Privacy Policy

Privacy Policy

This note is provided in accordance with art. 13 of EU-Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, Directive 95/46/EC, General Data Protection Regulation (the “GDPR”) as well Legislative Decree No. 196/2003 (as amended by Legislative Decree No. 101/2018) concerning the personal data that the Firm collects from each Client on the date of engagement.


The Controller are the lawyers Marco Rampf and Susanna Eichner (the “Controller“), with head office in 00127 Rome (RM), Via Roberto Raviola 32. The Controller may be contacted at the e-mail address

Purpose of the processing

The processing of the personal data is necessary for the Controller to duly perform court and out-of court professional advisory services. The personal data will be processed only and exclusively for the purposes of: a) performing the Clients’ requests for legal assistance; b) complying with the Firm’s duties provided by mandatory provisions of law. Personal data may be stored in analogical or digital archives (including mobile devices) and processed on a strict need-to-know basis for the purposes mentioned above.

As part of their cross-border cooperation, the lawyers of our law firm also use the “Google Workspace” platform on the Google cloud. The servers on which customer files are stored are located – as per Controller’s explicit request and order – in the European Union; thus you may fully benefit of the rights and protection granted by the GDPR. Further information on Google’s internal personal data processing policy can be found at the following link: Google Workspace Privacy Policy

On our Website there is a podcast player from, a company based in the UK, which, however, expressly guarantees to apply the provisions of the GDPR in the collection of personal data. Further information on Buzzsprout’s internal personal data processing policy that applies to the listening of the podcasts can be found at the following three links: 1) Buzzsprout – Privacy Policy , 2) Buzzsprout – UK, EU and USA Privacy Shield , 3) Buzzsprout – GDPR

Legal basis for the processing

The Controller lawfully processes the personal data to the extent the data processing: a) is necessary for the performance of the professional advisory services, a contract to containing personal data of the party or in order to take Clients’ instructions prior to entering a contract; b) is necessary for complying with a legal obligation to which the Controller is subject; c) is explicitly consented for one or more specific purposes.

Consequences of failure to provide the personal data

Should the provision of personal data be a statutory or contractual requirement, or a requirement necessary to enter into a contract (e.g. for fiscal and accounting purposes), the failure to provide the personal data may prevent the conclusion of the relevant contract.

Data storage

Any personal data shall be processed in compliance with the provisions above and stored by the Controller for a period equal to the duration of the professional advisory agreement and, after expiry or termination, for a period equal to the duties of the Controller to store and keep records of those personal data (e.g. for fiscal purposes).

Further data processing

Personal data may be further processed by: a) advisors and accountants or other lawyers providing ancillary professional advisory services to those mentioned above; b) banks or insurance companies providing services in connection with the Controller’s professional advisory services; c) entities processing the personal data for compliance with a specific legal obligation; d) judicial or administrative authorities in connection with their legal obligations.

Profiling and further data processing

Personal data is neither subject to further data processing nor to any automated decision-making mechanism, including profiling.

Rights of the data subject

The GDPR grants to the individual the following rights vis-à-vis the Controller: a) to obtain access to his or her personal data and to any relevant information, to rectify any inaccurate of the personal data or to have incomplete personal data completed, to eliminate personal data concerning him or her (should one of the grounds listed under art. 17, paragraph 1 of the GDPR occur and notwithstanding the exemptions under paragraph 3 of article 17), to obtain restriction of processing (where one of the situations under art. 18, paragraph 1 of the GDPR occurs); b) to obtain – in those cases in which the processing is based on consent or on a contract and such processing is carried out by automated means – his or her personal data in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller (right to data portability); c) to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her; d) to withdraw his or her consent at any time with reference to the processing based on the individual consent, based on his or her particular situation and refers to general data (e.g. date and place of birth or of residence) or on particular data (e.g. data revealing racial or ethnic origin, political opinions, religious of philosophical beliefs, health and sex life or sexual orientation of the data subject) and provided the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal; e) notify a breach of a personal data protection to the supervisory authority (Autorità Garante per la protezione dei dati personali –

Privacy Policy Download