Privacy Policy

POLICY STATEMENT ON THE PROCESSING OF PERSONAL DATA

This Information Notice is provided to inform you that the data provided to our Company will be processed in accordance with EU Regulation No. 2016/679 (hereinafter, also “GDPR”) and Legislative Decree 101/2018.

We therefore invite you to carefully review the information below.

Data Controller and Data Protection.

The Data Controller is Avv. Aurora Visentin, with registered office in Paris, Rue de Rennes 85 (75006).

The Data Controller may be contacted by sending a registered letter with return receipt to the above address or by e-mail studio@frenchlex.com

Purpose of processing.

The personal data provided will be processed in relation to the following purposes i.) fulfillment of contractual obligations; ii.) fulfillment of accounting and tax obligations; iii.) supplier management (supplier administration, contract administration, orders, deliveries and invoices); iv. ) customer management (customer administration, contract administration, orders, deliveries and invoices, reliability and solvency control); v.) legal and economic treatment of personnel; vi.) litigation management (contractual defaults, warnings, settlements, debt collection, arbitrations, court disputes); vii.) fulfillment of legal obligations; viii.) legitimate interest of the Data Controller.

Scope of communication and dissemination.

We would like to inform you that, in order to achieve the purposes indicated above, the data collected may be communicated to Third Parties – appropriately designated Data Processors and whose references will be made known to you upon simple request, such as – financial, social security and welfare institutions, insurance companies, computer and telematic service companies archiving and storage companies, printing and mailing companies, e-mail management companies, judicial or administrative authorities, accountants, lawyers, consultants, doctors, subsidiary or associated companies, risk central, auditing companies, university and non-university foundations and institutes, and trade associations.

Outside of the aforementioned cases, your personal data will not be communicated or disseminated without your explicit consent.

Method of processing.

The processing will be carried out both in paper and automated form, in accordance with the principles of lawfulness, correctness, non-excessiveness and relevance provided for by current legislation.

The Data Controller shall take appropriate security measures, aimed at preventing unauthorized access, disclosure, modification or destruction of the processed data

Data Retention.

The Data Controller will process personal data for the time strictly necessary to fulfill the above purposes or, in any case, for the period provided for the fulfillment of legal obligations, provided that it is not necessary to retain it further in order to comply with orders from the Authorities.

Place of processing and scope of data circulation.

The management and storage of personal data will take place on servers of the Data Controller and/or third party companies appointed and duly appointed as Data Processors, located both in the territory of the European Union and in countries outside the EU. Data, therefore, may be subject to transfer both within and outside the European Union. In relation to the possible transfer of data outside the EU, the Data Controller assures as of now that the same is done in accordance with the provisions of the law through the conclusion of agreements that guarantee an adequate level of protection and through the adoption of the standard contractual clauses provided by the European Commission.

Refusal to provide data.

We also consider it our duty to inform you that any refusal to consent to the indicated processing may prevent the completion of the contractual relationship.

Rights of data subjects.

In relation to the processing of any personal data provided carried out by our Company, we remind you that, in your capacity as data subject, you have the right to:

– obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet registered, and their communication in intelligible form;

– obtain an indication of: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) the identification details of the owner, managers and designated representative under Article 3, paragraph 1, GDPR and Legislative Decree 101/2018; e) the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them as designated representative in the territory of the State, managers or agents;

– obtain: a) the updating, rectification or, when you have interest, the integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those that do not need to be kept for the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;

– oppose, in whole or in part: a) for legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of collection; b) the processing of personal data concerning you for the purpose of sending advertising materials or direct sales or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by e-mail and / or through traditional marketing methods by telephone and / or mail. It should be noted that the data subject’s right to object, set forth in point b) above, for direct marketing purposes through automated modalities extends to traditional ones and that, in any case, the possibility for the data subject to exercise the right to object even partially remains unaffected. Therefore, the data subject may decide to receive only communications by traditional means or only automated communications or neither type of communication;

– where applicable, you also have the rights set forth in Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restrict processing, right to portability of contractual and raw browsing data, right to object), as well as the right to complain to the Data Protection Authority.

Changes to the policy.

The possible entry into force of new industry regulations, as well as the constant review and updating of the services reserved for you. may result in the need to change the methods and terms described in this Policy. It is therefore possible that this document may change over time. You are therefore invited to periodically consult the dedicated page on the company website www.frenchlex.com/privacy-policy as any changes to this Notice will be posted there.