Pursuant to Articles 13 and 14 of EU Regulation No. 679/2016 on the protection of individuals with regard to the processing of personal data ("GDPR")
- DATA CONTROLLER
The data controller is Trevisan & Cuonzo Avvocati, with registered office in 20121 - Milan, Palazzo Beccaria, Via Brera, 6, Italy; T: +39 02 8646 3313; Email: email@example.com (“T&C”, “Firm” or “Data Controller”).
- TYPE OF PERSONAL DATA BEING PROCESSED
The personal data processed by the Firm include the personal data and contact details of the Client’s contact persons and the relevant personnel, including any inventors and/or owners of patents and/or trademarks and any other possible titled right, as well as any other personal data and/or information that may be communicated and/or provided by the Client and/or obtained by the Firm for the purpose of carrying out the conferred mandate and/or the requests received (e.g. Chamber of Commerce registrations, certificates of registration of industrial property rights; applications for registration; contracts, drafts of contracts and/or deeds, private deeds, invoices, judgments, measures of various kinds, from which, where applicable, judicial data may also emerge, etc.). Please note that, in some cases, depending on the mandate conferred and/or the services provided, T&C may also process special categories of data pursuant to Article 9 of the GDPR, such as, for example, data disclosing political opinions, religious or philosophical beliefs, or trade union membership, as well as - albeit sporadically - judicial data pursuant to Article 10 of the GDPR (hereinafter the personal data mentioned in this Article shall be collectively referred to as “Personal Data”).
- PURPOSE AND NATURE OF PROVISION OF PERSONAL DATA
Personal Data are processed for:
a. Execution of mandate and/or handling of requests and/or pre-appointment activities
Personal Data are used for the purpose of conducting conflict checks, responding to requests for information and/or estimates and/or opinions and/or to carry out the professional assignment received, both in and out of court, and, in general, for the purpose of carrying out any request related to the legal services provided by the Firm.
b. Administrative-accounting / commercial management
Personal Data is used for payment processing, invoicing and the provision of all related support services that may be required.
c. Fulfilment of legal obligations
Personal Data are used to fulfil record-keeping obligations, legal obligations relating to anti-money laundering (including, in particular, those laid down in Legislative Decree 231/2007 as amended) and the prevention of the use of the financial system for the purpose of laundering the proceeds of criminal activities and the financing of terrorism, as well as obligations relating to compliance with antitrust regulations.
d. Sending newsletters and/or updates by email
The Personal Data, in particular the email addresses, will also be used, in the case of clients of the Firm, for sending newsletters and/or updates of an informative nature on the most important legal and case-law news in the field of industrial and intellectual property, as well as of an informative and promotional nature regarding the training initiatives and professional activities of the Firm, including events organized by the Firm; in each email, the Client will have the possibility to object to the further sending of such communications.
e. Satisfaction surveys/Submissions
The Personal Data may be used in the context of satisfaction surveys/submissions advertised by the so-called legal directories, in which the Firm participates. In particular, in the case of clients who were active in the year preceding the year of participation in the survey, the email addresses of the contact persons of these clients may be processed in order to verify their willingness to be named as referees in the surveys in which the Firm participates. Subject to the consent of these data-subjects, personal data such as first name, last name, email address, company and/or firm to which they belong may be used in the context of submissions relating to the year in which consent was given and, in this context, personal data may be disclosed to so-called legal directories (such as Legal500, Legal Community, Top Legal, Chambers, etc.) so that the researchers concerned may contact the consenting clients to request an evaluation/review of the services offered by the Firm.
3.2. Provision of Personal Data
The provision of Personal Data for the purposes indicated in points a), b) and c) of Article 3.1 is deemed necessary in order to execute the professional assignment and the fulfilment of the obligations in question, as well as compulsory pursuant to Art. 21 of Legislative Decree no. 231/2007 for the purpose of c); any refusal to provide Personal Data will make it impossible for the Firm to execute the professional assignment / or request for services received.
The provision of Personal Data for the purposes indicated in points d) and e) of Article 3.1 is optional; the refusal to provide such data will in no way affect the provision of the professional services agreed/requested, but will have the consequence that, in relation to the purposes indicated in point d), it will not be possible to receive updated information on the new legislation/case-law and/or projects/events of the Firm, as well as, in relation to the purposes indicated in point e), to be mentioned in the context of the submissions/surveys in which the Firm will be involved.
- LEGAL BASIS FOR PROCESSING
The legal basis for the processing is (i) the performance of pre-contractual and/or contractual measures ( Article 6(b), GDPR) with regard to the purposes under Article 3.1(a) and (b); (ii) the fulfilment of legal obligations ( Article 6(c), GDPR) with regard to the purposes under Article 3.1(c); (iii) the legitimate interest of the Controller (Article 6(f), GDPR) in relation to the purposes referred to in Article 3.1(d), which corresponds to the general interest and obligation of the Trevisan & Cuonzo Professional Association to disseminate and share the relevant updates; and (iv) the legitimate interest of the Controller (Article 6(f), GDPR) to contact potential speakers and the consent of the potential speaker (Article 6(a), GDPR) for the purposes pursuant to Article 3.1(e)).
If the performance of the mandate/services requested involves the processing of special categories of personal data and/or judicial data, the legal basis will consist of the establishment, exercise and defence of rights in court (Art. 9, para. 2(f), GDPR) and/or the fulfilment of obligations to which the data controller is subject (professional secrecy pursuant to Art. 9, para. 2(b), GDPR and Art. 6, para. 1(c), GDPR).
- METHOD OF PROCESSING
Personal Data is processed by in-house personnel, who are authorised for this purpose. Processing is carried out both electronically and on paper. Personal Data are processed and stored at the Data Controller’s premises and, where necessary, at the premises where professionals and/or companies linked to the Data Controller by an external liability relationship, where they exist.
- COMMUNICATION OF PERSONAL DATA
Personal Data shall not be disclosed, but may be communicated to subjects working on behalf of the Data Controller such as, for example, subjects authorized by the Firm (e.g. employees and/or collaborators), freelancers and companies that the Firm may use for the performance of professional services and/or in order to perform its obligations or protect its rights (e.g. other law firms specializing in specific sectors and/or agents, such as the consultancy firm Trevisan & Cuonzo Intellectual Property Services S.r.l, tax consultants, accountants, etc.); banks, financial and insurance institutions, companies that manage computer networks and systems. The Firm may also disclose Personal Data to entities operating in the legal sector, to counterparties and their advocates, to boards of arbitrators, to public authorities authorized by law in the event of audits, verifications and/or inspections and, in general, to any entity, public and/or private, to which such disclosure is necessary for the proper performance of the professional assignment. The Firm may also disclose Personal Data to communication and/or event agencies or to legal directories, if the requirements are met. These entities act, as the case may be, as independent data controllers, as co-controllers (in the presence of an appropriate agreement) and as data processors (specifically appointed for this purpose).
- DATA RETENTION
Within the scope of the purposes indicated in points a), b) and c) of Article 3.1 above, the Personal Data shall be retained for the entire duration of the mandate and/or for the period of time necessary to respond to the requests received and, thereafter, within the time limits provided for by the laws in force on the subject of prescription of rights; within the time limits provided for on the subject of retention of tax and/or anti-money laundering documentation. For this purpose, in particular, Personal Data will be kept for ten years from the termination of the service. In any event, the Personal Data may be retained to enable the Firm to exercise and/or defend its rights in court.
In the context of the purposes mentioned in point d) of Article 3.1, the Personal Data and in particular the email address will be retained for 24 months after the termination of the last mandate conferred, unless the Client has previously opted out.
Within the scope of the purposes stated in point e) of Article 3. 1, the Personal Data and, in particular, the email address of the potential referee may be used and retained for a full year after the granting/performance or termination of the last mandate conferred, as well as the data required for being named as a referee; the Personal Data of the referees may be used and retained for 12 months after consent has been granted, unless prior opt-out or subsequent confirmation of the previously granted consent to be included in the referees lists of the Firm is provided.
- TRANSFER TO COUNTRIES OUTSIDE THE EU
Personal Data may be transferred to countries within the European Union and/or to third countries within the limits of the purposes set out in Article 3.1. In the case of data transfers to countries outside the European Union, the Data Controller guarantees that the provisions of Articles 44 et seq. of the GDPR will be complied with.
- RIGHTS OF THE DATA SUBJECT
As a data subject, the Customer may exercise the rights set out in Articles 15 et seq. of the GDPR and, specifically, may (i) access your Personal Data (in full and also by obtaining a copy thereof) and know whether the Controller holds and/or processes personal data relating to the data subject; (ii) verify, update and obtain the rectification of inaccurate data or the integration of incomplete personal data without undue delay; (iii) obtain the deletion or removal, where possible, of personal data; (iv) obtain the restriction of processing (v) receive the data in a structured, commonly used and machine-readable format, or request its transmission to another data controller without hindrance (right to portability); (vi) object to the processing of the data; (vii) revoke the consent given, without prejudice to the lawfulness of the processing prior to revocation; (viii) lodge a complaint with the Supervisory Authority (Personal Data Protection Authority) or take legal action. The exercise of rights, with the exception of the right referred to in point (viii), may be made by contacting the Data Controller by sending a request to the ordinary mail address (20121 - Milan, Palazzo Beccaria, Via Brera, 6) or to the email address firstname.lastname@example.org.
Last update: May 2023.