INFORMATION FOR THE PROCESSING OF PERSONAL DATA IN THE CONTEXT OF THE PROFESSIONAL ACTIVITY
The lawyer Valentina Remonato, as controller, provides you with the information required by EU Regulation no. 679 of 2016 (later GDPR).
It is not mandatory to return the information indicated by the article 14 GDPR if the personal data is not collected directly from the data subject and must remain confidential in accordance with an obligation of professional secrecy governed by Union or Member State law, including a statutory obligation of secrecy. By obligation of the Code of Conduct for Lawyers, the Controller is required, in the interest of the client and the assisted party, to strictly observe professional secrecy and to maintain maximum confidentiality on facts and circumstances in any way learned in the activity of representation and assistance in court, as well as in carrying out the activity of legal consultancy and out-of-court assistance and in any case for professional reasons.
In the following text, for personal data, pursuant to article 4 GDPR, means: “any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person".
Purposes of Processing
Personal data is processed for the purpose of exercising the professional activity.
The data are therefore processed with the following objectives:
-
- Exercising professional activity.
- Managing the execution of the received mandate.
- Performing necessary pre-contractual activities.
- Responding to client inquiries.
- Exercising the rights of the Data Controller, including defense in judicial proceedings.
Legal Basis for Processing
The processing of personal data by the Data Controller is lawful for the following reasons, in accordance with Regulation (EU) 2016/679 (GDPR):
-
The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. This applies to managing the received mandate and performing necessary pre-contractual activities. Article 6.1.b GDPR.
-
The processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. In this case, the legitimate interest lies in the efficient exercise of the professional activity, performed in compliance with the existing ethical obligations of the lawyer (responding to inquiries, exercising rights). Article 6.1.f GDPR.
-
The processing is necessary for compliance with a legal obligation to which the Data Controller is subject. This includes complying with legal obligations to which the lawyer is subject in the context of their professional activity. Article 6.1.c GDPR.
What data is processed and source
The Controller processes common data (recognition, address, ownership, ordinary information necessary for the assignment…);
and particular data pursuant to art. 9 GDPR (so-called sensitive) to ascertain, exercise or defend a right in court (e.g. before the Court and in general judicial bodies).
The data can be provided not only by the interested parties, but also by the Controller's customers or collected through the Public Registers or the databases of public bodies (e.g. Business Register, Public Vehicle Register, risk centres, land register, conservatory, municipal registers, tax register, including the archive of financial reports, and of social security institutions, for the acquisition of all relevant information for the identification of things and credits to be enforced, including those relating to the debtor's relationships with credit institutions and employers work or clients…).
Categories of recipients
Without prejudice to communications made in fulfillment of legal and contractual obligations, the data collected and processed may be communicated to the following categories of subjects:
-
- Professionals or companies that provide technical assistance in relation to the exercise of rights or the fulfillment of legal obligations, for example in accounting, administrative, fiscal, tax matters.
- Judicial consultants for party technical advice.
- Companies and individuals who provide IT services (e.g. TIM cloud storage, email service, technical assistance). Subjects that provide auxiliary services for the functioning of the website (e.g. assistance in the management of website data traffic, IT service providers , hosting.
- Employees or similar personnel and collaborators of the Controller, who will operate as persons authorized to process personal data.
- Public administrations for the performance of institutional functions as established by law (courts, notification offices, chambers of commerce, conservatories, revenue agencies…).
The subjects belonging to the categories listed above operate, in some cases, as controllers. The list of subjects to whom your personal data may be communicated can be requested by contacting the Controller. The data is not disclosed, except in cases where there are legal obligations that require the disclosure of the data.
Data transfer
Any transfer of personal data outside the EU is governed by specific contracts aimed at requiring the recipient to comply with the adequate guarantees provided by current legislation on privacy, or to subjects who enjoy an adequacy decision (pursuant to article 44 and following GDPR); a copy of the adequate guarantees can be requested by contacting the Controller and obtained in the event of transfer.
Storage period of your personal data
Your personal data will be processed by the Controller for the entire duration of the assigned assignment. It should be noted that data subject to conservation obligations established by law (e.g. invoices) or potentially necessary for the protection of rights will be kept for the times established by law, therefore the data are usually kept for 10 years from their last use.
How will your personal data be processed
The processing of your personal data will take place in ways that guarantee security and confidentiality in accordance with the provisions of article 32, GDPR.
Nature of the provision and consequences of a refusal to provide data
The provision of personal data requested by the Controller is a necessary requirement for the provision of the requested professional services and any failure to provide the requested data will make it impossible for the Controller to fulfill all or part of the contractual obligations.
No consequences are envisaged for freely provided and unsolicited data (e.g. spontaneous data communications…).
Rights of the interested party
In accordance with the characteristics of the service rendered to you, you are granted the rights provided for in articles 15 to 21 and more generally by the GDPR. In summary:
-
- right of access;
- right of rectification;
- right to cancellation (right to be forgotten);
- right to restriction of processing;
- right to data portability;
- right to object (at any time, to the processing of personal data concerning you based on the condition of lawfulness of legitimate interest, unless there are legitimate reasons for the Controller to continue processing which prevail over the interests, rights and freedoms of the interested party or for the assessment, exercise or defense of a right in court);
- revoke the consent where previously given, without prejudice to the lawfulness of the treatment based on the consent given before the revocation;
- propose a complaint to the Guarantor Authority (Guarantor for the protection of personal data). For more information, consult the website of the Guarantor for the Protection of Personal Data: garanteprivacy.it.
Primary method of exercising rights
In order to be sure of the receipt of your request to exercise the rights, we advise you to send a registered letter with return receipt. to adv. Valentina Remonato, Via Vittorio Emanuele II n. 38, 25030, Coccaglio (BS), or a pec to valentina.remonato@brescia.pecavvocati.it
The Controller will take charge of your request and provide you, without unjustified delay and, in any case, at the latest within one month of receipt of the same, with information relating to the action taken regarding your request.
Controller and further contact details
The Controller is Adv. Valentina Remonato, with registered office in Via Vittorio Emanuele II n. 38, Coccaglio (BS), e-mail studiolegale@valentinaremonato.it, pec valentina.remonato@brescia.pecavvocati.it, phone +39 338 8785457.
Date
Last updated: March 12, 2024