B&C Legal – Privacy Policy

The information regarding the processing of Personal Data is provided below, in compliance with the requirements set out under art. 13 of the General Data Protection Regulation 2016/679 regarding Natural Persons and the free circulation of said data (hereinafter, the “GDPR”).

DATA CONTROLLER’S IDENTITY AND CONTACT DETAILS

The Data Controller is Bonaccorsi Colombo & Partner - Avvocati e Commercialisti Associati (hereinafter the “Firm” or “B&C Legal”), with registered office at Largo Donegani, No. 2 – 20121 Milan, tel. 0229005476; e-mail: privacy@bc-legal.it. Our internal privacy contact person is Ms. Federica Brevetti.

DATA SUBJECTS AND CATEGORIES OF PERSONAL DATA

The following information refers to our processing of the Personal Data (therefore, referred to identified or identifiable natural persons) of:

  1. Clients or prospect clients (if natural persons) or of the persons who act on behalf of clients (if the client is a company or an entity), hereafter, for the sake of simplicity, referred to as “Clients”;
  2. Client’s Shareholders or directors;
  3. Client’s relatives (also minors);
  4. Individuals other than the ones listed above, whose situation or relation with the Client is relevant for the sake of our legal assistance (or who act on behalf of those individuals):
  5. The individuals mentioned as “Beneficial Owner” under the anti-money-laundering laws.

The personal data processed by the Firm shall consist, as the case may be, of:

  1. Personal details, addresses and email addresses;
  2. Company’s position and professional info;
  3. Content of communications;
  4. Content of ID, photographs therein contained;
  5. Audio-video contents;
  6. Advices, memorandum and other written documents;
  7. Bank details;
  8. In exceptional cases: special categories of personal data as defined by Art. 9 of the GDPR, namely: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation;
  9. In exceptional cases, for anti-money laundering purposes: identification of/relation with the politically exposed person; property information on the politically exposed person;
  10. for anti-money laundering purposes in the risk evaluation; further information about the Client, if natural person,
  11. In exceptional cases: judicial data or data useful to reveal the existence of criminal judgements or criminal proceedings ongoing;
  12. In exceptional cases: personal data related to minors.

PURPOSE AND LEGAL BASIS FOR DATA PROCESSING

The Personal Data which you will communicate to us, or however, of which we will become aware during the contractual relationship will be processed exclusively for the purpose of performing the mandate received (as the case may be, in order to analyse the issues within the scope of the legal assistance, to prepare opinions and communications to the Client or to third parties, or briefs and legal documents, or also to examine and submit evidence in court) and for the related administrative purposes (managing the client database and the paper-based and electronic files relating to the individual cases), as well as to comply with the anti-money laundering legislation, where necessary.

Therefore, the processing of such data is necessary to perform the contract and/or the related preparatory measures. As far as the anti-money laundering legislation is concerned, process is required by law or is aimed at pursuing a public interest. The mandate conferred to B&C Legal professionals includes the informal requests for consultancy services and is not necessarily formalised in a written document.

If you have given your consent, only the e-mail addresses will be used to send the periodic newsletters regarding legal issues of importance for the majority of our Clients, or regarding initiatives which we have organized. The consent you may have given to receive such newsletters can be revoked at any time, by simply sending a request to the e-mail address indicated above.

SPECIAL CATEGORIES OF DATA AND JUDICIAL DATA

In most cases, the Personal Data we process do not pertain to the special categories indicated in art. 9 of the GDPR (Sensitive Data), nor do they refer to criminal convictions and crimes, pursuant to art. 10 of the GDPR (Judicial Data).

In the exceptional cases that we will ask or you will disclose the above-mentioned categories of data to the Firm will obtain your consent to such data being processed, limited only to those data useful for the correct execution of the mandate (judicial or consultancy).

The consent could be revoked at any time. However, the impossibility to process data could prevent the correct execution.

In the case of politically exposed person, the processing of the information thereof is justified and required by anti-money laundering law, and is carried out for public interest.

Data related to criminal judgements or offences as per article 10 of GDPR will be processed only when strictly necessary and after consent of the person involved, with due guarantees of law.

MANDATORY OR NON-MANDATORY REQUIREMENT TO PROVIDE PERSONAL DATA

Certain Personal Data, in particular, the personal details (if referred to a Client who is a natural person) and banking details, are necessary to establish the mandate, and without such data we will be unable to open the file (unless such details are already in our possession) or provide the essential services related thereto.

As far as the personal data referred to the identification of the Beneficial Owner or to the Client due diligence are concerned, they must be disclosed mandatorily as, in their absence, B&C Legal shall not provide the legal assistance required.

Further Personal Data required during our services shall be voluntarily given, but as they refer to the subject of our legal assistance, they are fundamental in order to carry out the required services.

RETENTION

The Personal Data will be stored for a period of 10 years from the date the contract execution is completed or the case in the context of which the Personal Data were collected or conferred is closed, which normally occurs in the six-month period after the collection of the last proforma note or invoice (if issued prior to payment) referred to that given case.

However, the Client database is subject to periodic review, on an independent basis, normally once a year, and is designed to remove the references of the data subjects registered previously and who have terminated their employment or collaboration relationship with the Client.

The newsletter mailing list is updated with the same procedure.

PERSONS OR ENTITIES WHICH MAY HAVE ACCESS TO PERSONAL DATA ON BEHALF OF THE B&C LEGAL OR TO WHOM THE DATA ARE COMMUNICATED

The Personal Data we collect will be processed exclusively by our personnel in charge of data processing, and where necessary, may be made accessible to external consultants, or to domiciliation agents (where the elected domicile is requested in order to manage the mandate more efficiently, especially if judicial) who are appointed by us directly. Furthermore, the Personal Data will be accessible by the companies appointed to provide us with software and hardware support, as well as the IT platform to manage the files.

Each external person or entity which has access to Personal Data has been or will be appointed as Data Processor, pursuant to art. 28 of the GDPR, subject to strict constraints regarding confidentiality and privacy, in compliance with the provisions of the above-mentioned legislation.

If an external professional (also a non-legal professional) co-operates with one of the Firm’s professionals to perform the mandate, based on a direct trust relationship with the Client, the external professional will act as an independent data controller, subject independently from the Firm to the obligations set out in the GDPR and, in general, the obligations set out in the privacy legislation.

In these cases, the exchange of information and communications which concern the Clients made between our Firm and such professionals will be considered as a communication of data from a data controller to another data controller, and functional to performing the mandate received.

The Personal Data shall also be communicated to the courts and tribunals in the framework of a lawsuit, or to the Revenue Office or other offices and public entities and bodies on a need-to-know basis.

Again, the Personal Data shall also be communicated to deputed bodies in case of suspicious transaction. In such a case, the communication is required by law and is justified by the public interest to money laundering and terrorism prevention.

TRANSFER ABROAD

Under no circumstance will your Personal Data be transferred outside the European Economic Area, unless the country of destination (where, for example, the professional who we may need to contact to perform the mandate is based) is the subject of an adequacy decision by the European Commission, (for example, Switzerland), pursuant to art. 45 of the GDPR, or in case of another condition for the transfer of data outside EU is met according to articles 45, 46 and 47 of the GDPR.

DATA SUBJECT’S RIGHTS

We take this opportunity to remind you that, in relation to your Personal Data, you will be entitled to exercise the rights acknowledged by the GDPR, namely: (i) the right of access the personal data and information, for example: the purpose of data processing and the types of data held by us (art. 15 of the GDPR); (ii) the right to obtain the rectification of incorrect personal data which concern you, or to integrate incomplete personal data (art. 16 of the GDPR); (iii) the right to erasure (“right to be forgotten”) of the personal data which concern you, if one of the grounds envisaged under art. 17 of the GDPR applies; (iv) the right to restriction of processing, i.e. to obtain that the personal data which may be subject to dispute are flagged and not deleted, for the period necessary to exercise a given right regarding such data (art. 18 of the GDPR); (v) the right to data portability (art. 20 of the GDPR). (vi) the right to submit a complaint to the Supervisory Authority, (Garante per la Protezione dei dati personali, with registered office in Rome, Piazza Venezia 11, e-mail address protocollo@gpdp.it-PEC protocollo@pec.gpdp.it) if the Authority’s provisions have been violated.

Please use the following e-mail address: privacy@bc-legal.it for any request or observation.

Yours sincerely.

Bonaccorsi Colombo & Partner

Data Subject Categories of Data Purposes Legal Basis Retention
Clients (if natural person) and prospect

Natural persons who act on behalf of the Client (even prospect) if legal entity, Client’s shareholders
Personal details, addresses and email addresses Opening and managing of the file. Sending of communications related to the professional sevices Execution of the professional services or of the requests aimed at their execution (art. 6.1 lett. b GDPR) 10 years from the file closing
e-mail addresses Sending of newsletter Consent Until revoked – the mailing list is subject to revision on annual basis
Content of communication Review of the subject matter. Redaction of legal opinion, memo, communication referred to the subject matter. Redaction of memorandum and summons Execution of the services 10 years from the file closing
Photo, audio/video contents See above Execution of the services 10 years from the file closing
Opinions, memorandum See above Execution of the services 10 years from the file closing
Personal and professional information See above Execution of the services 10 years from the file closing
Soecial categories of data See above Consenso 10 years from the file closing
Judicial data See above Execution of the services 10 years from the file closing
Persons who provide the information requested according to the anti-money laundering law

Effective Owner according to the anti-money laundering law
Personal details, data included in the ID docs, photos, professional info Identification of the client Compliance of anti-money laundering laws 10 years from the file closing
Quality of politically exposed person (PEP), personal/family relations with a PEP

Personal info

Risk evaluation
Risk Analysis Compliance of anti-money laundering law

Compliance of the public interest to money laundering and terrorism law
10 years from the file closing



PRIVACY POLICY – SUPPLIERS, CONSULTANTS, COUNTERPARTIES, THIRD PARTIES

The information regarding the processing of Personal Data is provided below, in compliance with the requirements set out under art. 13 of the General Data Protection Regulation 2016/679regarding Natural Persons and the free circulation of said data (hereinafter, the “GDPR”).

DATA CONTROLLER’S IDENTITY AND CONTACT DETAILS

The Data Controller is Bonaccorsi Colombo & Partner - Avvocati e Commercialisti Associati (hereinafter the “Firm” or “B&C Legal”), with registered office in Largo Donegani, 2 – 20121 Milan, tel. 0229005476; e-mail: privacy@bc-legal.it. Our internal privacy contact person is Ms. Federica Brevetti.

DATA SUBJECTS AND CATEGORIES OF PERSONAL DATA

The following information refers to our processing of Personal Data:

  1. suppliers (and prospects) if natural persons, or of the persons who act on behalf of clients (if the supplier is a company or an entity), hereinafter, “Suppliers”;
  2. colleagues and other consultants who support us (either according to direct assignment by the client or appointed by us) in court or out-of-court Firm’s assignments;
  3. counterparties (even prospective) of our clients (hereinafter, “Counterparties”) and of those who have a connection/communication with our client which is relevant in the framework of the assignment (hereinafter, “Interlocutor”);
  4. of consultants who assist or represent Counterparties in claims or judicial proceedings (“Counterparties Consultants”);
  5. of data subjects other from those listed above, of whom we process personal data in the framework of a judicial, mediation or similar proceedings, as, for instance, mediators, judges, witnesses, technical consultants, trade union representatives (hereinafter, “Third Parties”).
The personal data processed by the Firm shall consist, as the case may be, of:

  1. Personal details, addresses and email addresses;
  2. Content of communications;
  3. Bank details;
  4. Content of ID, photo;
  5. Audio-video contents;
  6. Advices, memorandums and other written documents;
  7. Information related to litigations (only for Counterparties);
  8. In exceptional cases (only for Counterparties): special categories of personal data as defined by Art. 9 of the GDPR, namely: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation;
  9. In exceptional cases (only for Counterparties): judicial data or data useful to reveal the existence, if any, of criminal judgements or criminal proceedings ongoing.

PURPOSE AND LEGAL BASIS FOR DATA PROCESSING

Suppliers: The Personal Data will be processed exclusively for the purpose of performing the contract or the preparatory requests, as well as the communications connected thereto, as well as for the purpose of fulfilling the related administrative and accounting obligations. The treatment of these Data is therefore necessary in order to execute the contract or as preparation and in some cases (accounting) is required by the Law Consultants: The Personal Data will be processed exclusively for the purpose of managing the contractual/cooperation relation or the assignment received, for communicating with the Consultant and for general document handling and storage purposes. The processing is then justified, according to the cases, by the contract performance or by the legitimate interest to the duly and complete execution of the task. Said treatment is therefore justified, according to the case, by the existence of a relation with the Consultant or by the legitimate interest to correct execution of the assignment received by the client. The email addresses may be processed for sending our newsletter regarding juridical issues or initiatives organized by the Firm, on a consent basis. The consent may be revoked at any time just sending a request to the email address above indicated.

Counterparties, Interlocutors, Counterparties Consultants: The Personal Data will be processed for communication purposes and for the purpose of managing the task assigned by the Client (case analysis, study of juridical issues, defense or out-out-court assistance), as well as for storage purposes of the information and docs connected thereto. The processing is justified by the legitimate interest to the duly and complete execution of the task. As per Sensitive Data, their processing is justified by the necessity to defend the client’s right in a judicial proceeding. Third Parties: The Personal Data will be processed for the purpose of performing and managing the task assigned by the Client within the litigation, pre-litigation, Trade Union or settlement proceeding, as well as for communication purposes with the parties and/or with the Client. The processing is justified by the legitimate interest to the duly and complete execution of the task. As per Sensitive Data, their processing is justified by the necessity to defend the client’s right in a judicial proceeding.

MANDATORY OR NON-MANDATORY REQUIREMENT TO PROVIDE PERSONAL DATA

Certain Personal Data, in particular (if referred to Consultant or the Supplier if a natural person) the personal details and contact details, are necessary to establish or to perform the mandate, and without such data we will be unable to provide the service.

RETENTION

Personal Data will be stored in any case for 10 years after the closure of the contract, mandate or litigation, Trade Union and settlement proceeding for which they were acquired.

The newsletter mailing list is subject to periodic, usually annual, update.

PERSONS OR ENTITIES WHICH MAY HAVE ACCESS TO PERSONAL DATA ON BEHALF OF THE FIRM OR TO WHOM THE DATA ARE COMMUNICATED

The Personal Data we collect will be processed exclusively by our personnel in charge of data processing, and where necessary, may be made accessible to external consultants. Furthermore, the Personal Data will be accessible by the companies appointed to provide us with software and hardware support, as well as the IT platform to manage the files.

Bank details shall be communicated to the Firm’s bank for payment purposes.

Each external person or entity which has access to Personal Data has been or will be appointed as Data Processor, pursuant to art. 28 of the GDPR, subject to strict constraints regarding confidentiality and privacy, in compliance with the provisions of the above-mentioned legislation.

TRANSFER ABROAD

Under no circumstance will your Personal Data be transferred outside the European Economic Area, unless the country of destination (where, for example, the professional who we may need to contact to perform the is based) is the subject of an adequacy decision by the European Commission (for example, Switzerland), pursuant to art. 45 of the GDPR or in case of another condition for the transfer of data outside EU is met according to articles 45, 46 and 47 of the GDPR.

DATA SUBJECT’S RIGHTS

We take this opportunity to remind you that, in relation to your Personal Data, you will be entitled to exercise the rights acknowledged by the GDPR, namely: (i) the right of access the personal data and information, for example: the purpose of data processing and the types of data held by us (art. 15 of the GDPR); (ii) the right to obtain the rectification of incorrect personal data which concern you, or to integrate incomplete personal data (art. 16 of the GDPR); (iii) the right to erasure (“right to be forgotten”) of the personal data which concern you, if one of the grounds envisaged under art. 17 of the GDPR applies; (iv) the right to restriction of processing, i.e. to obtain that the personal data which may be subject to dispute are flagged and not deleted, for the period necessary to exercise a given right regarding such data (art. 18 of the GDPR); (v) the right to data portability (art. 20 of the GDPR); (vi) the right to submit a complaint to the Supervisory Authority (Garante per la Protezione dei dati personali, with registered office in Rome, Piazza Venezia 11, e-mail address protocollo@gpdp.it-PEC protocollo@pec.gpdp.it) if the Authority’s provisions have been violated.

Please use the following e-mail address: privacy@bc-legal.it for any request or observation

Yours sincerely.

Bonaccorsi Colombo & Partner

Data Subject Categories of Data Purposes Legal basis Retention
Suppliers Personal details, addresses and email addresses Opening and managing of the file. Sending of communications related to the professional services. Forwarding of invoice with SDI Execution of the professional services or of the requests aimed at their execution (art. 6.1 lett. b GDPR) Compulsory accomplishments of Law 10 years from closure of mandate
Bank data Payments Execution of mandate 10 years from closure of mandate
Professionals Personal details, addresses, data arisen from ID, photos, Content of communications, Advices, memorandums and other written documents Personal and professional information Forwarding and management of communications

Filing

Case analysis, defense writings, preparation of defence for litigation, Trade Union proceeding etc.

Management of mandate including forwarding of deeds to competent authorities/offices
Anti-money laundering accomplishments (art. 6.1 lett. c GDPR) 10 years from closure of mandate with Professional or contract with client
Counterparties, Interlocutors, Counterparties Consultants Personal details, addresses Content of communications, Advices, memorandums and other written documents Personal and professional information Sensitive Data (only Counterparties) Forwarding and management of communications

Filing

Case analysis, defense writings, preparation of defence for litigation, Trade Union proceeding etc

Management of mandate including forwarding of deeds to competent authorities/offices
Need to defense in court

Legitimate interest to correct and complete execution of mandate conferred by the Client
10 years from closure of proceeding/contract with client
Third parties Personal details, addresses Content of communications, Advices, memorandums and other written documents Forwarding and management of communications

Management of mandate including forwarding of deeds to competent authorities/offices

Analysis of provisions

Filing
Need to defense in court

Legitimate interest to correct and complete execution of mandate conferred by the Client
10 years from closure of proceeding