Privacy policy

As an organisation of professionals interested in the evolution of law in the metaverse, privacy and security issues are very important to us and we believe that the personal data of every individual should be treated ethically and responsibly. 

This policy defines:

  • The type of personal data we may collect from you;
  • How and why we use your personal information; and
  • Your rights and choices regarding your personal data.

The current legislation on the processing of personal data, defined in accordance with the provisions contained in the EU Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, hereinafter “GDPR”) and in (the Italian) Legislative Decree 196/2003 and subsequent amendments and additions, contains provisions aimed at ensuring that the processing of personal data is carried out in compliance with the fundamental rights and freedoms of natural persons, with particular regard to the protection of personal data.

Data Controller

Riccardo Traina Chiarini, with registered office in Via Broccaindosso 32, 40136 Bologna (Italy), is the Data Controller (hereinafter “the Controller”) for the personal data processed during the navigation and use of the website, metaverselaw.pro (hereinafter “the Site”), Site of which he is the owner.

The Controller reserves the right to update this Policy (hereinafter “the Policy”) at any time and to inform users through the most appropriate means. For any further information or questions you may contact us at the following email address: privacy@metaverselaw.pro.

What personal information we process

We collect various types of information, including information that identifies you or could identify you as an individual (“Personal Information”) as explained in more detail below.

Subscription and contact details

Your subscription to the newsletter will enable you to receive our periodic communications. The data we ask you for is your name and email address.

Data collected through cookies

We use technical, functional and profiling cookies to facilitate your navigation on the Site. For more information on the use of cookies, please read our cookie policy.

Navigation data

The Site uses tools to monitor users’ visits to individual pages of the Site. The data collected (such as the IP address of the device from which you connect to the Site), in the absence of other related data, do not allow your identification, as they are aggregated data for statistical and visit analysis purposes only (geographical location, type of access device, time spent on individual pages, etc.).

Data you voluntarily provide us with

The sending of further personal data on your part implies its inevitable acquisition by the Controller and its subsequent processing to respond to the requests received. Therefore, if you prefer not to have your data collected by the Controller, we invite you to provide only the personal data that is strictly necessary and/or requested.

Purposes and legal bases

Personal data are processed by the Controller within the limits and for the sole purpose of providing the services accessible through the Site and its suppliers. The legal basis on which your personal data is processed differs depending on the purpose. In some cases we may have to request express consent, in others the processing may be for the legitimate interest of the Controller. Where the intended legal basis is consent, you have the right to withdraw it at any time. 

The data collected and processed is used:

  • To communicate with us: we may collect any personal information that you choose to send or provide to us, such as your name and email, or others that you provide in your messages. For example, if you contact us through the Site via the form or by writing directly to our email addresses or social profiles, we will keep a record of our correspondence. The legal basis for such processing in this case may be our legitimate interest in providing you with a better response to your questions and needs or the need to enter into a pre-contractual phase if you are interested in our services or wish to participate in our events.
  • To subscribe to our newsletter: we will keep and process your name and e-mail address in order to send you our newsletter, from which you can unsubscribe at any time by clicking on “Unsubscribe” at the bottom of the message. Subscription to the newsletter involves processing of your personal data, which is possible with your express consent, which is always revocable (Art. 6.1.a GDPR).

Information we collect automatically:

  • When you use our Site: when you visit our websites, we collect certain information about your device, such as your device’s IP address, the pages your device visited and the time your device visited our website, for statistical purposes.
  • Information collected by cookies and other similar technologies: We use various technologies to collect information which may include storing cookies on users’ computers.

These actions constitute processing of your personal data based on our legitimate interest to know how many people visit our website and to limit unlawful intrusions in order to protect our services and infrastructure while respecting your fundamental rights (Art. 6.1.f GDPR).

Method of processing

All personal data shall be processed mainly by electronic means and methods, but processing by paper means is not a priori excluded.

Processing will be carried out exclusively by persons duly authorised in writing by the Data Controller, in compliance with the provisions of current legislation.

The same data will be stored in a form that allows the user to be identified only for the time strictly necessary to achieve the purposes for which such data were originally collected and, in any case, within the limits of the law.

Period of data retention 

Depending on the type of data you provide us with and the purpose for which it is processed, we may retain it for different periods. However, your data will not be processed beyond the period necessary to achieve the purposes stated above.

We will retain:

  • data from communications you have with us until 12 months after our last communication, unless we have a legitimate interest in retaining it (e.g. the need to defend ourselves in court);
  • your personal data for receiving the newsletter up to six months after your unsubscription request. You can unsubscribe at any time by clicking on the appropriate link in the emails we send you;
  • data obtained through cookies follow the timeframes indicated in our cookie policy;

After the expiration of the aforementioned time periods we may continue to process your data in aggregate for statistical or other reasons required by law.

To whom your information will be disclosed

We may share your information with third party vendors, consultants and other service providers that we employ to perform activities on our behalf.

Your personal data may be disclosed to third parties, such as law enforcement agencies and other authorities, where required to do so by law or order of the competent authority.

If you want to know who our suppliers are, you can write to us at privacy@metaverselaw.pro.

Who will process your personal data

Your data will be processed by:

  • the Data Controller;
  • employees and collaborators of the Controller in their capacity as data processors, specifically appointed and instructed pursuant to Art. 29 of the GDPR;
  • suppliers, and their employees and associates, in their capacity as data processors, specifically appointed and instructed pursuant to Article 28 of the GDPR;
  • partners of the Data Controller in their capacity as autonomous data controllers;
  • Authorities and law enforcement agencies as required by law.

The processing may take place using both computerised and manual procedures and your personal data will be stored, under the supervision of security measures suitable to counter the risk of destruction, loss, modification or unauthorised disclosure of the same, in the Data Controller’s databases.

Transfer of data to third countries

The Data Controller reserves the right to transfer your personal data to a third country on the basis of the European Commission’s adequacy decisions or on the basis of the appropriate guarantees provided for in the applicable legislation.

Your rights

The Regulation expressly recognises certain rights that may be exercised by you and in particular the

  • right of access: by obtaining confirmation from the Controller as to whether or not data relating to you are being processed and, if so, by receiving information on all the elements characterising the processing;  
  • right of rectification: obtaining from the Controller without undue delay the amendment and updating of inaccurate data concerning you
  • right to erasure: obtaining from the Controller the erasure of your data without undue delay when:
    • (a) such data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    • b) you decide to revoke one or more of the consents on which certain processing operations are based, if the Controller cannot rely on any other legal basis under current legislation
    • c) you object to the processing of your data for marketing and/or profiling purposes;
    • d) your personal data have been unlawfully processed by the Controller;
    • e) your personal data must be deleted in order to comply with a legal obligation to which the Controller is subject;
  • right to restriction of processing: obtaining from the Controller the suspension of processing when:
    • a) you contest the accuracy of your personal data, for the period necessary for the Controller to carry out the necessary verifications;
    • b) the processing is unlawful and you decide to object to the deletion of your data, requesting instead that its use be restricted;
    • c) although the Controller no longer needs the data for the purposes identified above, the data are necessary for you to ascertain, exercise and/or defend a right of yours in court.
  • Right to portability: by receiving in a structured, commonly used and machine-readable format the personal data you have provided to the Controller, including by obtaining their direct transmission by the Controller, if technically feasible, to another data controller, in compliance with the conditions set out in the Regulation;
  • right to object: by objecting to the processing of your data for the purposes of statistical or aggregate analysis, for reasons related to your particular situation, carried out by the Controller by virtue of its own legitimate interest
  • right to withdraw consent: by withdrawing one or more of the consents you have previously given, it being understood that the processing carried out up to that point by the Controller will remain fully lawful.

The rights listed above may be exercised at any time, freely and without difficulty, by making a request to the Data Controller

  • at the e-mail address privacy@metaverselaw.pro.
  • or by post to:

Riccardo Traina Chiarini,

Via Broccaindosso 32, 40136 Bologna (BO), Italy 

If you are not satisfied, you can assert your rights by contacting the Italian Data Protection Authority, which can be reached at garanteprivacy.it.

 

Information updated on 21/10/2022