Privacy Policy

Privacy Policy provided pursuant to Art. 13 Regulation (EU) 2016/679

Welcome to the website (the “Site“).

With this document (“Policy“), the Data Owner (as defined below), intends to inform you about the purposes and methods of the processing of your personal data collected when you consult the Site and about your rights under Regulation (EU) 2016/679, on the protection of individuals with regard to the processing of personal data and on the free movement of such data (“GDPR“), which grants you.


The Data Owner is Simon WealthLex Società tra Avvocati a responsabilità limitata, with registered office in via Caradosso n. 16, 20123 Milan in the person of its legal representative pro tempore (hereinafter “SWLex” or the “Data Controller“).
In order to exercise your rights, listed in paragraph 7 below, as well as for any other request relating to the same and/or to this Information Notice, you may contact the Data Owner at the following addresses:

  • telephone: +39 02 89093918

    Before proceeding, it is necessary to read the information

    Read the information on the processing of personal data by clicking here.
  • email:

    Before proceeding, it is necessary to read the information

    Read the information on the processing of personal data by clicking here.
  • The Data Owner has appointed a Data Protection Officer (“DPO”) pursuant to Art. 37 of the GDPR, whom you may contact to exercise your rights as well as to receive any other information relating to the same and/or to this Policy, by writing to

    Before proceeding, it is necessary to read the information

    Read the information on the processing of personal data by clicking here.

For the purposes indicated below, the Data Owner may process your personal data, as specified for each processing purpose, directly provided by you when using the Site in accordance with your browsing choices.

In particular, the Owner will process your personal data for the following purposes:


During navigation, the computer systems and software procedures used to operate the Site acquire certain personal data whose transmission is implicit in the use of Internet communication protocols, such as, for example, IP addresses or domain names of computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) notation addresses of the resources requested, the time of the request, and other parameters relating to the user’s operating system. This information is not collected in order to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow users to be identified:
This data, necessary for browsing the Site and its sections/subpages, is also processed for the purpose of:

  • allow you access to and use of the Site and the relevant sections/subpages;
  • controlling the correct functioning of the services offered;
  • ascertaining responsibility in the event of hypothetical computer crimes against the Site or third parties.

The legal basis for the processing of your data for the purpose referred to in this paragraph is the pursuit of a legitimate interest of the Data Owner, within the meaning of Article 6(1)(f) of the GDPR, identifiable in the reasonable expectation on your part that the processing of this specific type of personal data of a technical nature is necessary in order to allow you to browse the Site.

Consequently, your refusal to provide such data would make it impossible for you to consult the Site.

Browsing data are processed for the time strictly necessary to achieve the intended purpose, after which they will be stored for a period of 7 days, at the end of which they will be deleted (unless the need to store them for a longer period of time for the purposes of investigating possible offences arises).


The optional, explicit and voluntary sending of messages to the contact addresses of the Owner present in the Contacts section of the Site entails the acquisition of the user’s contact data, necessary to reply, as well as all the personal data included in the said communications.

The legal basis for the processing of your data for this purpose is identifiable in the legitimate interest of the Owner, pursuant to Article 6(1)(f) of the GDPR, identifiable in your reasonable expectation that the data you voluntarily provide will be processed by the Owner to meet your requests.

The provision of your personal data, for the above-mentioned purpose, is optional. However, your decision not to provide your personal data will prevent you from obtaining the information you require.

For this purpose, your personal data will be kept for the time necessary to process your request, after which it will be deleted within 30 days.


This Site uses cookies: for the relevant information on the processing of personal data, please refer to the relevant Cookie Policy.


Please note that on some pages of the Site there are links that redirect to telematic platforms (e.g. Internet sites, social media) operating under the responsibility of third parties and/or organisations other than the Owner and over which the Owner has no control.

In this regard, the Owner does not provide any guarantee, nor does it assume any responsibility regarding the accuracy or any other aspect related to the processing of personal data conducted through such third-party platforms, given that the link to a third-party site cannot be understood as a validation, either by the Owner or by said third party, of the legitimacy of the processing of personal data conducted therein.

Users are, therefore, invited to carefully examine the policy on the protection of personal data that governs the third-party sites linked to the Site in order to have a complete overview of the possible use of their personal data by them:


Processing is carried out in compliance with the requirements of the GDPR, according to the principles of honesty, lawfulness and transparency and the protection of your rights as described therein. Personal data is processed by means of computerised, telematic and/or paper-based tools, as well as with the use of security measures aimed at guaranteeing the confidentiality of personal data and preventing undue access by unauthorised parties.

The data controller shall not use automated processes, including profiling, to achieve the purposes set out in this Policy.


For the pursuit of the purposes described in paragraph 2 above, the personal data processed will be known to the employees, assimilated personnel and collaborators of the Data Owner, who will act as authorised subjects for the processing of personal data.

Furthermore, your personal data may be processed by third parties belonging, by way of example, to the following categories:

  • suppliers of technical assistance services for the management of the IT system, logistics suppliers, advertising agencies, communication and event support agencies or other service providers;
  • authorities and supervisory and control bodies and, in general, public or private entities with a public function;
  • providers of external telematic platforms for sending communications;
  • other companies belonging to the same corporate group as the Owner.

The subjects belonging to the above categories operate, in some cases, as data controllers specifically appointed by the Data Owner in compliance with Article 28 GDPR, and in other cases completely independently as separate data controllers, it being understood that, in the latter case, the communication of your personal data to such independent data owners would take place solely for the purposes of pursuing the purposes set out in paragraph 2 above.
The complete and updated list of the entities to which your personal data may be communicated may be requested by contacting the Owner at the address indicated in paragraph 1 of the Policy.
Your personal data will not be disclosed.


The Owner does not intend to transfer your personal data outside the European Union. Should this circumstance become necessary due to technical-organisational requirements, such a transfer will in any case be preceded by prior verification of the existence of the conditions of legitimacy and adequate guarantees prescribed by Articles 44 et seq. of the GDPR. Should such a circumstance occur, you may request information from the Data Owner about the transfer of your personal data outside the European Union and obtain a copy of the protection measures adopted by making a specific request to the Data Owner at the email address


In relation to the processing operations described in this Policy, as a data subject, you may, under the conditions set out in the GDPR, exercise the rights set out in Articles 15 – 21 of the GDPR, in particular:

  • right of access: right to obtain confirmation as to whether or not personal data relating to you are being processed and, if so, to obtain access to your personal data – including a copy thereof – and communication of, inter alia, the information referred to in Article 15 of the GDPR;
  • right to rectification: the right to obtain, without undue delay, the rectification of inaccurate personal data concerning him/her and/or the supplementation of incomplete personal data pursuant to Article 16 of the GDPR;
  • right to erasure (right to be forgotten): the right to obtain, without undue delay, the erasure of personal data concerning him/her, in the cases indicated in Article 17 of the GDPR; the right to erasure does not apply to the extent that the processing is necessary for the performance of a legal obligation or the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims;
  • right to restriction of processing: right to obtain the restriction of processing, in the cases indicated in Article 18 of the GDPR;
  • right to data portability: the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning you provided to the Data Owner and the right to transmit them to another data owner without hindrance, where the processing is based on consent and is carried out by automated means, as set out in Article 20 of the GDPR. In addition, the right to have your personal data transmitted directly by the Owner to another owner if this is technically feasible;
  • right to object: right to object to the processing of personal data concerning you, unless there are legitimate grounds for the Owner to continue the processing, pursuant to Article 21 of the GDPR;
  • right to withdraw consent at any time without affecting the lawfulness of the processing based on the consent given before the revocation;
  • right to lodge a complaint with the Garante per la protezione dei dati personali, Piazza Venezia n. 11, 00187, Rome (RM).

The above rights may be exercised towards the Data Owner by contacting the references indicated in paragraph 1 above. The Data Owner shall take charge of your request and provide you, without undue delay and, in any case, no later than one month from receipt thereof, with information on the action taken regarding your request.
The exercise of your rights as a data subject is free of charge pursuant to Article 12 of the GDPR. However, in the case of requests that are manifestly unfounded or excessive, including due to their repetitiveness, the Data Owner may charge you a reasonable expense contribution, in light of the administrative costs incurred in handling your request, or deny satisfaction of your request.
Finally, we inform you that the Owner may request further information necessary to confirm the identity of the data subject.

The Data Owner