Privacy Policy

The EU Regulation (EU) 2016/679 on the protection of natural persons regarding the processing of personal data and on the free movement of such data (“GDPR”) contains a set of rules aimed at ensuring that the processing of personal data is conducted in compliance with the fundamental rights and freedoms of individuals.

According to Articles 13 and 14 of the GDPR, the following information is provided regarding the processing of personal data collected while browsing the website (“Site”).



The Data Controller is Avv. Nicola Tilli, at SLT Novastudia, via Quadronno n. 4, 20122 Milan, Italy, can be contacted by message via the “Contact us” section of the Site.



Personal data collected are freely provided by the User (hereinafter also “Data Subject”). Use of the Site’s “Contact Us” form involves the collection and subsequent processing of personal data by the Data Controller (name and email address) to respond to requests. The legal basis is the Data Controller’s legitimate interest, and the data will be stored to fulfill the request. The submission of data is not mandatory, but any refusal of the Data Subject to deliver such personal data will result in the impossibility of the Data Controller to provide the request.

Data may also be used to fulfill obligations under laws, regulations, and EU legislation to which the Data Controller is liable and/or execute orders of Authorities. The legal basis is a legal obligation, and the data will be kept for 10 years or by different regulations.

Data could be processed for a longer period where an act interrupting or suspending the statute of limitations occurs that justifies the extension of the data retention. In addition, data could be used for the legitimate interest of the Data Controller in ascertaining, exercising, or defending a right of the Data Controller in judicial, extrajudicial, and/or other proceedings.



While browsing, some of your data are collected automatically. When you connect to the Site, the computer systems automatically gather some information, the collection of which is implicit in the use of Internet communication protocols. For example, the IP address, the type of browser and device parameters used to connect to the Site, and the date and time of the visit. The processing of this data is necessary for the Data Controller for traffic analysis and to make sure the Site is safe.

On the other hand, about so-called “cookies,” short text files that are stored on your device while you are browsing websites, the Site uses only “technical” cookies, i.e., cookies that are necessary for the Site to function. They are set in response to actions you take that constitute a request for services, like setting privacy preferences.

On the home page, when you first log into the Site, you can see a pop-up banner that contains brief information about the use of cookies. You may not disable cookies used as they are necessary for the Site to function. You could set your browser to block all cookies, but as a result, the Site may not function properly.

On this Site, it is also possible to interact with other external platforms through links that depict social network icons and allow users who are browsing to interact with a “click” directly with social platforms and share content. It is recommended to read the privacy policies regarding data management by the platforms to which the buttons refer (Facebook, Twitter, Google, Telegram).



The processing of personal data is conducted using manual, computerized, and telematic tools with logic strictly related to the purposes stated in this Privacy Policy, including automated tools, and, in any case, in such a way as to guarantee the security and confidentiality of data.

In the execution of the processing operations conducted, the Data Controller may communicate the personal data to:

  • Employees and collaborators, in their capacity as authorized parties or system administrators.
  • Third-party companies or other entities (for example, administrative, accounting, and IT service companies, firms, consultants, etc.) that perform outsourced activities on behalf of the Data Controller.
  • Supervisory bodies, as well as Authorities empowered to do so based on the relevant laws and regulations in force.

If the Data Controller makes use of third parties, they may function as data processors or autonomous controllers, by current legislation on the protection of personal data.

The same security guarantees will be imposed on the data processors as are guaranteed by the Data Controller, and the data processors will be made aware of their responsibilities by the contract as a data controller under Article 28 of the GDPR. Further information can be obtained by contacting the Controller via the ways indicated above.



The Personal Data of Data Subjects are stored on servers located in Italy. Should it become necessary for technical and/or operational issues to use entities located outside the European Union, the transfer of personal data to such entities will be regulated by the GDPR.

In this regard, the Data Controller ensures that non-EU data transfer will be regulated by the provisions of Chapter V of the GDPR and authorized based on specific decisions of the European Union.



Under Articles 15 et seq. of the GDPR, the Data Subject has the right to request from the Data Controller:

  • Access the data and request the rectification of inaccurate Personal Data and the integration of incomplete data.
  • Obtain, in the cases provided for, the removal of the Data (right to be forgotten).
  • Request the restriction of the processing or opposition to the same, when possible.
  • Request portability of Data, to receive in a structured, commonly used, and machine-readable format your Data, including for transmission to another data controller, within the limits provided by Article 20 GDPR.

In addition, the Data Subject may complain to the Data Protection Authority under Article 77 of the GDPR. The Data Subject may at any time exercise all rights granted by Italian and European data protection regulations by message via the “Contact us” section of the Site.


The Data Controller reserves the right to update this policy at any time, informing Users on this page.


Last update: November 3, 2022

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.