Privacy Policy

N. 679/2016 Updated to the legislative decree n. 101 of 10 August 2018.

Privacy protection means giving you the opportunity to decide autonomously to which extent your personal data – which reveals a lot about you – can be disclosed to third parties and to control how such personal data are processed.


We would like to remind you that you are the ‘real owner’ of the information about you.


Our website fully respects and protects your privacy and therefore our Privacy Policy provides full transparency for the way we collect and use the information. It is exclusively applicable to the online activities of this website and will not be applicable to any other websites that you may visit via links.

This document takes into account all the most current regulatory adaptations: not only the obligations arising from EU legislation (EU General Data Protection Regulation No. 679/2016, GDPR) and Privacy Decree No. 101/2018, but also from the Recommendation No. 2/2001 of the European Data Protection Authorities and the Recommendation No. 1/20 of EDPB.



The data controller – the person who processes and collects your data in relation to the activities of this website, in accordance with the current legislation – is:

The Lawyer: Ms. Olivia Bosaz

Address: Via Cavour, 51 Pistoia – Italy

Contact detail: e-mail



Data processed under consent

By using or visiting this website, you are deemed to have read and accepted this privacy policy. For this reason, we ask you to spend a few minutes to read it.

Providing data and therefore consent to its collection and processing is optional and the request to express your consent is clearly indicated in the various forms for newsletter subscription, contacts and cookie acceptance.

You may refuse and revoke your consent at any time, by sending an email to or using the simplified banner that can be reached at any time while browsing this website on the current page. 

However, refusing your consent may result in the unavailability of certain services and your browsing experience on the website may be impaired.



Browsing the Website for exploring purposes does not involve any request for personal data; however, there are some technologies in use that result in the storage of certain data relating to the tools used, which can in some way be traced back to you.

Browsing data

During normal operation and for the sole duration of the connection, the IT systems and software procedures used to operate this website acquire certain data, the transmission of which is implicit in the use of Internet communication protocols.

This information is not collected to be attributed to identified data subject, but due to its very nature it may allow users to be identified through processing and association with data held by third parties. This category of data includes:

– internet protocol (IP) address associated with the device used to connect;

– browser type and parameters of the device used to connect to the website;

– name of the internet service provider (ISP);

– date and time of the visit;

– the visitor’s web page of origin (referral) and exit;

– the number of clicks made on the website, if any, and the preference given, if any;

– other parameters concerning the user’s operating system and IT environment. 

This data may be used to obtain anonymous statistical information about the use of the website and to check that it is working properly, as well as:

– to comply with requirements dictated by national and EU regulations;

– to ascertain responsibility in the event of hypothetical cybercrimes against the website and for verification in the event of litigation.

Data voluntarily provided by the User

The optional, explicit and voluntary sending of e-mails to the addresses listed on this website entails the subsequent acquisition of your sender address, as it is necessary to reply to requests, as well as any other personal data included in the message. If your e-mail contains personal and sensitive data, these will neither be acquired nor processed until you give your express written consent or until you formally undertake a defence and/or professional mandate.

Specific summary disclosure, in which consent to the processing of processed data is expressly requested, will be progressively reported or displayed on the pages of the Website set up for specific services on demand (newsletters, subscription as a user of the Website).



Primary purposes 

a) provide any services requested and manage customer relations. Providing the personal data required for these purposes is not compulsory, but refusal to do so will result in the request not being fulfilled; 

b) comply with national and EU regulations; 

c) for security purposes (anti-spam filters, firewalls, virus detection), automatically recorded data may also include personal data such as the IP address, which could be used according to applicable laws in order to block attempts to damage the website or cause damage to other users, or harmful or criminal activities. 

This information is processed according to the legitimate interests of the data controller.

Secondary purposes

ONLY IF YOU SUBSCRIBE TO THE NEWSLETTER personal data collected for the above purposes may also be processed for the purpose of direct marketing: providing data for these purposes is optional and consent is required for the processing of such data (please see newsletter form).

As required by Article 21 of the EU Regulation, we specifically and separately inform you that if your personal data are processed for direct marketing purposes, you have the right to refuse at any time the processing of your personal data for such purposes, and in this case the personal data may no longer be processed for such purposes.



The Law Firm also employs other companies and individuals to perform certain activities on its behalf. 

In some circumstances, in addition to the data controller, categories of people in charge of the website organization (administrative staff, system administrators) or external subjects (such as third party technical service providers, IT companies) may have access to the data. 

These providers will only have access to the personal data necessary to perform their tasks. 

We guarantee that they may not use the same data for other purposes and they are also obliged to process personal data in accordance with this Privacy Policy, and in accordance with the applicable data protection regulations.



Personal data are processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected. We use specific security measures to prevent the loss of data, unlawful or incorrect use and unauthorized access.



Personal data collected will not be disclosed, sold, exchanged or communicated to third parties other than the Data Controller, without the express consent of the data subject. Communication to third parties, other than the Data Controller, managers, both internal and external to the Law Firm, and data processors designated and appointed pursuant to Art. 13 c.1 letter e) of the EU Regulation is envisaged for the exclusive achievement of the purposes referred to in points 1 and 2 of this disclosure and, in any case, within the limits thereof, possibly to: third parties and third party supply and technical and IT assistance companies in the correct and regular pursuit of the purposes described. 

In any case, processing by third parties shall be carried out correctly and in compliance with the provisions of the law in force.



Data collected from the website are processed by the Data Controller, in accordance with the current legislation, at the law firm “STUDIO LEGALE BOSAZ”, Lawyer Olivia Bosaz, in Pistoia (Italy), Via Cavour 5, which is located in the European Economic Area and operates in accordance with European rules.



As is usual for all websites, also this website uses cookie, small text files that store information about visitors’ preferences, to improve the functionality of the site, to simplify browsing by automating procedures (e.g. login, website language) and to analyse how people use the website.

In particular, session cookie are essential to distinguish between logged in users and are useful to prevent a requested functionality from being provided to the wrong user, as well as for security purposes to prevent cyber-attacks on the website. Session cookie do not contain any personal data and last only for the current session, i.e. until the browser is closed. Consent is not required for these cookie.

The functionality cookie used by the website are strictly necessary for the use of the website; in particular, they are linked to an express request for functionality by the user (such as login), for which no consent is required.



Cookie are linked to your browser and can be disabled directly from your browser, thus refusing/revoking consent to the use of cookie. 

Please note that if you disable cookie, you may not be able to use properly some of the features of the website; therefore, you will not be able to access some features, pages and sections of our website and, in this case, we accept no responsibility for this.  The method to disable cookie is clearly described in the “help” menu of your browser, where you can change your cookie settings. 



This website also hosts third-party cookie, which are used to provide additional services and functionality to visitors and to enhance the use of the website, such as social buttons or videos. This website has no control over third-party cookie, which are entirely managed by the third party. Consequently, information on the use of these cookie and their purposes, as well as on how to disable them, is provided directly by the third parties on the pages indicated below.

In particular, this website uses cookie from the following third parties:

– Google Analytics: an analysis tool by Google which, through the use of cookie (performance cookie), collects anonymous navigation data (IP truncated to the last octet) and exclusively aggregated for the purpose of evaluating the use of the website by users, compiling reports on website activity and providing other information, including the number of visitors and pages visited. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate the IP address with any other data held by Google.

For further information on the use of the data and its processing by Google, we recommend that you read the information on the relevant page of Google.



This website also incorporates plugins and/or buttons for social networks, in order to make it easy to share content on your favourite social networks. These plug-ins are designed so that no cookie are set when you access the page, in order to protect your privacy. If the social network so requires, cookie will only be set when the user makes actual and voluntary use of the plugin. Please note that if the user navigates while logged into the social network then the user has given consent to the use of cookie conveyed through this website at the time of subscribing to the social network.

Collection and use of the information obtained by the plugin is governed by the respective privacy policies of the social networks, to which please refer.



This website may share some of the data collected with services located outside the EU/EEA. In particular, with Google, Facebook, Instagram via social plugins and the Google Analytics service. The transfer is authorised according to “Standard Contractual Clauses” and additional measures as per EDPB Recommendation No. 1/2020.



Pursuant to EU Regulation 679/2016 (GDPR) and PRIVACY DECREE no. 101/2018 and in accordance with the procedures and within the limits provided for by current legislation, the User may exercise the rights to:

– request confirmation of the existence of personal data concerning him/her (right of access);

– obtain information on the logic, methods and purposes of the processing;

– request the updating, rectification, integration, erasure, transformation into anonymous form or block on data processed in breach of the law, including those no longer necessary for the purposes for which they were collected;

– in cases of processing based on consent, to receive, at the sole cost of the support, if any, its data provided to the data controller and stored by it, in a structured and machine-readable way and in a format commonly used by an electronic device;

– the right to submit a complaint to the Privacy Guarantor to the Judicial Authority pursuant to Article 77 EU Regulation and Article 140-bis et seq. of Italian Legislative Decree No. 101/2018;

– the right concerning personal data of deceased people may be exercised by any person who has a personal interest or is acting on behalf of the data subject, as an agent or for family reasons deserving of protection;

– as well as, more generally, to exercise all the rights recognised to him/her by current legal provisions.

Requests should be submitted to the Data Controller. 

In the event that the data are processed on the basis of legitimate interests, the rights of the data subjects are guaranteed in any case (except for the right to data portability which is not provided for by the rules) and especially the right to object to the processing which can be exercised by sending a request to the Data Controller. You may object to the processing of your personal data:

a) on legitimate grounds;

b) (with no need to give reasons for the objection) when the data are processed for commercial or marketing purposes.



In order to get information on the internal data processors appointed, the Data Controller refers to the law firm’s internal privacy policy.