Privacy Policy

This privacy notice is provided in accordance with Articles 13 and following of EU Regulation 679/2016, hereinafter referred to as "GDPR", and Articles 13 and 122 of the Code on the Protection of Personal Data (Legislative Decree 196/03) to users who access the site www.alpebraus.com, hereinafter referred to as the "site".

Purpose of Data Processing

The personal data provided through the site, or otherwise collected in compliance with the applicable legal and contractual provisions, will be processed in accordance with the above-mentioned regulations and confidentiality obligations, exclusively for the following purposes:

• purposes related to registration and authentication on the site as a registered user;
• purposes connected and/or instrumental to carrying out the professional tasks assigned to the law firm via the site (legal advice and/or professional collaboration);
• sending of the periodic newsletter to the registered user;
• sending of personal communications in response to and/or related to requests made via the contact forms on the site (request for clarifications, reporting errors, suggestions, etc.);
• publishing articles of the law firm.

The processing of information concerning the user is based on the principles of fairness, lawfulness, transparency, and protection of privacy. Therefore, any use different from and/or conflicting with the user's interests is excluded.

Information Subject to Processing

With regard to the data processed, a distinction must be made based on the activities the user performs on the site.

1) Browsing

This applies to users (whether registered or not) who browse the site to view content or use online applications.

The information entered in the online application forms on the site is not permanently stored on the server but is available to the user only for the duration of the working session.

As for textual content, we record in aggregate form the number of views of each article.

2) Interaction via Contact Form

This applies to requests for online consultations, domiciliation, page suggestions, sending feedback, etc.

In addition to the data explicitly entered by the user in the form (name, email, phone where requested, etc.), we store the following information in our databases:

• consent to data processing based on this privacy notice;
• the IP address from which the requests originate (this information is classified as "personal data" by the GDPR);
• the type of browser used and whether it is a mobile device;
• the anonymous user identifier created by an internal proprietary algorithm. The identifier is constructed in such a way that the user’s IP address cannot be traced;
• in some cases, the page on the site visited immediately before submitting the request;
• the date and time of the operation.

For requests for legal advice sent via the site, additional documents may be required to be sent via email or PEC, to which the GDPR regulations apply and, in any case, professional ethics regarding confidentiality.

Methods of Processing and Retention

Data processing will be carried out using tools that ensure security and confidentiality and may also be performed through automated tools designed to store, manage, and transmit the data.

The information is stored with computer tools protected by security systems. The content of the web pages as well as all the data entered on the site and sent to the server are encrypted using the SSL protocol (secure browsing); the use of the secure protocol for browsing can be identified by the presence of web addresses starting with https:// and the "Secure" label applied by most modern browsers in the address bar corresponding to the visited website address.

However, if all the security systems in place are not sufficient to prevent data theft, as provided by Article 33 of the GDPR, the data controller commits to report and notify the National Authority promptly of any data breaches regarding the personal data of users.

Data from registered users are stored without a set expiration date, and users may request their deletion (right to be forgotten) under Article 17 of the GDPR at any time by following the procedure outlined in the "Info & Contacts" section, properly documented.

Nature of Data Provision, Refusal, and Withdrawal of Consent

The provision of personal data is not a legal obligation. However, failure to provide such data, refusal, or withdrawal of consent for processing as described below will make it impossible to engage in any professional consulting relationship with the user or to complete the enjoyment of online services offered by the site, as listed below:

• request for legal consultation and professional collaboration;
• registration on the site;
• request for assistance by the user, both regarding the reserved area and the use of applications;
• sending communications and messages to the editorial team or webmaster via the site;
• receiving the newsletter;
• access to reserved documents (e.g., published articles).

Communication / Dissemination

The data will not be communicated to other parties, nor will they be disseminated or transferred to third parties for any reason, either in Italy or abroad, except for personal data that, for fiscal reasons, it will be necessary to communicate to the law firm's accountant (limited to invoicing of online legal consultations) who has provided assurance regarding compliance with the Privacy Regulation and absolute confidentiality, as well as the preparation of a Data Processing Agreement (DPS) in accordance with the Privacy Code and Annex B of the said Code.

Data Controller

The data controller is Mrs. Sara Simonazzi

User Rights

In relation to the processing of personal data and under Article 13 of the GDPR and Article 7 of Legislative Decree 196/2003, the user has the right to:

• Access to data (Article 15 GDPR): The user has the right to obtain confirmation of the existence of personal data concerning them and its communication in an intelligible form.
• Rectification and deletion (Articles 16 and 17 GDPR): The user has the right to request rectification, deletion, or restriction of the processing of personal data.
• Restriction of processing (Article 18 GDPR): The user has the right to object, in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if relevant to the purpose of collection.
• Data portability (Article 20 GDPR): The registered user has the right to receive personal data concerning them in a structured, commonly used, and machine-readable format.
• Notification: The user has the right to obtain the identification details, as well as the data controller's collaborators to whom the data may be communicated or who may come to know it.
• Complaint: The user has the right to file a complaint with the national supervisory authority (Garante) if they believe that the data usage is not in accordance with the aforementioned regulations.

Communications to the site can be sent by email to the data controller at sarabigatigre@gmail.com.

Bed and Breakfast Alpebraus by Sara Simonazzi [VAT: SMNSRA71H48H223T]

CIN IT025026C1RVW8LMK4

via Cavalea 31 Arina di Lamon [BL] Cell. +39 345 4069039

Web: www.alpebraus.com - Mail: sarabigatigre@gmail.com