This Privacy Notice explains how AMS Italy Legal collects, uses, discloses and otherwise processes personal data in connection with enquiries, prospective engagements, client onboarding, international advisory and coordination, billing, marketing, and the provision of Italian legal services.

It applies to prospective clients, clients, former clients, their representatives, beneficial owners, counterparties, witnesses, experts, referrers, suppliers and other individuals whose personal data is processed in connection with AMS Italy Legal's business activities.

This notice does not address cookies or website analytics in detail, nor recruitment or employment processing, which may be covered by separate, more specific notices.

AMS Italy Legal operates through separate legal entities. Depending on the context, one or more of the following entities act as independent data controllers. Where two or more entities jointly determine the purposes and means of a specific processing activity, they act as joint controllers only to the extent required by applicable law. The relevant engagement letter and related communications will identify the engaging entity or entities.

Entity	Corporate details	Main processing contexts
AMS ITALY (USA) LLC	Wyoming Registration No. 2025-001660422 1309 Coffeen Avenue, Suite 1200, Sheridan, WY 82801, United States	U.S. and Canada market-facing enquiries, billing, client relationship management, non-reserved international advisory and coordination, and worldwide marketing, communication and public relations.
AMS ITALY (UK) LTD	Company No. 16645845 71–75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom	U.K. market-facing enquiries, billing, client services and non-reserved international advisory and coordination for eligible matters outside Italy, the U.S.A. and Canada.
STUDIO LEGALE Avv. Alberto Maria Schiavone	Regulated in Italy via R. Morghen 36, Milano 20158 via A. Grandi 2A, Brindisi 72100 VAT no. IT10275470960	Italian legal advice, reserved Italian legal services, matter management, professional compliance, conflict checks and related processing carried out under Italian legal-profession rules.

For privacy requests and general questions relating to this notice, please contact bureau@amsitaly.legal. We may need to verify identity before acting on a request.

Depending on the matter and the relationship involved, we may process the following categories of personal data:

• identity and contact details, such as name, title, postal address, email address, telephone number, nationality and language preferences;
• professional and business information, such as employer, role, corporate affiliation and relationship to a matter or transaction;
• client, matter and case-related information, including documents, instructions, correspondence, background facts, positions taken, evidence and records relevant to the requested services;
• compliance and verification information, including data required for conflict checks, know-your-client procedures, sanctions screening, source-of-funds enquiries where applicable, and beneficial ownership verification;
• billing, payment and transaction information, including invoicing contacts, payment records and tax-related information;
• technical, access and security information generated when you interact with our email systems, document platforms, website or other IT resources;
• marketing and communications preference data; and
• publicly available information and information lawfully obtained from third parties such as clients, counterparties, local counsel, public registers, courts, authorities, referrers or service providers.

In the course of a legal matter, we may also receive personal data indirectly from clients, counterparties, witnesses, courts, public authorities, registries or other professional advisers rather than from the data subject directly.

Under the GDPR and the UK GDPR, the main purposes for which we process personal data and the principal legal bases relied upon are as follows:

Purpose of processing	Main legal basis or bases
Responding to enquiries, assessing whether we can assist, performing preliminary conflict checks and taking steps prior to a potential engagement.	Article 6(1)(b) contract-related pre-engagement steps; Article 6(1)(f) legitimate interests in evaluating requests and organising our business.
Opening, administering and managing matters, coordinating work within the AMS Italy Legal structure and communicating with clients, representatives and other relevant persons.	Article 6(1)(b) performance of a contract; Article 6(1)(f) legitimate interests in the efficient organisation, coordination and delivery of professional services.
Providing Italian legal advice and reserved legal services through Studio Legale Avv. Alberto Maria Schiavone and authorised professionals.	Article 6(1)(b) performance of a contract; Article 6(1)(f) legitimate interests in the provision and management of legal services; where special category data is involved, Article 9(2)(f) establishment, exercise or defence of legal claims and, where required, Article 9(2)(a) explicit consent.
Complying with legal, regulatory, professional, accounting, tax, record-keeping, conflict-management, sanctions and know-your-client obligations that apply to the relevant entity or matter.	Article 6(1)(c) compliance with a legal obligation; and, where relevant for sensitive matter data, Article 9(2)(f) or another condition permitted by applicable law.
Billing, collections, insurance administration, defending or pursuing claims, and preserving evidence relevant to disputes or professional risk management.	Article 6(1)(b) performance of a contract; Article 6(1)(f) legitimate interests in obtaining payment, managing risk and defending rights; Article 6(1)(c) where retention or disclosure is legally required.
Sending legal, market or service updates and other business development communications.	Article 6(1)(f) legitimate interests in promoting our services and maintaining professional relationships, or consent where required by applicable law.
Operating, securing and improving our systems, files, documentation, internal controls and business administration.	Article 6(1)(f) legitimate interests in security, continuity, governance and operational improvement; Article 6(1)(c) where a specific legal obligation applies.

Where we rely on legitimate interests, those interests generally include the orderly administration of a multi-jurisdictional professional structure, the secure handling of client relationships, protection against fraud and misuse, and the establishment, exercise or defence of legal rights.

In the context of legal matters, we may process special category data and, where permitted by applicable law, data relating to criminal convictions or offences. We do so only when this is necessary and legally justified, including where processing is required for the establishment, exercise or defence of legal claims, for compliance with professional obligations, or on the basis of explicit consent where consent is the appropriate condition.

The provision of certain personal data is necessary in order for us to assess, accept, open and manage an engagement, carry out compliance checks, communicate with you, issue invoices and comply with legal or professional obligations. If the relevant data is not provided, we may be unable to start or continue the requested engagement or to provide the requested services.

We may disclose personal data, on a need-to-know basis and subject to appropriate confidentiality obligations, to the following categories of recipients:

• the relevant AMS Italy Legal entities identified above;
• authorised partners, associates, counsel, local counsel, experts, translators, technical consultants and other professional service providers engaged in connection with a matter;
• IT, hosting, cloud, cybersecurity, document management, e-signature, accounting, payment, banking and administrative service providers;
• professional indemnity insurers, auditors, external advisers and debt recovery providers where appropriate;
• courts, tribunals, notaries, regulators, public authorities, registries and law-enforcement bodies where disclosure is required or appropriate; and
• other recipients designated or approved by the client, or reasonably necessary to carry out the relevant instructions.

Disclosures are made only to the extent reasonably necessary for the relevant purpose and remain subject, where applicable, to legal professional privilege, professional secrecy and confidentiality constraints.

Because AMS Italy Legal operates through entities in Italy, the United Kingdom and the United States, and may work with local professionals or service providers in other jurisdictions, personal data may be transferred to countries outside the country in which it was originally collected.

Where required under applicable data-protection law, such transfers are made only on the basis of an adequacy decision or adequacy regulation, or under appropriate safeguards such as the Standard Contractual Clauses approved by the European Commission, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or another lawful transfer mechanism recognised by the applicable regime.

Where a transfer relies on an appropriate safeguard, a copy of the relevant safeguard or information about how to access it may be requested by contacting bureau@amsitaly.legal, subject to confidentiality and legal limitations.

We retain personal data only for as long as reasonably necessary for the purposes described above, including to provide services, maintain matter records, comply with legal and professional obligations, keep accounting and tax documentation, perform conflict checks and establish, exercise or defend legal claims.

Category	Typical retention approach
General enquiries and unconverted business opportunities	Usually up to 24 months from the last substantive interaction, unless a longer period is required to manage conflicts, compliance or potential claims.
Client and matter files	For the duration of the engagement and thereafter generally for up to 10 years from closure, or longer where required by law, limitation periods, professional obligations or the nature of the matter.
Billing, tax and accounting records	For the period required by applicable accounting, tax and record-keeping laws, typically up to 10 years or longer where required.
Marketing records	Until you opt out, withdraw consent where consent is used, or object to the relevant processing, and thereafter only limited suppression data as necessary to respect your preference.
Technical and security logs	For the period reasonably necessary for security, troubleshooting, auditing and business continuity purposes, unless a longer retention period is required for investigation or legal reasons.

Subject to the conditions and limitations set out in applicable law, you may have the right to request access to your personal data, rectification of inaccurate data, erasure, restriction of processing, portability of data processed by automated means on the basis of contract or consent, and to object to processing based on legitimate interests or to direct marketing.

Where processing is based on consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

You also have the right to lodge a complaint with the supervisory authority competent for your place of residence, place of work or place of the alleged infringement. For matters connected to Italian processing, this may include the Garante per la Protezione dei Dati Personali. For U.K.-related processing, complaints may also be made to the Information Commissioner's Office.

Some of these rights may be limited where personal data is subject to legal professional privilege, professional secrecy, statutory retention duties or other lawful restrictions.

AMS Italy Legal does not ordinarily carry out solely automated decision-making, including profiling, that produces legal effects or similarly significant effects in relation to individuals covered by this notice.

We implement appropriate technical and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include access controls, confidentiality commitments, role-based restrictions, secure storage environments, vendor management and practices proportionate to the nature of the data and the risks involved.

Questions, requests and privacy-related communications may be sent to bureau@amsitaly.legal.

We may update this Privacy Notice from time to time to reflect legal, operational or organisational changes. The latest version will state the update date shown on the first page.

* * *

This Privacy Notice is provided for transparency purposes and does not create a contractual relationship, does not define the scope of any engagement, and does not amend any engagement letter or professional mandate. Matter-specific supplemental privacy information may be provided where required or appropriate.