Sweetlegaltech.com – Privacy Policy  
[Last Update: January 21st, 2019]

1. Introduction.

Sweet Legal Tech Academy Società S.r.l.s. (hereinafter “Company”, “Sweet Legal Tech” or “SLT“) is accordingly committed to protecting personal data collected through the use of its website www.sweetlegaltech.com  (“Website”), according to the EU General Data Protection Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing the Directive 95/46/EC (“GDPR”) and any national legislation in force on personal data protection (“National Data Protection Laws”).

This Privacy Policy explains how information and data identifying individuals (“Personal Data”) received by the Company through its Website are processed.

2. Controller and contact details.

The Company processes Personal Data as a Controller as defined in the GDPR and in the National Data Protection Laws.
Contact details: Sweet Legal Tech S.r.l., Piazza del Duomo 20, 20122, Milan, Italy. [email protected]

3. Data subjects and scope of application

Company processing activities relate to:
(i) any individual visiting the Website (“Visitors”); and
(ii) any individual/entity with which Company establishes relationships, when registering for Company events and/or signing up for information, informational materials, newsletters and other communications (“Users”).

For the purposes of this Privacy Policy, Visitors and/or Users are to be intended as Data Subjects, as defined in the National Data Protection Laws and in the GDPR. The Privacy Policy shall be applicable to Visitors and/or Users, provided that Company, in its capacity as Controller, is only liable for the processing of Personal Data, which are under its own powers, duties and liabilities. The Privacy Policy shall not be deemed valid and enforceable for any processing activity made by third parties whose websites may be reached by the Website.

4. Types and source of processed Personal Data

Company processes Visitors’ and Users’ Personal Data, that consist of common Personal Data.

The Personal Data provided by Visitors and Users include:
a. Navigation data, such as IP addresses, domain names of the computers used by any Visitor connecting with the Website, the URI (Uniform Resource Identifier) addresses of requested resources, the time of request, the server query method, the answered file dimension, the server status code (good, error etc.), other parameters related to the Visitors’ operating system and informatics environment; these data, however, will only be used to extract anonymous statistical information on the Website and its functionalities and will be immediately cancelled at the end of the respective processing activity;

b. Personal Data provided voluntarily by Users, such as first name and surname (including first name and surname of the legal representative of the Company/entity for which Users are working), company and position within the company, tax and VAT code numbers, location/domicile (also for tax purposes), contact details (including email addresses, mobile numbers), bank accounts details and/or data referred to payments etc. Company will also ask for invoice details in order to proceed to its invoicing duties.

Company processes: a. In its capacity as Controller, the Users’ Personal Data – as hereinafter specified – provided by Users; b. In its capacity as Controller, the Visitors’ Personal Data – as hereinafter specified – as well as any data connected to cookies, used through its Website, according to the Cookie Policy published on the Website.

5. Purposes of processing the Personal Data. Legal basis. Period of data retention

The Controller processes Personal Data for the following purposes, as specified here in below, in which is furthermore highlighted (a) the legal basis which justifies the processing and (b) the period of data retention:

  1. Send communications and reply to queries concerning the Company Activities: performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Purpose a) Legal Basis b) Data Retention
1. Recruit and select applicants Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.  
2. Send communications and reply to queries concerning the Company Activities Consent For the period of time necessary to reply and however to enforce Company’s rights
3. Allow the Controller to accomplish all formalities required by law, including those of administrative and tax/fiscal nature Legal obligation Until the expiry of the data retention period, as provided by the applicable law
4. Send newsletters of a general informational, promotional and advertising nature and/or other materials for marketing communication purposes, in relation to the Website’s functionalities. Consent Until the withdrawal of consent or until a denial has been communicated
4. Improve the Website by analyzing how Visitors and/or Users navigate and/or use the Website Not applicable Not applicable (aggregate or anonymous data)

6. Methods of processing.

The Personal Data of Data Subjects are processed almost exclusively through automated procedures, by using computerized systems and softwares or, in a limited number of cases, through manual means (e.g. on paper), provided however that in any event such Personal Data are processed adopting methods which are strictly related to the purposes for which such data have been collected and anyway to ensure their security, in accordance with the GDPR and the National Data Protection Laws.

7. Recipients and transfers of Personal Data

Personal Data will not be disseminated. Personal Data may be communicated to external processors and/or service providers (e.g. cloud providers). According to art. 29 of the GDPR and to National Data Protection Laws, your Personal Data also may be shared with Persons authorised by the Data Controller to process Personal Data, after signing a confidentiality agreement, including system administrators, who may have access to Personal Data during the performance of their duties. The persons in charge of the processing are duly trained and empowered to allow access to Personal Data according to the Privacy Policy and subject to their tasks being performed and assignments. The names of all authorised persons are available, upon written request to the Data Controller at [email protected].

8. Data Subjects’ rights

Under Articles 15 and following of the GDPR, you, as a data subject, are entitled to request from the Company, at any time, access to your Personal Data, the correction and erasure of your Personal Data, as well as to object to its processing. You are also entitled to request the restriction of the processing of your Personal Data in the cases set out in Article 18 of the Regulation, as well as to obtain the Personal Data you have provided to the Company in a structured, commonly used and machine-readable format, in the cases set out in Article 20 of the Regulation. Requests must be sent in writing to the Data Controller at the following address: [email protected]  

9. Complaint

In any case, you are always entitled to lodge a complaint with the competent supervisory authority (Garante per la Protezione dei Dati Personali), under Art. 77 of the Regulation, if you believe that the Data Controller’s processing of your Personal Data is in violation of the applicable law.

10. Amendments

The Controller reserves the right to amend and update the Privacy Policy as a result of any further new or revised provisions of any national and EU laws and regulations on personal data protection. The Privacy Policy shall be published on the Website and marked with progressive identification numbers and month of publication. Any new release of the Privacy Policy shall be published on the Website as a replacement of the previous version and shall be valid and enforceable from the publication date, unless otherwise specified.