De Tullio Law Firm In light of the new EU General Data Protection Regulation 2016/679 (GDPR), which will take effect on 25 May 2018, De Tullio Law Firm (“DTLF”) has devised the policy described in this communication to explain how we collect and use the data we obtain about you and incidental matters. DTLF is the data controller of your data, which means that we are legally responsible for how your data is collected and used. Your privacy will be respected by us and we will protect all of your personal data that we process. All such personal data will be processed in accordance with applicable data protection laws. The types of data we collect We collect certain personal data about you. This “personal data” is data that can be used to identify you or that we can otherwise link to you (“Data”). We collect Data that you voluntarily provide to us, for example when you communicate with us via email or other channels, when you sign up for or ask us to send you newsletters, alerts, or other materials; and when you sign up for an event. The Data we collect includes your name, postal address, e-mail address, language preference, job title and business affiliations, professional experience, your previous employment, and, in some cases, your private phone number, postal address and e-mail address. In some cases, your personal data has been supplemented by information retrieved from other sources, including searches via publicly available search engines, sector-specific newsletters, social media or an employer’s website, for the purpose of confirming your current professional position. How we use the data we collect and store We use the personal data we collect for communication and information purposes, including To send you newsletters To send you invitations to events and lectures To maintain and update our list of contacts. We do not sell, hire out, distribute or otherwise make your Data available to any third party. We may share information in limited circumstances with our suppliers for the above-listed purposes. Our basis for using your personal data When processing Data for the purposes explained in this email, the legal basis we rely on is the pursuit of our firm’s legitimate interests in maintaining business relationships and communicating with you as an existing business contact about our operations and our events (for example, because we have worked together, or you have taken part in one or more of our events). We consider that those legitimate interests are in keeping with the law and respect the legal rights and freedoms of our business contacts. Nevertheless, if you decide not to receive our emails for the purposes explained, you may unsubscribe by simply clicking on the unsubscribe link. If you choose to unsubscribe, we will cease to send you such communications and invitations as mentioned above. The Data will be processed only for the purpose of our business relationship. Similarly, you will have the opportunity to exercise your right of unsubscribing at any time in the future when you receive future communications from us. How we may share the Data we collect: international transfers Only the people who need to process the Data for the purposes mentioned above have access to your Data. We may also need to allow our suppliers and sub-suppliers access to your personal data when they perform services on our behalf, mainly to maintain and support our IT systems. How long we will keep your Data Your Data will be retained for the specified purposes mentioned above only for so long as you are a business contact of ours. As mentioned, every time that we email you, you will have the opportunity to unsubscribe if you no longer wish to receive communications and invitations from us, clicking on unsubscribe link on the bottom of each email. Your choices and rights We welcome your enquiries and comments. You have the right to know what Data we process about you and you may request a copy. You are also entitled to have incorrect Data about you corrected and you may in some cases ask us to delete your Data altogether. You can also object to certain Data about you being processed and request that processing of your Data be limited. Please note that one consequence of the limitation or deletion of your Data may mean we will be unable to provide the communications and invitations described above. In specific cases, you also have the right to receive your Data in a machine-readable format and have the Data transferred to another party responsible for data processing. If you are dissatisfied with how we process your personal data, you have the right to report this to the Italian Data Protection Authority (Garante per la protezione dei dati personali), which is the regulator for our processing of personal data.