Privacy Notice

This information is provided pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter the “GDPR”).

1. Data Controller

The Data Controller is Boffa & Associati, which can be contacted at its registered office at Via Toniolo 1, 31100 Treviso (TV) or by email at

2. Categories of data processed

A) Browsing data

The computer systems and software procedures used to operate this website collect some personal data whose transmission is implicit in the use of Internet communication protocols.
This data category includes the IP addresses and domain names of the computers and terminals used, the URI/URL (Uniform Resource Identifier/Locator) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the user’s computer environment.
These data are necessary to use web services. They are also used to collect statistical information on the use of the site, to monitor its proper functioning and to improve its use.

B) Data provided voluntarily by the user

Sending electronic mail to the addresses indicated on the site is optional, explicit and voluntary. When you do so, your email address and any other personal data included in the message will be collected.

C) Cookies

Read the Cookie Policy here.

3. Purpose of data processing

Browsing data will be used to facilitate browsing, verify the proper operation of the site, improve its functionality and for statistical purposes. The data you provide voluntarily will be used to respond to specific requests you make.

4. Legal basis of processing

The data you provide voluntarily are processed on the basis of the consent you provide. Consent to the collection and processing of data is optional and can always be revoked. However, if you deny or withdraw consent, we may be unable to provide certain services.
Browser data are processed on the basis of the Data Controller’s legitimate interest to allow browsing on the site and to ensure its proper functioning. If you refuse to provide browsing data, you may be unable to use all or part of the site.

5. Retention period

Personal data will be stored for the time strictly necessary to achieve the purposes for which they were collected. Once the purpose for the processing has been achieved, and if you exercise your right to object to processing, or if you withdraw consent, the Data Controller will still be entitled to retain the personal data further for the purposes permitted by the GDPR (e.g., comply with current regulations, prevent fraud, collect outstanding payments, assist with investigations and take other action permitted by law).

6. Recipients

The Data Controller may share the data collected with third parties for the purposes specified above. If these recipients process data on behalf of the Data Controller, they will be designated as data processors.

7. Data transfer to third countries

The personal data collected will not be transferred to third countries outside Europe.

8. Rights of the data subject

Pursuant to Articles 15–22 of the GDPR, as the data subject, you have the right to obtain access to, rectification, erasure and restriction of processing of your personal data. You also have the right to object, at any time, to the processing of your personal data and the right to have your personal data ported. If you request data portability, the Data Controller will provide you with the personal data concerning you in a structured, commonly used and machine-readable format, within the limits provided for by Article 20 of Regulation (EU) 2016/679.
You also have the right to withdraw consent to the processing of your personal data at any time, but only in cases where the processing is based on consent for one or more specific purposes, and where processing concerns common personal data (e.g. date and place of birth or place of residence), or particular categories of data (e.g. data revealing racial origin, political opinions, religious beliefs, health status or sex life). However, processing based on consent that was done prior to the withdrawal of consent remains lawful.
Without prejudice to any other administrative and judicial remedy, if you, as the data subject, consider that the processing of data concerning you infringes the provisions of the GDPR, you have the right to lodge a complaint with the supervisory authority (Personal Data Protection Authority –
To exercise these rights, contact the Data Controller by email at, or by registered post to the following address: Via Toniolo 1, 31100 Treviso (TV), Italy.