en flag
CONTACT US
en flag
CONTACT US

This policy describes how the website is managed with regard to the processing of personal data of users who consult it. This policy is provided in accordance with current legislation on the protection of personal data, including Regulation (EU) 2016/679 (hereinafter ‘GDPR’) and Legislative Decree No. 196 of 30 June 2003, as subsequently amended [LEGISLATIVE DECREE No. 24 of 10 March 2023][LAW No. 132 of 23 September 2025]. The purpose is to guarantee the protection of the fundamental rights and freedoms of natural persons with regard to the processing of their personal data [LAW No. 205 of 27 December 2017].

1. Data Controller

The Data Controller, i.e. the entity that determines the purposes and means of personal data processing, is the authority or entity that, individually or jointly with others, makes such decisions. For this website, the Data Controller is:

Avv. Francesco Petitti with office in Rome, Via dei Due Ponti n. 174, Tax Code: PTTFNC97E27C858I VAT number: 03312540606 Email: f.petitti@rdclegalsolutions.com Certified email: francescopetitti@ordineavvocatiroma.org Tel: 389-9016345

2. Type of Data Processed

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’). Personal data collected and processed through this website may include:

· Navigation data: During normal operation, the IT systems and software procedures used to operate this website acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

· Data provided voluntarily by the user: The optional, explicit and voluntary sending of messages to the Data Controller's contact addresses, as well as the completion and submission of forms on the website (e.g. contact forms), entails the acquisition of the sender's contact details (e.g. name, surname, email address, telephone number), which are necessary to respond, as well as all personal data included in the communications.

· Data relating to minors: The services offered by the Data Controller are not intended for minors under the age of 18. Access to technologies and the consequent processing of personal data of minors under the age of fourteen requires the consent of those exercising parental responsibility. Minors who have reached the age of fourteen may give their consent independently [LAW No. 132 of 23 September 2025].

3. Purpose and Legal Basis of Processing

Personal data is processed for specific, explicit and legitimate purposes:

a. Execution of pre-contractual and contractual measures: To respond to requests for information, advice or legal assistance sent via contact forms or other communication channels. The legal basis is Article 6(1)(b) of the GDPR, as the processing is necessary for the performance of pre-contractual measures taken at the request of the data subject. b. Fulfilment of legal obligations: To comply with obligations laid down by law, regulation or Community legislation to which the Data Controller is subject (e.g. tax, accounting, anti-money laundering obligations). The legal basis is Article 6(1)(c) of the GDPR. c. Pursuit of the legitimate interests of the Data Controller: To ensure the security of the site and prevent fraudulent or harmful activities. The legal basis is Article 6(1)(f) of the GDPR, provided that the interests or fundamental rights and freedoms of the data subject do not prevail. d. Consent of the data subject: For specific additional purposes, such as sending newsletters or promotional communications. In this case, explicit, free and informed consent will be requested. The legal basis is Article 6(1)(a) of the GDPR.

4. Fundamental Principles of Processing

Your personal data will be processed in accordance with the principles set out in the GDPR, such as:

· Lawfulness, fairness and transparency: Data is processed lawfully, fairly and transparently in relation to the data subject [Resolution No. 16/2023/G][Resolution No. 36/2024/G] [Resolution No. 311 of 12 July 2023 - Guidelines on the protection of persons reporting breaches of Union law and the protection of persons reporting breaches of national law. Procedures for the submission and management of external reports.].

· Purpose limitation: Data are collected for specific purposes and processed in a manner that is not incompatible with those purposes [Resolution No. 16/2023/G][Resolution No. 36/2024/G] [Resolution No. 311 of 12 July 2023 - Guidelines on the protection of persons reporting breaches of Union law and the protection of persons reporting breaches of national law. Procedures for the submission and handling of external reports.].

· Data minimisation: Data shall be adequate, relevant and limited to what is necessary in relation to the purposes of the processing. Personal data that are manifestly not useful for the processing shall not be collected or, if collected accidentally, shall be deleted immediately [LEGISLATIVE DECREE No. 24 of 10 March 2023][Resolution No. 16/2023/G] [Resolution No. 36/2024/G][Resolution No. 311 of 12 July 2023 - Guidelines on the protection of persons reporting breaches of Union law and the protection of persons reporting breaches of national law. Procedures for the submission and management of external reports.].

· Accuracy: Data shall be accurate and, where necessary, kept up to date, with reasonable steps taken to ensure that inaccurate data are erased or rectified without delay [Resolution No. 16/2023/G][Resolution No. 36/2024/G] [Resolution No. 311 of 12 July 2023 - Guidelines on the protection of persons reporting breaches of Union law and the protection of persons reporting breaches of national law. Procedures for the submission and handling of external reports.].

· Storage limitation: Data shall be stored in a form that allows the identification of data subjects for no longer than is necessary for the purposes for which they are processed [Resolution No. 16/2023/G][Resolution No. 36/2024/G] [Resolution No. 311 of 12 July 2023 - Guidelines on the protection of persons reporting breaches of Union law and the protection of persons reporting breaches of national law. Procedures for the submission and management of external reports.]. Reports and related documentation are kept for the time necessary for processing and in any case for no longer than five years from the communication of the final outcome of the procedure [Resolution No. 311 of 12 July 2023 - Guidelines on the protection of persons reporting breaches of Union law and the protection of persons reporting breaches of national law. Procedures for the submission and management of external reports.].

· Integrity and confidentiality: Data are processed in such a way as to ensure adequate security, including protection against unauthorised or unlawful processing and against accidental loss or destruction, by means of appropriate technical and organisational measures [Resolution No. 16/2023/G][Resolution No. 36/2024/G] [Resolution No. 311 of 12 July 2023 - Guidelines on the protection of persons reporting breaches of Union law and the protection of persons reporting breaches of national law. Procedures for the submission and management of external reports.].

5. Processing Methods and Security Measures

Personal data is processed using the operations indicated in Article 4(2) of the GDPR, namely: collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of data.The Data Controller adopts preventive, technical and organisational security measures to minimise the risks of destruction or loss, even accidental, of data, unauthorised access or processing that is not permitted or does not comply with the purposes of collection.

The Data Controller complies with the principles of data protection by design and data protection by default.

6. Communication and Recipients of the Data

Your personal data will not be disclosed. It may be communicated to third parties (‘recipients’) for the purposes described above, such as:

· Collaborators and employees of the Data Controller, within the scope of their duties.

· External service providers (e.g. IT consultants, cloud service providers, web agencies) who process data on behalf of the Data Controller and are appointed, if necessary, as Data Processors pursuant to Article 28 of the GDPR [LEGISLATIVE DECREE No. 24 of 10 March 2023].

· Judicial or administrative authorities, for the fulfilment of legal obligations.

7. Rights of the Data Subject

As a data subject, you may exercise your rights under Articles 15 to 22 of the GDPR [Legislative Decree No. 24 of 10 March 2023] [Court of Turin, Judgment No. 5990 of 4 December 2024] at any time, and in particular:

· Right of access (Article 15 of the GDPR): Obtain confirmation as to whether or not personal data concerning you are being processed and, if so, obtain access to the data and information relating to the processing.

· Right to rectification (Art. 16 GDPR): Obtain the correction of inaccurate personal data without undue delay [LAW 24 August 2011, No. 152].

· Right to erasure (‘right to be forgotten’, Art. 17 GDPR): Obtain the erasure of personal data concerning you without undue delay.

· Right to restriction of processing (Art. 18 GDPR).

· Right to data portability (Art. 20 GDPR): Receive your personal data in a structured, commonly used and machine-readable format [LAW No. 205 of 27 December 2017].

· Right to object (Art. 21 GDPR): To object at any time to the processing of personal data concerning you.

· Right not to be subject to a decision based solely on automated processing (Art. 22 GDPR).

Requests to exercise your rights may be addressed to the Data Controller at the contact details indicated in point 1. The Data Controller will respond ‘without undue delay’ and, in any case, no later than one month after receiving the request. This period may be extended by two months if necessary.

Furthermore, you have the right to lodge a complaint with a supervisory authority, in particular the Data Protection Authority, if you believe that the processing of your data violates the GDPR.

8. Changes to this Policy

The Data Controller reserves the right to make changes to this policy at any time, notifying users on this page. Please therefore consult this page regularly, referring to the date of the last modification indicated at the bottom.

Date of last modification: 11/02/2026

Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA
(pursuant to Article 13 of Regulation (EU) 2016/679)

Rome - Italy
Via dei Due Ponti 174, 00189 RM

© 2026 RDC Legal Solutions. All rights reserved.

Home

About us

Areas of Activity

Work with us

News

Contact us

Privacy Policy

RDC Legal Solutions corporate logo featuring red text and a geometric icon on a black background.
RDC Legal Solutions corporate logo featuring red text and a geometric icon on a black background.

Colleferro - Italy
Via Galileo Galilei 6, 00034 RM

Damscus - Syria
43, Qassaa, SYR

Our offices