PRIVACY NOTICE TO CLIENTS OF CAIAZZA & PARTNERS INTERNATIONAL LAWFIRM

According to Art. 13 and 14 GDPR

Our professional activity is aimed exclusively at safeguarding the interests of our Clients.

Before accepting an assignment, we are required to carry out checks concerning both the Client (conflict) and the subject matter which must fall within the expertise of at least one of the lawyers of the Law Firm, therefore the communication of personal data is necessary even during this preliminary phase.

Lawyers are not obliged to accept an assignment, but once they are engaged, various legal obligations must be observed. 

Our Law Firm Caiazza & Partners and its lawyers strictly observe data protection legislation and protect the rights of our Clients according to this privacy notice.

Data Controller and Joint Controllers 

The Data Controller is the Law Firm Caiazza & Partners (hereinafter the Controller), Corso Vercelli 57, Milan, Italy.

For individual assignments, invoiced with their own VAT number, the Data Controller is each of the lawyers of the firm individually: Massimo Caiazza, Massimo Saporiti, Carlo Pratesi, and Alessandro Saracco.

The Law Firm and the individual lawyers are acting as joint controllers and have signed a specific agreement for the processing and protection of personal data.

Necessity of Processing of Certain Categories of Personal Data 

In order to provide legal advice and assistance, it is necessary to receive the personal identification data of each Client and each counterparty.

The Law Firm Caiazza & Partners and its lawyers have the duty to check the identity of the Client before accepting and carrying out an assignment. The collection of personal data of the Client is necessary to rule out any conflict of interest (example: if the new client is a counterparty of one of the lawyers of the firm the assignment cannot be accepted) and in the cases provided by the law, for the proper verification of the Client according to anti-money laundering legislation. Counterparties’ data must also be collected to check any conflict (example: if the new client requests assistance against a person who is already a client of one of the lawyers of the Law Firm, the assignment cannot be accepted).

Purpose of processing

The purpose of processing personal data of our Clients is the correct and complete performance of the professional assignment received, both in judicial and out-of-court matters.

Once the assignment is accepted, Clients’ data are also processed to fulfil legal obligations such as future checks for conflict of interest, compliance with anti-money laundering legislation, charging legal fees and expenses related to the assignment, compliance with regulatory, administrative and tax obligations (e.g. invoicing, accounting records).

The data related to our legal cases are also used for the purpose of increasing our professional know-how, training of professionals of the law firm, drafting articles in compliance with professional secrecy.

Sending newsletters.

Legal basis for processing

The legal bases for processing are:

Execution of pre-contractual measures at the request of the data subject (prospective client), such as the presentation of the case, even generically, before the assignment is accepted and the rates to be charged;

Performance of contractual obligations between the Controller and the data subjet (Client), consisting of the professional assignment;

Fulfilment of legal obligations of the Controller, such as the check of conflict, anti-money laundering, compliance with procedural rules even in out-of-court matters, compliance with the legal provisions applicable to the case assigned, compliance with tax legislation, compliance with professional ethics according to the bar association’s code of conduct.

Safeguarding Client’s vital interests in case of emergency.

Legitimate interest of the Controller, such as the safeguarding of our rights (e.g. defending ourselves from claims, debts collection), improvement of know-how of the professionals of the law firm, training of staff, writing articles, sending newsletters, always observing our professional secrecy.

Data sharing with third parties

The personal data of Clients are communicated by the Controller to lawyers and collaborators of the Law Firm as well as to its authorized administrative staff who need to know them for checks of conflict of interest, proper identification of Clients, internal collaboration in the interest of the Client. The data are also communicated to the administrative staff of the appointed Data Processor Studium sas, service company dedicated to the management of the Law Firm for issuing invoices, specifications of activities performed, management of lawyers’ agenda, meetings, phone calls and correspondence. All employees of the Law Firm and of Studium sas are bound by a written obligation of secrecy undertaken without time limit.

Some personal data of the Client, mentioned in the invoices, are communicated to the external firm Fortald that manages the accounting and tax declaration of the Law Firm.  Each lawyer of the Law Firm when he carries out his professional activity individually with his own VAT number may appoint a different accounting firm.

Chartered accountants and tax advisors assisting the Controller(s) are bound by an obligation of confidentiality without time limit. Furthermore, such service providers are appointed data processor when they process data on behalf of the Controller with the obligation to strictly follow the written instructions of the Controller.

Due to professional secrecy, the Controller does not release information about the personal data of Clients to third parties, except for the following cases:

(i) it is expressly agreed with the Client, (ii)  it is necessary to exercise and defend the rights of the Client during the course of a professional assignment, (iii) for the fulfilment of legal obligations, or of an order of the  judicial or administrative authority, or (iv) for the appointment of an professional service provider, service provider or contractor performing services on behalf of the Controller within the scope of his professional activity (e.g. appointing local attorneys, technical consultants, suppliers of IT services).

The personal data of the Clients are also communicated to Judicial Authorities, arbitrators, mediators, conciliators, public administrations, counterparties, lawyers/procurator of counterparties, external collaborators, subjects operating in the judicial sector and, in general, to all public and private subjects when it is necessary for the correct fulfilment of the purposes for processing as indicated above.

It is not the Controller’s intention to transfer personal data to a third country or to an international organization, unless this is done upon explicit request and informed consent of the Client.

Duration of processing

The personal data of the Clients are processed for the duration of the assignment and stored for ten years after the legal file is archived, or even for a longer period, if this is required by the nature of the assignment (e.g. a last will).

Means of processing

Personal data are collected from the data subject (i.e. communicated by the Client) and may also be obtained from other sources, both private and public, for the purpose of the correct and complete performance of the professional assignment.

Processing can be performed with or without the aid of electronic or automated tools, safeguarding data protection against intrusion, unauthorized access, alteration and loss of data. The processing is carried out by the Controller through its authorized personnel and / or by the data processors appointed in compliance with the regulations in force. The data are stored in servers located in Lombardia (Italy) and in any case within the European Union. The Controller has adopted the necessary technical and organizational data protection measures for the confidentiality, integrity and availability of data and to prevent unauthorized access, alteration, dissemination, loss or destruction.

Communications to our Clients

The Law Firm may send newsletters and communications to Clients that have the right to object to receive communications which are not strictly related to the assignment conferred.

Data subject’s rights

Data subjects have the right to:

Access: each client has the right to obtain free of charge  confirmation of whether we are processing his/her personal data, to access his/her personal data and to obtain information regarding how the personal data is being used by the Law Firm.

Rectification: at client’s request any incorrect or outdated personal data will be immediately rectified and will be integrated with correct and updated data.

Restriction: client may request the restriction of processing in certain circumstances provided by the law; 

Portability: upon client’s request, for example, in case client changing attorney, the Controller must transmit the personal data available in a commonly used electronic format;

Erasure: requests for data erasure by a client will be considered taking into account the legal obligations related to data retention. This is not a blanket right to require all personal data to be deleted. 

The Law Firm may send newsletters and communications to Clients that have the right to object to receive communications which are not strictly related to the assignment conferred.

In any case, any request received by the Controller will be taken into consideration after verification of the identity of the data subject.

Exercise of Data Subject’s Rights and Complaints

The Client can exercise his rights at any time by contacting the Controller without formalities nor payment of any additional cost. Requests will be satisfied as soon as possible and in any case within one month, In case of objective difficulties a written notification will be sent within the aforementioned deadline.

In case of dissatisfaction with the methods of processing and complaints, the interested party can write to the Controller addressing the request to caiazza@studiocaiazza.com without prejudice to his right to contact the Italian Data Protection Authority www.garanteprivacy.it or the supervisory authority of the different European country in which he is resident, lives or works, or in the country in which he considers that a violation of his/her personal data occurred.

Other information on data processing

When the Client is also a data controller, for example for its employees, clients, suppliers or of other data subjects, upon sharing personal data or allowing access to lawyers of the Law Firm, the Client must have informed the data subjects about this processing. Lawyers are generally not appointed as data processors given their obligation of independence established by the law that distinguish their consulting and assistance services, even in out-of-court matters, from any other kind of outsourced service, not receiving binding instructions on the processing by Clients nor being eligible of direct control by Clients for the supervision of the processing performed on their behalf. 

Lawyers do not send a privacy notice to counterparties nor to third parties involved in their professional assignment being bound by the law of professional secrecy.

The Controller and the Joint Controllers have adopted a common privacy policy of the Law Firm.

This privacy notice may be subject to changes in the future. The new editions of the information will show the date of their publication.

For any further information and clarification the Client can contact the Controller Caiazza & Partners Corso Vercelli 57, 20144 Milan, Italy, phone + 39 02860968, email mail@studiocaiazza.com website www.studiocaiazza.com