For us, the security and protection of the personal data processed are of paramount importance. For this reason, we strictly comply with the regulations governing the protection of natural persons – Data Subjects – with regard to the processing of personal data, as well as the free movement of such data. The personal data provided will therefore be processed in compliance with the provisions of EU Regulation 679/2016 – the Regulation – using the methods and for the purposes set out below.

1. Data Controller

Studio Associato Tributario e Legale Gabrieli
Via Rezzonico n. 6
35131 Padova (Italy)

Tel. +39 049 8079124
Fax +39 049 8087020
Tax Code / VAT No. 05587300285
acting through its Partners: Dr. Luciano Gabrieli, Dr. Elisabetta Biasiolo, Attorney Nicola Gabrieli, Attorney Valeria Gabrieli.
Email: amministrazione@gabrieliassociati.com
For the purposes of data processing, the Data Controller makes use of duly appointed Data Processors, whose updated list is kept at the Data Controller’s registered office.

2. Personal Data

Personal data are defined as any information relating to an identified or identifiable natural person.
In particular:
a) The IT systems used for the operation of the website may automatically collect, during browsing activities – including through the use of cookies – log files that are not attributable to specific individuals but may potentially be associated with identifiable users. This category includes, by way of example, the type and version of the browser used, the operating system, the referring URL, the IP address of the requesting computer, the date and time of the server request, and the client’s file request (file name and URL). For more detailed information, please refer to the relevant cookie policy.
b) Personal data intended to identify the natural person, directly and/or indirectly, are collected only if voluntarily provided by the Data Subject, with particular reference to identifiers such as a name, an identification number, location data, nationality, an online identifier such as, by way of example, an email address containing the Data Subject’s first and last name, and/or one or more elements characteristic of professional activity.

3. Purposes of the Processing of the Collected Data and Legal Basis

The Data Subject’s personal data may be processed, where necessary, without the Data Subject’s explicit consent:
a) where the processing is necessary for the pursuit of a legitimate interest of the Data Controller relating to the provision of the services offered through the website, such as, by way of example only, improving website navigation, including through interaction with other platforms, and/or the implementation of cybersecurity measures;
b) in order to comply with obligations imposed by Italian law, including tax regulations, by European Union legislation, and/or by an order of a Judicial Authority.
The Data Subject’s personal data are processed subject to prior consent:
c) for the purpose of processing the request submitted through completion of the contact form.

4. Disclosure of Data

The personal data processed are not subject to public disclosure and may be communicated and/or made accessible to third parties, such as public administrations and/or internal staff and/or Data Processors, including, by way of example, external consultants specialized in accounting and tax matters, chartered accountants, consultants for dispute management and legal assistance, debt collection companies, transport companies, IT service and support providers, advertising and web agencies, to the extent necessary for the execution of the concluded contract and/or for compliance with a legal obligation and/or for the pursuit of the legitimate interests of the Data Controller relating to the execution of the concluded contract and/or for marketing and/or profiling purposes.

5. Transfer of Data Abroad.

The management and storage of personal data by the Data Controller will take place on servers located within the European Union, either by the Data Controller or by third-party companies appointed and duly designated as Data Processors.
It is understood, in any case, that the Data Controller, if necessary, shall have the right to relocate the servers within the European Union and/or to non-EU countries and/or to appoint Data Processors located in and/or operating servers in non-EU countries.
In such cases, the Data Controller hereby ensures that the transfer of data outside the EU will be carried out in compliance with Articles 44 et seq. of the Regulation and with the applicable legal provisions, by entering into, if necessary, agreements and/or certification mechanisms that ensure an adequate level of protection, such as, by way of example, the Privacy Shield, and/or by adopting appropriate or suitable safeguards.
The User has the right to obtain further information regarding the transfer of data outside the European Union to an international organization under public international law or established by two or more countries, such as the UN, as well as information on the security measures adopted to protect the data and the means to obtain a copy of such data or the location where they have been made available, by submitting a specific request to the Data Controller at the contact details indicated in Section 9.

6. Methods of Processing

The data are subject to manual and/or automated processing, specifically through operations such as collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, deletion, and destruction of the data.

7. Data retention period

Personal data are retained for the period necessary to fulfill the purposes related to the execution of the assignment for which the data were provided.
In particular:
a) Personal data processed for the pursuit of a legitimate interest of the Data Controller and/or to comply with obligations under Italian law, including tax-related provisions, EU regulations, and/or orders from the Judicial Authority, will be retained for the period strictly necessary to achieve the purposes indicated in points 3.a) and 3.b);
b) Personal data processed following their provision by the Data Subject through the completion of the appropriate contact form will be retained for the period strictly necessary to process the request.

8. Rights of the Data Subject

The Data Subject has the right to:
request from the Data Controller access to their personal data, rectification or deletion of such data, and/or the restriction of the processing of data concerning them, and/or to object to their processing, as well as the right to data portability;
withdraw consent at any time without affecting the lawfulness of processing based on consent given prior to the withdrawal;
lodge a complaint with the Data Protection Authority

9. Methods for exercising rights

The Data Subject may exercise their rights and/or powers at any time by sending a written communication via email to amministrazione@gabrieliassociati.com

10. Nature of data provision and consequences of refusal to provide data

The provision of personal data referred to in point 2.a) is necessary for the purposes indicated in points 3.a) and 3.b) and to allow the proper provision of the services offered.
The provision of personal data referred to in point 2.b) is optional and may be provided by the Data Subject in order to access the additional services offered through the website.

In particular:
for the purpose of accessing the Contacts service at https://www.gabrieliassociati.com/contatti by completing the Form and thus allowing the Data Controller to process the request, the Data Subject must provide the following mandatory data: First and Last Name, Email Address, and Message.
The phone number and the “How did you hear about us” option are optional.
Providing the above data will allow the Data Controller to process the request in a personalized manner. The Controller will also be able to identify the person who submitted the request and, if necessary, protect against unauthorized access used for spamming or phishing purposes.
Failure to provide the required data through the Contacts Form will prevent the submission of the request by the Data Subject.