Privacy Policy

1. This privacy policy has been prepared by Studio Holzmiller & Partners in accordance with Article 13, EU Regulation 679/2016.

Studio Holzmiller & Partners is aware of how important it is to protect its clients’ data and therefore it strives to be clear regarding the method of collecting, processing, disclosing, transferring and storing personal data. Studio Holzmiller & Partners guarantees that it complies with legislation regarding personal data protection and protection of the individual, and would like to inform you that the personal data provided by data subjects, via the various collection channels, directly or indirectly managed by the Data Controller, or acquired from third parties in accordance with the law, will be processed lawfully, in a relevant manner and correctly, in accordance with the principles set out in EU Regulation 679//2016. Studio Holzmiller & Partners would also like to inform you that the data you provide will be processed in accordance with Article 13, EU Regulation 679/2016 in force and in application on 25/05/2018 for the processing activities carried out in its operating locations.

2. Data Controller, Data Processor and categories of individual tasked with processing data.

The Data Controller, that is, the entity that makes decisions regarding the methods and purpose of processing, is Studio Holzmiller & Partners, with registered office in Via Vittor Pisani, 28 – 20124 Milan, VAT and tax reference no.: 03917270963 (“DATA CONTROLLER”).
Studio Holzmiller & Partners’ Data Processor is Enrico Holzmiller and you can contact him at Via Vittor Pisani, 28 – 20124 Milan or via e-mail at:

Within Studio Holzmiller & Partners, the data concerning you will be processed by staff who are authorised under the direct authority of the Data Processor. As well as Studio Holzmiller & Partners employees, third-party entities may also process your personal data. Studio Holzmiller & Partners entrusts certain activities (or parts of them) to these third-party entities that are connected or instrumental to processing data or provision of services offered. If this happens, these entities will operate as autonomous Data Controllers, Joint Data Controllers, or Data Processors or individuals authorised to process data will be appointed. The updated list of all individuals authorised to process personal data is available and can be viewed at Via Vittor Pisani, 28 – 20124 Milan.

3. Types of data processed

3.1 Personal and identification data
Our website, will request and process solely and exclusively personal data and not special categories of personal data. By personal data we mean any information concerning a natural person, identified or identifiable, even indirectly, by referring to any other information, including a number of types of personal information. Identification data is the personal data which allows a data subject to be directly identified (such as, name, surname, e-mail address, address, telephone number, etc.).

3.2 Navigation data
The IT systems and software procedures used to make this site work will automatically collect, during normal use, some personal data which will then be sent implicitly by using internet communication protocols. This is information which by its nature could, by associating it and studying it with data held by third parties, allow a user/visitor to be identified (e.g. IP address, computer domain names used by users/visitors who link to the site, etc., addresses in URI – Uniform Resource Identifier – notation, the resources requested, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the reply (successful, error, etc.) ) and other settings relating to the user’s operating system and computer. These data will only be used to collect statistical information and to check whether the website is working correctly. Normally, they are deleted immediately after being studied. They may be used to ascertain responsibility in the event that damage is caused to the site or offences are committed via the network.

3.3 Data provided voluntarily by the user
If users/visitors using the website or via any other written or verbal form of communication, send their personal data to access particular services, or, to make requests via e-mail, these data will be acquired by Studio Holzmiller & Partners and/or third parties with whom Studio Holzmiller & Partners may provide the service requested by the user/visitor; these data will only be processed to respond to the request, that is, to provide the service in accordance with this Policy. The personal data expressly provided by users/visitors will be communicated to third parties only if it is necessary to communicate them to comply with the requests of the users/visitors. Completing the “registration”, “contact us” or “newsletter” pages or sending a request by any means, means data will be acquired and stored into our system memory. The information will be protected by an authentication system and will only be accessible by persons who possess the appropriate login credentials. Requests for information via e-mail will mean that the user’s e-mail address will be stored, which is necessary to allow us to respond to the user’s request. This includes data stored in the message. If data on paper are processed, the necessary precautions will be adopted to limit access only to authorised persons.

3.4 Cookies
Details are set out in our cookie policy.

3.5 Defending legal action
A user’s personal data may be used by the Data Controller to defend legal action taken against it in court or in preparing for legal action in court, to defend against abusive use of the system or connected services. Data may be used to ascertain responsibility in the event of computer offences being committed which damage the site.

3.6 Maintenance
A user’s personal data may be processed using additional methods and for additional purposes connected with system maintenance.

4. Purpose of processing

Personal data voluntarily provided will be processed for the following purposes, until the user objects to its processing:

  • navigation on this website;
  • contact requests, to send information you have requested; a user may contact the practice using the telephone numbers and e-mail addresses located in the “Contacts” section, where a user can find reference points for individual departments. Receiving spontaneous communication from a user will require the Data Controller to acquire the user’s name and/or e-mail address. The purpose of collecting these data is to provide information regarding the services provided. The user’s request will be provided after receiving consent from the user.
  • registering for newsletters; a user who wishes to stay up-to-date with the practice’s activities may enter the data requested in the related form (mandatory data fields are marked by an asterisk). The information requested will only be processed for the purpose of providing the requested service. If these data are not provided, the Data Controller cannot fulfil the user’s request. Processing requires the use of computer tools. For more information, please see the information at the bottom of the registration form. A user can express his or her consent on the basis of this information.
  • completing data collection forms in dedicated areas in which a user can enter requested data; forms requesting data are accompanied by specific information regarding requests for consent.

5. Location of processing

The collection and subsequent processing of data will be carried out by the Data Controller at the offices of Studio Holzmiller & Partners and by businesses the practice engages and also through the practice’s website in accordance with current security measures and legal provisions regarding the processing of personal data.

6. Method of processing and Period of storage

Processing will be carried out using automated means (e.g. using electronic procedures and formats) and/or manually and will be stored for the period necessary to achieve the purpose for which the data were acquired. Personal data and special categories of personal data, required to meet legal obligations may also be stored for a period greater than that indicated, to comply with these obligations regarding storage periods.

7. Communication and disclosure

The data processed are exclusively of a personal nature and are not to be disclosed. Data will be transferred to third parties to comply with legal or regulatory obligations (institutions, law enforcement agencies, courts, etc.) or for activities directly or indirectly connected with the relationship established. These include, but are not limited to:

  1. Entities that need to access the data subject’s personal data for purposes regarding the relationship with the Data Controller (banks, financiers, couriers, etc.);
  2. Consultants and partners, within the limits necessary to carry out the task conferred by the Data Controller;
  3. Studio Holzmiller & Partners’ subsidiary and/or associated companies or companies that are in any way connected with the practice (and its subsidiaries) which may access the data, within strict limits that are necessary to carry out the activity set out by their company purpose.

The data may be communicated to entities operating within the European Union, or in countries that guarantee the same level of protection set out by GDPR and by agreements in force with the EU. Processing will also be carried out beyond the end of the principal relationship, in accordance with legal and regulatory provisions which govern the conservation of documents, and, where expressly authorised, to allow future relationships to be established and to guarantee the historicisation of data, including in the interests of the client and, in any case, they will be checked annually. As part of the Data Controller’s organisation, a data subject’s personal data may be processed by various organisational departments.

8. Consent – Article 7, EU Regulation 679/2016

Consent given by you via computer is solely and exclusively for Studio Holzmiller & Partners.

With regard to navigating this site, the provision of data is connected with the user’s desire to navigate this site after viewing the privacy policy shown in the banner that appears on the homepage. It should be noted that to avoid cookies being installed, it is necessary not to close the above banner by clicking on “I understand”, or by using appropriate function offered by the browser used to navigate the site.

9. Modifications to the privacy policy

This privacy policy may be modified over time – including if new legislation and/or regulations enter into force, if new services are to be provided or if new technological innovations require it – and the user/visitor will be invited to view the modified privacy policy.

10. Data subject’s rights

You may exercise your rights as a data subject as set out in Articles 12, 15, 16, 17, 18, 19 and 20 of EU Regulation 679/2016 by contacting the Data Processor at our office on +39 02 673 977 101 or by sending an e-mail to or by writing to Studio Holzmiller & Partners, Via Vittor Pisani, 28 – 20124 Milan or by contacting the Data Protection Officer at

In accordance with the above articles, a data subject may exercise the following rights: the right to obtain confirmation as to whether or not personal data concerning him or her are being processed and if so, to obtain access to the personal data; the right to rectification, the right to erasure, the right to limitation; the right to portability. Moreover, the Data Controller will cease processing when he or she receives communication that revokes consent previously given.

If you need to contact the Data Controller, please provide your e-mail address, your name, address and/or telephone number to allow your request to be dealt with correctly.

10.1 Complaints to the supervisory authority

Data subjects have the right to lodge a complaint with the supervisory authority in the event that his or her requests for information sent to the Data Controller do not receive a satisfactory response.

The reference authority is Garante per la Protezione dei dati personali [Italian Data Protection Authority]

11. Modifications to the privacy policy page

The Data Controller reserves the right to modify, update, add or remove parts of this privacy policy page at its discretion and at any time. Affected persons are required to periodically check for any modifications. To facilitate this check, the privacy policy will show the date on which it was last updated. Use of this site, following publication of modifications, will constitute acceptance of the modifications.

Version 01 – 06/07/2019

The Data Processor
Enrico Holzmiller

Studio Holzmiller & Partners