Pursuant to art 13 of Regulation (EU) 2016/679 (hereinafter, the “GDPR”) and in relation to data provided by the Client or obtained by the Controller during the contractual relationship for the proposed services, the Client is hereby informed that its data will be processed by the following means and for the following purposes:

LONDON ASSOCIATI S.r.L., whose registered office is in Milan (Italy), Via Giotto 45, Tax code and VAT n° 12438900966, as well as the Company(ies) in the LONDON ASSOCIATI Group are Joint Controllers according to art.26 GDPR. The Controller can be contacted via the contact details shown on the website, or via the e-mail address for the Data Protection Officer

The Controller processes the personal data (hereinafter, “personal data” or also “data”) provided by the Client:

a. Without having to obtain your explicit consent, for the following purposes:

b. Only with your prior consent, for the following promotional purposes:


The Controller will process personal data in accordance with the principles of lawfulness, fairness and transparency.

Your personal data are processed by means of the following operations: collection, recording, organisation, structuring, storage, consultation, adaptation or alteration, use, dissemination, disclosure by transmission, retrieval, alignment or combination, restriction, erasure or destruction of the data. Your personal details are subjected to both hard-copy and electronic processing. The Controller will process the personal data for the time necessary to carry out the purposes indicated above and, in any case, for not more than 30 years from termination of contractual relations and not more than 2 years from collecting data for marketing purposes. Once 10 years have passed since the contractual relations have ceased, access to the data will be limited to heads of departments. Should the Controller have a documented need to store the data for a period longer than 30 years (e.g. if erasure could compromise its legitimate right to defence or in general, to safeguard its company assets), such further storage shall take place, limiting access to said data to the head of the legal department only, in order to guarantee the legitimate exercising of the right of defence of the Controller.


Your data may be made accessible for the purposes indicated in art 2.a and 2.b to the following recipients:

Without requiring your explicit consent, the Controller may communicate your data for the purposes indicated in art 2.a to supervisory bodies, judicial authorities, insurance companies for providing insurance services, as well as to entities to which communication is mandatory in terms of the law, for carrying out said purposes.

Personal data are stored on servers located within the European Union. In any case, it is understood that, should this be necessary, the Controller will have the right to move the servers even outside the EU. In such a case, the Controller hereby guarantees that transfers of data outside the EU will be done in accordance with the applicable laws, also by means of including standard contractual clauses provided for by the European Commission, and adopting binding corporate rules for intra-group transfers.

The provision of data and related processing for the purposes indicated in art. 2.a is necessary in order to guarantee the Controller’s services you have requested, and for implementing the contract and any pre-contractual obligations. The legal basis of the aforementioned processing can be found in art. 6, par. 1, b) GDPR. Any refusal will make it impossible for the Controller to provide the services covered by the contract. Providing data for the purposes indicated in art. 2.b, on the other hand, is not mandatory. You may, therefore, decide not to provide any data or subsequently refuse processing of data already provided. The legal basis of the aforementioned treatment can be found in art. 6, par. 1, a) GDPR, the only consequence of such refusal will be that receiving newsletters, commercial communications, and advertising materials related to the services offered by the Controller will not be possible. However, you will continue to have the right to the services indicated in art. 2.a.


The Controller has appointed a Data Protection Officer, who can be contacted for all matters related to processing of your personal data and the exercising of related rights.

Therefore, you may contact the Data Protection Officer at any time, using the following procedure:

We wish to state that you have the right to withdraw the consent given at any time by writing to