The aim of this privacy policy document is to provide the users of the website (hereinafter referred to as “the Website”) with information about the processing of their personal data collected automatically or provided by by the interested person through the browsing and use of the Website pursuant to the Regulation EU 2016/679 – General Data Protection Regulation (hereinafter referred to as “GDPR”).


The Data Controller is Studio Legale Associato Bastianon Garavaglia (hereinafter referred to as “The Firm”), VAT number 01624020127, with registered office in 21052 Busto Arsizio (VA), Viale Duca d’Aosta 3, 21052, Telephone No. +39 0331 639019, Fax No. +39 0331 320358, E-mail

The processing connected to the web services of the Site takes place at the datacenter of S.p.A., with registered office in 50122 Florence, Via della Giovine Italia, 17, as well as at the registered office of the Data Controller and on its devices. For any information concerning the processing of personal data, please write to the e-mail address:


a) Browsing data

The electronic systems and the software procedures enabling this Site to operate acquire, during its normal use, certain personal data; the transmission of the same is implicit in the use of internet communication protocols.

This information is not being collected in order to be associated to well-identified data subjects, but its nature, by means of processing and associations with data held by third parties, could make the users identification possible.

The category of data could be listed as follow: (i) IP addresses or domain names of computers used by users connecting to the Site, (ii) addresses in URI (Uniform Resource Identifier) notation for resources requested, (iii) the time of request, (iv) the method used to submit the request to the server, (v) the dimension of the file obtained in response, (vi) the numerical code indicating the status of the response given by the server (success, error etc) and (vii) other parameters regarding the user’s operating system and the IT environment.

This data is used only to glean anonymous statistical information on the use of the Site and to check that it operates correctly and this data is deleted immediately after processing.

b) Data provided by users of their own free will

The Data Controller will also process the personal information that users might spontaneously provide by sending an e-mail to the Data Controller addresses indicated on the Site – such as the user e-mail address and any other personal data – in order to reply to the latter requests as well as any other personal data mentioned in such communications.

Data being processed on a voluntary basis comprises data identifying the user such as the user’s e-mail address, the user’s name and surname, the user’s profile image and the user’s country of origin.

c) Data provided by data subjects on previous contact occasions

The Firm will process personal data provided by data subjects on previous contact occasions as, for example, exchange of business cards during events/meetings/conferences, and/or contact requests spontaneously sent from data subjects.


a) To respond to requests received through the communication channels available through the Site (email, telephone, fax)

The legal basis for this processing is the Firm’s legitimate interest in communicating with the public and responding to the requests made by potential customers, suppliers and other interested parties. The data retention period shall be equal to the time necessary to process the requests. This data retention period may be longer if the data subject data’s are processed for other purposes (e.g. as a client).

b) To prevent or control unlawful conduct or to protect and enforce rights

The Firm could use the data subject’s data to prevent or prosecute offences or violations of intellectual/industrial property rights (including of third parties) or computer crimes or crimes committed through telematic networks. The legal basis for such processing is the legitimate interest of RP Legal & Tax as the data controller. The data retention period is equal to the time reasonably necessary to enforce the Firms’s rights from the time that the Firm becomes aware of the unlawful act or its potential commission.

In relation to the purposes indicated above, the processing of personal data is made through computerise, automated manual systems with logic strictly related to the purposes and, in any case, to ensure the security and confidentiality of the data in accordance with the law.

c) To evaluate new business opportunities

Concerning the data provided by data subjects on previous contact occasions, the legal basis of this processing is the legitimate interest of the Firms to generate and maintain contacts with data subjects in order to evaluate new business opportunities. The processing of these data will have a duration equal than the period of time necessary for the purpose for which they have been collected and further processed.


The personal data is processed using computerised, automated manual systems.
The Data Controller adopts specific security measures in order to ensure that data is processed in compliance with the applicable law, paying particular attention to the prevention of loss of data, unlawful or incorrect use or unauthorised access to data.


The Site incorporates plugins and/or buttons for the main social networks, such as Facebook, Twitter, LinkedIn and Instagram, in order to allow easy sharing of content on your favourite social networks. These networks are platforms that use their own cookies to recognize users when they browse after connecting to their accounts. The Firm has no agreements with these platforms and is unable to control how they use user data; for more complete information, you are kindly invited to refer to the relevant Privacy Policy:

  • facebook:
  • twitter:
  • linkedin:
  • instagram:


For the data processing through the cookies, please see the cookie policy, available at the following link: extended information on cookie


The Site may share some of the data collected with services located outside the European Union area, in particular with Google, Twitter and Microsoft (LinkedIn), through social plugins. The transfer is authorized on the basis of specific decisions of the European Union and the Italian Data Protection Authority (Garante per la protezione dei dati personali), for which no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.


Pursuant to GDPR, the data subject is entitled to the following rights:Right of access: to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information listed in Art. 15 GDPR.

b) Right to rectification: to obtain from the controller without undue delay the rectification of inaccurate personal data and to have incomplete personal data completed (Art. 16 GDPR)

c) Right to erasure (‘right to be forgotten’): to obtain from the controller the erasure of personal data without undue delay pursuant to Art. 17 GDPR

d) Right to restriction of processing: to obtain from the controller restriction of processing pursuant to Art. 18 GDPR

e) Right to data portability: to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from the controller to which the personal data have been provided pursuant to Art. 20 GDPR

f) Right to object: to object to processing of personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims (Art. 21 GDPR)

g) Right to withdraw the consent: to withdraw the consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

h) Right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali), Piazza Venezia n. 11 - 00187 Rome, (Art. 77 GDPR).

You may at any time exercise your rights as indicated above by sending an e-mail to the address:


Children under 16 cannot provide personal data. The Firm will not be in any way responsible for any collection of personal data, as well as false statements provided by the minor and, in any case, if you notice the use, the Firm will facilitate the right of access and cancellation forwarded by legal guardian or who exercises the parental authority.


This privacy policy I effective from 12/01/2021 and over time may be amended and/or updated.

The Firm therefore invites you to regularly visit this section of the Site to become aware of the most recent version of the Privacy Policy so that you are always updated on the data collected and on their use.