This page describes how this website is managed with regard to the processing of users’ personal data. This information is provided pursuant to Articles 13 and 14 of the EU Regulation no. 2016/679 (the “GDPR”) to those who interact with the Data Controller’s web services, accessible electronically at:
DATA CONTROLLER
In the context of consultation of this site, data may be processed which involves identified or identifiable individuals.
Amba Roma Srl, with registered office at Via Vittorio Veneto 62, 00187 Roma (RM) (hereinafter also the “Data Controller” or “The Company“).
Type of data processed and purposes of processing
BROWSING DATA
The information systems and software used for running this website capture, as part of their routine operation, certain personal data whose transmission is implicit in the use of the Internet, on the basis of the TCP/IP protocol. This information is not collected to be associated with identified data subjects, but by its very nature could allow users to be identified.
The data in this category include “IP addresses” or the domain names of the computers used by the users connecting to the site, the URI (Uniform Resource Identifiers) notation addresses of the resources requested, the time of the request, the method used in submitting the request to the Web server, the size of the file obtained in response, the numeric code indicating the status of the response given by the Web server (executed, error, etc.) and other parameters relative to the user’s operating system and system environment.
These data are used for the sole purpose of managing user requests pursuant to Article 6(b) of the GDPR, as well as for the purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning, pursuant to Article 6(f) of the GDPR.
It is pointed out that the aforementioned data could be used to ascertain responsibility in the case of computer crimes against the Company’s website or to other sites connected to it: except for this eventuality, the browsing data are cancelled immediately after statistical processing and in any case are stored for 24 months from the time of collection.
DATA PROVIDED BY THE USER ON A VOLUNTARY BASIS
The request for the sending of electronic mail to the addresses indicated in the relevant section of the website entails the capture thereafter of the personal data of the user submitting the request, including the user’s electronic mail address which is needed for responding to the request.
The collected data will be processed by the Data Controller pursuant to Article 6(b) of the GDPR and for the sole purpose of correctly managing the requests of the user.
COOKIES
Further information on cookies installed through the Site can be found at the link: Cookie Policy
CALL CENTER
VOLUNTARY PROVISION OF PERSONAL DATA
Apart from what is specified for the navigation data, the user is free to provide personal data in the electronic request forms.
It should also be noted that the failure to provide the personal data above may result in the impossibility of obtaining the requested service.
PROCESSING METHODS AND SECURITY MEASURES
Personal data are processed with automated and non-automated methods, and only for the time strictly necessary to fulfil the purposes for which they were collected. Specific security measures are in place to prevent the loss of data, the illicit or incorrect use thereof, and unauthorized access.
RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
The data may be communicated to the following:
- i) those subjects (e.g. administrative, judicial or supervisory authorities) to whom such communication is necessary in order to fulfil an obligation established by law, by a regulation or by Community legislation;
- ii) third parties, suppliers of products and/or services.
These recipients may, where appropriate, process personal data as independent or responsible data controllers. The categories of independent data controllers, and a list of the data processors to whom your data may be communicated, can be requested from the company’s Data Controller.
In addition, natural persons in the following categories may become aware of your data in their role as authorized processers, but only with respect to the data required to carry out the tasks assigned to them: employees of the Company or seconded to it, temporary workers, interns, consultants and employees of external companies appointed as managers.
TRANSFER OF DATA TO THIRD COUNTRIES
The Data Controller wishes to inform you that personal data can only be transferred to countries outside the European Economic Area (so-called Third Countries) if these are recognized by the European Commission as offering an adequate level of personal data protection and are fully compliant with the relevant legislation and always ensure that data subjects can exercise their rights.
RIGHTS OF DATA SUBJECTS
EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR“) gives natural persons, individual companies and/or freelancers specific rights, including the right to know what personal data are held by the Data Controller and how they are used (right of access), to obtain updating, rectification or integration, when required, as well as cancellation, transformation into anonymous form or limitation.
Users may, at any time, revoke any consent given to the storage of cookies on their device and to the possible processing of personal data resulting from the use of cookies, in the terms indicated above.
The Data Controller emphasizes that the withdrawal of consent will only take effect for the subsequent processing.
DATA RETENTION PERIOD AND RIGHT TO ERASURE (I.E. THE RIGHT TO BE FORGOTTEN)
The Data Controller will process the information collected as strictly necessary for the pursuit of the predetermined purposes; the data collected through first party profiling cookies will be processed for a maximum period of 6 months.
At the end of this retention period, the information collected will be deleted or stored in a form that does not allow the identification of the user (e.g. irreversible anonymization), unless their further processing is necessary for one or more of the following purposes: i) resolution of pre-litigation and/or litigation initiated before the expiry of the retention period; ii) to follow up investigations/inspections by internal control functions and/or external authorities initiated before the expiry of the retention period; iii) to respond to requests from public authorities in Italy and/or abroad received/made known to the Data Controller before the expiry of the retention period.
METHODS OF EXERCISING THE RIGHTS
To exercise the rights referred to in the previous paragraph, each user may contact:
Amba Roma Srl, with registered office in Via Vittorio Veneto, 62 00187 Roma (RM), tel. +39 340 562 5602, e‑mail address: info@ic-rome.com
The deadline for replying is one (1) month, which can be extended up to two (2) months in particularly complex cases; the Data Controller must in any case give a reply within one (1) month.
The exercise of rights is, in principle, free; the Data Controller reserves the right to request an expense contribution in the event of manifestly unfounded or excessive (also repetitive) requests.
The Data Controller has the right to request the information necessary to identify the user.
COMPLAINTS OR NOTIFYING THE DATA PROTECTION SUPERVISORY AUTHORITY
The Data Controller informs that the user has the right to lodge a complaint or make a report to the Guarantor or to appeal to the Judicial Authority. The Guarantor’s contact details are available at the following link: http://www.garanteprivacy.it.