Privacy policy – Article 13 of EU Regulation. 679/2016
The company, CRAZY4ROME Srls , legally registered in Via Ortigara 3, in Rome, tax code/VAT number 15202151005, in the person of the Legal Representative and CEO, Mario Loffa, born in Carife (AV) on 04/02/1952 and resident Fara in Sabina (RI) and with elective domicile at the company’s headquarters in his capacity as Data Controller, informs you of the changes to the management of the website and online platforms in compliance with national (D. Lgs 30 June 2003 n.196 ‘Code for personal data protection’) and EU (GDPR n. 679/2016) personal data regulations. CRAZY4ROME Srls is committed to making sure that those who visit the following websites:
crazy4rome.it
crazy4rome.com
romebylocals.com
romebylocals.it
naplesbylocals.com
naplesbylocals.it
florencebylocals.com
florencebylocals.it
milanbylocals.com
milanbylocals.it
Feel protected while navigating our websites and if they choose to share their personal data in order to access specific functions and/or services. For these reasons, we invite you to read this statement carefully before sharing personal data of any kind or filling out any electronic forms present on this website. The information contained in this statement will address:
- OBJECT OF THE TREATMENT
- PURPOSE OF THE TREATMENT
- METHOD OF TREATMENT
- DATA RETENTION
- ACCESS TO DATA
- COMMUNICATION OF DATA
- TRANSFER OF DATA
- EXERCISABLE RIGHTS
- MODE OF EXERCISE OF RIGHTS
- OWNER, DATA PROCESSORS AND THE DATA PROTECTION OFFICER (DPO)
- Object of the treatment
What data is used?
The owner handles:
- personal, identifying and non-sensitive data, in particular, name, surname, tax code, VAT number, e-mail address or certified email address, telephone and fax number, residence, domicile, data necessary for the provision of services within the portal itself, including navigation data, as well as any other data that will be provided by you when filling in the various forms;
- navigation data acquired by the IT systems and software procedures used to operate the websites indicated above.
This information is not collected in order to be associated with identified interested parties, but which, by its very nature could, through processing and association with data held by third parties, allow users to be identified. In this category of data there are IP addresses or domain names linked with the computers which the users use to navigate the website, URI addresses of requested resources, the time of request, the channel used to issue the request to the server, the size of the file obtained following a request, the numeric code indicating the status of the response given by the server, and other parameters referring to the operation system and the IT background of the user:
- data related to your preferences and interests; in particular: the content used, the use of the services, the functions used, the connection times, the traffic data, the navigation data on the owner’s sites and social profiles or business partners or third parties, the IP address, devices and connectivity used. This data can also be collected by means of cookies and metadata;
- data voluntarily provided by the user:
In order to access certain services/features or transmit requests, users could send their personal data to Andrea Tarsi (e.g. their e-mail address). This data will be processed by the owner only to allow the use of the services/features involved and to manage requests, for the time technically necessary for these purposes. When such data is collected for other purposes, this will be indicated from time to time by specific information and, where necessary, consent will be requested for data processing.
- Purpose of the treatment
Your personal data will be processed:
- without your consent (article 6, letters b, c, f, GDPR), for the following purposes:
- to run a service or an operation contractually agreed upon, with particular reference to the registration on the above mentioned websites and access to their content;
- for the implementation of financial or tax duties;
- in order to contact you through the means which you have shared, to respond to requests which you have submitted through one of our forms;
- to adhere to legislative and regulatory procedures (national and European), or to carry out orders from judicial or security bodies;
- to enforce or defend the rights of the Data Controller in legal actions;
- with your consent (article 7, GDPR), for the following purposes:
- promotion of CRAZY4ROME SRLs’ products and services by sending advertising, informative and promotional material, as well as updates on initiatives and offers to reward customers, market research, economic analysis and statistics;
- communications to third parties to send advertising, informative and promotional material relating to their products or services.
The provision of data for the purposes referred to in letter a) above is mandatory. The lack of data and / or any express refusal to process will make it impossible for the owner to follow up on requests or to comply with the requests of the competent authorities.
On the contrary, the provision of data for the purposes referred to in letter b) is optional, with the consequence that you can decide not to give your consent, or to withdraw it at any time.
No automated decision-making procedures regarding physical persons are employed by CRAZY4ROME Srls, and should this system be implemented, CRAZY4RME Srls will collect specific consent prior to the activation of the system.
- Processing methods
How is your data used?
The processing of your personal data will be carried out with or without the aid of IT systems.
The company CRAZY4ROME SRLs is committed to ensuring the physical and logical security of the data and, in general, the confidentiality of the personal information, putting in place all the necessary technical and organizational measures to ensure its safety.
- Conservation of data
How long is your data kept?
The personal data collected for the purposes referred to in this statement will be processed and stored for the duration of any relationship established and also subsequently within the limits granted by law, for administrative and accounting purposes, as well as to assert or protect the rights of the Owner, where necessary.
- Access to data
Who can have access to your data?
Your data is accessible to:
- employees and/or collaborators of CRAZY4ROME SRLs ;
- subsidiaries and/or investee companies and/or associates and/or affiliates that contribute to creating, maintaining and improving all the services of the owner in their capacity as persons in charge and/or internal managers of the processing and/or system administrators;
- business partners and service providers who carry out outsourcing activities on behalf of CRAZY4ROME SRLs in their quality of external controllers – performance-related activities, both instrumental or supporting those of the owner, such as: required management and maintenance of websites and apps, customer support, management of information technology systems, editorial services, credit recovery, data processing services for billing, filing of documentation relating to customer relations, etc.
- Disclosure of data
Who can your data be communicated to?
The company, CRAZY4ROME SRLs can disclose your data without your express consent for service purposes:
- to the judicial authorities, at their request;
- to subsidiaries and/or investee companies and/or associates and/or affiliates, to the owner’s sales network and to all the other subjects to whom it is necessary to communicate them, by law or contract, to allow the performance of the purposes described above (for example, credit institutions, professional firms, business partners).
The holder can communicate your data, with your express consent, to companies controlled and/or subsidiaries and/or affiliates and/or subsidiaries of CRAZY4ROME SRLs to allow the conduct of autonomous marketing purposes described in section 2 letter b).
These subjects will retain your data in their capacity as independent data controllers. In any case, we want to reassure you that your data will not be disclosed.
- Data transfer
Where can your personal data be transferred to?
Your data may be transferred outside the European Union to the subjects specified in paragraphs 5 and 6. To protect your data in the context of these transfers, the Data Controller will adopt appropriate guarantees, including suitability decisions and standard contractual clauses approved by the European Commission.
- Rights of the interested party
In your capacity as an interested party, you can exercise the rights referred to in articles 15 to 22 GDPR.
If the legal limitations do not apply, you have the right:
- to have the existence (or not) of your personal data confirmed, even if it has not yet been recorded and to request that such information is made available in a clear and understandable way
- to ask for clarification and, if necessary, a copy:
- of the origin and category of your personal data:
- where the personal data is not collected from the data subject, any available information as to its source;
- of the purposes and methods of treatment;
- of the identity of the owner and managers;
- of the recipients, or categories of recipients, to whom your personal data may be communicated and who may become aware of them
- of information about the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
- of the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
- of the existence of adequate safeguards in the event of your data being transferred to a non-EU country or to an international organization:
- to have your incorrect data updated, modified or corrected, or your incomplete data completed, without there being a justifiable delay, should you wish it;
- to delete or block your data or, where possible, transform it into an anonymous form:
- if unlawfully processed;
- if no longer necessary in relation to the purposes for which it was collected or subsequently processed;
- in case of the consent being withdrawn on which the treatment is based and if there is no other legal basis;
- in the event that there is opposition to the processing and there are no further legitimate reasons to continue using your data;
- if it is imposed by law;
- if it refers to minors.
The Data Controller may refuse to delete your data in the case of:
- exercising the right of freedom of expression and information;
- fulfilment of a legal obligation, execution of a task carried out in the public interest or exercise of public powers;
- reasons of public interest in the area of public health;
- archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes;
- the establishment, exercise or defence of legal claims
- to obtain the limitation of data processing in the case of:
- contestation of the accuracy of personal data, if you have not requested the modification, updating or correction of your data;
- unlawful processing by the Data Controller to prevent cancellation;
- exercise of a legal claim;
- verification of the possible prevalence of the legitimate reasons of the Data Controller compared to those of the interested party.
- to receive, if the processing is carried out by automatic means, without hindrance and in a structured, commonly used and legible format, the personal data concerning you that you have provided us, through prior consent or through a contract, to transmit it to another Data Controller or – if technically feasible – to obtain direct transmission from the owner to another owner
- to object at any time in whole or in part:
- on grounds relating to the processing of your personal data, linked to your particular situation;
- to the processing of personal data for marketing and/or profiling (i.e. you can oppose the sending of advertising or direct sales material or the carrying out of market research or commercial communication, through the use of automated calling systems without the intervention of an operator, through email and through traditional marketing methods, by phone and post).
For all the cases mentioned above, if necessary, the Data Controller will disclose the third parties to whom your personal data has been communicated in order to exercise your rights, with the exception of specific cases (e.g. when such fulfilment proves impossible or involves using means manifestly disproportionate to the protected right).
- How to exercise your rights
You can at any time modify and revoke the agreed terms and exercise your rights by contacting the Data Controller using the following contact details:- postal address: Crazy4rome Srls , Via Ortigara 3, 00195 Rome (RM), VAT / Codice Fiscale (tax code) 15202151005, REA: RM-1574619, certified email address: crazy4romesrls@legalmail.it , SDI (destination) code: M5UXCR1, tel. +39 0656558438, in the person of the Legal Representative.
For the processing referred to in this policy, you have the right to lodge a complaint with the Guarantor for the Protection of Personal Data (www.garanteprivacy.it).
- Owner, DPO and Data processors
- The Data Controller is Crazy4rome Srls;
- Pursuant to art. 37 GDPR, the Data Controller has appointed the Data Protection Officer, whose contact details are as follows:
Data Protection Office: Via Ortigara, 3 – 00195 Rome – Italy
Data processors: The updated list of data processors is kept at the headquarters of the Data Controller.
Date: 02/05/2020