Personal data processing notice

Privacy policy

We would like you to know how Studio Legale Grompe Redaelli e Associati processes your personal data.

Data Controller

The Data Controller is Studio Legale Grompe Redaelli e Associati (the Law Firm), situated at Corso Italia 8, 20122 Milan; email address

Types of data processed

Depending on the matter being handled by the Firm, the following personal data (Data) referring to you (Data Subject) or referring to third parties represented by you or with whom you collaborate (Third Parties represented by you) and which you may provide us with, may be processed:

  1. (i) common data, such as personal identification data, contact details, banking and financial data,
  2. (ii) data concerning your employment and/or self-employment relationships,
  3. (iii) judicial data capable of disclosing criminal records,
  4. (iv) special categories of personal data (data relating to race, ethnicity, political opinions, religious and/or philosophical beliefs, trade union membership, genetic and/or biometric data, health status, sexual life and/or sexual orientation), 
  5. (v) any other data related to the handling of matters by the Firm on your behalf.
  6. In the event that you provide us with personal data of Third Parties represented by you (e.g. staff, collaborators, members of other corporate bodies or boards), we request that you provide them with this information notice.
Purposes of Data processing and legal basis of processing

The Data are processed for the purposes of corresponding with you and with Third Parties represented by you in the course of performing the professional services requested by you of the Law Firm and in order to comply with administrative, accounting and tax obligations which the Law Firm is subject to.

The processing of the Data for the above purposes is necessary in nature as it is indispensable for the performance of the professional relationship between you and the Law Firm. 

Objection to the partial or total processing of Data will prevent the Firm from carrying out the services requested in full.

how the data are processed

The Data processed are data provided by you or Third Parties represented by you, data provided by counterparties, data available in publicly accessible databases and data available by consulting web pages.

Processing is carried out by manual, hard copy and/or electronic means, with or without the aid of automated processes, by means suitable for storing, managing and transmitting the Data and includes all operations or sets of operations necessary for the processing in question, including the communication of such Data to the individuals or entities indicated at point 5. 

The Law firm does not carry out profiling, and no decisions will be taken merely on the basis of automated processing of Data.

The Law Firm ensures that your Data shall remain safe and confidential.

Communication to third parties and data processors

The Data will be processed by employees and collaborators of the Law Firm, who act in accordance with specific instructions on data processing and confidentiality, as well as by service providers that the Law Firm has appointed or will appoint as data processors and who provide adequate processing guarantees, in accordance with the provisions of the GDPR. 

The Data referred to at 2 (iii) and 2 (iv) are not subject to processing by third parties other than employees and collaborators of the Law Firm.

An up-to-date list of data processors may be requested from the following email address:

The Data will not be disseminated, but may at any time be communicated to judicial authorities, supervisory authorities, public bodies and entities, in compliance with legal obligations.

Storage and transfer of personal data outside the European Union

Data processing takes place on servers located at the Law Firm or in the cloud, on servers of third party service providers, servers that may be located either within or outside the European Union. In the latter case, the transfer of your Data outside the European Union, in particular to the United States of America, takes place through the adoption of appropriate measures, such as the adoption of standard clauses approved by the European Commission.

Data storage period

The Data will be processed and stored for the duration of your professional relationship with the Law Firm and subsequently for the duration of the statute of limitations established by law and in any case for a period of not less than ten years as required by law in relation to accounting records.

 Data Subject’s rights

You and, as the case may be, Third Parties represented by you, are entitled to exercise the following rights:

  1. right of access: to obtain confirmation at any time that Data are being processed and to receive information relating to such processing;
  2. right of rectification: to obtain the rectification of inaccurate Data or their supplementation without undue delay;
  3. right to erasure: to obtain the deletion of Data without undue delay;
  4. right to limitation: to obtain the limitation of processing to storage only;
  5. right to portability: to receive the Data in a commonly used, machine-readable structured format and to obtain that the Data be transferred to another data controller indicated by you;
  6. right to object: to object to the processing of the Data.

You and the Third Parties represented by you are entitled to exercise these rights and to do so should contact the Law Firm at the following email address:

Should you exercise any of these rights, a response will normally be given within one month of receipt of the request.

With reference to the processing of the Data and the exercise of the rights of the Data Subject, you and the Third Parties you represent may always lodge a complaint with Garante per la protezione dei dati personali, Piazza di Monte Cittorio 121 - 00186 Roma - - 

Download DPF