Privacy Notice Regarding the Processing of Personal Data Pursuant to Articles 13 and 14 of the European Regulation 2016/679 (“GDPR”)

Dear User,
This notice is provided not only to comply with the obligations set forth by the laws regarding the protection of personal data – namely, Regulation (EU) 2016/679 (hereinafter “GDPR”), Legislative Decree 196/2003, as updated by Legislative Decree 101/2018 (or the “Personal Data Protection Code”) and the relevant provisions of the Data Protection Authority – but also because 42 LawFirm S.r.l. – a Society Among Lawyers (hereinafter also referred to as “42LF” or the “Firm”) believes that the protection of personal data is a fundamental value of its activity and wishes to provide all information that may help you protect your privacy and control the use of personal data while navigating on the site (hereinafter the “Site”).

Personal data refers to information about an identified or identifiable natural person defined as a “data subject” (hereinafter also referred to as “User”), such as demographic data, browsing data, information related to economic conditions, health status, lifestyle, etc.

Data Controller

The Data Controller, meaning the entity that determines the purposes and means of the processing of personal data to whom one may address to exercise the rights recognized by the GDPR, is 42LawFirm, VAT number 11424590963, with legal headquarters in Milan (MI), Via Vitruvio, n.1, Postal Code 20124.

The Data Controller can be contacted by sending an email to the address or by sending a communication via traditional mail to the address of the Controller, taking care to specify the reason for the request.


Sources and Categories of Processed Data, Nature of Data Provision, and Processing Methods

The personal data subject to processing are primarily collected from the User when they navigate the Site or utilize the services made available by it. This notice examines the personal data processed in the different sections of the Site and exclusively regulates the activities of personal data processing carried out on the Site and not for other websites to which the User may be redirected. The data collected by the Site are primarily processed electronically through software and computer procedures that are suitable for ensuring technical and computer security measures (such as the implementation of the secure https protocol for the transfer of information entered within the Site).

Browsing Data

Types of Data and Nature of Provision

The computer systems and software procedures used for the operation of the Site, during their normal operation, acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified data subjects, but which, by their very nature, could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the Site, the addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment (such as, for example, the name and type of device connecting to the Site). The provision of such data is not mandatory, and if the User decides not to provide such data, they will not be able to navigate the Site and access the functionalities offered by it.


Purposes of Processing

– These data are used to obtain anonymous statistical information about the use of the Site, to monitor its correct functioning, to improve the quality of the services offered and optimize the functionality of the Site.

– Such data are processed to the extent strictly necessary and proportionate to ensure the security of networks and the information that passes through them.

Legal Basis

Article 6(1)(f) GDPR – The legitimate interest of the data controller in maintaining the security of the Site and in ensuring that it is not used in ways that infringe the rights of others or as a channel for the commission of illegal acts or potential fraud (see Recital 47 of the GDPR).

Retention Period

The personal data referred to in this section are stored for up to 6 months from the collection, unless the data subject objects at any time using the procedures reported in the “Rights of the Data Subject” section of this notice.

Contact Area


Types of Data and Nature of Provision

The Site hosts a contact area through which the User can proceed to forward a contact request to the Firm or make specific requests for assistance. This section collects the following types of data:

– Name and surname;

– Email address;

– A free field for entering the message text.

42LF cannot perform any prior control in relation to the information entered within the fields freely filled in by the User. The Firm asks Users not to include information from which, even indirectly, knowledge of data belonging to special categories as per Article 9 of the GDPR may be gleaned. Should such data types be inserted, 42LF will not consider such information in the responses formulated and will proceed to delete such data in secure ways that do not allow for recovery. The provision of data in this area is optional. If the User decides not to provide such data, they will not be able to send contact requests to the Firm, which will therefore be unable to provide an appropriate response.

Purposes of Processing

To respond to contact requests sent to the Firm by Users through the form.

Legal Basis

Article 6(1)(b) GDPR – the processing is necessary for the performance of pre-contractual measures taken at the request of the data subject.

Data Retention Period

For the time necessary to re-contact the User who has made the request and for a period of 6 months from the response to the User’s request, in order to properly manage any subsequent requests by the same User or for additional information relating to the same or similar issues.


Types of Data and Nature of Provision

On the homepage of the Site, there is a box that redirects the User to the page through which they can request subscription to the promotional newsletter relating to the services offered by the Company. This section collects the following types of data:

– Email address;

The provision of data in this area is optional. If the User decides not to provide such data, it will not be possible to submit the request for subscription to the 42LF newsletter, which will therefore be unable to appropriately process such a request from the User.

Purposes of Processing

Subscription to the 42LF newsletter relating to the services offered by the Firm.

Legal Basis

Article 6(1)(a) GDPR

The User’s consent, expressed by entering their email address into the specific box. This consent is revocable at any time, without affecting the lawfulness of the processing carried out before the withdrawal, by following the instructions provided in the “Rights of the Data Subject” section.

Retention Period

Until the User revokes the consent given.

Cookie Policy

The Site installs various types of Cookies. The cookie policy, detailing the information processed through these tools, is accessible by clicking here.

Potential Recipients or Categories of Recipients of Personal Data and Transfer of Personal Data to a Third Country or Outside the European Economic Area (EEA)

Data access shall be exclusively granted to duly instructed authorized individuals (including regarding compliance with security measures and confidentiality obligations) pursuant to Article 29 GDPR (by way of example: personnel and collaborators of the Firm who are involved in responding to contact requests made by Users).

Furthermore, data access may be granted to professionals and consultants appointed by the Controller, acting as independent data controllers or as processors pursuant to Article 28 GDPR. In particular, but not limited to, the following may have access to the data:

– Entities that provide services for the management of the Company’s information system and communication networks (including email accounts);

– Companies that support 42LF in the administration of the Site (e.g., Internet service providers) or to provide the services requested by the User;

– Competent authorities for the fulfillment of legal obligations and/or provisions of public bodies, upon explicit request;

– Other companies in the course of corporate operations such as acquisitions or divisions, provided that it is contractually guaranteed that such information remains confidential and protected;

To obtain an updated list of subjects who may come to know the personal data, it is possible to send a communication via email to, taking care to specify the reason for the request.

42LF ensures that personal data will never be disseminated. The personal data subject to processing may be subject to transfer to third countries or sites outside the European Economic Area (EEA). In these cases, if it becomes necessary to transfer the data to a third country outside the EEA, 42 LF guarantees that such transfer will only occur in the presence of an adequacy decision by the European Commission or other adequate guarantees provided by the laws on the protection of personal data (such as, for example, the stipulation of standard contractual clauses with the recipient of the data, who must in any case ensure that the user’s personal data is subject to the same level of protection guaranteed by 42LF).


Individuals under the age of 18 should not provide information or personal data to the Firm without the consent of those holding parental responsibility over them. Therefore, the Firm urges everyone exercising parental responsibility over minors to educate them on the safe and responsible use of the Internet and the Web and to implement any necessary procedures in relation to the initiatives in which the Company intends to process the data of minors.

Rights of the Data Subject

The exercise of the rights listed in this section is not subject to any formal constraint and is free of charge, except for manifestly unfounded or excessive requests, according to Article 12(5) of the GDPR.

In relation to the treatments described in this notice and under the GDPR, the User may exercise the following rights:

– The right of access to their personal data and to all the information referred to in Article 15 of the GDPR,

– The right to rectify inaccurate personal data and to have incomplete data completed,

– The right to erasure of personal data, except for data contained in documents that must be mandatorily retained by the Company and unless there is a prevailing legitimate reason for the processing;

– The right to restrict processing in the cases set out in Article 18 of the GDPR.

– The right to object to the processing of personal data, subject to provisions regarding the necessity and mandatory nature of the processing for the establishment of the relationship,

– The right to withdraw consent possibly given for non-obligatory data processing, without affecting the lawfulness of processing based on consent given before the withdrawal.

The Data Subject also has the right to lodge a complaint with the Data Protection Authority ( or the Supervisory Authority of the EU State where the Data Subject habitually resides or works, or where the alleged infringement occurred, in relation to a processing that they consider non-compliant.

For all these requests, the User can contact the Data Controller by sending a communication via traditional mail to the address Milan (MI), Via Vitruvio, n.1, Postal Code 20124 or via email to


This notice involves certain processing operations for which the User’s consent is required. Such consent may be expressed by ticking specific boxes located at the bottom of the forms on the website through which the personal data of the Users are collected.

Changes to this Notice

This notice is up to date as of October 22, 2020. Any future changes to this notice will be published on this page. 42LF invites Users to regularly review this page to be updated on any changes. If necessary, changes to this notice will be notified to the User via email communication.