1. Data Controller: the legal person which determines the purposes and means of the Processing of Personal Data.
  2. Personal Data: any information relating to an identified or identifiable natural person, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  3. Privacy Policy: this document, containing the policy on Processing of Personal Data.
  4. Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  5. Regulation: Regulation (UE) 2016/679 of April 27, 2016.
  6. Services: request of contacts, request of information for ordering issues, submissions of papers, signing up to the newsletter or leaving a comment, through filling in the form on the Website.
  7. SIPLR: is Stockholm IP Law Review, the Data Controller.
  8. Users: users of the Website.
  9. Website: this website of Stockholm IP Law Review.

Data Controller

The Data Controller of the Processing of Personal Data is Stockholm IP Law Review, with legal seat in Stockholm, Sweden .

Any Users’ request related to the Processing carried out by SIPLR concerning the Personal Data, also in relation to the exercise of the Rights according to the following article 7, shall be addressed to SIPLR via e-mail to the following address: INQUIRIES@STOCKHOLMIPLAWREVIEW.COM.

Processing purposes and legal basis for processing of Personal Data

SIPLR collects and process Personal Data for the following purposes:

  • Allowing a correct use of the Website, essentially through the use of Cookies.
  • Offering the Services to the Users.

Processing of Personal Data for the purpose indicated under lit. b) is necessary for the fulfilment of the requested Services and it is based on the
free, specific, informed and unequivocal consent of the User. The potential refusal of the Client to provide the consent for the processing will impede the fulfilment of the requested Services;

  • Allowing the possibility to receive the newsletter and/or invitations to initiatives organized by SIPRL, on an occasional basis.

This Processing is based on the free consent of the Client and it isn’t necessary for the fulfilment of the Services. The potential refusal of the Client to provide the consent will only impede the Client to receive the newsletter and/or the invitations to initiatives organized by SIPLR.

Means of collection

SIPLR collects the Personal Data through the following means of collections:

  • Personal data automatically collected by the Website through the Cookies;
  • Personal Data provided by the Users, by filling in the forms on the Website to request the Services
  • Personal Data expressly provided by the Users to SIPLR through offline means, such as via e-mail or mail or phone calls.

Categories of recipients of Personal Data

Personal Data may be disclosed and communicated for the purposes indicated in the aforementioned article 3 to: Members of the Board of Directors, members of the Editorial Boards, IT services providers.

Personal Data are not communicated outside of the European Union.

Personal Data retention period

Personal Data are stored by the Data Controller for the time strictly necessary to achieve the purposes for which the Personal Data are collected, as indicated in the aforementioned article 3.

In particular, the Data Controller stores the Personal Data for the entire time necessary to fulfil the activities connected with the requested Services, save the right to withdraw the consent as indicated in the following article 7 lit. a), for a maximum period of 24 months since the collection of consent or, if subsequent, the date of the last interaction between the User and SIPLR (for instance the exchange of correspondence or the attendance to initiatives organized by the review).

In any case, the Data Controller is authorized to retain all or part of the Personal Data in relation to the aforementioned Processing, for the maximum period of 10 years since the last activity performed in favour of the User to fulfil the Services, only to the extent of the information required to fulfil legal or fiscal obligations and for the possible assessment, exercise and defence of its rights before judicial authorities.

Once these retention periods have expired, the Data Controller will carry out the automatic erasure of Personal Data collected; otherwise it will transform them into anonymous form irreversibly.

Users’ rights

Pursuant to article 13 of the Regulation, during the retention period indicated in the previous article 6 of this Privacy Policy, the User has the right to:

  1. with reference to the Processing, withdraw the consent at any time, and the withdrawal of consent shall not affect the lawfulness of the previous Processing, by sending an e-mail to the controller (art. 7 Regulation);
  2. obtain access to the Personal Data and to the information on the Processing and any possible copy in electronic form (art. 15 Regulation);
  3. ask for rectification and/or integration of Personal Data, without undue delay (art. 16 Regulation);
  4. where specific grounds apply (for example unlawful data process, withdraw of consent, absence of purposes for Processing) ask the erasure of Personal Data, without undue delay (art. 17 Regulation);
  5. where specific grounds apply (for example inaccuracy of Personal Data, Processing is unlawful, exercise of legal claims) ask the restriction of Personal Data, without undue delay (art. 18 Regulation);
  6.  in case of Processing through automated means, receive its Personal Data in a readable common format and, consequently, exercise its so called right to Personal Data Portability and transmit those data to a third party (art. 20 Regulation);
  7. in any case, oppose the Processing of Personal Data, by sending an e-mail to the Data Controller ( art. 21 Regulation);
  8. be informed by the controller without undue delay of possible Personal Data breach or unauthorized access by third parties to the controller’s systems where Personal Data where stored (c.d. data breach – art. 34 Regulation);
  9. Filing a complaint to the supervisory authority in the EU Member State of his habitual residence, place of work or place of the alleged infringement of its rights (art. 77 Regulation).