Privacy Policy

Privacy policy

Privacy Policy

pursuant to Article 13 of Regulation (EU) 2016/679 (“GDPR”)


Dear User: 

The following is an explanation of how personal data collected automatically or provided through browsing or using the website are processed.


  1. Data Controller and Data Protection Officer (“DPO”)

The Data Controller is Chiomenti Studio Legale, with registered office at XXIV Maggio n. 43, Rome (RM) (“Data Controller” or “Firm”).

The Firm has appointed a DPO who can be reached at the following certified email address: 

  1. Type of data processed

In order to enable you to browse the Website, the Data Controller will have to process certain personal data (“Personal Data” or “Data”) as explained below.

Data provided voluntarily by the user

Newsletter subscription 

  • name and surname;
  • email address;
  • role;
  • company you work for. 

Chiomenti Alumni

  • name and surname;
  • email address;
  • current place of work and position held;
  • the time spent at Chiomenti and the department;
  • the party in charge, if any.

Send your CV

  • name and surname;
  • email address;
  • residence;
  • personal data (e.g. date of birth);
  • details of the career path and skills acquired;
  • further information included in the curriculum vitae.

The optional, explicit and voluntary forwarding of messages to the contact addresses, as well as the completion and forwarding of forms available on the Website, entail the acquisition of the sender's contact data, necessary to reply to him/her, as well as any other Data included in the communication.

Navigation data

The computer systems and software procedures used to operate this Website acquire, in the course of their normal operation, certain Data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes the IP addresses or domain names of the computers and terminals used by users; the addresses in URI/URL(Uniform Resource Identifier/Locator) notation; the time of the request; the method used in submitting the request to the server; the size of the file obtained in response; the numerical code indicating the status of the response given by the server (successful, error, etc.) and other data relating to the user's operating system and computer environment.

These data, which are necessary for the use of services through the Website, are also processed for the purpose of:

  • obtaining statistical information on the use of the services (most visited pages, number of visitors per time slot or per day, geographical areas of origin, etc.);
  • monitoring the proper functioning of the services offered.

Browsing data are not retained for longer than is necessary to ensure the operation of the site and are deleted immediately after their aggregation (except in the event of the need to ascertain criminal offences by the judicial authorities).


Cookie policy

Technical cookies 

Technical and session cookies, i.e. small text files containing a certain amount of information exchanged between your terminal or browser and the Website, are used to allow it to function and be used correctly.

Analytical cookies

This website uses first and third-party analytical cookies . Analytical cookies are used to gather information on the use of the Web Site, in aggregate form, in particular on the number of users and how they visit the site. They also provide anonymous statistical analysis that helps to improve the use of the Web Site and make the content more interesting and relevant to the preferences of users. 

To view links to the privacy policies of third parties, disable all or some of the mentioned cookies, please refer to the following url

Profiling cookies

No first or third-party user profiling cookies are used.

Options regarding the use of cookies by the website via browser settings

However, all cookies can be deactivated by adjusting the browser settings. However, adjusting these settings may render the website unusable if technical cookies are blocked. However, each browser has different settings for deactivating cookies. Below you will find links to instructions for the most common browsers: Apple SafariGoogle ChromeMozilla FirefoxOpera.

  1. Purpose, legal basis and nature of data provision

Purpose of processing

Legal basis

Nature of data provision


Using the contents and services of the website and ensuring network and information security.

This includes the possibility of using the Website, subscribing to the “Alumni” section and forwarding requests and communications. 

In addition, this purpose includes the processing of traffic-related Personal Data to the extent strictly necessary and proportionate to ensure network and information security.

  • Performance of a contract (Article 6.1 (b) GDPR).
  • Fulfilment of legal obligations (Article 6.1. (c) of the GDPR). 
  • Legitimate interest (Article 6.1 (f) of the GDPR).


Failure to do so would make it impossible (i) to use the Website's content and services and (ii) to guarantee network security.


Sending the CV.

This includes the possibility of applying for an open position or sending an unsolicited application.

Implementation of pre-contractual measures at the request of the data subject (Article 6.1 (b) GDPR).


Failure to do so would make it impossible for Chiomenti to evaluate your application and, therefore, to start the selection process. 


Receipt of marketing communications and newsletters.

This purpose includes the possibility of subscribing to the newsletter and thus being kept up-to-date on Chiomenti's initiatives and activities, through traditional and automated contact systems, such as, by way of example, the use of your e-mail address.

  • Consent (Article 6.1 (a) of the GDPR).


Failure to provide this information, while not preventing the use of the Website in any way, may not allow you to benefit from the requested service.


Where applicable, to ascertain, exercise or defend the Controller's rights in out of court and in court proceedings.

  • Legitimate interest (Article 6.1 (f) of the GDPR).


Failure to do so may preclude the exercise of the Data Controller's rights.  



  1. Retention of personal data

Data contained in the submitted CV will be retained for 12 months after receipt. Further Data such as, for example, those collected for registration to the Alumni programme or the newsletter will be kept until the user's request for cancellation - which may be submitted at any time as indicated in the following paragraph “Rights of the Data Subject” - and in any case no later than 36 months after collecting them. 

Browsing data will not be retained for more than 7 days. 

In the event of the processing of Data for the exercise of a right in a court of law, personal data will be retained for the duration of the litigation and time limit for bringing an appeal is expired.

  1. Recipients of personal data

The Data may be disclosed to the following entities:

  • those who can access the data by virtue of legal provisions laid down by the law of the European Union or the law of the Member State to which the Data Controller is subject;
  • entities that carry out activities ancillary to the purposes stated in the relevant paragraph and, specifically, companies that offer advertising, marketing and communication services, companies that offer IT infrastructures and IT support and consultancy services as well as the design and creation of software and websites, companies that offer data analysis and development services (including those relating to users' interactions with our services), and finally professionals and consultants.

Furthermore, your personal data may also be disclosed to employees, designated as persons acting under the authority of the Data Controller pursuant to Article 29 of the GDPR or as System Administrators.

  1. Transfers to third countries

The Controller may transfer personal data to third countries. For example, they can be accessed from our foreign offices located in London, New York and Beijing. The transfer is always subject to appropriate guarantees. For further details on the transfer of personal data and to obtain a copy of the guarantees adopted by the Firm, you may write to the Data Controller using the contact details provided in paragraph 8. 

  1. Automated decision-making processes

The Data Controller does not intend to use automated decision-making processes.

  1. Rights of the data subject

As a data subject, you have the right to revoke your consent at any time and to obtain, from the Company, access to your personal data . You may also request the Company to rectify or delete them. Furthermore, you have the right to restrict the processing of your personal data, as well as the right to their portability.

In addition to the above, you have the right to object at any time, on grounds relating to your specific situation, to the processing of personal data carried out in accordance with Article 6, paragraph 1, letter e) or f), including profiling on the basis of these provisions, as set forth in Article 21 of the GDPR. 

Finally, you have the right to bring a complaint before a supervisory authority or bring an action before the appropriate courts if you deem that processing concerning your data violates the GDPR.

You may exercise the aforementioned rights by contacting the Data Controller at or the DPO at the above-indicated certified address.