Event privacy notice

Pursuant to current legislation on the protection of personal data (the “Privacy Legislation“), including EU Regulation 2016/679 (the “GDPR“) and Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (the “Privacy Code“), Morri Rossetti e Associati-Studio Legale e Tributario, in its capacity as the data controller (the “Law Firm“ or the “Data Controller“), informs all those who, for various reasons, participate at the events – and that are third parties with respect to the Law Firm – organised by the Law Firm (the “Data Subjects" or the “Participants“) that it will process their personal data in strict compliance with the Privacy Legislation for the purposes and in the manner described in this privacy notice (the “Privacy Notice“).

The event is recorded and made available on YouTube. Due to the recording and publishing activities of the event, participants are not enabled to turn on their webcam and are only allowed to ask questions via chat .

1.    Who is the data controller?

Morri Rossetti e Associati-Studio Legale e Tributario, with registered office in Milano, Piazza Eleonora Duse n. 2, 20122, VAT No. IVA 04110250968, can be contacted at 02 760 7971 or at the e-mail address info.privacy@Morrirossetti.it.

2.    What personal data do we collect?

The Data Controller processes the following personal data of the Participants:

 •    identification and contact data, such as: first name, surname, personal and/or company e-mail address, company name and telephone contact data.

3.    For what purposes do we process your personal data and on what legal basis?

Where the legal basis of the processing is the legitimate interest of the Data Controller, the Data Controller guarantees that it has previously carried out an assessment ('balancing test') aimed at ensuring the proportionality of the processing in order to safeguard the rights and freedoms of the Participants, taking into account the reasonable expectations of the Data Subjects in relation to the specific processing activity carried out. The Participants may request information on the assessment by sending an e-mail to info.privacy@Morrirossetti.it.

The Data Controller also informs the Participants that he/she has the possibility to: (i) withdraw, at any time, any consent given, it being understood that the withdrawal of consent does not affect the lawfulness for the processing based on consent given prior to withdrawal; (ii) object, at any time, for the processing of his/her personal data on the basis of the Law Firm’s legitimate interests.

In particular, in the event that the Data Subject, in the future, wish to stop receiving any communications send by the Law Firm with informative and informational purposes, he/she can unsubscribe from the mailing list, by selecting “Unsubscribe” link, at the bottom of the email communications.

In the event that the Law Firm decides to process the personal data collected for any other purposes inconsistent with the Purposes for which the personal data were originally collected or authorized, the Law Firm will inform the Data Subject in advance and, where required, the Data Controller will gather his/her consent for such processing activity, if needed.

4.    How do we process personal data?

In relation to the aforementioned Purposes, the processing of persona data may consist of the activities indicated in Article 4(1)(2) of the GDPR, i.e.: collection, recording, organisation, storage, consultation, processing, disclosure by transmission or otherwise making available, restriction, erasure or destruction of personal data.

Furthermore, the personal data of the Data Subjects will be:

  • processed in accordance with the principles of lawfulness, fairness and transparency;
  • collected for the legitimate Purposes determined above;
  • adequate, relevant and limited to what is necessary in relation to the Purposes for which they are processed;
  • stored in a form that enables the identification of the Data Subject for a period of time not exceeding the fulfilment of the Purposes and better defined in paragraph 3 above;
  • processed in such a way as to ensure adequate security against the risk of destruction, loss, modification, disclosure or unauthorised access by means of technical and organisational security measures.

The processing may be carried out by means of manual, computerised and telematic tools, with logic strictly related to the Purposes in question and, in any case, in such a way as to guarantee the security and confidentiality of the data themselves, in addition to compliance with the specific obligations and principles enshrined in the Privacy Legislation in force from time to time and applicable.

5.    To whom do we communicate the data?

The personal data of the Participants under the authority of the Law Firm, only by the staff specifically designated as authorised persons for the processing pursuant to Article 29 of the GDPR and Article 2-quaterdecies of the Privacy Code.
The personal data of the Data Subjects will not be disclosed to the public or to undefined persons

6.    Do we transfer personal data to non-EU countries?

The processing and storage of personal data will take place on servers of the Law Firm located within the European Union. Personal data of Data Subjects will not be transferred to third countries outside the European Union.
Any transfer of Data Subjects’ personal data outside the European Union may take place only under the terms and with the guarantees provided for by the Privacy Legislation and, in particular, in accordance with Articles 44 - 49 of the GDPR

7.    What are your rights and how can you exercise them?

The Data Controller hereby informs the Data Subject that, in accordance with the law, he/she shall always have the right to withdraw at any time his/her consent, where given, as well as to exercise, at any time, the following rights (collectively, the “Rights“):

  • the “right of access” i.e. the right to obtain confirmation as to whether or not personal data concerning the Data Subject are being processed and the communication of such data in an intelligible form;
  • the “right to rectification” i.e. the right to request the rectification or, if interested, the integration of personal data;
  • the “right to erasure” i.e. the right to request the erasure or the anonymization of personal data that have been processed unlawfully, including data whose storage is unnecessary for the Purposes for which they were collected or further processed;
  • the “right to restriction of processing” i.e. the right to obtain from the Data Controller the limitation of the processing in certain cases provided for under the Privacy Legislation;
  • the right to request the Data Controller to indicate the recipients to whom it has notified any rectification or erasure or restriction of processing (carried out in accordance with Articles 16, 17 and 18 GDPR, in fulfillment of the notification obligation unless this proves impossible or involves disproportionate effort);
  • the “right to data portability” i.e. the right to receive (or transmit directly to another data controller) personal data in a structured, commonly used and machine-readable format;
  • the “right to object”, i.e. the right to object, in whole or in part:
    • the processing of personal data carried out by the Data Controller for its own legitimate interest;
    • the processing of personal data carried out by the Data Controller for direct marketing or profiling purposes.

In the above cases, where necessary, the Data Controller will inform the third parties to whom the Data Subjects‘s personal data have been disclosed of the his/her exercise of rights, unless it is not possible or is too onerous and, in any case, in accordance with the provisions of the Privacy Legislation

It is expressly understood, as provided for in Article 21 of the GDPR, that in the event of the Data Subject exercising his or her right to object, the Data Controller shall refrain from further processing the personal data unless he or she demonstrates the existence of compelling legitimate grounds for processing that override the interests, rights and freedoms of the Data Subject or for the establishment, exercise or defence of legal claims.

The Data Subject may at any time exercise its rights in the following ways:

  • by e-mail, at: info.privacy@Morrirossetti.it;
  • by sending a letter to the address of the registered office of Morri Rossetti e Associati: Piazza Eleonora Duse 2, 2011, Milan.

In any case, the Law Firm – where it has reasonable doubts as to the identity of the Data Subject making the request referred to in Articles 15 to 21 of the GDPR – may request additional information necessary to confirm the identity of the Data Subject.
We inform you that the Law Firm undertakes to reply to your request no later than one month after receiving the request. This term may be extended depending on the complexity or number of requests and the Data Controller will explain to you the reason for the extension within one month of your request. It should also be noted that if the Data Controller does not comply with the request, it is obliged to provide an answer to the data subject regarding the reasons for not complying and the possibility of lodging a complaint with a supervisory authority or judicial claim within one month of receiving the request.

8.    How can you file a complaint with the Italian Data Protection Authority?

The Data Controller hereby informs the Data Subject that, in accordance with the Privacy Legislation, he/she has the right to lodge a complaint with the competent supervisory authority (in particular in the Member State of his or her habitual residence, place of work or the place of the alleged breach), if he or she is of the opinion that his or her personal data are being processed in a way that would result in a breach of the GDPR.

In order to facilitate the exercise of the right to lodge a complaint, the name and contact details of the EU supervisory authorities are available at the following link: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

Finally, should you wish to lodge a complaint with the competent supervisory authority for the Italian territory (i.e. the Italian Data Protection Authority), the complaint form is available at the following link: https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524

Updated in march 2024