Pursuant to Articles 13 and 14 of EU Regulation No. 679/2016 on the protection of individuals with regard to the processing of personal data ("GDPR")
1) DATA CONTROLLER
The data controller is Trevisan & Cuonzo Avvocati, with registered office in 20121 - Milan, Palazzo Beccaria, Via Brera, 6, Italy; T: +39 02 8646 3313; Email: email@example.com (“T&C”, “Firm” or “Data Controller”).
2) TYPE OF PERSONAL DATA BEING PROCESSED
The personal data processed by the Firm include the personal data and contact details of the Client’s contact persons and the relevant personnel, including any inventors and/or owners of patents and/or trademarks and any other possible titled right, as well as any other personal data and/or information that may be communicated and/or provided by the Client and/or obtained by the Firm for the purpose of carrying out the conferred mandate and/or the requests received (e.g. Chamber of Commerce registrations, certificates of registration of industrial property rights; applications for registration; contracts, drafts of contracts and/or deeds, private deeds, invoices, judgments, measures of various kinds, from which, where applicable, judicial data may also emerge, etc.). Please note that, in some cases, depending on the mandate conferred and/or the services provided, T&C may also process special categories of data pursuant to Article 9 of the GDPR, such as, for example, data disclosing political opinions, religious or philosophical beliefs, or trade union membership, as well as - albeit sporadically - judicial data pursuant to Article 10 of the GDPR (hereinafter the personal data mentioned in this Article shall be collectively referred to as “Personal Data”).
3) PURPOSE AND NATURE OF CONFERMENT
Personal Data are processed for:
Execution of mandate and/or handling of requests and/or pre-appointment activities
Personal Data are used for the purpose of conducting conflict checks, responding to requests for information and/or estimates and/or opinions and/or to carry out the professional assignment received, both in and out of court, and, in general, for the purpose of carrying out any request related to the legal services provided by the Firm.
Administrative-accounting / commercial management
Personal Data is used for payment processing, invoicing and the provision of all related support services that may be required.
Fulfilment of legal obligations
Personal Data are used to fulfil record-keeping obligations, legal obligations relating to anti-money laundering (including, in particular, those laid down in Legislative Decree 231/2007 as amended) and the prevention of the use of the financial system for the purpose of laundering the proceeds of criminal activities and the financing of terrorism, as well as obligations relating to compliance with antitrust regulations.
Personal Data, subject to prior express consent, may be communicated to third parties (such as, for example, Legal500, Legal Community, Top Legal, Chambers, etc.), as part of surveys in which the Firm takes part, so that such parties may contact consenting Clients to request an evaluation/rating regarding the services offered by the Firm.
Organisation of events and studio projects
Personal Data may be processed both for the purpose of enabling registration/participation in events organized by the Firm and/or to join projects carried out by the Firm, as well as - subject to express consent - for the purpose of keeping the Firm's Clients informed about scheduled events and projects.
3.2. Submission of Personal Data
The provision of Personal Data for the purposes of a), b) and c) is deemed necessary in order to execute the professional assignment and the fulfilment of the obligations in question, as well as compulsory pursuant to Art. 21 of Legislative Decree no. 231/2007 for the purpose of c); any refusal to provide Personal Data will make it impossible for the Firm to execute the professional assignment / or request for services received.
The provision of Personal Data for purposes d) and e) is to be considered optional; refusal to provide such data shall not prejudice in any way the performance of the agreed/requested professional services, but it will make it impossible to receive updates on the Firm's projects/events and/or to be mentioned in the approval surveys to which the Firm will participate.
4) LEGAL BASIS FOR PROCESSING
The legal basis for the processing consists of (i) the performance of pre-contractual and/or contractual measures (Art. 6(b), GDPR) with regard to the purposes under Art. 3.1(a) and (b); (ii) the fulfilment of legal obligations (Art. 6(c), GDPR) with regard to the purposes under Art. 3.1(c); (iii) consent (Art. 6(a), GDPR) with regard to the purposes under Art. 3.1(d) and (e).
If the performance of the mandate/services requested involves the processing of special categories of personal data and/or judicial data, the legal basis will consist of the establishment, exercise and defence of rights in court (Art. 9, para. 2(f), GDPR) and/or the fulfilment of obligations to which the data controller is subject (professional secrecy pursuant to Art. 9, para. 2(b), GDPR and Art. 6, para. 1(c), GDPR).
5) METHOD OF PROCESSING
Personal Data is processed by in-house personnel, who are authorised for this purpose. Processing is carried out both electronically and on paper. Personal Data are processed and stored at the Data Controller’s premises and, where necessary, at the premises where professionals and/or companies linked to the Data Controller by an external liability relationship, where they exist.
6) COMMUNICATION OF PERSONAL DATA
Personal Data shall not be disclosed, but may be communicated to subjects working on behalf of the Data Controller such as, for example, subjects authorized by the Firm (e.g. employees and/or collaborators), freelancers and companies that the Firm may use for the performance of professional services and/or in order to perform its obligations or protect its rights (e.g. other law firms specializing in specific sectors and/or agents, such as the consultancy firm Trevisan & Cuonzo Intellectual Property Services S.r.l, tax consultants, accountants, etc.); banks, financial and insurance institutions, companies that manage computer networks and systems. The Firm may also disclose Personal Data to entities operating in the legal sector, to counterparties and their advocates, to boards of arbitrators, to public authorities authorized by law in the event of audits, verifications and/or inspections and, in general, to any entity, public and/or private, to which such disclosure is necessary for the proper performance of the professional assignment. The Firm may also disclose Personal Data to communication and/or event organization agencies, where the requirements are met. These subjects act, as the case may be, as autonomous data controllers, as co-controllers (in the presence of an agreement to this effect) and as data processors (specifically appointed for this purpose).
7) STORAGE TIMES
Personal Data shall be retained for the entire duration of the mandate and/or for the period of time necessary to respond to the requests received and, thereafter, within the terms provided for by the laws in force on the subject of prescription of rights; within the terms provided for on the subject of retention of tax and/or anti-money laundering documentation. To this end, in particular, Personal Data will be kept for ten years from the termination of the service. In any event, Personal Data may be retained to enable the Firm to exercise and/or defend its rights in court.
8) TRANSFER TO COUNTRIES OUTSIDE THE EU
Personal Data may be transferred to countries within the European Union and/or to third countries within the limits of the purposes set out in Article 3.1. In the case of data transfers to countries outside the European Union, the Data Controller guarantees that the provisions of Articles 44 et seq. of the GDPR will be complied with.
9) RIGHTS OF THE DATA SUBJECT
As a data subject, the Customer may exercise the rights set out in Articles 15 et seq. of the GDPR and, specifically, may (i) access your Personal Data (in full and also by obtaining a copy thereof) and know whether the Controller holds and/or processes personal data relating to the data subject; (ii) verify, update and obtain the rectification of inaccurate data or the integration of incomplete personal data without undue delay; (iii) obtain the deletion or removal, where possible, of personal data; (iv) obtain the restriction of processing (v) receive the data in a structured, commonly used and machine-readable format, or request its transmission to another data controller without hindrance (right to portability); (vi) object to the processing of the data; (vii) revoke the consent given, without prejudice to the lawfulness of the processing prior to revocation; (viii) lodge a complaint with the Supervisory Authority (Personal Data Protection Authority) or take legal action. The exercise of rights, with the exception of the right referred to in point (viii), may be made by contacting the Data Controller by sending a request to the ordinary mail address (20121 - Milan, Palazzo Beccaria, Via Brera, 6) or to the email address firstname.lastname@example.org.
Last update: October 2022.