SZA Law Firm (in brief, also “SZA”), based in Milan, Corso Italia 13, is a multidisciplinary law firm that offers legal assistance and advisory services to Italian and foreign clients.
With regard to the purposes and means of data processing, as identified in this statement, the firm is the Data Controller as defined by EU Regulation 679/2016 (GDPR). It is therefore our responsibility to ensure that our IT systems and infrastructures, processes, suppliers, employees and partners comply with data protection regulations and provide adequate standards of reliability.
With this document we wish to inform you about the types of personal data we process, how we collect and process personal data, the purposes and legal basis that legitimize the processing, the safeguards we adopt to protect your data and which rights the data protection laws grant to data subjects.
For any further information you may contact us via e-mail at firstname.lastname@example.org
SZA processes the following types of data:
• Data provided spontaneously by the user (i) by sending requests for information via e-mail or postal mail, (ii) by sending CVs and (ii) in order to formalize a legal assistance contract with the law firm.
Without prejudice to what is indicated in relation to navigation data, users are free to provide their personal data. However, failure to provide such data will make it impossible for SZA to process requests received through the site.
We process personal data:
The legal bases that make the processing of personal data legitimate for the aforementioned purposes can be identified as follows (a) the need to execute and perform a contract, (b) the pursuit of the law firm’s legitimate interests (c) the need to comply with applicable laws and regulations.
In compliance with the relevant legal basis, we retain personal data only for the time strictly necessary to pursue the purposes indicated above.
In determining the retention period, we also consider any legal requirement.
We retain the personal data of our clients for the entire duration of the legal assistance contract and for 10 years following the end of the contractual relationship.
We retain the CVs of those who apply to collaborate with the firm for no longer than 12 months from the receipt date.
We retain personal data of those receiving our
newsletters and invitations to participate
educational events for a period of 36 months from the last information notice
sent to them, without prejudice to the right of the same recipient to object at
any time to the processing of his/her personal data.
For the purposes indicated above and in compliance with data security and confidentiality rules, personal data may be communicated to third parties bound by specific contractual relationships (accounting and tax consultants, insurance companies, IT firms, software providers and advisors). These parties act as our data processors in accordance with the instructions provided by us and in compliance with adequate IT and organizational security standards to ensure the security of all the personal data processed.
SZA adopts the highest security standards in the management and storage of all personal data. A dedicated internal team, assisted by IT experts, oversees the firm’s IT infrastructure, ensuring compliance with best practices in order to minimize the risk of loss, damage, unavailability or unauthorized disclosure of data.
The GDPR gives you, as data subject, specific rights which the law firm, as Data Controller, undertakes to comply with.
Simply by writing to email@example.com you are therefore entitled to:
SZA undertakes to provide the data subject with information regarding the action taken in relation to any request received without undue delay.