Our firm offers cutting-edge legal services in the area of data protection. We advise corporate clients and help them to secure compliance with EU and national rules.
We advise our clients on the adoption of safety measures, retail customers relationship management, as well as with all the issues related to personal data of employees, suppliers and collaborators.
We also assist our clients in the transfer of data among companies within the same group, both in Italy and internationally.
We focus our data protection practice on the principle that our clients should process customers’ personal data fairly and lawfully. Furthermore, we ensure that the data be processed in an adequate, relevant and not excessive fashion in relation to the purposes for which they were collected, especially in areas such as marketing and CRM.
Our expertise in data protection proves particularly effective in advising clients on e-commerce matters and other distance selling techniques, such as telemarketing of products and services, with particular focus on regulated areas, such as financial and insurance services.
Our lawyers are constantly attuned to the activities of the Italian and EU data protection authorities and actively participate in the consultations promoted by the authorities.
Our data protection practice includes the following:
- Drafting information notes concerning the processing of personal data and preparation of clauses for the acquisition of the data subject’s consent, whenever required (e.g. in case of marketing and profiling activities; transfer of data; processing of sensitive data);
- Preliminary notification to the Data Authority;
- Management of cookies and identification of the activities for which the user’s prior consent is required;
- Identification and implementation of safety measures concerning personal data;
- Drafting of agreements concerning the transfer of personal data to non-EU countries by means of contracts providing adequate coverage, as indicated by the European Commission and the “Article 29” Working Party (i.e. standard clauses and Binding Corporate Rules);
- Drafting of regulations on video surveillance;
- Drafting of documentation concerning the appointment of the Data Controller or Data Manager;
- System Manager;
- Drafting of corporate rules on the use of Internet and e-mail in employment relationships;
- Implementation of the measures required by the Data Protection Authority with respect to the management of call centers, also from non-EU countries;
- Assistance to clients in case of preliminary investigation procedures initiated by the Data Protection Authority.