This note is provided in accordance with art. 13 of the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, Directive 95/46/EC, General Data Protection Regulation (the “GDPR”) as well as Legislative Decree No. 196/2003 (as recently amended by Legislative Decree No. 101/2018) concerning the personal data that the Firm collects from each data subject on the date of engagement by the latter.


The Controller is the Law and Tax Firm mgtaxlegal (the “Controller“), represented by Avv. RA Marco Rampf and Dott. Gianluca Ventola (jointly the “Advisors“), with office in 00144 Rome (RM), Viale Pasteur 66. The Advisors may be contacted at the e-mail address The Controller has appointed the Advisors as data protection officers (the “DPO“). The DPO are located at the firm’s office and may be contacted at the above-mentioned certified e-mail address of the Advisors.

Purpose of the processing

The processing of the personal data is necessary for the Advisors, associates and external and independent professionals to duly perform court and out-of court professional advisory services. The personal data will be processed for the purpose of: a) performing the clients’ tax and accounting duties; b) complying with any of the Advisors’ duty provided by mandatory provisions of law. Personal data may be stored in analogical or digital archives (including mobile devices) and processed on a strict need-to-know basis for the purposes mentioned above.

Legal basis for the processing

The Controller lawfully processes the personal data (mainly those of directors and officers of the Advisors’ corporate clients), to the extent the data processing: a) is necessary for the performance of the professional advisory services, a contract to containing personal data of the party or in order to take clients’ instructions prior to entering a contract; b) is necessary for complying with a legal obligation to which the Advisors, their associates and/or their external and independent professionals are subject; c) is explicitly consentedfor one or more specific purposes.

Consequences of failure to provide the personal data: Should the provision of personal data be a statutory or contractual requirement, or a requirement necessary to enter into a contract (e.g. for fiscal and accounting purposes), the failure to provide the personal data may preventthe conclusion of the relevant contract.

Data storage

Any personal data shall be processed in compliance with the provisions above and stored by the Controller for a period equal to the duration of the professional advisory agreement and, after expiry or termination, for a period equal to the duties of the Advisors, their associates and/or their external and independent professionals to store and keep records of those personal data (e.g. for fiscal purposes).

Further data processing

Personal data may be further processed by: a) advisors and accountants or other lawyers providing ancillary professional advisory services to those mentioned above; b) banks or insurance companies providing services in connection with the Advisors’ professional advisory services; c) entities processing the personal data for compliance with a specific legal obligation; d) judicial or administrative authorities in connection with their legal obligations.

Profiling and further data processing

Personal data is neither subject to further data processing nor to any automated decision-making mechanism, including profiling.

Rights of the data subject

The GDPR grants to the individual the following rights vis-à-vis the Controller: a) to obtain access to his or her personal data and to any relevant information, to rectify any inaccurate of the personal data or to have incomplete personal data completed, to eliminate personal data concerning him or her (should one of the grounds listed under art. 17, paragraph 1 of the GDPR occur and notwithstanding the exemptions under paragraph 3 of article 17), to obtain restriction of processing (where one of the situations under art. 18, paragraph 1 of the GDPR occurs); b) to obtain – in those cases in which the processing is based on consent or on a contract and such processing is carried out by automated means – his or her personal data in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller (right to data portability); c) to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her; d) to withdraw his or her consent at any time with reference to the processing based on the individualconsent, based on his or her particular situation and refers to general data (e.g. date and place of birth or of residence) or on particular data (e.g. data revealing racial or ethnic origin, political opinions, religious of philosophical beliefs, health and sex life or sexual orientation of the data subject) and provided the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal; e) notify a breach of a personal data protection to the supervisory authority (Autorità Garante per la protezione dei dati personali –


This Website may use different types of cookies. More specifically, this Website uses session cookies, which sole function is the transmission of the session identifying data required to guarantee efficient searching on the Website. Other types of cookies, or of similar technologies, may be employed from time to time in order to permit the use of the Website or of certain functions. Specific persistent cookies, which can be deleted at any time, may be used to track the language of the user’s computer system. No use shall be made of cookies for the acquisition and transmission of person identifying data, or of tracking cookies. In the case of session data and of  data strictly necessary in order for the Website to function, such data must be necessarily supplied and the users’ consent is not required. Failure to supply such data may result in the impossibility of connecting to the Website. For further information regarding the deletion and setting of cookies, users may consult the “Help” section of their own browser, or follow the specific instructions provided by said browser.

This information sheet about personal data protection has been filed on the basis of the GDPR (English version) and of the “Model Information Sheet” prepared by the Italian National Bar Association.

Tel. +39 06 59 12 805

Viale Pasteur 66
00144 Rome

Responsible: MGTAXLEGAL
Purpose: collection of personal data to satisfy your request.
Legitimation: consent of the interested party.
Recipients: no data will be transferred to third parties, except for legal obligations.
Rights: access, rectify or delete data, as well as other rights, as explained in the additional information.