SCF Law Firm considers the protection of personal data of its customers and suppliers to be of fundamental importance and is strongly committed to ensuring that the processing of personal data, by any means, either automated or manual, takes place in full compliance with the protections and rights recognized by the EU Regulation 2016/679 (hereinafter also referred to as “GDPR“) regarding the protection of natural persons in relation to the processing of personal data, as well as the free circulation of such data and the additional applicable rules regarding the protection of personal data.

This privacy statement describes why and how we collect and use personal data and provides information about individual’s rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement.

With the term “personal data”, reference is made to the definition contained in art. 4 , point 1) of the GDPR where it is defined as “any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (hereinafter also the “Personal Data“.)


We use personal data to arrange transactions on your behalf as agreed with you, to service our customers and our suppliers and any other customary business transactions.
Your Personal data consist of:

  • Name and surname;
  • Mailing address;
  • Vat number;
  • Telephone/ mobile number;
  • Business/Organization of belonging (for example: employer company, etc.);
  • Business role;
  • E -mail address;
  • Special categories of personal data.

The GDPR provides that, before proceeding with the processing of Personal Data (meaning, with this definition, pursuant to Article 4, point 2), “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction” (hereinafter also the “Processing“) it is necessary that the person to whom the Personal Data belongs (following the “Data Subject“), is informed about the reasons for which the latter are requested and how they will be used.

This document is therefore intended to provide, in a simple and intuitive way, all the useful and necessary information so that you can confer your Personal Data in a conscious and informed manner and, where necessary, be able to request and obtain clarification and/or corrections concerning the latter.

1. Who would collect your Personal Data?

The company that will process your personal data for the purposes indicated in the following clauses 2 and 3, and that therefore, holding the role of the controller of the processing is SCF Law Firm, with headquarters in Milan (MI), Via Salvini, 5, EMAIL (hereinafter also the “Controller“).

2. For which main purpose will collect your Personal Data?

The controller will collect and process your Personal Data for the following purposes:

A. provide response to any requests for information/queries and/or offers made directly and spontaneously by the data subject;
B. for the fulfillment of any legal obligations, in particular those regarding to accounting and tax requirements.

The personal data provided by You for the purposes mentioned above is required to service you as customer and to provide of the services mentioned above.
Your eventual refusal will, therefore, prevent you from benefiting and taking advantage of those activities.

3. Additional purposes

The Controller, upon Your express consent, free and unequivocal given pursuant to article paragraph 1.a) of the GDPR, may use Your Personal Data for the following purposes:

C. to assess the level of customer satisfaction in relation to the service rendered;
D. for sending newsletters with the purpose of keeping you informed about news and activities of the Controller.

The Processing of Your Personal Data for the purposes set out in points C) and D) is optional and has to be given by You in accordance with the conditions of articleof the GDPR, determining, in this way, the lawfulness of the Processing of Your Personal Data. The modalities and methods of contact for the activities indicated in the previous points C) and D) may be either automated (e-mail) or traditional (telephone calls with operators, postal items). In any case, and as further detailed below in clause n. , You will be able at any time revoke Your consent, even in a partial way, by for example agreeing solely to the traditional contact methods.

4. To what subjects may your Personal Data be disclosed?

Your Personal Data may be disclosed to specific subjects considered recipients of such Personal Data. On this regards we point out the fact, that art. 4.9), of the GDPR, defines as recipient of a Personal Datathe natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not” ( hereinafter also the “Recipients”).

In this context, in order to properly carry out all the processing activities necessary to achieve the purposes set out in this privacy disclosure notice, Your Personal Data may be processed by the following Recipients:

  • employees and/or associates/consultants collaborators of the Controller to which have been assign specific and/or additional Processing activities of Your Personal Data: such individuals have received specific instructions concerning the safety and proper use of Your Personal Data (known as the “Authorized Persons”);
  • Your Personal Data may be disclosed to public agencies or of the judicial authority when required by law or to prevent or repress the commission of a criminal offense.

5. For how long will Your Personal Data be processed?

Your Personal Data will be process by the Controller for a period not exceeding the purposes for which have been collected and subsequently processed.

In any case you can, at any time, communicate in one of the modalities provided for in this privacy notice, your wish to revoke the consent of one or all the purposes for which you have been requested permission. After such revocation of Your consent, the Controller is requiredto cease of the Processing of the Personal Data for such purposes.

6. Is it possible to revoke the given consent and how?

As provided in the GDPR, in such cases where You have consented to the request of Processing Your Personal Data for one or more purposes, You will be able, at any time, to entirely or partially withdraw your consent without affecting the legality the consent to the Processing given before the revocation.

The procedures for withdrawing consent are very simple and intuitive, You simply will need to contact the Controller using the contact channels indicated within the clause n.of this privacy notice.

7. What are Your rights?

As provided by the art. of GDPR, you can access Your Personal Data, request corrections and updating, if incomplete or erroneous, or request cancellation if such processing is in breach of any law or regulation, or oppose to the Processing for reasons legitimate and specific.

In particular, following below are all Your rights you can exercise at any time, against the Controller:

  • will always be at your disposal within the Privacy section of the Website.
  • Right of rectification: you have the right, according to the art. 16 of the GDPR, to correct the Personal Data that is inaccurate. Taking into account the purposes of the Processing, you also have the right to integrate when Personal Data result incomplete, even by providing a supplementary statement.
  • Right to cancel: you have the right, according to the art. 1 of the GDPR to erase and cancel Your Personal Data without undue delay and moreover, the Controller will be required to delete Your Personal Data, if the event of only one of the following reasons: a) Personal Data are no longer needed for the purposes for the d which were collected or otherwise processed; b) you have withdrawn Your consent to the Processing of your Personal Data and there is no other legal basis for their Processing; c) you are opposed to the Processing pursuant to Article 21, paragraphs 1 or 2 of the GDPR and there is no longer any overriding legitimate reason to proceed to the Processing of Your Personal Data; d) Your Personal Data were processed unlawfully; e) it is required to delete Your Personal Data to fulfill a legal obligation provided for by a provision of a European Community or national law. In some cases, as required by art.17.3 of the GDPR, the Controller is entitled to not proceed with the cancellation Your Personal Data should their Processing be necessary, for example, to exercise the right of freedom of speech and information, to fulfill an obligation under the law, for reasons of public interest, for archiving purposes in the public interest, scientific research or historical or for statistical purposes, to ascertain, exercise or defense a legal claim.
  • Right to restrict the Processing: You have the right to limit and restrict the Processing pursuant to art. 18 of the GDPR, in any of the following cases: a) have disputed the accuracy of Your Personal Data (the restriction will continue for the period necessary for the Controller to verify the accuracy of such Personal Data; b) the Processing is unlawful but you opposed to the deletion of Your Personal Data requesting instead to limit its use; c) even if the Controller no longer needs them for the purpose of processing, Your Personal Data is needed for the identification, exercise or defense of a legal claim; d) you opposed the Processing pursuant to art.21.1 of the GDPR and it is pending verification of the possible prevalence of legitimate reasons the Controller against Yours In case of restriction or limitation of the Processing of Your Personal Data will be process, but for  conservation purposes, only with Your consent, unless it is required to ascertain, exercise or defense a legal claim, or to protect the rights of another natural or legal person or for reasons of significant public interest. We will inform you, in any case, before this restriction is revoked.
  • Right to data portability: you can, at any time, request and receive, pursuant to art. 20.1 of the GDPR, all Your Personal Data processed by the Controller in a structured format, in common and legible use, or request the transmission to another data controller without any hindrance. In this case, it will be Your care to provide all the exact information regarding the new data controller of the processing to which You wish to transfer Your Personal Data by providing us with written authorization.
  • Right to object : pursuant to art. 21.2 of the GDPR and as also confirmed by Recital 70, you have the right to object, at any time, to the Processing of Personal Data if are processed for direct marketing purposes, including profiling to the extent that is connected to direct marketing.

The right to file a complaint to the supervisory authority: in addition to Your right to appeal in any other administrative or judicial venues, You can file a complaint with the competent Data Protection Authority whenever You may believe that the Processing  of your  Personal Data by the Controller is taking place in violation of the GDPR and/or any applicable law.

To exercise all the above identified rights, simply contact the Controller as follows:

  • by certified mail return receipt requested sent to SCF Law Firm, with registered office in Milan (MI), Via Salvini, 5 ;
  • by sending an e-mail to the e-mail address:

8. Where will Your Personal Data be Process?

Your Personal Data will be processed by the Controller within the territory of the European Union. If for reasons of technical and/or operational nature it becomes necessary to make use of processors located outside the European Union, we hereby inform from now that these individuals will be appointed responsible of the Processing pursuant to art. 28 of the GDPR and the transfer of Your Personal Data to such processors, limited to the performance of the specific Processing activities, will be regulated in accordance with the provisions of Chapter V of GDPR and, in particular, there will be taken all the necessary precautions necessary to ensure the total protection of Your Personal Data grounding this transfer:

  • on decisions of the adequacy of the third country recipients expressed by the European Commission;
  • on adequate guarantees provided by the third party pursuant to art. GDPR.