This website contains general information and documents regarding Puopolo Geffers & Partners Studio Legale Associato (“PG Legal”), which are published for information purposes only. All information, material, illustrations, and documents contained in this website are protected by copyright laws and shall not be used without the express consent of PG Legal. All material published on this website is the exclusive property of PG Legal. PG Legal does not intend to, and shall not, provide any legal advice and/or legal opinion through this website. Accordingly, PG Legal shall not be liable for any costs, expenses, losses, or damages that might derive from the use of this website and/or from the reliance upon the information contained herein.


Pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR“), Puopolo Geffers & Partners Studio Legale Associato (hereinafter also referred to as “PG Legal”), in its capacity as a data controller (“Data Controller“), wishes to inform you about the use of your personal data.


The Data Controller is PG Legal (VAT no. 10140371005), with a registered office in 00198 Rome, Via Ombrone 14.

The contact details of the Data Controller are as follows: telephone number: +39.06.884.1535, e-mail address: info@pglegal.it, pec: pglegal@legalmail.it.

PG Legal in its capacity as Data Controller guarantees that the processing of your personal data will be carried out in compliance with the fundamental rights and freedoms, as well as the principles of lawfulness, correctness, and transparency established by Art. 5 of the GDPR.


PG Legal may process, as appropriate, the following data (“Data“) referring to you and/or to the reference personnel (employees or collaborators) and/or to the shareholders or directors of the company (the “Company’s Personnel”):

A.Personal and identification data  Name, surname, date of birth, address etc.  
B.Contact details of the Company’s Personnel who communicate with PG Legal.Telephone number, e-mail address.  
C.Data related the execution of the mandatePersonal data may be delivered by the client regarding the envisaged transaction to be carried out or the legal advice sought. These data may include personal data relating to criminal convictions and offences (Article 10 of the GDPR) (including criminal proceedings in course) and/or special categories of personal data (Article 9 of the GDPR) (e.g. personal data suitable for revealing racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature.)

PG Legal will process the Data for the following purposes. In particular:

 Purposes of the processingLegal Basis of the processing
A.The data referred to in point 2 letters A), B), and C) will be processed for the execution of the professional activity that you and/or the company you represent (the “Company“) has requested, including the related legal, administrative and accounting obligations (the “Activity“).The legal basis of the processing is the fulfillment of the legal obligations which PG Legal is subject to as, for example, the requirements of anti-money laundering and anti-terrorism legislation (Article 6, paragraph 1, letter c) of the GDPR) and for the execution of the professional mandate given to us (Article 6, paragraph 1, letter b) of the GDPR).  
B.  The personal data referred to in points 2, letters A) and B) may be used by PG Legal to send communications connected to the Activity by means of newsletters, institutional communications and invitations to events, using either automated or individual methods.The legal basis of the processing is the consent of the data subject (Article 6, paragraph 1, letter a) of the GDPR) to the processing of his/her personal data for these specific purposes.

The provision of the data referred to in point 2 for the sole purposes referred to in point 3, letter A. is necessary for the execution of the Activity and the failure to provide such data implies the impossibility of PG Legal to execute it.

The provision of the data referred to in point 2, letters A. and B. for the sole purposes referred to in point 3, letter B. is voluntary and the failure to provide them does not prejudice the performance of the activity.


The processing of Data will be carried out through IT and telematic tools, limited to the purposes indicated above and, in any case, to ensure the security and confidentiality of data and communications, through the use of appropriate procedures that avoid the risk of loss, unauthorized access, unlawful use and dissemination of the data, in compliance with the limits and conditions set forth by the GDPR.


The Personal data will not be disclosed, or will not be disclosed to indeterminate subjects, in any possible form, including their availability or simple consultation. Furthermore, the Data will not be transferred outside the EEA.

The Data may be known and used within PG Legal, in particular, by employees of the operational units (accounting, secretariat), as well as by partners, professionals and collaborators of PG Legal, depending on the tasks assigned to them.

The Data may be disclosed to third parties who have entered into service contracts with PG Legal and who are appointed Data Processors and/or are Data Controllers. The latter fall in the following categories of recipients:

a) Subjects responsible for the maintenance of IT systems;

b) Couriers and companies involved in transport;

c) External professionals, such as domiciliary lawyers, labour consultants, tax advisors, accountants, forensics, doctors, notaries, etc.

d) Judicial Authorities and Public Bodies.


The Data will be stored at the offices of PG Legal, for the duration of the contractual relationship and subsequently:

a) For the purposes set out in point 3, letter A., ​​for the period of time provided for by law, including accounting, applicable to the aforementioned report and, in any case, for a period not exceeding 10 years (prescription period);

b) For the purposes set out in point 3, letter B., for a period of five years.

At the end of these periods the Data will be deleted or rendered anonymous.


Pursuant to Articles 15 et seq. of Regulation (EU) 2016/679, the data subject has the right:

a) to obtain confirmation as to whether or not personal data are being processed, and, where that is the case, to obtain access to the personal data and the following information: the purposes of the processing, the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored, or the criteria used to determine that period; the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject;

b) to obtain the correction of inaccurate personal data concerning him/her without undue delay and to obtain the integration of incomplete personal data, also by providing an additional declaration;

c) to obtain the cancellation or limitation of the processing of personal data concerning him/her;

d) to obtain from the Data Controller the restriction of processing;

e) to receive in a structured, commonly used and machine-readable format the personal data concerning him/her provided to the Data Controller and to transmit such data to another controller without hindrance by the Data Controller (so-called “portability”)

f) to oppose the processing of personal data;

g) not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or significantly affects him/her in a similar way;

h) to withdraw his/her consent to the processing of personal data, if consent constitutes the legal basis of the processing. In this case, data processing activities carried out prior to the withdrawal remain legal.

The above rights may be exercised by written request to the Data Controller, to the addresses indicated above or via e-mail to privacy@pglegal.it.


Pursuant to Article 77 of the GDPR, the data subject has the right to lodge a complaint with a supervisory authority if he/she considers that the processing of his/her data is contrary to the law in force.


PG Legal updates its Privacy Policy on a regular basis. PG Legal will guarantee that the most up-to-date version is available on the website www.pglegal.it and will directly inform the interested party of any important amendments that may directly affect it or request its consent.