Data Controller and Other Designated Parties
The Data Controller is Laruffa Bottinelli Associated Lawyers (the Company), with registered office in Milan, Via Marcello Malpighi, 4. The Client may contact the Company via email at info@LBAA.it to exercise their rights.
Processing Operations and Legal Basis
Personal data freely provided by the Client to the Company as part of the activities carried out in accordance with the appropriate contractual regulations will be processed lawfully, fairly, and in compliance with the provisions of the Regulation for the following purposes:
- Purposes related to the correct and complete execution of the professional assignment received, both in judicial and non-judicial contexts (add more details)
- Purposes related to obligations provided for by laws, regulations, and European Community legislation, as well as by provisions issued by authorities authorized to do so by law or by supervisory and/or control bodies
- Contractual purposes, connected and instrumental to the establishment and management of relationships with customers, such as obtaining preliminary information for the possible conclusion of a contract
- Purposes provided for by current anti-money laundering regulations (Legislative Decree 231/07 and subsequent amendments)
Regarding personal data concerning the execution of the contract to which you are a party or concerning compliance with a legal obligation (e.g., obligations related to the keeping of accounting and tax records), failure to provide personal data prevents the conclusion of the contractual relationship itself (add more details).
For this processing, the Company will obtain consent through electronic and/or paper methods.
Processing Tools and Data Retention
The processed data (which may be of a common and identifying nature) are up-to-date, complete, relevant, and not excessive with respect to the aforementioned processing purposes.
The same data will be processed, with due regard for the necessary security and confidentiality, through the collection of data from the data subject and their registration and storage for the predetermined, explicit, and lawful purposes. The same data will be processed both on paper and with electronic means.
Personal data will be processed by the Company, as Data Controller, as well as by authorized employees and collaborators for the same processing purposes.
The data may be communicated, in addition to the public bodies to which the communications/declarations subject to the contractual relationship are destined, also to the inspection bodies involved, if required during verification and control phases related to compliance.
The same data covered by this information may be communicated to professionals and/or collaborators of the Data Controller for the execution of the entrusted assignment and for the same purposes. Conversely, the data in question will not be disseminated beyond the specified limits unless otherwise indicated by the data subject in writing.
Please note that the Company does not use automated decision-making processes.
Personal data processed for the aforementioned purposes will be kept for the time strictly necessary to achieve those same purposes. Subsequently, the data will be processed exclusively for the fulfillment of any legal obligations or for purposes expressly provided for by laws or regulations.
The data retention periods are determined in accordance with the provisions of the applicable laws and regulations in force and according to the principle of strict necessity, with particular regard to the timing necessary to achieve the purposes for which the data were collected and processed and for compliance with the terms of a statute of limitations.
Rights of the Data Subject
The Client, as the data subject, has the right to access their personal data at any time and to exercise the other rights provided for by the GDPR (Chapter III, Section I), which include the right to rectify inaccurate data, the right to erasure, the right to restriction of processing, the right to data portability, the right to object, and the right not to be subject to automated decision-making processes. The Client also has the right to withdraw consent for processing purposes that require it, without prejudice to the lawfulness of the processing carried out until the time of withdrawal.
Complaints to the Supervisory Authority
The Client has the right to lodge a complaint with the Supervisory Authority if they believe that the processing of their personal data violates the provisions of the Regulation. The reference Supervisory Authority for the Italian territory is the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali). Contact details and procedures for filing complaints are available on the official website of the Italian Data Protection Authority (www.garanteprivacy.it).
Cookies Policy
This website uses cookies. To learn more, the Client can consult the Cookies Policy on this website.
Updating and Changes
This Privacy Policy may be subject to change. Therefore, it is advisable to regularly check this information and refer to the latest version.
* * *
For more information about the processing of personal data, the Client can contact the Data Controller at the addresses indicated in this information notice.