Privacy
Data Protection Policy
In this information notice we explain how we collect and use your personal data, which we obtain when you require our services or visit our internet website. Such personal data may also include sensitive data.
Data Controller. Our law firm Studio Legale Gitti and Partners, professional association with legal seat at 9, via Dante 9, Milan, Italy (“Firm”) acts as data controller in relation to all personal data provided orally, by email, phone, fax or post, or through the website www.grplex.com.
Purposes of the Processing. The Firm processes your personal data for the following purposes:
• For the execution of the mandate, of an agreement of which you are a party or in order to take steps at your request prior to entering into a contract;
• For compliance with a legal obligation to which the Firm or any of its professionals is subject; or
• Upon authorization, for receiving newsletters, articles, blog posts or information on legal developments or on activities of the Firm and its professionals.
Principles relating to the Processing of Personal Data. We undertake to comply with the data protection legislation and to ensure that your data are:
• Processed lawfully, fairly and in a transparent matter;
• Processed only for the purposes for which they have been collected;
• Adequate, relevant and limited to what is necessary in relation to such purposes;
• Accurate and kept up to date;
• Kept for the time necessary for such purposes; and
• Archived in a secure location.
Modalities of the Processing of Data. Personal data will be processed through paper or digital means (including mobile devices) and processed with modalities that are strictly necessary for the purposes above indicated. Personal data will not be subject to dissemination, profiling nor to any fully automated decisional process.
Categories of Recipients of Data. We may share your personal data with third parties such as suppliers of technological services, consultants and accountants or other attorneys that provide services that are functional to the above purposes, banks and insurances that supply services that are functional to the above purposes, subjects that process data in execution of specific legal obligations, judicial or administrative authorities. If necessary to provide legal services or on the basis of your authorization, we may need to share your personal data with recipients located in Countries outside the European Economic Area. In case we share your personal data outside the European Economic Area, we ensure that the recipients provide adequate protections and safeguards to protect your personal data.
Data Retention Period. Personal data are retained for the time necessary to provide the services that you have requested, to comply with legal, accounting, tax or anti-money laundering legislation requirements and in accordance with the statute of limitations applicable to the supply of services. In order to determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and the applicable legal requirements.
Security of the data. We commit ourselves to maintain the security of your personal data and to take measures to protect against loss, misuse and alteration of the data in our possession. We use appropriate technical and organizational measures in order to protect our systems from third parties’ unauthorized intrusion and we regularly update our security measures as better solutions become available. In particular, all personal data are stored in a secure location protected by firewalls and other security systems with limited access. All our professionals and employees who have access to, or are involved in the processing of personal data, are bound to respect the confidentiality of your data and to comply with the rules that we have set regarding the protection of personal data.
Promotional material. Upon your authorization, the Firm may occasionally contact you in order to inform you on regulatory development or to offer our services. These marketing communications will be sent to you only upon your prior authorization and provided that you have not withdrawn your consent. All marketing emails that you will receive from us will include specific instructions regarding cancellation of the service, an action that can be done at any time.
Consequences of failure in the communication of the personal data. With reference to the personal data relating to the performance of the contract of which you are a party or regarding the fulfillment of a regulatory obligation, your failure to communicate to us the relevant personal data will prevent the performance of the contractual relationship itself. On the other hand, failure to provide consent for the sending of promotional material will result, as a sole consequence, in the lack of receipt of such material.
Data protection rights. You can request access to, and have the opportunity to update and modify, your personal data. Under current data protection laws, you can also exercise other rights:
• To request access to all your personal data in our possession;
• To obtain the rectification of your incorrect personal data in our possession;
• To request that your personal data be erased, provided that such data are not necessary for the Firm to fulfill legal obligations according to applicable laws or for the commencement, execution, or defense in a legal dispute;
• To prevent or restrict the processing of your personal data, except to the extent that such processing is required for the commencement, execution, or defense in a legal dispute;
• To request the transfer of the personal data to third parties, where this is technically feasible.
You may exercise the aforementioned rights by contacting the following e-mail address privacy@grplex.com. Upon checking your identity, we will send you a feedback within 7 days after receipt of any request. We will conduct an investigation, pursuant to the applicable laws, and we will provide you with a reply approximately within 28 days from the receipt of the request. If, in order to complete the investigation, further time is required, within 28 days from the receipt of the request we will inform you of the necessary additional time, which will not exceed 60 days, to complete the procedure. If the request is rejected, we will provide you with a written explanation of the reasons. On the other hand, if the request is deemed to be grounds, we will take all the necessary measures.