Privacy Policy

Article 13 of Reg. EU 2016/679 (GDPR)

Before providing us with any personal data, we suggest you carefully read this information provided pursuant to Article 13 of EU Regulation 2016/679 (GDPR) on the protection of personal data to find out what data we process, for what purposes, what denial of data entails and your rights in this regard.

Data Controller

The controller of your data is Studio Brevetti Turini Srl, Viale Matteotti, 25 – 50121 Florence, VAT no.05806260484, email: [email protected], who you can always contact for any doubt or request.

What data we process

You are not required to provide your personal data on the website. 

However, if you decide to browse the website, the computer systems and software procedures used to operate the website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers and terminals used by the persons using the Website, the URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used to submit the request to the server and other parameters relating to the user’s operating system and IT environment. 

This data, which is needed to use the web services, is not kept for more than seven days. 

However, if you decide to contact us or register on the website, you will need to provide us with at least your first and last names and your email address. This information is necessary for us to be able to contact you and provide the requested information or services.If you decide to make use of a service offered through the website, you will need to provide us with all the data necessary to complete the procedure (name, surname, tax code, date and place of birth, residence, billing information). This data is essential for us to be able to offer you the requested service.

How we process the data

Your data is required only for the following purposes:

  1. to respond to your request, to register on the website, or for the full, proper performance of the assignment received (legal basis: contract);
  2. for the fulfillment of tax and accounting obligations, legal obligations or to respond to requests from the authorities (legal basis: legal obligations);
  3. for sending messages containing information relating to the services rendered or updates and news in relation to the matters dealt with by the Data Controller (legal basis: legitimate interest of the data controller).

The processing of personal data for the purposes referred to in points a) and b) is necessary to fulfill contractual obligations deriving from the requested service or from the granting of the assignment and/or to carry out pre-contractual measures adopted upon your request and/or to fulfill legal obligations. It is therefore mandatory to provide your personal data and, if you refuse, we will not be able fulfill and/or accept the assignment. In any case, if it becomes necessary to process sensitive or judicial data, or data that is special in any way, for the above purposes, you will be asked to give your consent. 

The data provided will be processed only for the time necessary to render the requested service or to carry out the assignment and will be kept for a period of 10 years from the conclusion of the service or assignment (for tax purposes, for any professional liability disputes and to meet legal obligations) or from the last contact, in the event that the contract is not concluded or the assignment is revoked or discontinued.

The data requested for the purposes referred to in point c) is processed to exercise the legitimate interest of the data controller in informing customers or potential customers – for the benefit of the interested parties – of any news or initiatives that can be taken in the matters covered by the website and by the Data Controller. The data will be processed until a request is made not to receive the information material, which can be exercised at any time.

Your data is mainly processed in electronic form and minimally on paper. We take care of your data and have adopted the best precautions in order to do so, obtaining ISO27001 and ISO9001 certification.

Your data will not be disclosed, but may only be communicated, for needs related to the purposes indicated above, to persons authorized for processing by the Data Controller and/or to external professionals working with the Data Controller, who have signed undertakings of confidentiality or who are bound by confidentiality due to their profession, and act as data processors (including hosting service providers or other service providers). Within the scope of the aforementioned purposes, your data may also be communicated to persons who operate independently, such as independent data controllers, to carry out the activities necessary for the performance of the requested service (public offices for the filing of patents, trademarks, designs, SIAE, lawyers). You can ask the Data Controller at any time for an updated list of data processors and their contact details.

Your data is processed within the European Union, except in the following cases.

The data sent via the website using the email address, the contact form or the chatbot is managed via the CRM provided by Hubspot Inc., a company based in Massachusetts (USA). We need to process your data with this tool to be able to respond to your requests, register you on the website or for the full, proper performance of the assignment received (legal basis: contract). We cannot guarantee that your data will not be transferred to the USA, where Hubspot Inc. is based, but since this company has adopted SCCs (Standard Contractual Clauses) compliant with those approved by the European Commission (, any such transfer of data would take place pursuant to Articles 44 and 46 of Reg. EU 2016/679. 

The data sent via the website, to make payments by credit card is managed by Stripe Inc., a company based in San Francisco, California (USA). For credit card transactions made by users located in the European Economic Area (EEA), the payment will be managed by Stripe Payments Europe Limited (Stripe) and the payment order will be sent directly to the portal of the bank or financial company you indicated. All data entered during the payment procedure will be kept exclusively by Stripe and the Data Controller will not be able to find out information relating to your credit card or your financial and asset information at any time during the payment procedure. To find out more about the payments managed by STRIPE, we suggest you view the privacy policy published on the website. Although the payment data is managed by Stripe Payments Europe Limited, this company may export the data outside the EEA and communicate it to other companies belonging to the same group and located outside the European Union (such as the USA). In such cases, the data will only be transferred to countries that have obtained an adequacy decision from the European Commission (pursuant to Article 45 of Reg. EU 2016/679) or, in the absence of an adequacy decision, the data is transferred to third countries in compliance with the SCC (Standard Contractual Clauses) which Stripe Inc. has adopted and which comply with those approved by the European Commission (, pursuant to Article 46 of Reg. EU 2016/679. 

In any case, whenever personal data is transferred to countries outside the European Union, within the scope of the purposes referred to herein, the Data Controller will make sure to select suppliers that can guarantee an adequate level of personal data protection by evaluating, among other things, whether the standard contractual clauses (SCC) approved by the European Commission have been adopted. More specifically, the data may be communicated to foreign industrial property offices or to professional firms based in non-European countries that work with the Firm for the purposes of filing trademark, design or patent applications, or other actions with foreign offices, and for the continuation of such actions or the execution of other procedures you may have assigned to the Firm. This is also the case should said foreign states not offer adequate guarantees for the protection of personal data pursuant to Regulation 2016/679 when the transfer is nevertheless necessary for the execution of the task entrusted to us and therefore for the contract and the pre-contractual negotiations (Article 49(1)(b)).

Your rights

With regard to the data you provide, you may at any time exercise the following rights for all or part of the data and/or processing:

  • Right of access (Article 15): you may ask the data controller to confirm whether your data is being processed, access the data and/or obtain a copy of the data concerning you that we process.
  • Right to rectification (Article 16): you may ask for your personal data to be updated, corrected or supplemented.
  • Right to be forgotten (Article 17): if any of the reasons set out in this provision apply, you may request the erasure of your personal data which will be permanently erased by us.
  • Right of restriction (Article 18): if any of the conditions set out in this provision apply, you may request the restriction of the processing of your data. In this case, we will keep your data but it will no longer be processed for other purposes.
  • Right to portability (Article 20): under the conditions set out in this regulation, you may request to receive your personal data in an interoperable format and/or transfer it to another data controller.
  • Right to object (Article 21): you may object to all or part of the processing, specifying the reason, provided there are sufficient grounds for doing so. You may also object to processing for marketing purposes at any time and without needing to provide any justification. In this case, the processing for marketing purposes will cease immediately.

You may revoke your consent to data processing at any time. In this case, processing will cease for all data for which you have revoked your consent, unless there is a different legal basis for the processing, in particular a legal obligation or the contract as referred to above (Right to withdraw consent: Article 7(3)).

These rights may be exercised with a request made informally to the data controller at the above addresses, to which a suitable response will be given without undue delay, and in any case no later than one month from the request.  

If you believe that your rights have been violated, you may also lodge a complaint with the Guarantor for the protection of personal data pursuant to Article 77 of Reg. EU 2016/679.

This information notice may be updated at any time due to changes in our practices. We therefore suggest you view it periodically. In the event of a change, the “Date of last change” at the end of this notice will be updated.

Date of last change 3/9/2023