge a complaint with the data protection supervisory authority and/or take legal action.


To exercise their rights, data subjects may send a request to the following email address: Requests will be taken up by the controller without delay and will be dealt with as soon as possible and in any event within 30 days.


Last updated: 06/06/2022


bottom of page