This website contains general information and documents regarding DFS Dinoia – Federico – Simbari – Avvocati Penalisti (“DFS”), which are published for informational purposes only. All information, material, illustrations and documents contained in this website are protected by copyright laws and shall not be used without the express consent of DFS. All material published on this website is the exclusive property of DFS. DFS does not intend to, and shall not, provide any legal advice and/or legal opinion through this website. Accordingly, DFS shall not be liable for any costs, expenses, losses or damages that might derive from the use of this website and/or from the reliance upon the information contained herein.

Here below you can find information on the processing of personal data carried out by DFS through the website and, in the case of a professional mandate conferred by clients, for the provision of the services agreed by means of the mandate.


On this page you will find a description of the procedures in accordance with which the information contained in the website www.dfslex.it is managed, with reference to the processing of personal data of the users who access this website. This information notice is also provided pursuant to Art. 13 of the EU Regulation 2016/679 (the “GDPR”) – to whomsoever will access the website. The information notice is provided with regard to the website www.dfslex.it only, and not with regard to other websites accessed by the user through links. Personal data will be processed in accordance with the GDPR and its implementing EU and Italian laws, as amended and integrated from time to time  (the “Applicable Privacy Law”).


Following access to this website, data regarding identified or identifiable persons may be processed. The “controller” of such data processing shall be DFS Dinoia – Federico – Simbari – Avvocati Penalisti, with offices in Milan, at Corso Venezia 40.


Any data processing operation connected with the Web services provided on this website shall be carried out at the offices of DFS, solely by employees, consultants, associates or partners of DFS in charge of the processing of data, or by persons entrusted with occasional maintenance operations. No data deriving from the Web service shall be disclosed or disseminated.


 Data automatically collected by the website

The information systems and software procedures implemented for the operation of this website may acquire, during the course of their normal execution, certain data, the transmission of which is implied in the use of the Internet communication protocols. This category of data includes URI (Uniform Resource Identifier) notation addresses of the resources requested, the time at which the request is submitted, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the state of the reply given by the server (sent, error, etc.), and other parameters relating to the user’s operating system and information environment. This data is only used to retrieve anonymous statistical information on the use of the website and to control that it works properly. Such data may be used to ascertain any liability in the case of any alleged computer crimes to the detriment of the website.

Data Voluntarily Supplied by the User

The optional, express, and voluntary sending of electronic mail to the email addresses specified on this website shall imply the subsequent acquisition of the sender’s email address, which is necessary for a reply to any request, as well as the acquisition of other personal data, if any, contained in the email.

Similarly, user’s request of submission of information material by DFS shall lead to the acquisition of user’s email address, which is necessary for the transmission of the communications as requested.


You may exercise your rights under the Privacy Policy, including those of (i) obtaining confirmation from the owner of the existence of your personal data, (ii) having knowledge of the origin of the data as well as the logic and purposes of the processing , (iii) obtain the identification details of the owner and of the managers, (iv) know the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the State, of managers or appointees, (v) obtain the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, as well as updating, rectification or, if interested, integration of data and (vi) object to the processing in whole or in part, for legitimate reasons. To this end, it may submit a complaint to the supervisory authority where required by the Privacy Law It may also object to the processing of data based on reasons connected to your particular situation and, in any case, to the processing of data for direct marketing purposes. The requests above must be sent by email to DFS Avvocati Penalisti, at the address segreteria@dfslex.it


No personal data of the users is collected by the website through the use of cookies. The website, indeed, only uses technical cookies and similarly grouped cookies, such as: browsing or session cookies; analytics cookies, to collect aggregate information on the number of visitors and the pattern of visits to the website; functional cookies, which allow users to navigate as a function of certain pre-determined criteria so as to improve the quality of service and to facilitate any subsequent access to our website. Cookies are not used to transmit personal information.

The website uses first party cookies (of the publisher) and third parties’ ones. In particular, the website deploys the cookies related to Google Analytics. You may find more information on how Google processes data of its partners’ sites by clicking here or you may disable the use of Google Analytics by clicking here.

The cookies used by this website do not require the explicit prior consent of the user. Reception of this website’s cookies can be interrupted by the user at any time by changing his/her browser settings, at the following links:.

  • Internet Explorer: http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies
  • Chrome: https://support.google.com/accounts/answer/61416?hl=it
  • Firefox: https://support.mozilla.org/it/kb/Attivare e disattivare i cookie
  • Safari: https://support.apple.com/kb/PH17191?locale=it_IT

Please note that after this operation, some features of the website may not work properly and certain processing may become more complex and/or less secure.


pursuant to the European Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016, relating to the protection of individuals with regard to the processing of personal data (in short, “GDPR“)

The professional association “DFS Dinoia, Federico, Simbari – Avvocati Penalisti“, in the person of its legal representative pro-tempore, as owner of the personal data collected directly from the person concerned, provides this information pursuant to the article 13, GDPR (in short, “Information“).

In any case, the logical and physical security of the data and, in general, the confidentiality of the personal data processed will be guaranteed, putting in place all the necessary technical and organizational measures to guarantee their security.

A) Identity and contact details of the Owner

“DFS Dinoia – Federico – Simbari – Criminal Lawyers”

Corso Venezia 40
Milan (20121 – MI)
F. and P.I. n. 10574500962
Tel 02 76025831 – segreteria@dfslex.it

B) Purpose of the processing to which the personal data are intended and relative legal basis 

Your personal data will be processed: 

  • without consent for the following purposes: 
  • for the management and execution of the professional assignment received, in the legal field (legal, judicial and extrajudicial assistance and consultancy) and / or commercial (economic and financial, commercial, fiscal and tax assistance, judicial and extrajudicial, and related services) ), for the management and execution of the services connected to the assignment (for example, deposits and deeds and documents registration), for the management of contacts with the client and the consequent information; 
  • for the administrative-accounting and fiscal management and related fulfillments (issuing of receipts, invoices, preparation of payments), for the execution of the obligations incumbent on the professionals and foreseen by the current legislation (for example by the legislation on anti-money laundering Legislative Decree 231 of 11/21/2007 and subsequent amendments), as well as for the possible protection of credit positions and defense in court; 
  • for internal statistical surveys, analysis and economic management of Studio BP, as well as, in relation to the contact data provided by the customer, sending communications related to the tasks (for example regulatory updates, updating provisions and circulars, compliance and accounting deadlines and tax), as well as invitations to events, workshops and training and refresher meetings, with the right to immediate cancellation upon request. 

The treatments described above meet the following legal bases respectively: 

  • fulfillment of a contract or pre-contractual measures, satisfaction of a request from the interested party – condition of lawfulness of article 6, letter b) GDPR; 
  • legal obligation to which the Owner is subject – condition of lawfulness of article 6, letter c) GDPR – or for ascertaining, exercising or defending a right in judicial proceedings; 
  • pursuit of legitimate interests of the Data Controller – condition of lawfulness of article 6, letter f) GDPR – relating to the improvement of the internal functioning and of the services provided to its customers, to the management of information services connected to the tasks. 

The provision of data, for the purposes referred to in the previous section B, is mandatory and the lack of data and / or any refusal to process it will make it impossible for the owner to execute the contract or the pre-contractual measures, to fulfill the obligation, with eventual non-fulfillment and responsibility of the interested party also to sanctions contemplated by the legal system.

C) Processing of particular data (Art. 9 GDPR). 

As part of the execution of the assignment and to the extent that it is indispensable in relation to the specific subject inherent to it, Studio BP may process data that the law defines as “particular” as suitable for revealing, for example, the origin racial or ethnic, political opinions, religious or philosophical beliefs, or trade union membership, as well as dealing with genetic data, biometric data intended to uniquely identify an individual, data relating to health or sexual life or sexual orientation of the person. 

  • without consent: 
  • when the processing is necessary to ascertain, exercise or defend a right in court or whenever the judicial authorities exercise their jurisdictional functions; 
  • when the treatment is necessary for the execution of the obligations incumbent on the professionals and foreseen by the current legislation (for example by the legislation on anti-money laundering Legislative Decree 21/11/2007 n. 231 and subsequent modifications). 

The provision of data, for the purposes referred to in the previous section C.i we are obliged and the lack of data and / or the possible refusal to treat will make it impossible for the Owner to execute the contract or the pre-contractual measures, of to fulfill the obligation, with eventual non-fulfillment and responsibility of the interested party also to sanctions contemplated by the legal system.

  • with your consent: 
  • for out-of-court assistance and consultancy, for the management and execution of tax obligations relating to deductions / deductions for medical-health expenses, or for the choice of destination to bodies receiving IRPEF contributions (religious institutions, voluntary bodies, research or social interest and political parties). The provision of data for the purposes referred to in the preceding section C.ii is optional, with the consequence that you may decide not to give your consent, or to revoke it. The lack of consent will not allow the processing of such data and therefore the possibility to take advantage of any deductions and / or deductions and to allocate Irpef contributions to third parties.

D) Categories of recipients of personal data

For the purposes referred to in the previous paragraph and in correspondence with the specific task, the personal data you provided may be communicated or made accessible:

  1. to employees and collaborators of the Data Controller, in their capacity as authorized data processing personnel (or so-called “data processors”);
  2. to third parties including:
  • service providers for the management of the information system and telecommunications networks, service providers for the management of the archiving of paper and / or computerized documentation, providers of services for electronic invoicing, labor consultants and / or companies specializing in processing of payslips and management of related obligations;
  • banks and credit institutions for carrying out economic activities (payments / collections);

to judicial or supervisory authorities, administrations, public bodies and organizations (national and foreign);

The complete and updated list of the Data Processors can be accessed by writing to the address privacy@bpeassociati.com.

E) Storage and transfer of personal data abroad.

The management and storage of personal data is carried out through paper archives and electronic archives placed on servers owned and / or available to the Data Controller located within the headquarters of the Company.

In the event of activation of the electronic invoicing management service and related storage through the systems in charge of this, the data will be processed and stored in the cloud and on servers located within the European Union owned and / or available to the Data Controller and / or third-party companies duly appointed as Data Processors.

Your personal data will not be the object of transfers abroad (EU or extra-EU) or dissemination.

F) Period of storage of personal data

The personal data collected for the purposes indicated in the previous paragraphs (B / C) will be processed and stored for the entire duration of the established contractual relationship and / or for the necessary legal obligations.

Starting from the date of termination of this relationship, for any reason or cause, the data will be kept for the duration of the prescription terms applicable ex lege.

After this storage period has expired, the data will be destroyed or made anonymous.

G) Rights exercisable

In accordance with the provisions of Chapter III, Section I, GDPR, you can exercise by simply sending a request by e-mail to the address of the Owner segreteria@dfslex.it the rights indicated therein and in particular:

  • Right of access – Obtain confirmation that your personal data is being processed and whether or not it is, and, in this case, receive information relating, in particular, to: purposes of processing, categories of personal data processed and retention period, recipients which these can be communicated (Article 15, GDPR),
  • Right of rectification – Obtain, without unjustified delay, the correction of inaccurate personal data concerning you and the integration of incomplete personal data (article 16, GDPR),
  • Right to cancel – Obtain, without unjustified delay, the personal data concerning you, in the cases provided for by the GDPR (article 17, GDPR),
  • Right of limitation – Obtain the limitation of the treatment, in the cases provided for by the GDPR (article 18, GDPR)
  • Right to portability – Receive in a structured format, commonly used and readable by an automatic device, the personal data concerning you, as well as obtain that they are transmitted to another owner without impediment, in the cases provided for by the GDPR (article 20, GDPR )
  • Opposition right – Oppose the processing of personal data concerning you, unless there are legitimate reasons for the Data Controller to continue processing (article 21, GDPR)
  • Right to lodge a complaint with the supervisory authority – Make a complaint to the Data Protection Authority, Piazza Venezia n. 11, 00186, Rome (RM).