Utilizziamo cookie tecnici per personalizzare il sito web e offrire all’utente un servizio di maggior valore. Chiudendo il banner e continuando con la navigazione verranno installati nel Suo dispositivo i cookie tecnici necessari ai fini della navigazione nel Sito. L’installazione dei cookie tecnici non richiede alcun consenso da parte Sua. Ulteriori informazioni sono contenute nella nostra Cookie Policy.

Privacy notice for the processing of personal data

(Last updated 14 April 2023)

Rödl & Partner Associazione Professionale, with legal offices in Milan, Largo Donegani 2, 20121, Milano (MI)-Italy, VAT no. IT12609300152, represented by the pro-tempore Managing Partner, as controller of personal data processing (hereinafter, “Data Controller”),  pursuant to European Regulation EU 2016/679 (“GDPR”) and to the national and international laws on personal data protection applicable from time to time (“Privacy laws”), informs you that your data shall be processed with and within the following modalities and purposes.

1. Categories of Personal data   

The Data Controller processes your personal data, identifying and not particular/sensible data (hereinafter, “Personal Data” or “Data”) communicated by you while navigating on the website of the Data Controller www.roedl.it (hereinafter, “Website”), in particular:
  • e-mail address, name, surname and any other data provided e.g. when requesting contact also via web form, quotes, newsletter request, participation in events, training activities, signing the contract with the Data Controller and/or request for professional services;  
  • navigation data such as IP addresses or domain names of the computers used by users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computer environment. This information is collected through the cookies described in the Cookie Policy of the Website, to which you are referred.

2. Purposes and legal bases of Personal Data processing    

Your personal data are processed, without your prior consent, for the following Service Purposes and for the following Legal bases:   

  • the execution of the agreement and/or the fulfillment of pre-contractual requirements, in particular:  

  1. the use of the Website and any technical assistance;
  2. the management of a contact request from you regarding our professional services, events or courses;
  3. the management of submitted applications.

  • Data Controller’s fulfillment of law provisions, such as:  

  1. the fulfillment to the obligations set forth by laws, regulations and national or European laws, or imposed by the competent Authorities
  2. completing and elaborating the tax certificates and of related fulfilments
  3. book-keeping and related fulfilments. 

  • the pursuit of a legitimate interest of the Data Controller, specifically: 
  1. the management and maintenance of the Website: the interest of the Data Controller corresponds to the need to ensure the correct operation of the Website
  2. the prevention and repression of unlawful acts: the interest of the Data Controller is the right of court action guaranteed by Italian Constitutional Chart (article no. 24) and, as such, is socially acknowledged as prevailing over the interests of the single data subject
  3. sending updates by email and newsletters related to the main regulatory and jurisprudential news, educational and professional activities of the firm, only if you are our client: each e-mail will allow to refuse further sendings or to select the subjects of greater interest: the interest of the Data Controller is bound to the general interest of a professional association to promote the above-mentioned updates and is considered as legitimate pursuant to the national data protection laws. 

Your Data are processed, only with your prior consent, for further purposes such as:
  • communication Purposes, such as sending – if you are not our client – email updates and newsletters about new legislation, case law, educational opportunities and our professional activities;
  • communication of the Data to third parties for Promotional purposes, namely the communication from us of your Data to partners with whom the Firm organizes events and/or training activities for mailing, by such third parties of promotional e-mails and newsletters relating to their activities. The product categories to which the third parties to whom your Data may be disclosed belong are publishing, professional training and consultancy services. The specific partners to whom you may decide to communicate your data are specified from time to time under the event you decide to register for. Finally, please note that these third parties act as autonomous data controllers and will be obliged to provide you with their privacy policy within 30 days of receiving your data.

3. Modalities of Personal Data processing  

The processing of your Personal Data is performed, in electronic and paper form, through collecting, registering, organizing, storing, consulting, processing, modifying, selecting, extracting, comparing databases, using, interconnecting, blocking, communicating, deleting and through data destruction activities.

4. Personal Data retention  

The Data Controller shall process the Personal Data for the time necessary to fulfill the purposes mentioned at paragraph 2 and for no more than:

  • 5 years, and in any case for the limitation period, from the collection of the Data for Service Purposes; 
  • 5 years for the Communication Purposes, unless your consent is revoked for the same Communication Purposes;
  • with reference to the sending of Promotional Communications by third parties, please refer to the retention periods provided for in the information notice sent to you by the specific partner to whom the Data have been disclosed.

5. Access to Data  

For the above-mentioned purposes, your Data shall be accessible to: 

  • employees and/or co-workers of the Data Controller, in their capacity of authorized subjects to data processing and/or processors and/or system administrators;
  • firms belonging to Rödl & Partner’s network and/or to third parties (i.e.: credit institutions, professional firms, etc.) performing outsourcing activities on behalf of the Data Controller, in their capacity of external data processors.  


6. Communication of Data  

Your Data may be communicated, even without your consent, to control bodies, law enforcements or judicial bodies, to the Italian Finance Ministry, to the Italian I.R.S., regional and local bodies, regional and local Tax Commissions, upon their explicit request. 

Such entities shall process your Data in their capacity of independent controllers, for institutional and/or law purposes in the event of controls or investigations. Your Data may also be communicated to third parties third subjects (e.g.: partners, freelance professionals, etc.), as independent controllers, and in order to perform the above-mentioned instrumental activities. 

With your express consent, as set out in § 2 above, your Data may be communicated to third parties (event partners), in their capacity as independent Data Controllers, for the purpose of sending promotional communications relating to their activities.

7. Transfer of Personal Data  

The Data shall not be disclosed, but they may be transferred to non-EU Countries for the above-mentioned purposes such as, for example, to studies belonging to the Rödl & Partner network for Service Purposes. 

In order to ensure an adequate level of Personal Data protection, the transfer shall be performed in compliance with Adequacy Decisions approved by European Commission or with the adoption - by the Data Controller - of Standard Contractual Clauses provided for by the European Commission. 

The list of the extra EU countries where the Data are transferred is available at the legal offices of the Data Controller.

8. Conferral of Data  

The conferral of your Data for Service Purposes (except for those which may not be marked with an asterisk) is mandatory and any refusal to provide such Data may lead to the inability of the engagement or prosecution of the professional assistance mandate with the Data Controller.
The provision of Data for the further purposes is optional: failure to provide them does not prevent the use of the services of the Data Controller. 

Should you decide not to provide the Data, however, you will not be able to receive communications relating to the initiatives and offers of the Data Controller or to carry out statistical activities on the use of the Site and your Data may not be disclosed to event partners for the purpose of sending the Promotional Communications referred to in § 2. above. 

9. Rights of the Data processing subject   

The Data Controller informs you that you, as Data Subject, where the limitations provided by law are not applicable, has the right to: 
  • obtain confirmation over the existence or inexistence of Personal Data relating you, even if not yet registered, and their communication in a comprehensible way;
  • obtain the indication and, if necessary, the copy of the: a) source and category of the Personal Data; b) logic applied in case the processing is performed by means of electronic instruments; c) purposes and modalities of the processing; d) identification references of the Data Controller and the Data processors; e) subjects or categories of subjects to whom Personal Data may be communicated or who may come to know, in particular if recipients are extra-EU countries or international organizations; f) period for which the Personal Data will be stored, or if that is not possible, the criteria used to determine that period; g) existence of an automated decision-making process and, in this case, information about the logic involved, the significance and consequences for the data subject; h) existence of adequate safeguards in case of transfer of Personal Data to an extra-EU country or international organization;
  • obtain, without undue delay, the update, the rectification or, whether you are interested, the integration of incomplete Data;
  • withdraw the conferred consents at any time, easily, without hindrances, using, when possible, the same channels used to provide them;
  • obtain the cancellation, the transformation into anonymous form or blocking of the Data: a) processed in breach of the law; b) no longer necessary in relation to the purposes for which the Data have been collected or subsequently processed; c) if you withdraw consent on which the processing is based and  there is no other legal basis for the processing; d) if you object to the processing and there are no overriding legitimate basis for the processing; e) in compliance with a legal obligation; f) in case of data referred to children. The Data Controller may refuse to erase them when the processing is necessary: a) to exercise the right of freedom of expression and information; b) in compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of public authority; c) for reasons of public health interest; d) to achieve purposes in the public interest, scientific or historical research purposes or statistical purposes; e) to exercise a right in a court;
  • obtain the restriction of processing in case of: a) the accuracy of the Personal Data is contested; b) unlawful processing by the Data Controller in order to prevent the erasure of the Personal Data; c) exercise of your right in court; d) verification on the possible existence of overriding legitimate interests of the Data Controller with respect to those of the data subject;
  • receive the Personal Data related to you in a structured, commonly used and machine-readable format and transmit those data to another Data Controller, without hindrance, from the Data Controller to which the personal data have been provided, where the processing is carried out by automated means;
  • object, in whole or in part for lawful causes, to the processing of Personal Data related to you, regarding your particular situation;
  • lodge a complaint to the competent supervisory authority. 
For all cases mentioned above and in case you have exercised your rights, the Data Controller will inform – if necessary- third parties to whom your personal data were disclosed, except for specific cases (e.g.: where impossible or involve a manifestly disproportionate use of resources compared to the right protected by the law). 

10. Modalities to exercise your rights   

You can at any time exercise your rights:  
  • sending a request to the mail address of the Data Controller; 
  • sending an email to the following address dpo@roedl.com
  • calling the number +39 02 6328841. 

11. Data Controller and Data Processor 

The Data Controller is Rödl & Partner Associazione Professionale, in Milano Largo G. Donegani 2. 

The Controller appointed a Data Protection Officer who can be reached by sending an email to dpo@roedl.com or calling the number: +39 02 6328841. 
The updated list of the Processors and System Administrators is retained at the premises of the Data Controller, with legal offices in Milan, Largo Donegani 2.


Contact Person Picture

Daniele Gennaro

+39 02 6328 841

Invia richiesta

Deutschland Weltweit Search Menu