GDPR

Morganti & Associati Law Firm, with registered office in Rome, Via Giovanni Paisiello, 40, VAT number 04742501002, represented by Lawyer David Morganti, as Data Controller, and Lawyer Flavia Allegrini, as Joint Data Controller, informs you pursuant to Article 13 of Legislative Decree 30.6.2003 n. 196 (hereinafter, "Privacy Code") and Article 13 EU Regulation n. 2016/679 (hereinafter, "GDPR") that your data will be processed according to the following methods and purposes:

Subject of Processing

The Data Controller processes personal and identifying data (e.g., name, surname, company name, address, telephone number, email, banking and payment references - hereinafter, "personal data" or also "data") communicated by you on the occasion of entrusting professional services to the writing Firm.

Purposes of Processing

Your personal data may be processed without your express consent (art. 24 lett. a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the Firm's legal purposes aimed at correctly and completely executing the professional assignment received both in judicial and extrajudicial contexts. For example, your data will be processed for:

fulfilling the professional assignments entrusted (whether they are judicial, extrajudicial, or conciliatory in nature); fulfilling tax and accounting obligations arising from relationships with you; fulfilling obligations provided for by law, regulations, European Union legislation, or an order of the Authority (such as anti-money laundering regulations); exercising the rights of the Data Controller, such as the right to defense in court.

Legal Basis of Processing

The professional's office processes your personal data lawfully, where the processing:

is necessary for the performance of the mandate, of a contract of which you are a party, or for the performance of pre-contractual measures taken at your request; is necessary to fulfill a legal obligation incumbent on the professional; is based on express consent.

Methods of Processing

3.1 The processing of your personal data is carried out using the operations indicated in art. 4 of the Privacy Code and art. 4 no. 2) GDPR, specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data.

3.2 Your personal data are subject to both paper-based and electronic and/or automated processing. The electronic storage of personal data takes place on secure servers located in access-controlled areas.

3.4 In accordance with Article 5 of the Regulation, personal data undergoing processing shall be:

(i) processed lawfully, fairly, and transparently to the data subject;

(ii) collected and recorded for specified, explicit, and legitimate purposes, and subsequently processed in a manner compatible with those purposes;

(iii) adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;

(iv) accurate and, where necessary, kept up to date;

(v) processed in a manner that ensures appropriate security;

(vi) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

3.5 Specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access.

Data Retention

The Data Controller will process personal data for the time necessary to fulfill the above purposes and in any case for a period not exceeding the achievement of the purposes for which they were collected. The data will therefore be kept for the entire duration of the professional mandate and, subsequently, for the time during which the professional is subject to retention obligations for tax or other purposes, as provided for by law or regulation.

Access to Data

Your data may be made accessible for the purposes of Article 2:

to employees and collaborators of the Data Controller in their capacity as internal processors and/or responsible persons for processing and/or system administrators; to third-party companies or other subjects (including, for example, credit institutions, professional studios, consultants, insurance companies for the provision of insurance services, etc.) that carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.

Communication of Data

Without the need for express consent (pursuant to art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the above purposes to:

consultants, accountants, or other lawyers providing functional services for the aforementioned purposes; banks and insurance companies providing functional services for the aforementioned purposes; subjects processing data in fulfillment of specific legal obligations; Judicial or administrative authorities, for compliance with legal obligations. These subjects will process the data as autonomous data controllers. Your data will not be disclosed or subjected to any fully automated decision-making process, including profiling.

Data Transfer

Personal data is stored on servers located within the legal firm, at Via Giovanni Paisiello, 40, in Rome.

It is understood, however, that the Data Controller, if necessary, has the right to move the servers outside the EU. In such a case, the Data Controller ensures in advance that the transfer of data outside the EU will take place in accordance with applicable law, following the conclusion of standard contractual clauses provided by the European Commission.

Personal data will be accessible to duly trained processing officers and external collaborators appointed as data controllers (where necessary).

Personal data is not subject to dissemination.

Nature of Data Provision and Consequences of Refusal to Respond

The provision of data for the purposes referred to in Article 2 is mandatory. In their absence, we will not be able to guarantee the Services referred to in Article 2.

Rights of the Data Subject

In your capacity as a data subject, you have the rights under Article 7 of the Privacy Code and Article 15 of the GDPR, namely the rights to:

obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet recorded, and their communication in intelligible form;
obtain indication: a) of the origin of the personal data; b) of the purposes and methods of the processing; c) of the logic applied in case of processing carried out with the aid of electronic instruments; d) of the identifying details of the data controller, of the processors; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as data controllers or processors;
obtain: a) the updating, rectification or, where interested therein, integration of the data; b) the erasure, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) certification that the operations referred to in letters a) and b) have been notified, as also related to their contents, to those to whom the data was communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared to the protected right;
object, in whole or in part, for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the purpose of collection;
where applicable, you also have the rights under Articles 16-21 of the GDPR (Right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the supervisory authority.

You can revoke your consent at any time, limited to cases where the processing is based on your consent for one or more specific purposes and concerns common personal data (e.g., date and place of birth or residence), or particular categories of data (e.g., data revealing racial origin, political opinions, religious or philosophical beliefs, health status or sex life). Processing based on consent and carried out prior to its withdrawal remains lawful.

Ways to exercise rights:

You can exercise your rights at any time by sending:

a registered letter with return receipt requested to Morganti & Associati Legal Firm, Via Giovanni Paisiello, 40, 00198 Rome;
an email to the address segreteria@morgantilawfirm.com.

Data Controller and Processor

The Data Controller is the legal firm Morganti & Associati, represented by Avv. David Morganti ("Data Controller") and Avv. Flavia Allegrini ("Co-Data Controller"), with legal and operational headquarters in Rome, Via Giovanni Paisiello, 40.

In our activity, we partly rely on companies and third parties (e.g., IT service providers, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, etc.). To this end, it is necessary to transmit your personal data to our external service providers to the extent necessary (limited to the purpose in question). We have carefully selected our service providers, who have received a written mandate; they are bound by our instructions, and we have informed ourselves about their technical and organizational measures to ensure the security of personal data processing. Furthermore, we require all our service providers to comply with current privacy regulations.

We have concluded contracts with all our external service providers as data processors under Article 28 Paragraph 3 of the GDPR.

The updated list of Data Processors and Data Processors' representatives is kept at the legal headquarters of the Data Controller.