Legal notes and Privacy

Privacy Policy

Information on the processing of personal data

Spheriens informs you, pursuant to Chapter III of the GDPR (EU Data Protection Regulation 2016/679, hereinafter only “GDPR”) that the data you provide will be processed under the terms described below.

This policy is subject to change at any time, please check – at the bottom of this document – the date of last revision.

Any change in this policy will take effect from the date of publication on the Site.

  1. Data controller and data protection officer

The Data Controller of this policy is Spheriens law firm, with registered office in Florence, Piazza della Libertà, 13.

The Data Protection Officer is Avv. Lorenzo Colzi, domiciled for the function at the same law firm, whose contact details can be found in point 12 below.

  1. Type of data processed

Spheriens acquires, through this site and generally in its activity, names, postal addresses, company of belonging and e-mail addresses of different categories of subjects: clients, suppliers, personnel belonging to the public administration, candidates to work with us, etc.. As a law firm, Spheriens may also acquire judicial data, both directly from the data subject and from third parties.

Spheriens may also collect and process other personal data, in which case appropriate notice is given before processing begins.

  1. Purposes of data processing

Your personal data will be processed in order to respond to your inquiries or provide you with our professional services, as well as for ordinary correspondence and to inform you of the Firm’s activities.

  1. Retention periods

The personal data will generally be kept by Spheriens for the period necessary for the management, including accounting and administrative, of the services you have requested. After this period, your data will be automatically deleted, or permanently anonymized, subject to the retention periods imposed by law. The only exception is ordinary contact data, which may be retained for longer periods for possible further professional relationships. They are also without prejudice to the rights of defense that can be exercised by the Data Controller and/or the Interested Party as well as the processing of petitions received from Public Authorities, which could extend the retention periods indicated.

  1. Method of processing

Your personal data will be processed, both by paper and electronic means, in compliance with the privacy rights of the data subjects, as well as with the necessary guarantees and security measures prescribed by the GDPR and the various measures, administrative and legal, on the subject.

  1. Optional or mandatory nature of data provision

The personal data requested from you are generally mandatory, because failure to provide them would not allow us to provide you with the services or answers you desire. This is without prejudice to your rights, listed in section 11 below.

  1. Browsing data and cookies

The computer systems and software procedures responsible for the operation of this website acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.

These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this eventuality, at present the data on web contacts do not persist for more than seven days.

Our website uses cookies and similar technologies to collect information useful for improving the browsing experience. The appropriate policy regarding the use of cookies can be found here: The purpose of our cookie policy is for you to understand, exactly how we use cookies and how you can manage your cookie preferences.

  1. The legal basis of the data processing

The processing carried out by Spheriens of your personal data for the purposes set out in point 3 above is lawful insofar as it is necessary for the performance of a contract, or pre-contractual fulfilments, to which you are a party.

The personal data of the data subject may also be processed in order to fulfill obligations provided for by laws, regulations or rules, both national and EU, or to respond to requests from Public Authorities. Occurring these purposes, the applicable legislation does not require the consent of the data subject.

In any other case, we will process your data only by first asking for your consent.

  1. Processing locations

Data processing essentially takes place at Spheriens’ offices, and, also through the website, at the places where the servers of the external Data Processors are located.

In some specific cases, the data may also be transferred abroad, either as a result of the professional activity performed and the type of assignment received, or to parties who, in their capacity as Data Processors, may also be based in countries outside the European Union (use by the Data Controller of “cloud” services at providers with their own servers located abroad; sending emails through email providers whose servers are located abroad, mostly in European countries and the United States). In such a case, the transfer of data abroad will take place exclusively within the scope of and in compliance with applicable legal or contractual regulations protecting the rights of the Data Subject.

  1. Data recipients

The processing related to the web services offered by the site, as well as the processing of personal data related to customers, suppliers, subjects registered in our mailing lists, and, in general, all subjects with whom we have working relationships are carried out at the offices of Spheriens located in:

– Florence, Piazza della Libertà 13 (zip code 50129)

– Rome, Largo di Torre Argentina, 11 (ZIP code 00186)

– Milan, Via Vincenzo Monti, 11 (ZIP code 20123)

and are handled only by partners, associates, employees or collaborators of the Law Firm who have been appointed as data processors.

The aforementioned personal data may be communicated to external subjects in charge of performing services on the basis of the specific assignments received such as, by way of reference: subjects (companies and professionals) in charge of providing legal and contractual consultancy, accounting and administration services, postal services, computer consultancy companies or software suppliers (the latter only within the limits of the needs arising for the operation of computer programs and procedures). Outside of these cases, personal data processed by Spheriens are not communicated to other third parties, unless the communication is imposed by legal obligations or is strictly necessary for the fulfillment of contractual obligations.

  1. Your rights

If permitted by applicable law, the Data Subject has the right to:

– access his/her personal data and know its origin, the purposes and aims of the processing, the data of the data controller, the data processor and the entities to whom it may be disclosed;

– revoke consent at any time, in the event that this constitutes the basis of the processing. In any case, revocation of consent does not affect the lawfulness of the processing based on the consent before revocation;

– update or rectify your personal data so that they are always accurate;

– to request the deletion of your personal data from the databases and/or archives of the data controller in case they are no longer needed for the purposes indicated above;

– limit the processing of your personal data in certain circumstances, such as where you have disputed its accuracy, for the period necessary for the data controller to verify its accuracy;

– obtain your personal data in electronic format;

– object to the processing of your personal data or request to stop the processing of your personal data for each of the purposes indicated in the previous point 3. Following such a request, the Data Controller may no longer proceed with the processing of personal data, except in cases where laws and regulations allow it.

The Data Subject may assert his or her rights by contacting the Data Controller, by written notice to be sent to the email address as indicated below.

The Data Subject has the right to lodge a complaint with the Supervisory Authority in charge of data protection and in particular in the Member State where he/she resides or usually works or where the alleged breach occurred.

  1. To exercise your rights

You may always contact, both for the exercise of the above rights and for any request regarding the processing of your personal data to the Data Protection Officer, Avv. Lorenzo Colzi, c/o Spheriens, Piazza della Libertà, 13 – 50129 – Florence (FI), tel. 055263381, fax 0552633800, website, e-mail address

Florence, April 19, 2023