Privacy Policy

Data Controllers

The data controllers of data collected through  are Sonia Selletti and Andrea Astolfi, as partners of Studio Legale Astolfi e Associati, with registered office in Milan, via Larga, 8, (hereinafter, the "Joint Controllers"), who may be contacted at

Types of Data Collected

Browsing data

Only data required for the site to function and to fulfil legal requirements and contractual obligations with clients are collected, including IP addresses, domain names of computers used by users connecting to the site, the addresses in URI notation (Uniform Resource Identifier) of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.), and other information relating to the operating system and the user's computer environment.

Data provided voluntarily by the user

Data provided by the user for the purpose of registering on the site to sign up for newsletters on legislative and jurisprudential news in the main areas of work of the law firm:
- e-mail.

Nature of the provision of data

The browsing data requested by this site are mandatory to enable the services to be provided. Where this site indicates some data as optional, users are free to refrain from communicating such data; this will not have any effect on the availability of the service or its operation.
The communication of data for transmission of newsletters is optional; failure to communicate data for this purpose will prevent the Joint Controllers from transmitting them.


Any use of Cookies (or other tracking tools) by this site or owners of third-party services used by this site, unless otherwise specified, is intended to provide the Service requested by the User as well as the additional purposes described in this document.
Please refer to the Cookie Policy as regards data processing through cookies.

Method of processing of data collected
Processing activities are carried out according to the principles of lawfulness, fairness, transparency, storage limitation, data minimisation, integrity, accuracy and confidentiality, provided for by Art. 5 of the EU Reg. 679/2016, and by adopting appropriate technical and organisational measures, in order to protect personal data and, specifically, their safety.
Processing activities are carried out through employees/collaborators of the Studio legale Astolfi e Associati, as persons authorised to process personal data, and through external parties who carry out specific tasks on behalf of the Joint Controllers and who process personal data as Data Processors (such as third-party technical service providers, hosting providers). The updated list of Data Processors may be requested at any time from the Joint Controllers.

Purpose and legal basis of processing activities

The Personal Data relating to the User are processed:
  • with reference to the purposes related to the registration on the site for sending of newsletters, by filling in his/her e-mail address in the relevant form, with the consent of the User, pursuant to Art. 6, para. 1(a), EU Reg. 679/2016;
  • with reference to the purposes connected with the need to ensure operation of the website, with the consent of the User, pursuant to Art. 6, para. 1(a), EU Reg. 679/2016, expressed through persistent browsing of the website (conclusive conduct).
Transfer of Data outside the EU
The Data is stored on a Server located in Italy and will be transferred outside the European Union/European Economic Area (United States), limited to the e-mail address voluntarily provided by the user to the provider of newsletter services (MailChimp), which adheres to the Privacy Shield.
Should further data transfers be required to countries outside the EU/EEA for the purposes indicated above, such transfers will take place in compliance with the provisions of EU Regulation no. 679/2016, stipulating, if and as necessary, agreements with recipients that guarantee an adequate level of protection of personal data by adopting the standard contractual clauses currently envisaged by the European Commission.

Retention period

User data (browsing data and e-mail address) is stored by the Joint Controllers for the period strictly necessary for the provision of the service, without prejudice to the right of users to revoke their consent at any time.
Data processed through the use of cookies are stored for the period of time indicated in the Cookie Policy .
The Joint Controllers may be obliged to retain the Personal Data for a longer period in accordance with a legal obligation or by order of an authority.
Personal Data will be erased at the end of the storage period.

User Rights
User may withdraw at any time and without formalities his/her consent (whenever the consent is the legal basis for the processing).
In any case, the withdrawal of the consent doesn’t affect the lawfulness of processing based on consent before its withdrawal.
Furthermore, without prejudice to the limitations and exceptions provided for by the law in force, according to Art. 15 et seq. of EU Reg. 679/2016, the User has the right to ask:
  • the access to his/her Data;
  • the rectification or integration of his/her Data;
  • the cancellation or deletion of his/her Data;
  • the limitation of processing activities when certain conditions are met and within the limits provided for by the law in force;
  • the Data portability, that is the right to receive the personal data provided in a structured, commonly used format and to transmit those data to another controller, when the conditions for the exercise of that right exist (when the processing is based on consent or on a contract and when it’s carried out by automated means).
The User has also the right:
  • to object to the processing on grounds relating to his/her particular situation, with particular reference to the processing based on a legitimate interest of the Joint Controllers, including profiling;
  • not to be subject to a decision based solely on automated processing;
  • to lodge a complaint with the competent personal data protection authority (which in Italy is the Garante per la protezione dei dati personali).
Amendments to this disclosure
Changes could be made to this information at any time, and, in this case, Users will be informed through the publication on this page.
Therefore, please consult this page regularly and refer to the date of the most recent amendment.
If the changes involve processing activities whose legal basis is consent, the Joint Controllers must collect the User's consent according to law, before the processing of Data.
For further information, please contact

Contact details of the Joint Controllers

Studio Legale Astolfi e Associati
Via Larga, n. 8
20122 Milan
fax: 02 88556216

Last modified 15/04/2019