Information according to article 13 GDPR concerning information to be provided where personal data are collected from the data subject

Preliminary Remarks

EU Regulation 2016/679 (“General Data Protection Regulation”, hereinafter “GDPR”) protects the treatment of natural persons in relation to the processing of personal data, named as “data subject”. Such data processing must be inspired by the principles of fairness, lawfulness and transparency as well as by the protection of the privacy and of the rights of the data subject.

The present to inform you that, according to the abovementioned Regulation,  regarding the business relationship in place with you, as a Client, we are in possession of some personal data related to you, collected, even orally, directly or indirectly either through third parties that carry out a business of your concern or that, to meet a demand of yours, collect and provide to us such information.

More in detail, you are the data subject who is protected by those human rights governing the processing of your personal data. Pursuant to articles 12 and following of GDPR, we will process the personal data provided by you, according to the current legislation, with the utmost care, implementing effective management procedures to ensure the protection of the processing of your personal data. To this regard, through material procedures and data management procedures, we commit to ensure security of the personal data you provided to us, in order to prevent unauthorized access to or unauthorized disclosure of personal data, to keep data accuracy and to ensure an appropriate use of such data.

According to article 13 GDPR, the company and the professionals mentioned below as “Controller” of the processing (hereinafter “Studio Corno” or the “Joint Controllers”), have to provide you the information on the use of personal data.

1. Identity and contact of the Joint Controllers

The following subjects, acting as Joint Controllers, are entitled to take decisions to determine the purposes and means of the processing of your personal data at hand.

  • Corno Centro Terziario Avanzato Srl, represented by its legal representative, with registered office in Lissone, via Mameli n. 11
  • Corno Fabio, with registered office in Lissone, via Mameli n. 11

Telephone Number: 039 2456792


The following paragraphs concern – even though not expressly mentioned –  each Joint Controller, whether they work jointly or separately one from the other.

The person in charge of data processing for any legal advice is Mr. Giorgio Corno, with registered office in Lissone, via Mameli n. 11.

2. Source of the personal data

The collection of your personal data is carried out by recording those data you provided as data subject.

3. Purposes and legal basis of the data processing

Your data shall be processed by the Joint Controllers, jointly or separately, without your consent, (article 6, par.1, letter b, c, f, GDPR) for the following purposes:

  • the performance of pre-contractual and contractual obligations arising from the professional assignment;
  • the compliance with laws and regulations (national and European) or the execution of an order of judicial authorities or supervisory bodies to which the Joint Controllers are subject;
  • the exercise of the legitimate interests pursued by the Joint Controllers, in particular, the right to due process.

4. Optional nature of data provision

The provision of data for the purposes mentioned in the previous section is mandatory. The lack of consent to the processing of data and/or any refusal to process the data will make it impossible for the Controllers to fulfil, jointly and/or separately, its contractual obligations or will determine the possible violation of requests of the competent Authorities.

5. Personal data’s categories

In relation to the purposes referred to in paragraph 3 above, we collect and use your personal data as necessary in the context of our activities and to achieve high quality standards for customized products and services.

We may collect various categories of personal data concerning you, including, but not limited to:

  • personal data, including tax code, VAT number, name, registered office, residence and domicile and contact details;
  • data relating to the contractual relationship describing the type of agreement, as well as information relating to its execution and those necessary for the fulfilment of the agreement itself;
  • accounting data relating to the economic relationship, the sums due and payments, their periodic performance, the summary of the accounting status of the relationship;
  • data to make more defined the relationship with our structure and to make more effective our cooperation and operational efficiency;
  • data relating to your employees and/or associates, information on the tasks you are performing or on your company.

6. Processing of the personal data

Concerning the purposes described above, personal data are processed by manual or computer tools, with logics strictly connected to the purposes outlined above and, anyway, in such a way as to guarantee the safety and the confidentiality of the data itself. In any case, the logical and physical security of the data will be guaranteed, putting in place all the necessary technical and organizational measures to guarantee their safety.

The processing of your personal data is carried out by means of one or more operations mentioned in article 4, n. 2), GDPR and more specifically: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

7. Period of data storage

Personal data collected for the purposes determined above at paragraph 3 shall be processed and stored for the entire duration of any professional relationship established.

From the date of termination of this relationship, for any reason or cause, the personal data will be kept for the duration of the limitation periods applicable by law.

Once the given purposes have been fulfilled, and once the time has elapsed from the collection, the data will be deleted or transformed into an anonymous form.

8. Categories of subject to whom the personal data might be communicated or who can become aware of the data as Controller or Processor

Notwithstanding the possibility of a consultation by the competent judicial or police authority, your personal data may be known only by the persons authorized to the processing.

Within the purposes set out in paragraph 3 (Purpose of processing), third parties providing services for Studio Corno may become aware of the personal data, after being engaged as Data Processors and guaranteeing the same level of protection.

9. Provision and transfer of personal data abroad (extra-EU)

The management and storage of personal data takes place both locally on servers located at our offices and using clouds on servers located in Italy at the disposal of the Joint Controllers and owned by third-party companies, duly engaged as data Processors.

Your personal data will not be disseminated nor will be subject to any fully automated decision-making process, including profiling.

10. Rights of the data subject

According to the provisions under Chapter III, Section I, GDPR, you are entitled to exercise the rights indicated therein and in particular:

  • Right of access by the data subject – Right to obtain confirmation from the Joint controllers as to whether or not personal data concerning him or her are being processed, and, if so, access to information concerning the following issues, in particular: the purposes of the processing, the categories of personal data concerned and the period for which the personal data will be stored; the recipients to whom the personal data could be disclosed (article 15, GDPR);
  • Right to rectification – Right to obtain, without undue delay, the rectification of inaccurate personal data concerning the data subject and the right to have incomplete personal data completed (article 16, GDPR);
  • Right to erasure (‘right to be forgotten’) – Right to obtain from both Joint Controllers, without undue delay, the erasure of personal data concerning the data subject, under the circumstances described in the GDPR (article 17, GDPR),
  • Right to restriction of processing – Right to obtain from both Joint Controllers the restriction of processing under the conditions detailed in the GDPR (article 18, GDPR);
  • Right to data portability – Right to receive the personal data concerning the data subject provided to the Joint Controllers in a structured, commonly used and machine-readable format, as well as the right to transmit those data to another controller without hindrance, under the conditions set forth in the GDPR (article 20, GDPR);
  • Right to object – Right to object to processing of personal data concerning the data subject, unless one of the Joint Controllers demonstrates compelling legitimate grounds to continue the processing (article 21, GDPR);
  • Right to lodge a complaint with a supervisory authority– Right to claim before the competent supervisory authority.

You can exercise the above mentioned rights by simply sending a request by email to the following address: