European Data Protection Regulation


Version May 2018.  

This information will be reviewed and adjusted, if necessary, in case of regulatory compliance


ROMEI srl, with registered office in Scarperia and San Piero, at Via G. di Vittorio 7, VAT No./ Tax Ref: 04503100481 (hereinafter "Data Controller", "Controller"), as Data Controller, informs you to pursuant to article 13 EU Regulation no. 2016/679 (hereinafter also "GPDR") of our privacy policy and to understand how your personal information is handled when using our services and to allow you, where appropriate, to give your express consent and confirm your understanding to the processing of your personal data in the sections of the site where it is required to provide personal data.
The notice complies with and adheres to Recommendation no. 2/2001 that the European Personal Data Protection Authorities adopted on 17th May 2001 to identify some of the minimum requirements for the collection of personal data online and, in particular, the means, times and nature of the information that data processors are required to provide to users when they connect to web pages, regardless of the purpose of the connection. It is specified that the consent mechanisms will be evident, brief and easily understandable. If the original conditions for which consent was requested were to be changed – for example, if the purpose of data processing changed, further consent will be required pursuant to European Regulation no. 679/2016.
According to the rules of the Regulation, the processing performed by ROMEI SRL will be based on the principles of lawfulness, correctness, transparency, limitation and retention purpose, data minimisation, accuracy, integrity and confidentiality.

1. Data Controller
The data controller is ROMEI srl, with registered office in Scarperia e San Piero (VAT No./Tax Ref: 04503100481) which you can contact to assert your rights. 
The contact details of the Data Controller are listed below:
- Telephone: 0558468293
- Fax: 0558430938
- Address: Via G. di Vittorio 7
- Certified email:
- Email:

2. Data Protection Officer

The Data Protection Officer (DPO-RPD) of ROMEI SRL is ROMEI DARIA, available via the following contact details: - Telephone: 0558468293 Fax: 0558430938 Certified email: ROMEI.SRL@PEC.IT email address: DARIA.ROMEI@ROMEISRL.IT

3. Purpose of the Processing

The processing we intend to carry out, with your specific consent where necessary, is for the following purposes:
 a. To allow the provision of the Services requested by you, including the collection, storage and processing of data for the purposes of the establishment and subsequent operational (including data collection for the purpose of speculative applications), technical and administrative management of the relationship connected to the provision of the Services and the provision of communications relating to the conduct of the relationship established;
 b. To allow browsing and consultation of the ROMEI SRL website;
c. To respond to requests for assistance or information, which we will receive via email, telephone or instant messaging through the application, or via the appropriate form;
 d. To fulfil legal, accounting and tax obligations;
e. To carry out direct marketing via email for services similar to those signed by you, unless you have objected to this use of your data initially or in subsequent communications, for the pursuit of the legitimate interest of ROMEI SRL to promote products or services which you may reasonably be interested in;
f. If necessary, to carry out studies or research, obtain market statistics; send advertising material, information notices, commercial information or surveys aimed at improving the service ("customer satisfaction") via email or text message, and/or by telephone with an operator and/or through the official pages of ROMEI SRL on social networks;
 g. To make personalised business proposals based on the products or services you have purchased, or which you may be interested in having browsed our website;
 h. Newsletter subscription;
 i. For exclusive purposes of security and prevention of fraudulent conduct, the Controller establishes an automatic control system that involves the detection and analysis of user behaviour on the site associated with the processing of Personal Data including the IP address. 
2.1 Legal basis and mandatory or optional nature of the processing The legal basis of the processing of Personal Data for the purposes referred to in the previous section is article 6 (1) (b) of the Regulation insofar as the processing is necessary for the provision of the contracted services. The provision of personal data for these purposes is optional, but failure to provide them would make it impossible to activate the requested services. 
The purpose related to legal obligations is a legitimate processing of Personal Data pursuant to article 6 (1) (c) of the Regulations. In fact, once the personal data has been provided, the processing is indeed necessary to comply with the legal obligations to which ROMEI SRL  is subject. The processing carried for marketing purposes and the newsletter described above are based on the issue of your consent pursuant to article 6 (1) (a) of the Regulations. The provision of your Personal Data for these purposes is entirely optional and does not affect the use of the Services. Subsequent processing, carried out for purposes of email marketing on products or services similar to those purchased by you, instead, pursuant to art. 6.1.f of the Regulations, is legally based on the legitimate interests of ROMEI SRL in promoting its products or services in a context in which the data subject can reasonably expect this type of processing, which he or she can also oppose at any time. In fact, if you wish to oppose the processing of your data for these marketing purposes, you may at any time do so through your control panel, or by sending a request to ROMEI SRL at or via the means proposed within the text of the commercial email. 

4. Methods of processing

In relation to the purposes referred to in the previous point, the processing of personal data takes place in compliance with the principles of confidentiality, correctness, lawfulness and transparency, using manual, computer and telematic tools, with logic strictly related to the purposes themselves also through the use of fax, telephone, mobile phone, email or other distance communication means. Personal data will be managed by implementing appropriate technical and organisational measures to guarantee a level of security appropriate to the risk pursuant to GPDR article 32.

5. Intended recipients of the data
Your Personal Data may be shared, for the purposes referred to in the section above, with: a. parties that typically act as data controllers; that is: i) people, companies or professional firms that provide assistance and consultancy services to ROMEI SRL in accounting, administrative, legal, tax, financial and debt collection with regard to the provision of services ; ii) parties with whom it is necessary to interact for the provision of the services; iii) or parties delegated to perform technical maintenance activities (including the maintenance of network equipment and electronic communications networks);
b. individuals, bodies or authorities to whom we are obliged to communicate your personal data in accordance with the provisions of law or orders of the authorities;
 c. persons authorised by ROMEI SRL to process Personal Data necessary to carry out activities strictly related to the provision of the services, who are committed to confidentiality or have an appropriate legal obligation of confidentiality, such as employees of ROMEI SRL;
 d. business partners for their own purposes, autonomous and distinct, only if you have given specific consent. 
The complete list of data processors is available by sending a written request to ROMEI SRL at

6. Data retention period
The data will be processed for the entire duration of the contractual relationship and also subsequently, for the fulfilment of legal obligations and for administrative and commercial purposes.

7. Rights of the data subject
Pursuant to articles 7, 15, 16, 17, 18, 20, 21 and 22 of EU Regulation no. 2016/679, the data subject has the right to obtain confirmation that data concerning him or her is being processed and, in this case, to obtain access to the data and the following information:
 The data subject has the right to obtain an indication:
 a) of the purposes of the processing;
 b) of the categories of personal data in question;
 c) of the recipients or categories of recipients to whom the personal data has been or will be communicated, in particular if the recipients are from third countries or international organisations;
 (d) where possible, of the retention period of the personal data provided or, if this is not possible, the criteria used to determine this period;
 e) of all available information on the origin of the data if it is not collected by the data subject;
f) of the existence of an automated decision-making process, including profiling.
The data subject also has:
 a) the right to obtain from the data controller the correction of inaccurate personal data concerning him without undue delay;
 b) the right to obtain the deletion of personal data concerning him/her from the data controller ("right to be forgotten") without undue delay;
 c) the right to obtain from the data controller restriction of processing;
 d) the right to oppose at any time, for reasons connected with his or her particular situation, to the processing of personal data;
 e) the right to receive personal data concerning him or her in a structured, commonly used and readable format by automatic device;
 f) the right to withdraw consent at any time;
 g) the right to lodge a complaint with a supervisory authority;
 h) the right to be informed of the existence of adequate safeguards, if personal data is transferred to a third country or to an international organisation;
 i) the right to obtain a copy of the data being processed.
To exercise these rights, you can contact the Data Controller at the contact points indicated in paragraph 1- Data Controller, by submitting a specific request by registered letter, fax and/or email. 

8. Data transfer
In compliance with the provisions of the relevant legislation, the personal data provided may be transferred for the purposes referred to in the previous section to the countries of the European Union or to third countries with respect to the European Union. ROMEI SRL ensures that the processing of your Personal Data by these Recipients takes place in compliance with the Regulations. Indeed, data transfers may be based on an adequacy decision or on the Standard Contractual Clauses approved by the European Commission. Further information is available from the Data Controller.

9. Cookies
What are Cookies
 A cookie is a small amount of data, often containing a unique anonymous identification code, which are sent to the browser by a web server and then stored on the hard drive of the user's computer. The cookie is then read again and identified only by the website which has sent it whenever the user visits that website.
Remember that a browser is the software that allows you to browse the internet by viewing and the transfer of information on the hard disk of the user's computer. If the browser preferences are set to accept cookies, any website may send its cookies to the browser, but – in order to protect privacy – it can only detect those sent by the site itself, and not those sent to the browser from other sites.

In any case, cookies cannot cause damage to the user's computer.

The user's privacy is essentially guaranteed by the fact that he or she can AT ANY TIME:
> configure the browser to accept all cookies, reject them all or receive a notification when one is sent,
> delete one, some or all cookies.
Each browser has its own specific settings, so remember to consult the "Help" section of the browser used to get more information on how to change the preferences.

Internet Explorer:

Mozilla Firefox

Google Chrome

Apple Safari

Cookies are not used to transmit information of a personal nature, nor are user-tracing and identification systems employed.
The use of  what are called session cookies (which are not permanently stored on the user's computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers necessary to allow for safe and efficient web browsing.
The session cookies used on this website avoid using other computer techniques that potentially compromise the confidentiality of users who are browsing the website and do not allow the acquisition of personal data that identifies users. Technical cookies are those used for the sole purpose of "carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service" (see article 122, paragraph 1, of the Italian Code). These are not used for any further purposes. They can be divided into browser or session cookies, which guarantee the normal browsing and use of the website (allowing purchases to be made, for example, or obtaining authentication to access restricted areas); analytics cookies, which are similar to technical cookies in that they are used directly by the website manager to collect information, in aggregate form, on the number of users and how they visit the site; functional cookies, which allow the user to browse based on a set of selected criteria (for example, the language, the products selected for purchase) in order to improve the service rendered to them. To install these cookies, prior consent from users is not required.

We use cookies essentially to understand how visitors interact with the Service and to facilitate the user experience by speeding up and personalising communication and navigation as much as possible and to put ourselves in a position to provide the best service. Cookies make it possible to recognise the user who has already visited our site (or to be precise, the device used by him or her), thus being able to remind him or her, for example, what he has already visited highlighting any updates.
In any case, cookies cannot cause damage to the device used by the user.

This site uses Google Analytics, a web analysis service provided by Google Inc. for the generation of statistics on the use of the web portal Google Analytics uses of "cookies", which are stored on your computer to analyse the use of the site by of users. The information generated by the cookie about the use of the website (including the IP address) is transmitted from the user's browser to Google, located at 1600 Amphitheater Parkway, Mountain View, CA 94043, United States, and held on its servers . 
Google Analytics collects information anonymously without identifying individual visitors. Browsers do not share the Google Analytics tool's proprietary cookies between various domains. Google Analytics does not report information about actual addresses: Google Analytics communicates information so that only part of the IP address for geolocation is used, rather than the whole address, using a method known as IP masking. 
Google will use this information for the purpose of tracing and examining the use of the website, compiling reports on site activities and providing other services to the owner of the website related to the activities of the website, connection methods (mobile, computer, browser used, etc.) and means of searching and reaching the web portal pages. 
Google may also transfer this information to third parties where required by law or where such third parties process the above information on Google's behalf. Google will not associate your IP address with any other data held by Google. 
It is possible to disable Google Analytics cookies by using the opt-out browser add-on provided by Google to the main browsers. In this way it will also be possible to use online services.
See also:
- Google Analytics terms of service
 - the privacy policy of the Google company

http: //
 - the privacy policy of Google .com/intl/en/privacy/privacy-policy.html

10. Managers and persons in charge/authorised
The list of persons in charge of the processing and authorised processors, which is continuously updated, is kept at the registered office of the Data Controller.