Studio Bottoni

Take the initiative: contact us!

It only takes a few seconds, and you choose how to get in touch.

You can write to us using the form on this page, send us an email or give us a call.

We are just a few seconds away from you and the answers you want. Take the initiative.

Where we are

Let's talk!

To contact us by telephone or to arrange a meeting, here are our contact details.
In Varese, our telephone number is
0332 488 910.
Would you like to speak to our Milan office? Call
02 404 51 29

Questions?

For general information, please use the form on this page or send a message to info[@]studio-bottoni.it

Get in touch!

Join us!

Join our team. Submit your application in just a few moments using this form.

Privacy Privacy

TITLE I – DATA CONTROLLER

Company Name: Studio Bottoni s.r.l., in the person of its pro tempore legal representative (hereinafter referred to as the ‘Controller’).

Registered Office: Via Vittorio Veneto, 3, Varese – 21100 VA, Italia.

VAT number: IT03071720126.

Contact details: telephone: 0332 488910 – Email: info@studio-bottoni.it.

TITLE II – PREAMBLE

CHAPTER A –PURPOSE OF THE POLICY

This document refers exclusively to the website https://studio-bottoni.it (hereinafter referred to as the ‘Website’).

Please note that all information provided on our Website is relevant and valid only for the latter and not for other websites that may be consulted by the User through links on the platform. The Data Controller has no control over these sites or the procedures they apply to ensure data confidentiality and, therefore, we suggest that you consult the privacy policies of all parties with whom you come into contact before communicating personal information.

This document is intended to inform the User about what data we collect, how we process it, to whom we transmit it, for what purposes it is collected and on what legal basis.

The above is in implementation of the applicable provisions on the subject – Italian, EU and Swiss – by way of example, reference is made to: EU Regulation 2016/679 (GDPR); the Italian Privacy Code (Codice Privacy), the provisions and guidelines of the Data Protection Authority (hereinafter also referred to as “GPDP” for brevity).

CHAPTER B – TO WHOM THIS INFORMATION IS ADDRESSED

To the User, i.e. You also referred to as the Data Subject, the person who consults the website, whether a natural person or a person acting in the name and on behalf of legal persons, providing personal data.

CHAPTER C- CHANGES

The Data Controller reserves the right to make changes to the Website and to the information published anywhere on the Website at any time. When consulting the Website, the User must always refer to the published text as the current version.

The changes will become effective when they are published on the Website. Continued use of the Website by the User following a change will be considered acceptance of such changes.

All Users may check the latest version of the Policy, as updated from time to time by the Data Controller, at any time by connecting to the Website.

This Privacy Policy is updated as of 01.09.2025

TITLE III – WHAT DATA DO WE PROCESS AND WHY?

The User assumes responsibility for the personal data of third parties published or shared through this website and guarantees that they have the right to communicate or disseminate it, releasing the Data Controller from any liability to third parties.

CHAPTER A -BROWSING DATA

The computer systems and applications dedicated to the functioning of the Website may collect, during Users’ navigation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow Users to be identified. The data collected includes: the Internet Protocol (IP) address used to connect your computer to the Internet, browser type, location, model and time zone of your device, parameters of the device used to connect to the site, name of the Internet service provider (ISP), date and time of visit, web page of origin of the visitor (referral) and exit, possibly the number of clicks, etc. and other parameters relating to the operating system and IT environment used by the User.

Our site collects some of this data and, in some cases, also through cookies (for more information, please refer to the Cookie Policy) for the following purposes:

  • Security or compliance with legal obligations

in relation to access to systems. The data may be communicated to the competent authorities, upon their request, for security reasons and in the public interest.

To comply with any type of obligation contemplated and provided for by current laws, regulations, related regulations and commercial practices, in particular, in tax/fiscal matters.

LEGAL BASIS: (for EU Users) Art. 6, para. 1, letter c) GDPR, execution of pre-contractual measures taken at the request of the Data Subject.

NATURE OF THE PROVISION: necessary.

STORAGE PERIOD: the data collected is processed for the time necessary to fulfil the aforementioned purposes and in accordance with the law, in any case for a period not exceeding that dictated by civil law, i.e. for 10 years.

  • Technical/Functional

to make the website usable, enabling basic functionality because the website cannot function properly without these cookies. For more information on which ones we use, please refer to the cookie policy in the section on Technical/Functional Cookies.

DATA COLLECTED: Usage data collected with cookies.

LEGAL BASIS: Performance of a service, contract or pre-contractual measures, Article 6(1)(b).

NATURE OF PROVISION: Provision is necessary to make the site and the service requested by users usable.

STORAGE PERIOD: in accordance with the storage terms of the tracking systems indicated in the Cookie Policy.

  • Statistics

to collect aggregate information on the number of Users and how they visit the Website, therefore for statistical purposes. For more information on which ones we use, please refer to the cookie policy in the section on Statistical Cookies.

DATA COLLECTED: Usage data collected through cookies

LEGAL BASIS: consent pursuant to Article 6(1)(a) of the GDPR.

NATURE OF PROVISION: optional, consent is given by the User via the cookie information banner.

STORAGE PERIOD: according to the storage terms of the tracking systems indicated in the Cookie Policy.

SECTION B – DATA PROVIDED VOLUNTARILY BY THE USER

The Website may collect other personal data in addition to browsing data, in the event of voluntary use by the User of the services offered by the portal, such as: contact forms, application forms.

When the provision of data is necessary, this is marked with an asterisk; conversely, all other provisions are optional but, if provided, will allow the Data Subject to be contacted by other means.

This data will be used to provide the requested service and also for other purposes, including marketing and profiling where provided for by specific legal bases.

You may provide data through the following areas of the Website:

  • Through the contact area

This allows the User to send requests to the Data Controller through the form, as well as to receive commercial offers with specific consent where the check box is present.

DATA COLLECTED: common data such as name, surname, e-mail address and telephone number.

Provided for the following purpose.

Management of requests

in order to process requests made by Users.

BASE GIURIDICA: Esecuzione di un servizio, di un contratto o di misure precontrattuali, tra cui preventivi, art. 6, par. 1, lettera b)

NATURE OF THE PROVISION: The provision of data marked with an asterisk is necessary to process requests; other data is optional.

STORAGE PERIOD: for the time necessary to process the request or for the period of validity of the quotation agreed between the parties. Conversely, when data is collected for purposes related to the execution of a contract between the Data Controller and the User, it will be retained until the execution of that contract is completed, and consequently for 10 years from the last registration pursuant to Article 2220 of the Italian Civil Code.

  • Through the contact area defined as ‘apply now’

Allows the User to contact the Firm by email to submit their application.

DATA COLLECTED: email address in addition to that provided voluntarily by the User when making contact.

Although only ‘common data’ is requested for the submission of the application, the User may also voluntarily provide data belonging to the special categories referred to in Article 9 of EU Regulation 2016/679 (i.e. data revealing the state of health and racial and ethnic origin of candidates for the establishment of an employment or collaboration relationship). The candidate is informed that such data will only be collected if justified by specific and legitimate purposes and if necessary to establish the relationship because it is relevant for the assessment of the professional aptitude of the data subject. The processing will take place within the limits in which the acquisition of such information is strictly necessary for the establishment of the employment or collaboration relationship; therefore, data not necessary for the purposes of assessing professional aptitude will be immediately deleted (in accordance with the provisions of the GDPR and Article 1.4. 1 of the Annex to Provision No. 146 of 5 June 2019, containing the requirements relating to the processing of special categories of data of the GPD).

Provided for the following purposes.

  • Legal obligations

To fulfil the obligations and exercise the specific rights of the data controller or data subject in relation to labour law and social security and social protection.

LEGAL BASIS: Legal obligation under Article 6(1)(c).

NATURE OF THE PROVISION: The provision of data is necessary.

  • Processing of job applications

Responding to requests sent by the User via online application, evaluation of profile, aptitudes and professional skills, recruitment and selection of personnel for the establishment of an employment or collaboration relationship with the Data Controller.

LEGAL BASIS: Performance of a service Art. 6, para. 1, letter b) of the GDPR.

NATURE OF THE PROVISION: The communication of such personal data to the Data Controller is a necessary requirement for the evaluation of your application for employment, prior to the establishment of any contractual employment and/or collaboration relationship with the firm. Failure to communicate your data will therefore make it impossible to evaluate your application for employment and, consequently, to establish any contractual employment and/or collaboration relationship with the firm.

  • By contacting us directly at the addresses indicated in the footer.

Allows the User to send requests to the Data Controller via the contact details indicated in the footer.

DATA COLLECTED: those provided by the User spontaneously when contacting us.

They are collected for the following Purpose:

To process requests

The data is provided for the purpose of managing and processing requests.

LEGAL BASIS: Performance of a service, contract or pre-contractual measures, Article 6, paragraph 1, letter b).

NATURE OF PROVISION: The provision of data is necessary to process requests.

STORAGE PERIOD: for the time necessary to process the request or for the period of validity of the quote agreed between the parties. Conversely, when data is collected for purposes related to the performance of a contract between the Data Controller and the User, it will be retained until the performance of that contract is completed, and consequently for 10 years from the last registration pursuant to Article 2220 of the Italian Civil Code.

TITLE IV – METHODS OF PROCESSING

The processing of personal data communicated by Users is carried out by means of the operations indicated in Article 4(2) of the GDPR, namely: “collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, communication, erasure and destruction of data”.

The Firm operates in full compliance with the Professional Code of Ethics, processing the data of Data Subjects in accordance with the obligations of professional secrecy and personal data protection, as provided for by current legislation and pursuant to Art. 10 of the Professional Code of Ethics. Our Firm maintains absolute confidentiality and secrecy of the information acquired in the exercise of its profession and does not disclose it to anyone, except in cases where we have the right or duty to communicate it in accordance with the law. The information acquired in the exercise of the profession is not used to obtain any personal advantage for the professional or third parties, and we ensure that the duty of confidentiality is also respected by our trainees, employees and collaborators.

The data of data subjects (users) is processed using tools and procedures that guarantee a high level of security and confidentiality, pursuant to Article 32 of the GDPR, by specifically authorised persons, in compliance with the provisions of Article 29 of the GDPR, and may be carried out either through our website or through other electronic means, and sometimes also by telephone or with the aid of paper documents. In particular, our website has an SSL certificate and uses the HTTPS protocol to make personal data more secure. By using this protocol, transactions and data transmitted on websites are carried out with maximum security and the content of the communication is not read or manipulated in any way by third parties.

TITLE V – RECIPIENTS AND DATA TRANSFER

The Data Controller processes Users’ data in compliance with the obligations of personal data protection provided for by applicable legislation. The Data Controller ensures that the duty of confidentiality is also respected by its trainees, employees and/or collaborators and guarantees that your data will not be disclosed to unspecified parties by making it available for consultation.

SECTION A – RECIPIENTS

In relation to the purposes indicated above, personal data is communicated, meaning that it is disclosed to one or more specific parties, to the following parties:

  • Authorised persons

Collaborators or other personnel authorised to process data (for example: administrative, commercial and accounting personnel, system administrators) to the extent necessary to perform their duties at the Data Controller, subject to a letter of appointment as authorised persons imposing the duty of confidentiality and security.

  • External processors

Subjects appointed as external processors pursuant to Article 28 of the GDPR, including those who provide services for the management of the information system used by the Data Controller and telecommunications networks (e-mail, newsletters, website management, hosting, etc.) or freelancers, firms or companies providing assistance and consultancy services (lawyers), our consultants, within the limits necessary to perform their duties with the duty of confidentiality and security. The following are indicated:

– The website is hosted by Aruba, located in Italy

– For the management of cookie consent on the website, we use CookieYes provided by CookieYes Limited, located in the United Kingdom.

– For the development of the website, we use the services provided by Elementor Ltd., located in Israel, and Automattic Inc (WordPress), located in the United States

– For the display of the website’s fonts, we use Google Fonts tools provided by Google LLC or Google Ireland Limited, located in Ireland and the United States. Adobe Fonts provided by Adobe, located in the United States.

– For spam protection, we use reCAPTCHA provided by Google LLC or Google Ireland Limited, located in Ireland and the United States.

– For website statistics, we use Matomo Analytics provided by InnoCraft Limited, located in New Zealand.

  • Independent Data Controllers

Entities operating in complete autonomy as separate Independent Data Controllers, who need to access the data for purposes ancillary to their relationship with the Data Controller (for example, companies that carry out commercial investigations on behalf of the Data Controller).

Public or private entities that may access the data pursuant to regulations and legal provisions, or to whom we are obliged to communicate data, within the limits provided for by these, such as:

– judicial and tax authorities (e.g. for accounting or tax reasons, etc.) if there is a legal obligation to notify them;

CHAPTER B – TRANSFER

The Data Controller relies exclusively on certified service providers, transferring personal data to them only when strictly necessary within the limits of the performance of their duties, after checking compliance with confidentiality and security obligations. Some of the suppliers, already listed in Title V, Chapter A of this policy, are established:

  • In the EEA

Those countries belonging to the European Economic Area (EEA, i.e. EU + Norway, Liechtenstein, Iceland).

  • Outside the EEA

Those countries whose adequacy is recognised by a decision of the European Commission (Article 45 of EU Regulation 2016/679), namely:

– in the United States to third parties that have adhered to the Data Privacy Framework,

– in Israel under European Commission Adequacy Decision 2011/61/EU.

– in New Zealand under European Commission Adequacy Decision 2013/65/EU.

– the United Kingdom under European Commission Implementing Decision 2021/1773.

Transfers are authorised and no further consent is required, as they are carried out in accordance with the applicable legal provisions and, in particular, in accordance with Articles 44 – 45 – 46 – 47 – 48 and 49 of the GDPR and other applicable legal provisions.

The Data Subject may request further information by writing to the following email address: info@studio-bottoni.it

TITLE VI – DATA RETENTION PERIOD

In accordance with the principles of lawfulness, purpose limitation, storage limitation and data minimisation, pursuant to Article 5 of the GDPR, the retention period for Users’ personal data is set for a period of time not exceeding the achievement of the purposes for which it is collected and processed, i.e. for the entire duration of the fulfilment of the aforementioned purposes.
For more information, please refer to Title III of this Policy (what data we process and why)

At the end of the retention period, the Personal Data of the Data Subjects will be deleted from all physical and IT media (registry/database) of the Data Controller.

TITLE VII – USER RIGHTS

CHAPTER A – WHAT ARE YOUR RIGHTS

Below are your rights. In any case, we invite you to always notify us of any changes to your personal data so that we can ensure that the data collected is accurate and up to date.

  • Access

Access your data as provided for in Article 15 of the GDPR.

  • Rectification

Request to modify your data as provided for in Article 16 of the GDPR.

  • Erasure

Request erasure, in accordance with Article 17 of the GDPR.

  • Restriction

Request that your data not be further processed and no longer be modified pursuant to Article 18 of the GDPR. We would like to point out that the collection of website navigation data, so-called technical or functional cookies (limited to those collected to make the website usable, enabling only basic functionality) are essential for the functioning of the website itself. Users, therefore, have no right to restrict such processing.

  • Portability

to receive personal data concerning them, which is processed by automated means, in a structured, commonly used and machine-readable format and to transmit it to another Data Controller or to transfer it directly, pursuant to Article 20 of the GDPR.

  • Object

The right to object to the processing of data concerning them and to the sending of advertising material, direct sales and market research, pursuant to Article 21 of the GDPR.

  • Complaint

The right to lodge a complaint or report to the Data Protection Authority as the supervisory authority for the protection of personal data, or to appeal to the Judicial Authority.

SECTION B – HOW YOU CAN EXERCISE YOUR RIGHTS

You may exercise the above rights by sending a request to Studio Bottoni, pursuant to Article 38 of the GDPR, to the following email address: info@studio-bottoni.it

The Data Controller will confirm receipt of your request and provide information on the action taken, with reference to the exercise of your rights under Articles 15 to 22 of the GDPR.

If the Data Controller does not comply with the User’s request within 1 (one) month of receiving the request, the User will be informed of the reasons for the non-compliance and will be informed of the User’s right to lodge a complaint with the Supervisory Authority (Guarantor for the protection of personal data – GPDP), as specified in accordance with Article 13, paragraph 2, letter (d) and governed by Articles 77 et seq. of the GDPR and 141 et seq. of Legislative Decree 196/2003, as amended by Legislative Decree 101/2018. 101/2018.

TITLE VIII – DEFENCE IN COURT

The User’s Personal Data may be used for the defence by the Data Controller in court or in the preparatory stages of any legal proceedings, in the event of abuse or violations committed by the User. The User also declares that they are aware that the Data Controller may be required to disclose the Data at the request of public authorities.

TITLE IX – MINORS

The Data Controller does not intentionally collect data rom minors under the age of 18 through the Website.