INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA
In accordance with Art. 13 of EU Regulation no. 2016/679 dated 27 April 2016 (hereinafter referred to as GDPR), Roma Congressi S.r.l. (hereinafter referred to as “Data Controller”) provides the Data Subject – an identified or identifiable natural person – with the following information concerning the way personal data are protected.
This information notice aims to describe the way personal data is processed and the measures adopted to protect the rights of data subjects. The notice is periodically updated
to comply with applicable legislation or to new ways of processing personal data.
The Data Controller
The Data controller is Roma Congressi S.r.l., domiciled and headquartered in Roma, Corso Trieste n. 165 – 00198 – VAT 01654761004 – Tax Number 06955000580.
Email address: email@example.com
Categories of Data
The Data Controller collects the following data:
- Personal data
- Contact details
- Bank details
Purposes for the Processing of Personal Data
Your Personal Data will be processed for the following purposes:
- Replying to a request filed by the Data Subject
- Finalizing and performing a contract (contractual phase)
Legal grounds for the lawful processing of personal data
The legal grounds relied on to process your personal data are the following:
- Implementing pre-contractual measures
- Performing a contract
- Fulfilling other obligations (e.g. billing)
Data Retention Time
Your personal data collected by the Data Controller for the fulfilment of the Purpose referred to in letter (a) will be kept for a maximum of 6 (six) months from the date of its entry.
The personal data collected to fulfil the Purpose referred to in letter (b) will be kept until the Purpose is fulfilled and in any case for the amount of time envisaged by law (e.g. complying with tax requirements) and for as long as it will be necessary for a possible judicial defence and until the definition of the judgement.
How your personal data is processed
Your personal data is processed with a view to fulfilling the Purposes specified in this policy statement in digital format.
Mandatory or optional provision of personal data
The provision of personal data to fulfil the Purpose referred to in letter (a) is optional. The Data Subject will not be able to file requests upon refusing to provide his/her data.
The provision of personal data to fulfil the Purpose referred to in letter (b) is mandatory. The refusal to do so will make it impossible for the Data Controller to finalize and perform the contract.
Recipients of your Personal Data
The personal data you provide will be processed by the following parties according to the principle of strict indispensability:
- The Data Controller’s staff, who act and process data under the authority and instructions of the Data Controller, pursuant to Art. 29 of the GDPR, or the employees designated by the Data Controller in accordance with Art. 2 quaterdecies of Legislative Decree 101/2018.
- Individuals or legal entities whose right to access the personal information of the Data Subject is recognized by legal provisions provided for by European Union law or Italian law, such as, by way of example, the competent authorities and/or supervisory bodies for the purpose of fulfilling legal obligations, and public administrations for their institutional purposes.
- Individuals or legal entities resorted to by the Data Controller to perform activities that are instrumental to achieving its Aims (for example, software vendors, cloud partners, data centres, IT consultants). Third parties who access the information will do so in compliance with the current legislation on the protection of personal data and the instructions given by the Data Controller and will in any case be appointed Data Processors by the Data Controller.
A full list of our Data Processors is available at the headquarters of the Data Controller.
Dissemination of Data
Data will in no way be disseminated.
Rights of the Data Subject
The Data subject can exercise the following rights for each data processing operation:
- The right of access – You have the right to obtain a copy of your personal data in our possession subjected to processing.
- The right to rectification – You have the right to ask for the rectification of your personal data stored by the Data Controller if it is not correct or updated.
- The right to object – You have the right to object to the processing of your personal data for commercial purposes. You can ask the Data Controller to stop sending you ads at any time.
- The right to object – You have the right to object to any decision based on totally automated processes: you can ask not to be the recipient of decisions exclusively made on the basis of totally automated processes, including profiling activities.
- The right to withdraw consent – You have the right to withdraw the consent given to the processing of any information at any time.
- The right to lodge a complaint with the Data Protection Authority – You have the right to lodge a complaint with the Data Protection Authority to protect your personal data in case you have concerns about the way the Data Controller is handling it.
In certain conditions, the Data Subject can also exercise the following rights:
- The right to erasure – You have the right to obtain the erasure of your personal data stored with the Data Controller if the purposes of data processing no longer exist, there is no legitimate interest on the Data Controller’s part and it is no longer necessary to comply with a legal obligation.
- The right to object – You have the right to object to the processing of your data and ask the Data Controller to discontinue a certain type of data processing.
- The right to restrict processing – You have the right to restrict the scope of the Data Controller’s processing of your personal data.
- The right to data portability – You have the right to receive a copy of the Data in a structured, commonly-used and machine- readable format which can be accessed by another controller.
To exercise the aforesaid rights, the Data Subject can send an email or write to the following address, specifying his/her requests and providing the Data Controller with the information needed to correctly identify the sender (by also attaching thereto a copy of his/her ID document) to the following addresses:
- by e-mail: firstname.lastname@example.org
- by ordinary mail: Roma Congressi S.r.l. – Corso Trieste n. 165 – 00198 – Rome, Italy
Roma Congressi S.r.l. will reply within a month. In the event that the Data Controller is unable to respond, it shall provide a detailed explanation as to why the Data Subject’s request cannot be met.