Privacy Policy

PRIVACY POLICY concerning the website ECOVIS STLex Studio Legale Tributario
Privacy notice in accordance with Articles 13 and 14 of EU Regulation 679/2016 (GDPR).

1. Data Controller
ECOVIS STLex Studio Legale Tributario in the person of its legal representative processing data for the purposes of the law – contacts:
For the purposes of this privacy policy, a Data Subject shall mean any user accessing, browsing and interacting within the ECOVIS STLex Studio Legale Tributario website.

2. Processing
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2. Data processed and purposes
The Data Controller processes personal data:
‘Personal data’, means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Website navigation data: the computer systems and software procedures used to operate the website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This data is used solely for the purpose of obtaining anonymous statistical information on the use of the website and to check that it is functioning correctly, and is not, nor will it under any circumstances, be used by the Data Controller to carry out profiling activities. E.g.: url, browser used, metadata and cookies (In accordance with our cookie policy.

Personal data provided voluntarily by the user, specifically:

  • by the Data Subject filling in the contact form contained in the section “Seen open jobs
    ” of this website: name, surname and e-mail address
  • with regard to applications, the privacy notice will be provided at the first useful contact ex art. 13 of the EU Regulation 679/2016 (GDPR), pursuant to and for the purposes of the Article 111 – bis of Legislative Decree 196/2003 as introduced by art. 9 of Legislative Decree 101/2018: “The information referred to in Article 13 of the Regulation, in cases of receipt of curricula spontaneously transmitted by the Data Subjects for the purpose of establishing an employment relationship, shall be provided at the time of the first useful contact, after sending the CV itself. Within the limits of the purposes set out in Article 6(1)(b) of the Regulation, consent to the processing of personal data in CVs is not required.
  • to reply user requests: first name, surname and/or company name and e-mail address (including any additional data in the correspondence)
  • for sending communications related to professional activities through newsletters, institutional communications and invitations to events: name, surname and/or company name and e-mail address as data.

The legal basis of the processing of personal data.

  1. Allowing the Data Subject to browse the website of ECOVIS Studio Legale Tributario
  2. Fulfill obligations required by law, regulation, national and international legislation or an order from the Authority
  3. Exercising rights as Data Controller, such as, for instance, the right of defence in court
  4. Purposes of legitimate interest of the Data Controller
  5. Free, informed consent

Nature of providing data
For the sending of communications related to professional activities through newsletters, institutional communications and invitations to events, the provision of data is optional, and any refusal to provide such data and to simultaneously give consent to the processing, the collection of which the Data Controller is obliged to provide, entails the impossibility for the Controller to follow up the request.

Methods of processing personal data
The data may be processed by manual or computerised means, suitable to guarantee their security, confidentiality and to prevent unauthorised access.

Categories of recipients
The data processing will be carried out by personnel directly employed by the Data Controller and/or by natural or legal persons specifically identified by the Controller, where appropriate, as Data Processors or Persons in charge of the processing. The Data Subject may request a list of any appointed Data Processors. The Data provided will in no case be disclosed or communicated to third parties, with the exception of subjects whose right to access the data is recognised by law or by orders of the authorities, as well as subjects, including external and/or foreign subjects, which the Data Controller uses to carry out activities that are instrumental and/or accessory to the provision of services, including suppliers of software solutions, web applications and storage services also provided through Cloud systems.

Personal data transfer
Personal data are stored at the Data Controller’s servers or at third-party Companies, appointed to process the data on behalf of the Data Controller, whose servers are located within the European economic area and designate as Data Processors where appropriate. In case of non-EU transfers, will be signed standard contractual clauses contained in Decision 2021/914/EU and the provisions of the Data Protection Authority, as well as in accordance with the provisions of Article 46 of EU Regulation 679/2016 and/or in compliance with the adequacy decision of the Data Privacy Framework – the US data protection framework for the transfer of EU-US personal data – issued by the European Commission.

Data retention period
The data processed will be kept until the completion of the purposes for which they have been collected, without prejudice to the legitimate interest of the Data Controller, compliance ex lege. Until your consent is revoked.

  • the data provided by “Seen open jobs” section will be kept for a period of 12 months from the time they are provided;
  • the data provided by sending e-mail messages will be kept for the time necessary to provide feedback and in general to achieve the purpose for which they were processed
  • for the sending of communications related to professional activities by means of newsletters, institutional communications and invitations to events, the data provided for sending the newsletter will be processed for 24 months and/or until such time as consent to processing is revoked.

Rights of the Data Subject
You may contact the Data Controller to exercise your rights as provided for in EU Regulation 679/2016 and therefore: request access to your personal data, rectification or erasure of your personal data, restriction of processing, objection to processing. You may also exercise the right to data portability or again the right not to be subject to a decision based solely on automated processing.
Requests for the exercise of the above rights and any other request regarding this policy may be forwarded to the Data Controller at the following address:
The right to complain, on the other hand, may be freely exercised by the Data Subject by writing to the Authority by certified e-mail message to the address ““.
The information referred to herein and any communications and actions taken pursuant to Articles 15,16,17,18,20,21 and 22 of EU Regulation 679/2016 are free of charge. If the Data Subject’s requests are manifestly unfounded or excessive, in particular due to their repetitive nature, the Data Controller may:
a) charge a reasonable fee taking into account the administrative costs incurred in providing the information or communication or taking the requested action; or
b) refuse to comply with the request. The obligation of proving that the request is manifestly unfounded or excessive lies with the Data Controller.

For anything not mentioned therein, express reference is made to the relevant provisions in force, with particular reference to EU Regulation 679/2016.

Latest edition: 22.03.2024

fascia contatti

Contact us

To request information or an appointment with our experts


Sign up to receive the latest news about the Firm