INFORMATION ON PERSONAL DATA PROCESSING IN THE EXERCISE OF THE LEGAL PROFESSION


In compliance with the law governing the protection of personal data, starting from Articles 13 and 14 of EU Regulation no. 679/2016 (hereinafter “GDPR”), we hereby provide you with the information about the processing of your data in connection with the mandate conferred on us and, more generally, in your contact with us.

1. DATA CONTROLLER
Your data is processed by Studio Legale Astolfi e Associati professional association Via Larga, 8 – 20122 Milan, e-mail avvocati@studiolegaleastolfi.it, telephone +39 02 885561

2. DATA CATEGORIES PROCESSED
Processing will or may concern the following data categories:

  • personal data
  • contact data (such as postal address, telephone number, e-mail address)
  • administrative/bank/fiscal data
  • special data categories (GDPR Art. 9) and/or judicial data

3. PURPOSES AND LEGAL BASIS OF PROCESSING
We shall process your data in order to:

  • Execute correctly and fully the professional mandate – regarding court and/or out-of-court proceedings – conferred on us, the contract or the precontractual measures relating to said mandate.The legal basis of processing is the need to execute the afore-mentioned professional mandate, contract or precontractual measures (GDPR, Art. 6(1)(b)) and, to the extent authorised by law and within the scope of the mandate, the need to ascertain, exercise or defend a right in court.
  • Fulfil all the necessary administrative activities for the correct and complete execution of the mandate and related activities in compliance with legal requirements, including the requirements set out by the law governing the legal profession, by fiscal and tax laws, and for the keeping of accounting records. The legal basis of the processing is the need to comply with legal requirements relating to or arising from the mandate (GDPR, Art. 6(1)(c)).
  • Send communications concerning the activities or initiatives of the Data Controller (such as newsletters or comments on case law and new laws, and on seminars/conferences) to the parties involved within the scope of the mandate. The legal basis of the processing is the legitimate interest of the Data Controller (Art. 6(1)(f)).

4. NATURE OF THE PROVISION OF DATA AND CONSEQUENCES OF FAILURE TO PROVIDE DATA

  • The provision of data is mandatory with regard to processing for the purpose of executing the professional mandate or fulfilling the related legal requirements, and consequently a refusal to provide data makes it impossible to execute the mandate and fulfil the legal requirements arising therefrom.
  • With regard to data processing for the purpose of sending communications concerning the activities or initiatives of the Data Controller to the parties involved within the scope of the mandate, the data subject may at any time oppose data processing, for example simply by sending an email to avvocati@studiolegaleastolfi.it.

5. METHOD OF PROCESSING

We process data with hard-copy and digital methods and instruments, in accordance with the principles of lawfulness, fairness, transparency, storage limitation, minimisation, integrity, accuracy and confidentiality set out by GDPR Art. 5, and adopt suitable technical and organisational measures for the protection of the data. Data may be processed by employees or co-workers of the Data Controller, as authorised persons who have received proper instructions regarding processing.

6. RECIPIENTS AND CATEGORIES OF RECIPIENTS

Depending on the circumstances, data may be communicated for the purpose of compliance with legal requirements, correct and full execution of the mandate, or, in any case, delivery of services in the interest of such purposes, to:
  • banks or insurers
  • other lawyers, consultants or experts
  • judicial or administrative authorities/government agencies
  • providers of management systems and/or cloud services for data storage.

In any case, the data will not be disseminated, that is, divulged to an indeterminate number of parties.

7. DATA TRANSFERS TO THIRD COUNTRIES (NON-EU/EEA)
Data is managed and stored using servers (including email servers) located in Italy and, in any case, within the EU/EEA.
In the event of data transfers to third countries (non-EU/EEA), such transfers will in any case comply with the applicable laws, that is, by virtue of a European Commission decision of adequacy, or by stipulating specific agreements that guarantee an adequate level of data protection or by adopting the standard contractual clauses contemplated by the European Commission for transfers of this type.

8. EXISTENCE OF AN AUTOMATED DECISION-MAKING PROCESS, INCLUDING PROFILING
Data Controller does not adopt any automated decision-making processes, including profiling, pursuant to GDPR Art. 22(1) and (4).

9. DATA STORAGE PERIOD
Your data will be retained for the period necessary for the execution of the mandate conferred on us, in compliance with the storage periods established by current applicable legislation (for example, fiscal and tax laws, and laws governing the keeping of accounting records) and that in any case guarantee the protection of the Data Controller/its members in the event of complaints or professional liability suits, or your protection with respect to other legal and/or defence requirements that should arise.

10. YOUR RIGHTS
Without prejudice to the exceptions and limitations established by law and in relation to the purposes indicated above, you have the right to request:

  • access to your data;
  • rectification or completion of your data;
  • erasure of your data;
  • restriction of data processing under certain conditions and within the scope of GDPR Art. 18;
  • data portability, that is, the right to receive the data in a structured commonly used format that can be read on automatic devices, and to transmit the data to a different data controller in cases where the conditions envisaged by law are met (that is, if processing is based on consent or on a contract and if processing is conducted with automated equipment). This right does not affect the right to erasure of the data, provided that in any case this is not prejudicial to the rights and freedoms of others.

You also have the right:

  • to oppose data processing for reasons relating to your personal situation, with specific reference to processing based on a legitimate interest of the Data Controller, including profiling;
  • not to be subject to an automated decision-making process;
  • to present complaints to the supervisory authority (in Italy, the Garante per la protezione dei dati personali, Italian Data Protection Authority).

You may exercise the rights set out above at any time and without formalities, for example simply by sending an email at avvocati@studiolegaleastolfi.it.

This disclosure and any updates are published on the homepage of our Studio’s website www.studiolegaleastolfi.it.