Privacy Policy

Information pursuant to art. 13 of the Privacy Regulation (EU) 679/2016 and Legislative Decree no. 196/2003, amended by Legislative Decree no. 101/2018

Dear Sir / Madam,

desideriamo informarLa che il Regolamento Privacy (UE) 679/2016 “Regolamento europeo in materia di protezione dei dati personali” (di seguito “GDPR”) prevede la tutela delle persone e di altri soggetti rispetto al trattamento dei dati personali.Secondo la normativa indicata, tale trattamento sarà improntato ai principi di correttezza, liceità e trasparenza e di tutela della Sua riservatezza e dei Suoi diritti.Ai sensi dell’articolo 13 del GDPR e dell’art. 13 del D.Lgs. n. 196/2003, modificato dal D. Lgs. n. 101/2018, nonchè in relazione ai dati personali dei quali lo Studio Legale Sperti entrerà in possesso, Le forniamo le seguenti informazioni:

1) Purpose of data processing

a) The processing will be used for legal, judicial and extrajudicial purposes in accordance with the purpose for which the mandate was conferred and, in any case, for purposes connected and/or instrumental to the performance of the professional tasks entrusted to the Law Firm, excluding, therefore, any different use and/or conflicting with your interests.
b) The data will also be processed in order to comply with the obligations incumbent on the Law Firm and provided for by current legislation, including those in the tax and accounting fields as well as in the anti-money laundering field pursuant to Legislative Decree no. 231/2007.
c) The processing of personal data may also be used to send you newsletters with legal and tax content or information relating to the activity carried out by the Firm (e.g. conferences, publications, etc.).
d) If the Data Controller intends to further process the personal data for a purpose other than that for which they were collected, prior to such further processing, it provides the interested party with information regarding this different purpose and any other relevant information.

2) Legal basis for processing

Pursuant to art. 6 of the GDPR, the processing of personal data is based on:
a) the need to perform the contract;
b) the need to fulfill a legal obligation;
c) your consent.

3) Method of data processing

a) The processing of your personal data will take place, in compliance with the provisions of the GDPR, using paper, computer and telematic tools, with logic strictly related to the purposes indicated and, in any case, with methods suitable to guarantee their security and confidentiality in compliance with the provisions of art. 32 of the GDPR.
b) The processing is carried out by the Data Controller, the data processors and the persons in charge of processing.
c) The Data Controller and the processor implement adequate technical and organizational measures to ensure a level of security appropriate to the risk.
d) The processing of the data referred to in point 1) letters a) and b) will be carried out until the end of the professional assignment, with the payment of the fees accrued by the Firm (without prejudice to the legal obligation in relation to the conservation of documents).
The processing of the data referred to in point 1) letter c) will be carried out for the time necessary to achieve the purposes for which it was collected and in any case until the moment in which the interested party revokes consent or requests the deletion of their data.

4) Provision of data

The provision of common, sensitive and judicial personal data is strictly necessary for the purposes of carrying out the activities referred to in point 1).

5) Refusal to provide data

Any refusal by the interested party to provide personal data will make it impossible to carry out the activities referred to in point 1.

6) Communication of data

Personal data may be communicated for the purposes referred to in point 1) to external collaborators, subjects operating in the judicial sector, to counterparties and their lawyers, to public bodies, to consultants or other subjects for the fulfillment of legal obligations, to arbitration boards and, in general, to all those subjects to whom communication is necessary for the correct fulfillment of the purposes indicated in point 1).
Furthermore, personal data and the related processing and information will be communicated, if the conditions are met, to the competent bodies in the field of anti-money laundering legislation (Authorities and Supervisory and Control Bodies).
Finally, personal data and the related processing and information will be communicated, if the conditions are met, also to the manager of the mailing list.

7) Data dissemination

Personal data are not subject to dissemination.

8) Transfer of data abroad

For the purposes referred to in point 1), the data may be transferred outside the territory of the European Union, including by inserting them into databases managed by third-party companies, operating on behalf of the Firm. The management of the databases and the processing of the data are bound to the purposes for which they were collected and are carried out in full compliance with the applicable law on the protection of personal data. In fact, the transfer takes place only if the Data Controller and the Data Processor comply with the conditions indicated by the GDPR. Within the scope of the purposes referred to in point 1, the transfer of data must be carried out in accordance with the provisions of the GDPR and in order to ensure that the level of protection of natural persons guaranteed by the GDPR is not compromised.

Rights of the interested party

Rights of the interested party Articles 15 to 27 of the GDPR grant the interested party the exercise of specific rights that he/she may exercise against the Data Controller.
In particular, in relation to the processing described in this information notice, as the interested party, you may, under the conditions set out in the GDPR, exercise the following rights:

  • right of access: the right to obtain confirmation as to whether or not personal data concerning you are being processed and, where that is the case, to obtain access to your personal data – including a copy thereof – and communication, among other things, of the following information:a) purposes of the processing;b) categories of personal data processed;c) recipients to whom the personal data have been or will be disclosed;d) period of data retention or the criteria used;e) rights of the interested party (rectification, erasure of personal data, restriction of processing and right to object to processing);f) right to lodge a complaint;g) right to receive information on the source of the personal data if they have not been collected from the interested party;h) the existence of an automated decision-making process, including profiling;
  • right of rectification: the right to obtain the rectification of inaccurate personal data concerning you and/or the integration of incomplete personal data;
  • right to erasure (right to be forgotten): the right to obtain the erasure of personal data concerning you, when:a) the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;b) you have withdrawn your consent and there is no other legal basis for the processing;c) you have successfully objected to the processing of personal data;d) the data have been unlawfully processed;e) the data must be erased to comply with a legal obligation;The right to erasure does not apply to the extent that processing is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or for the establishment, exercise or defense of legal claims;
  • right to restriction of processing: the right to obtain restriction of processing, when:a) the data subject contests the accuracy of the personal data;b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;c) the personal data are necessary for the data subject to ascertain, exercise or defend a right in court;
  • right to data portability: the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning you provided to the Data Controller and the right to transmit those data to another controller without hindrance, if the processing is based on consent and is carried out by automated means. Furthermore, the right to obtain that your personal data be transmitted directly from the Data Controller to another controller where this is technically feasible;
  • right to object: the right to object, at any time, to processing if the personal data are processed for purposes other than those for which you have consented to the processing;
  • lodge a complaint with the Personal Data Protection Authority, Piazza di Montecitorio n. 121, 00186, Rome (RM).

Furthermore, the GDPR grants you the right to withdraw the consent given at any time and with the same ease with which it was granted.
The above rights may be exercised, towards the Data Controller.
The exercise of your rights as an interested party is free of charge pursuant to Article 12 GDPR. However, in the case of manifestly unfounded or excessive requests, also due to their repetitiveness, the Data Controller may charge you a reasonable fee, in light of the administrative costs incurred to manage your request, or deny the satisfaction of your request.

10) Data Controller

The Data Controller is the Lawyer Isidoro Sperti, with office in Rome Via Antonio Allegri da Correggio n. 1 and with email address: studiolegalesperti(at)gmail(dot)com. We remain at your disposal for any clarification. Kind regards.