Legal documents

Privacy Policy

Information pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR) and Italian Legislative Decree No. 196 of 30 June 2003, as amended by Legislative Decree No. 101 of 10 August 2018 (Italian Privacy Code). This policy refers to the processing of personal data carried out through the website albertodaidone.it.

Last updated: May 5, 2026 Version: 1.3

Data Controller

The Data Controller in respect of personal data collected through this website is:

Alberto Daidone, Esq. (Avv.)
Via Nunzio Morello, 23 — 90144 Palermo (PA), Italy
Italian VAT No. 06076640827
Email: lawfirm@albertodaidone.it
Certified email (PEC): albertodaidone@pec.it
Phone: +39 333 999 87 36

The Controller has not appointed a Data Protection Officer (DPO), as the conditions set out in Article 37(1) GDPR do not apply.

Notice. This policy applies exclusively to the processing of personal data carried out through the website. Personal data provided by clients in the context of a professional engagement are subject to a separate privacy notice pursuant to Article 13 GDPR, issued at the time the engagement is entered into, and are covered — in addition to GDPR — by the lawyer's duty of professional secrecy under Article 622 of the Italian Criminal Code and Article 28 of the Italian Bar Code of Conduct.

Scope of this policy

This policy describes how personal data are processed when the user:

browses the pages of albertodaidone.it;
fills in the contact form available in the Contacts section;
interacts with third-party tools embedded in the website (Setmore booking, Google Maps, Netlex client portal);
accepts cookies and statistical measurement tools.

This policy does not apply to third-party websites that may be reached via hyperlinks on the website, for which the Controller disclaims any responsibility under applicable law.

Purposes, legal bases and retention

The table below sets out the processing activities carried out through the website, indicating for each of them the purpose, the legal basis pursuant to Article 6 GDPR and the retention period.

Processing activity	Purpose	Legal basis	Retention
Browsing data server logs, IP, user-agent	Ensure the proper functioning and security of the website; attribution in the event of IT-related offences	Legitimate interest of the Controller Art. 6(1)(f) GDPR	7 days
Contact form name, email, message	Respond to the user's request and assess the possibility of a professional relationship	Pre-contractual measures at the data subject's request Art. 6(1)(b) GDPR	Up to 24 months from the last interaction if no engagement is entered into; longer periods in case of engagement
Appointment booking via Setmore widget	Allow the user to book a first professional appointment	Pre-contractual measures Art. 6(1)(b) GDPR	As set out in Setmore's privacy policy (Full Slate Inc., setmore.com/privacy)
Netlex Client Portal	Reserved area for consultation on the status of legal matters	Performance of the engagement contract Art. 6(1)(b) GDPR	Duration of the professional relationship and subsequent statutory terms
Google Analytics 4 navigation statistics	Statistical measurement of the use of the website in order to improve its content	Consent of the data subject Art. 6(1)(a) GDPR; Art. 122 Italian Privacy Code	Maximum 14 months (GA4 configuration); revocable at any time
Google Fonts loaded from fonts.googleapis.com	Delivery of typographic resources required to render the website	Consent of the data subject Art. 6(1)(a) GDPR	Browsing session
Google Maps embedded map in the contacts section	Display the location of the firm	Consent of the data subject Art. 6(1)(a) GDPR	Browsing session

Technical note on Google Fonts. Loading the fonts from fonts.googleapis.com entails communicating the user's IP address to Google's servers. The Controller is recommended to consider, with a view to data minimisation pursuant to Article 5(1)(c) GDPR, the adoption of self-hosting of the fonts on the same domain, a technical solution that removes any transfer and is in line with the ruling of the Landgericht München I, judgment of 20 January 2022, Az. 3 O 17493/20.

Categories of data processed

Through the website, only ordinary categories of personal data within the meaning of Article 4(1) GDPR are processed. No deliberate collection takes place of special categories of personal data within the meaning of Article 9 GDPR (health data, religious or philosophical beliefs, sexual orientation, etc.), nor of data relating to criminal convictions and offences within the meaning of Article 10 GDPR.

Where the user — by filling in the contact form in free-text form — spontaneously provides data belonging to special categories or to those of Article 10 GDPR, such data shall be processed strictly to the extent necessary to respond to the request and on the basis of the data subject's explicit consent pursuant to Article 9(2)(a) GDPR, or for the establishment, exercise or defence of legal claims pursuant to Article 9(2)(f) GDPR.

Recipients and processors

Personal data collected through the website may be disclosed to the following parties, who process such data solely for the purposes indicated:

Hostinger International Limited — appointed as Processor pursuant to Article 28 GDPR.
Full Slate, Inc. (Setmore) — provider of the appointment booking system, autonomous controller for processing activities within its own competence.
TeamSystem S.p.A. società con socio unico soggetta all’attività di direzione e coordinamento di TeamSystem Holdco S.p.A. — provider of the client portal, appointed as Processor pursuant to Article 28 GDPR.
Google Ireland Ltd. (EU seat) and Google LLC (USA) — providers of the Analytics, Fonts and Maps services integrated into the website, autonomous controllers for processing activities within their own competence.
Staff of the firm — employees or collaborators of Mr. Alberto Daidone, duly instructed pursuant to Article 29 GDPR and Article 2-quaterdecies of the Italian Privacy Code.
Judicial and supervisory authorities — where necessary to comply with legal obligations.

Data will not be disseminated and will not be disclosed to recipients other than those listed above.

Transfers to third countries

Some third-party services embedded in the website (Google Analytics, Google Fonts, Google Maps, Setmore) entail the transfer of personal data to the United States of America.

Such transfers are based on the following legal grounds under Chapter V GDPR:

Adequacy decision of the European Commission: Commission Implementing Decision (EU) 2023/1795 of 10 July 2023 on the EU-US Data Privacy Framework, for transfers to US entities certified under the DPF (Google LLC is currently certified).
Alternatively or additionally, standard contractual clauses adopted by the European Commission pursuant to Article 46(2)(c) GDPR (Commission Implementing Decision (EU) 2021/914 of 4 June 2021) and suitable supplementary measures.

Upon request, the user may obtain a copy of the safeguards adopted by contacting the Controller at the addresses indicated in § 1.

Mandatory nature of providing data

Providing personal data through the website is voluntary. However:

failure to provide the data requested in the contact form (name, email, message) makes it impossible for the Controller to respond to the user's request;
withdrawal of consent or failure to give consent to non-technical cookies does not affect access to the essential content of the website, but may result in the unavailability of certain ancillary features (e.g. the interactive map).

Automated decision-making

The Controller does not carry out, through the website, any solely automated decision-making within the meaning of Article 22 GDPR, nor profiling activities within the meaning of Article 4(4) GDPR.

Data subject's rights

As a data subject, the user is entitled at any time to exercise against the Controller the following rights conferred under Chapter III GDPR:

access to personal data (Article 15 GDPR);
rectification of inaccurate data or completion of incomplete data (Article 16 GDPR);
erasure ("right to be forgotten") in the cases provided for (Article 17 GDPR);
restriction of processing (Article 18 GDPR);
portability of data processed by automated means based on consent or contract (Article 20 GDPR);
objection to processing based on legitimate interest (Article 21 GDPR);
not to be subject to fully automated decisions, including profiling (Article 22 GDPR);
withdrawal of consent given, at any time and without affecting the lawfulness of the processing carried out prior to withdrawal (Article 7(3) GDPR).

These rights may be exercised by contacting the Controller at the details given in § 1. The Controller will reply without undue delay and in any event within one month of receipt of the request, within the time limits set out in Article 12(3) GDPR.

Lodging a complaint

The data subject has the right to lodge a complaint, pursuant to Article 77 GDPR, with the Italian Data Protection Authority (Garante per la protezione dei dati personali):

Piazza Venezia, 11 — 00187 Rome, Italy
Switchboard: +39 06 69677.1
Email: protocollo@gpdp.it
Certified email: protocollo@pec.gpdp.it
Website: www.garanteprivacy.it

The right to a judicial remedy pursuant to Article 79 GDPR and Article 152 of the Italian Privacy Code is reserved.

Amendments to this policy

The Controller reserves the right to amend or update, in whole or in part, this policy where necessary to align it with supervening legal obligations, changes in processing activities or technological developments. Amendments will be made known by publication on the website and, if material, will be specifically brought to the attention of the data subject.

Cookies and tracking tools

This section is drafted pursuant to Article 122 of the Italian Privacy Code and the Guidelines of the Italian Data Protection Authority of 10 June 2021, No. 231 (Guidelines on cookies and other tracking tools, doc. web No. 9677876).

What cookies are

Cookies are small text strings that the websites visited send to the user's terminal, where they are stored to be then transmitted back to the same websites on the next visit. The same purposes of cookies may also be achieved through other tracking technologies, which likewise fall within the scope of this policy.

Types of cookies used on the website

Technical cookies (no consent required). These are cookies strictly necessary for the functioning of the website or for the provision of services explicitly requested by the user, including those used to store the user's preferences (e.g. light/dark theme, language). Their installation does not require prior consent, pursuant to Article 122(1) of the Italian Privacy Code.

Third-party analytics cookies (consent required). These are cookies used to collect statistical information about the use of the website (e.g. Google Analytics 4). In the absence of anonymisation measures suitable to treat them as technical cookies, their installation requires the user's prior consent.

Third-party cookies used to load external resources (consent required). This category includes cookies/identifiers transmitted by Google servers as a result of the integration of Google Fonts, Google Maps and related embedding of content.

List of cookies and identifiers

Name / Domain	Provider	Type	Purpose	Duration
ad-theme	Controller (1st party)	Technical (localStorage)	Stores the light/dark theme preference	Persistent
_ga, _ga_* google-analytics.com	Google Ireland Ltd. / Google LLC	3rd-party analytics	Statistical measurement of website accesses	Up to 14 months
NID, SOCS, 1P_JAR google.com	Google LLC	3rd party (Fonts / Maps)	Support for Google Fonts and Maps resource loading	From a few minutes up to 24 months (see Google policy)
CMP cookie CMP IN USE Cookiebot	Cookiebot	Technical (consent management)	Tracks the user's cookie choices	Up to 6 months (Article 9 Guidelines 231/2021)

Granting, withdrawing and managing consent

When first accessing the website a banner is shown, allowing the user to:

accept all cookies;
reject all non-technical cookies;
grant granular consent by selecting specific cookie categories.

Consent is collected and stored by the Consent Management Platform in use on the website. The user may at any time change or withdraw his/her choices through the preferences panel accessible from the banner or from the dedicated button. Withdrawal does not affect the lawfulness of the processing based on consent before its withdrawal (Article 7(3) GDPR).

Alternatively, the user may disable cookies directly from the browser, following the instructions available on the official pages:

Google Chrome — support.google.com/chrome
Mozilla Firefox — support.mozilla.org
Apple Safari — support.apple.com
Microsoft Edge — support.microsoft.com

A specific opt-out from Google Analytics tracking is also available through the browser add-on: tools.google.com/dlpage/gaoptout.

Third-party cookies — cross-reference to providers' policies

Google (Analytics, Fonts, Maps): policies.google.com/privacy
Setmore (Full Slate Inc.): setmore.com/privacy

Back to home