Pursuant to Articles 13 and 14 of EU Regulation No. 679/2016 on the protection of individuals with regard to the processing of personal data (“GDPR”) and to Art. 13 of Law 132/2025
With this policy statement, Trevisan & Cuonzo Avvocati, as Data Controller, provides its Clients with all the necessary information on the processing operations that the Firm carries out with reference to the personal data collected in connection with the mandate and/or services provided.
The data controller is Trevisan & Cuonzo Avvocati, with registered office in 20121 – Milan, Palazzo Beccaria, Via Brera, 6, Italy; T: +39 02 8646 3313; Email: privacy@trevisancuonzo.com (“T&C”, “Firm” or “Data Controller”).
The personal data processed by the Firm include the personal data and contact details of the Client’s contact persons and the relevant personnel, including any inventors and/or owners of patents and/or trademarks and any other possible titled right, as well as any other personal data and/or information that may be communicated and/or provided by the Client and/or obtained by the Firm for the purpose of carrying out the conferred mandate and/or the requests received (e.g. Chamber of Commerce registrations, certificates of registration of industrial property rights; applications for registration; contracts, drafts of contracts and/or deeds, private deeds, invoices, judgments, measures of various kinds, from which, where applicable, judicial data may also emerge, etc.).
Please note that, in some cases, depending on the mandate conferred and/or the services provided, T&C may also process special categories of data pursuant to Article 9 of the GDPR, such as, for example, data disclosing political opinions, religious or philosophical beliefs, or trade union membership, as well as – albeit sporadically – judicial data pursuant to Article 10 of the GDPR (hereinafter collectively referred to as “Personal Data”). The use of artificial intelligence systems (“AI systems”), as specified in Article 3.1.1., may involve, albeit incidentally, the processing of certain Personal Data, without prejudice to the application by authorized parties of strict principles and rules. In any case, special categories of data or judicial data will not be processed through AI systems.
Personal Data are processed for:
| a) Execution of mandate and/or handling of requests and/or pre-appointment activities Personal Data are used for the purpose of conducting conflict checks, responding to requests for information and/or estimates and/or opinions and/or to carry out the professional assignment received, both in and out of court, and, in general, for the purpose of carrying out any request related to the legal services provided by the Firm. |
| b) Administrative-accounting / commercial management Personal Data are used for payment processing, invoicing and the provision of all related support services that may be required. |
| c) Fulfilment of legal obligations Personal Data are used to fulfil record-keeping obligations, legal obligations relating to anti-money laundering (including those laid down in Legislative Decree 231/2007 as amended) and the prevention of the use of the financial system for the purpose of laundering the proceeds of criminal activities and the financing of terrorism, as well as obligations relating to compliance with antitrust regulations. |
| d) Sending newsletters and/or updates by email The Personal Data, in particular the email addresses, will also be used, in the case of clients of the Firm, for sending newsletters and/or updates of an informative nature on legal and case-law developments, as well as of an informative/promotional nature regarding the Firm’s activities, including events; each email will allow the Client to object to further communications. |
e) Satisfaction surveys / submissions Personal Data may be used in the context of satisfaction surveys/submissions carried out by legal directories. In particular, email addresses of client contacts may be processed to verify their availability to act as referees. Subject to consent, Personal Data may be shared with legal directories (e.g. Legal500, Chambers, etc.) so that researchers may contact clients for feedback on the Firm’s services. |
Where deemed useful, the Firm may use artificial intelligence (“AI”) systems to support professional activities, in accordance with internal policies and any client guidelines.
Such use will always comply with the GDPR, professional obligations and applicable laws, and with appropriate security measures to protect confidentiality.
The provision of Personal Data for purposes a), b) and c) is necessary for the execution of the mandate and legal obligations; refusal will make it impossible to provide services.
The provision for purposes d) and e) is optional; refusal will not affect services but will prevent receiving updates or being included in surveys.
The legal basis is: (i) contractual/pre-contractual measures (Art. 6(b) GDPR); (ii) legal obligations (Art. 6(c)); (iii) legitimate interest (Art. 6(f)); and (iv) consent where applicable.
Personal Data are processed by authorized personnel, both electronically and on paper, at the Firm’s premises and those of appointed processors.
Personal Data may be communicated to authorized staff, professionals, service providers, banks, IT providers and public authorities, where necessary.
Personal Data are retained for the duration of the mandate and thereafter according to legal requirements, generally up to 10 years.
Transfers outside the EU will occur only with adequate safeguards (adequacy decision or SCCs).
Data subjects may exercise rights under Articles 15 et seq. GDPR, including access, rectification, erasure, restriction, portability, objection and complaint.
This Policy may be updated. The latest version will be available on the website.
Last update: February 2026 (v. 2.0_02/2026)
