Privacy Policy

Published on 19/06/2026

Maurizio Casalini, with registered office in via Battaglione Framarin 14, Vicenza (VI) - 36100, Tax ID IT03580760241, (hereinafter "Data Controller" or "Controller") is constantly committed to protecting the online privacy of natural persons during the browsing and enjoyment of services on the website https://casalini-zambon.com (hereinafter "Portal" or "Website").

This document describes all aspects related to the processing of Personal Data of users (hereinafter "Data Subjects") carried out through the Website, in compliance with the provisions of Art. 13 of Regulation (EU) no. 2016/679 (hereinafter "Regulation"). According to the rules of the Regulation, the processing carried out by the Controller through the Website shall be based on the principles of lawfulness, fairness, transparency, purpose limitation and storage limitation, data minimization, accuracy, integrity and confidentiality.

1. Data Controller

The Data Controller for the processing carried out through the Portal is Maurizio Casalini as defined above and can be contacted through the methods indicated in the "Contacts" section (see Art. 10).

2. Categories of Personal Data Processed

Navigation/usage data:

Information collected during the user's visit to the Website (e.g., IP address, URI notation addresses, browsing history, information related to interactions with the site, information related to the user's computing environment, browser type and language, operating system, location, date and time of the request). These are pieces of information that are not collected to be associated with identified data subjects, but which by their very nature could, through processing and association with data held by third parties, allow users to be identified;

Data voluntarily communicated by the user:

Personal information voluntarily released by the user through special forms on the Website (e.g., subscription/registration, contact, comments, reviews, posts, etc.). This information may include, by way of example: identifying data (name, surname, Tax ID, username, user ID, password, place and date of birth, etc.), personal image, contact and location data (residential/domicile address, email address, telephone number and postal address, etc.);

Commercial data:

Information necessary for the performance of economic and tax obligations related to the provision of Website services (e.g., payment information, Tax ID, purchase history, product or service usage information, credit and billing information, support requests, etc.);

3. Processing Purposes

The Controller uses Personal Data collected through this Website for the following purposes:

Contract execution:

Processing of personal data in order to execute contracts of which the user is a party (e.g., service provision contracts, product sales, registrations, subscriptions, participation in interactive services and similar). This purpose concerns the processing of data necessary to maintain the contractual relationship with the user, provide the services offered by the Website and fulfill the obligations arising from it;

Compliance with legal obligations:

Processing of personal data for compliance with legal obligations to which the Controller is subject (e.g., tax obligations, workplace safety regulations, document retention regulations, anti-money laundering regulations, civil liability, data protection regulations, etc.);

Fulfillment of legal obligations:

Processing of personal data where this is necessary to fulfill the legal obligations mentioned above;

Security and fraud protection:

Processing of personal data in order to protect the security of data, information systems and the technological platform of the Controller, as well as to prevent, detect and combat fraudulent activities, abuse, cyber attacks and all other illegal activities;

Contact with the data subject:

Processing of personal data in order to contact the user through various communication channels (e.g., email, telephone, SMS, WhatsApp) for various purposes such as: request for feedback, customer satisfaction surveys, service communications, account updates, technical assistance, etc.;

4. Legal Basis of Processing

The processing of Personal Data is lawful by virtue of the following legal bases, as provided for in Art. 6 of the Regulation:

Contract execution:

Art. 6(1)(b) of the Regulation – The data are necessary to execute a contract to which the data subject is a party;

Legitimate interests:

Art. 6(1)(f) of the Regulation – Processing is necessary for the pursuit of legitimate interests of the Controller;

Protection of vital interests:

Art. 6(1)(d) of the Regulation – Processing is necessary to protect the vital interests of the data subject or of another natural person;

Performance of tasks in the public interest:

Art. 6(1)(e) of the Regulation – Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;

Consent:

Art. 6(1)(a) of the Regulation – The data subject has given consent to the processing of their personal data;

5. Processing Methods

Processing is carried out through manual and/or automatic methods, including through the use of information and computer technologies (e.g., CRM, management software and mailing list services), subject to the application of appropriate technical and organizational security measures to ensure the security, integrity and confidentiality of Personal Data, so as to minimize the risks of destruction, loss, unauthorized access, modification and unauthorized disclosure, in accordance with Articles 6 and 32 of the GDPR.

6. Transfer of Personal Data outside the EU/EEA

The Controller does not intend to transfer Personal Data outside the European Economic Area. However, should it become necessary to meet organizational/production needs (by way of non-exhaustive example, by using providers and/or cloud services that require the transfer of data abroad), adequate safeguards will be identified for the transfer of Personal Data to a Third Country, which depending on the circumstances may include: verification of the existence of adequacy decisions of the European Commission, execution of standard contractual clauses and/or binding corporate rules, verification of the adoption of any supplementary measures in implementation of Recommendation 01/2020 EDPB.

Vendor Name Description Vendor Privacy Policy
Avacy CMP https://jumpgroup.it/privacy-policy/
Google Analytics https://policies.google.com/privacy
WordPress

7. Data Retention Periods

The Controller retains Personal Data only for the periods of time necessary to pursue the purposes indicated in this document, or for the timeframes provided for by specific regulations.

  • Personal Data processed for the purpose of "Provision of the service" will be retained for a period not exceeding 10 years;
  • Personal data processed for the purpose of "Payments and Billing" will be retained for a period not exceeding 10 years (art. 2220 c.c.)
  • Personal Data processed for Direct Marketing purposes will be retained for a period not exceeding 2 years, or until the data subject revokes consent to processing.
  • The duration of persistence of individual cookies is reported within the "Cookie Policy";
  • Without prejudice to the possibility for the Controller to retain Personal Data for the period of time provided for and allowed by Italian law for the purposes of "Legal protection" of its interests (art. 2946 and 2947 c1, c.3 c.c.).

After the expiration of such retention periods, Personal Data will be deleted or made anonymous, if not retained for further purposes based on appropriate legal grounds.

8. Recipients

Personal Data collected by the Data Controller may be communicated or made accessible, for the execution of the purposes indicated above, to the following categories of subjects:

  • Employees and collaborators who assist the Controller in processing operations, subject to express authorization for processing and possibly to the execution of confidentiality agreements;
  • Subjects providing outsourcing services on behalf of the Controller, as Data Processors: cloud computing service providers, freelancers, companies or professional firms providing assistance and consulting activities to the Data Controller, or subjects delegated to carry out hosting and technical maintenance activities, including software maintenance, network equipment and electronic communication networks;
  • Independent data controllers to whom the communication of data is necessary for the purposes of providing the service requested by the data subject.
  • Independent data controllers in the pursuit of their own purposes (subject to consent from the data subject);
  • Public authorities, in the event that such communication is required by law.

After the expiration of such retention periods, Personal Data will be deleted or made anonymous, if not retained for further purposes based on appropriate legal grounds.

9. Rights of the Data Subject

At any time, the Data Subject may access the information concerning them and request its rectification, deletion, restriction of processing, and portability. They may also object, in whole or in part, to the processing and have the right not to be subject to automated decision-making concerning natural persons, including profiling.

To exercise the rights referred to in Articles 15-22 of the GDPR, the Data Subject may contact the Data Controller in the manner indicated in the "Contacts" section (see art. 10). The Data Controller must respond to the request within 1 month, or communicate any delay in response in the case of numerous and/or complex requests (the extension cannot exceed 2 months in any case). In any case, the Data Subject always has the right to lodge a complaint with the competent Supervisory Authority (Data Protection Authority), pursuant to Article 77 of the Regulation, if they believe that the processing of their Personal Data is contrary to the applicable regulations.

Contacts

For further information about the processing of Personal Data carried out in execution of the contract, or to submit a request to exercise rights, it is possible to contact the Controller at the email address: info@casalini-zambon.com

Powered by Avacy Logo
Dear user, “Studio legale tributario associato Casalini & Zambon” (“the Company”) pays much attention to the protection of personal data of those who visit its website (“the user”). By navigating this website (www.casalini-zambon.com, “the site”), you agree that data that identify or might identify you are collected. In accordance with art. 13 D. lgs. 196/2003 (Code on Privacy Protection), this document describes terms and conditions on which such data are treated. Information within this document is not applicable to external websites that the user accesses through links in this website.

Manager of data processing (art. 28 D.Lgs. n. 196/2003)

The manager of data processing is “Studio legale tributario associato Casalini & Zambon” based in Vicenza, viale Roma 8.

Data controller

In accordance with art. 29, D. Lgs. 196/2003, an up-to-date list of the data processing controllers (if appointed) is available at the offices of the firm.

Types of data processed

In accordance with art. 4 letter (b) of D. Lgs. 196/2003, this website processes personal data which is understood as “any information regarding an individual or a corporate entity which can be directly or indirectly identified, also in combination with any other information, including a personal identity number” (“the data”). This website does not request “sensitive data” as defined in D. Lgs. 196/2003, art. 4, letter (d): “data that can be used to reveal an individual’s racial and ethnic origins, her/his religious, philosophical beliefs or political opinions; his/her membership in a party, union, organization of religious, philosophical, political nature, as well as any personal data that can be used to reveal an individual’s health or sexual behavior”. Please note that in case of a foreign name or other data that might lead to infer the user’s nationality, such information cannot be deemed as sensitive because nationality does not refer strictly to ethnic / racial origins. Among processed data there are:
  1.  Navigation data: IT systems and software procedures that enable the operating of this website collect personal data as a consequence of the normal working of internet communication protocols. Such data are not gathered to profile a user; however, through further processing and association with data held by third parties they could lead to the identification of the user.
  2.  Cookies: this websites uses cookies. For further information see our cookie policy at https://www.casalini-zambon.com/en/cookie-policy-2/
  3. Data intentionally supplied by the user: the user submits this kind of data to request information, access services, send emails, or while submitting a form. If the user voluntarily sends any data, even outside the registration procedure, or sends an email, such data (address and other data contained in the email) will be collected in order to send a reply, a newsletter, etc.

Optional submission of data

Without prejudice to the provisions of the cookie policy (www.casalini-zambon.com/it/cookie-policy/), users are free to submit their personal data for requesting information material, subscribing to a newsletter, etc. Failure to provide the required personal data may lead to the impossibility to grant the service. When applying for a service from our website, the user may be required to give her/his consent to specific terms and conditions. A denial of consent, in particular, while registering in the site may lead to the impossibility of completing the registration procedure and using the services provided by the website. In case the user submits data of a third party, she / he becomes manager of data processing as defined in D. lgs. 196/2003. The user of this website therefore guarantees that all the data he submits concerning third parties were collected in compliance with D. lgs. 196/2003 and relieves this website’s manager of data processing from any claim for damages or any other request that the said third party might make against the latter.

Purposes of the processing of data

You can find information about the specific purposes of the processing of data in the related sections of this website. However, such purposes in general can be summarized as follows: a) purposes required by law b) administrative, accounting, tax compliance c) performance of pre-contractual, contractual, post-contractual obligations d) production of datasets suitable for (computerized) statistical surveys (without identification of the user) e) sending of newsletters f) sending of information about the activities of “Studio legale tributario associato Casalini & Zambon”

Processing procedures

Personal data are treated with data processing or paper means strictly for the time required to achieve the purposes they are intended for. Extreme caution is used to avoid any unlawful / unauthorized use or any loss. Data are processed by personnel authorized by this company’s manager of data processing, in particular sales and marketing people, IT engineers and accountants. Collected data are not shared with third parties, except for individuals or entities who have been appointed as external data controllers by the manager of data processing, like for example commercial partners in specific projects, hosting providers, external consultants for technical, accounting, legal, marketing issues. Personal data might be supplied to public authorities when required by law. While navigating this website, you might be redirected via hyperlink to third-party websites. They are not under the control of this website’s manager of data processing, who therefore cannot be held responsible for any circumstances arising from collection of data performed in those websites. The way those websites collect and process data are governed by their respective privacy policies.

Processing location

Data collected in relation to services provided by this website are processed at this Company’s offices and at the offices of ICT Sviluppo Srl (an IT assistance company), in servers and other electronic devices managed by them or their commercial partners’ data controllers.

Users’ rights

Data subjects have the right to receive at any time a confirmation of the existence of personal data about them, to disclose the content of such data, verify their correctness, request that such data is completed, updated or amended (art. 7 D.Lgs. n. 196/2003). Pursuant to the same article, data subjects can request erasure, anonymization, block in case of unlawful processing. Data subjects can as well object to the processing of their personal data for any lawful reason. Requests for this should be sent to info@casalini-zambon.com. Art. 7 of the Code on Privacy Protection:
  1. Data subjects have the right to receive at any time a confirmation of the existence of personal data about them, even if they had not been registered yet, and a notice of such data in an intelligible form.
  2. Data subjects also have the right to be informed on: a) source of the personal data about them; b) purposes and methods of processing; c) logic involved in any automatic processing of data concerning them; d) identity of data controller, data supervisors and designated representative as defined in article 5, paragraph 2; e) individuals or entities that might receive or come to know in any way the personal data as designated representatives for the State territory, processing officers or appointees.
  3. Data subjects have the right to obtain: a) that personal data about them be updated, corrected or integrated upon request; b) erasure, anonymization or blocking of personal data that were unlawfully processed, including data that are unnecessarily detained as to the purposes of the processing for which the data are intended; c) a confirmation that the operations described in previous paragraphs (a) and (b) have been notified to those who received or came to know the data, except for the case this obligation is impossible or implies the use of means disproportionate to the protected right.
  4. Data subjects are entitled to object, entirely or partially: a) for any lawful reason, to the processing of their personal data, even when such data are relevant to the purpose of the processing; b) to the processing of their personal data in the case such data are used for purposes of advertising, direct sale, market research.

Modifications of the privacy policy

The manager of data processing can at any time modify this privacy policy; the modified / updated version will be published on this page exposing the release date. Those concerned shall visit periodically this page to check for any updates available. This version was updated on September 2017.