SZA Law Firm (in brief, also “SZA”), based in Milan, Corso Italia 13, is a multidisciplinary law firm that offers legal assistance and advisory services to Italian and foreign clients.

With regard to the purposes and means of data processing, as identified in this statement, the firm is the Data Controller as defined by EU Regulation 679/2016 (GDPR). It is therefore our responsibility to ensure that our IT systems and infrastructures, processes, suppliers, employees and partners comply with data protection regulations and provide adequate standards of reliability.

With this document we wish to inform you about the types of personal data we process, how we collect and process personal data, the purposes and legal basis that legitimize the processing, the safeguards we adopt to protect your data and which rights the data protection  laws grant to data subjects.

For any further information you may contact us via e-mail at

Type of data processed

SZA processes the following types of data:

• Navigation data collected automatically when you access the website The computer systems and software necessary for the web site to function acquire information which, although not associated with identified interested parties, could, through processing and association with data held by third parties, allow the identification of the user. These data potentially referable to specific subjects are the IP addresses, the domain identifiers of the computers used by the users, other parameters relating to the operating system and the user’s IT environment. These data are processed only to ensure the proper functioning of the website, to obtain anonymous statistical information on the use of the website and to allow the website to be protected against cyber security attacks. Our website also uses cookie technology.For more information please see our cookie policy.[ER1]  Inserire link diretto alla cookie policy

• Data provided spontaneously by the user (i) by sending requests for information via e-mail or postal mail, (ii) by sending CVs and (ii) in order to formalize a legal assistance contract with the law firm.

Without prejudice to what is indicated in relation to navigation data, users are free to provide their personal data. However, failure to provide such data will make it impossible for SZA to process requests received through the site.

Why we process personal data (purpose and legal basis)

We process personal data:

  1. when it is necessary for the formalization and performance of a legal assistance contract;
  2. when we receive CVs attached to applications to collaborate with the firm;
  3. when we receive requests for information via e-mail;
  4. to offer our clients newsletters on various legal topics and to send invitations to seminars, workshops and other free educational initiatives;
  5. when the processing of personal data is necessary to comply with a specific legal obligation.

The legal bases that make the processing of personal data legitimate for the aforementioned purposes can be identified as follows (a) the need to execute and perform a contract, (b) the pursuit of the law firm’s legitimate interests (c) the need to comply with applicable laws and regulations.

How long will we keep personal data?

In compliance with the relevant legal basis, we retain personal data only for the time strictly necessary to pursue the purposes indicated above.

In determining the retention period, we also consider any legal requirement.

We retain the personal data of our clients for the entire duration of the legal assistance contract and for 10 years following the end of the contractual relationship.

We retain the CVs of those who apply to collaborate with the firm for no longer than 12 months from the receipt date.

We retain personal data of those receiving our newsletters and invitations to participate to in free educational events for a period of 36 months from the last information notice sent to them, without prejudice to the right of the same recipient to object at any time to the processing of his/her personal data.

Recipients or categories of recipients of personal data

For the purposes indicated above and in compliance with data security and confidentiality rules, personal data may be communicated to third parties bound by specific contractual relationships (accounting and tax consultants, insurance companies, IT firms, software providers and advisors). These parties act as our data processors in accordance with the instructions provided by us and in compliance with adequate IT and organizational security standards to ensure the security of all the personal data processed.

How do we protect your data?

SZA adopts the highest security standards in the management and storage of all personal data. A dedicated internal team, assisted by IT experts, oversees the firm’s IT infrastructure, ensuring compliance with best practices in order to minimize the risk of loss, damage, unavailability or unauthorized disclosure of data.

Your rights

The GDPR gives you, as data subject, specific rights which the law firm, as Data Controller, undertakes to comply with.

Simply by writing to you are therefore entitled to:

  1. request access to your personal data, and/or rectification of personal data that may be inaccurate or incomplete;
  2. obtain the erasure of personal data, unless the processing is necessary for the fulfilment of a legal obligation established by national or European Union legislation or for the exercise or defence of a right in court;
  3. obtain restriction of the processing of personal data concerning you, in the cases provided for by art. 18, GDPR
  4. request portability of the data (i.e. the right to receive the personal data concerning you in a structured and commonly used format and obtain the transmission of those data to another Controller without impediment;
  5. revoke your consent at any time without prejudice to the lawfulness of the processing based on the prior consent you had given;
  6. lodge a complaint with the competent supervisory authority, which in Italy is the Italian Data Protection Authority, with offices in Piazza di Monte Citorio, 121, 00186 Rome – Italy – –, Phone +39-06-696771, Email: garante@gpdp

SZA undertakes to provide the data subject with information regarding the action taken in relation to any request received without undue delay.