The European Personal Data Protection Regulation (EU Regulation 2016/679), which protects the rights and freedoms of natural persons, in Articles 13 and 14, requires providing information to data subjects, who are the data owners.
As the owner, we are responsible for collecting and processing your personal information in connection with our activities.
With this policy we want to provide you with detailed information about the protection of your personal data processed by our website, in particular we inform you about:
– Which of your personal data we process;
– The purposes for which we process them;
– The retention period of your data;
– what your rights are and how you can exercise them.
The data controller
The data controller is the Euro Rome 2024 Foundation.
To contact the owner you can write to: email@example.com
What personal data we process and why
The categories of data we may collect are as follows:
– identifying and biographical data (e.g., first name, last name, place and date of birth, gender, photo);
– Contact information (e.g., address, e-mail address);
– Browsing data (e.g., cookies).
The data collected through the website are processed with the support of computer and telematic means and are protected with adequate security measures suitable to guarantee confidentiality, integrity and availability. The data will be recorded in special databases, and used strictly and exclusively in the context of browsing the website.
Personal data are freely provided by you or, in the case of usage data, automatically collected as you browse this site.
Unless otherwise specified, all data requested by this site are mandatory.
If you refuse to disclose them, it may be impossible to provide you with certain services. In cases where some data are indicated as optional, you are free not to provide them to us without any consequence on the availability and operation of the service.
If you should have any doubts about which data are mandatory, you can contact the data controller.
By using some features of this site, you may obtain, publish, or share personal information from third parties. Therefore, by using this site, you assume responsibility for the use of third-party data and guarantee that you have the right to communicate, use or disseminate them, releasing the owner from any liability to third parties.
We never ask for personal data about your racial or ethnic origins, political opinions, religious or philosophical beliefs, trade union membership, genetic data, or data concerning your sexual orientation unless required by a legal obligation. It is understood, that where we have to process such data also in other cases, we will provide you with specific information and acquire your explicit consent.
Details on the processing of personal data
Personal data may be collected and processed for one or more of the following services provided by this website: WWW.ROMA2024.EU
Contacting You (Contact Form)
The user, by filling out the contact form with his or her data, consents to their use to respond to requests for information, quotes, or any other nature indicated by the header of the form, for example.
Personal data collected: first name, last name, e-mail, address, telephone, etc.
Mailing list or newsletter
By subscribing to the mailing list or newsletter, your e-mail address is placed on a contact list to which e-mail messages containing information about this site may be sent. The user’s e-mail address may also be added to this list as a result of registration.
Personal data collected: first name, last name, e-mail, address, telephone, etc.
This website uses Google Analytics, a web analytics service provided by Google Inc.
This site does not use, and does not allow third parties to use, Google’s analytics tool to track or collect personally identifiable information.
Google does not associate your IP address with any other data held by Google or try to link an IP address with a computer user’s identity. Google may also transfer this information to third parties where required by law or where such third parties process this information on Google’s behalf.
By using the website you consent to the processing of your data by Google in the manner and for the purposes stated above.
Analytical data is saved on Google Analytics systems completely anonymized, so it cannot be traced back to the end user.
SPAM protection service
It is a SPAM protection service set up within the site.
Purposes of the treatments
Processing consists of the operations or set of operations specified in Article 4(2) of EU Regulation 2016/679, i.e. any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or sets of personal data, such as collection recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction.
Specifically, the processing done with your data when you use this website may have the following purposes:
– Use of the website and its features;
– Use of the services provided by the website;
– Provision of services required while browsing the website including collection, storage and processing for operational and technical management;
– Provision of the services required by registering on the website and creating your account and profile including the collection, storage and processing of data for the operational, technical and administrative management of the relationship (and the created account and profile) for the provision of services and communication related to the provision of services;
– Management of relations with third-party authorities and public bodies for purposes concerning particular requests and fulfillment of legal obligations.
Period of retention of personal data
For your personal data, processed exclusively for the above purposes, the retention period is related to the service for which you provided the data, for example:
– personal data collected for purposes related to the performance of a contract will be retained until the performance of that contract is completed;
– personal data collected for purposes attributable to the legitimate interest of the owner will be retained until that interest is satisfied.
You can obtain further information regarding the legitimate interest pursued by the owner by contacting him at the following e-mail: firstname.lastname@example.org
The retention period is defined in consideration of the statute of limitations for rights in relation to which we may need to defend ourselves or the retention requirements imposed by legislation. Your personal information may be recorded on protected computer media, and paper forms will be properly maintained and protected. Your personal information will not be disseminated.
When processing is based on consent, the controller may retain personal data until consent is revoked. In addition, the controller may be required to retain personal data for a longer period than is necessary for processing in compliance with a legal obligation or by order of an authority.
At the end of the retention period, personal data will be deleted. Therefore, after the expiration of this deadline, the rights under EU Regulation 2016/679 can no longer be exercised.
What rights do you have over your data
In order to provide the data subject with the greatest guarantees regarding the processing of his or her data, the European Regulation (GDPR) presents a section dedicated to the rights that the data subject can exercise against the data controller, below is the list of rights:
– Data subject’s right of access (Art. 15);
– Right of rectification (Art. 16);
– Right to erasure (“right to be forgotten”) (Art. 17);
– Right to limitation of processing (Art. 18);
– Right to data portability (Art. 20);
– Right to object (Art. 21).
The exercise of rights by the data subject can be made through a request to be addressed to the data controller, the request can be made through the Rights Exercise Model.
The holder must provide information regarding the request to exercise rights without undue delay, and in any case, no later than one month after receipt of the request. This deadline may be extended by another two months, if necessary, in case of complexity and large number of requests. The holder shall inform the data subject of the extension and the reasons for the delay within one month of receipt of the request. If the data subject’s requests are unfounded or excessive (repetitive), the owner may charge a fee or refuse the request.
Data subject’s right of access (Art. 15)
The data subject has the right to obtain confirmation from the data controller as to whether or not personal data concerning him or her are being processed, and if so, to obtain access to the personal data and the following information:
(a) the purposes of processing;
(b) the categories of personal data in question;
(c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, particularly if recipients in third countries or international organizations;
(d) the intended retention period of personal data or, if this is not possible, the criteria used to determine this period;
(e) the existence of the data subject’s right to request from the data controller the rectification or erasure of personal data or the restriction of the processing of personal data concerning him or her or to object to their processing;
(f) the right to file a complaint with a supervisory authority;
(h) the existence of automated decision-making, including profiling, and, at least in such cases, meaningful information about the logic used, as well as the significance and expected consequences of such processing for the data subject.
Right of rectification (Art. 16)
The data subject has the right to obtain from the data controller the rectification of his/her inaccurate personal data without undue delay. Taking into account the purposes of the processing, the data subject has the right to obtain the integration of incomplete personal data, including through a supplementary declaration. The data controller must notify each of the recipients of the rectification made, unless such notification is impossible or particularly burdensome. The owner is required to notify the recipients of the data to the data subject if the data subject requests it.
Right to erasure (“right to be forgotten”) (Art. 17); The data subject has the right to obtain from the data controller the erasure of personal data concerning him or her without undue delay, and the data controller has the obligation to erase the personal data without undue delay, if one of the following grounds exists:
(a) personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
(b) the data subject withdraws the consent on which the processing is based and if there is no other legal basis for the processing;
(c) the data subject objects to processing under Article 21(1) and there is no overriding legitimate reason for processing, or objects to processing under Article 21(2);
(d) personal data have been processed unlawfully;
(e) personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the data controller is subject;
(f) the personal data were collected in relation to the provision of information society services as referred to in Article 8(1) of EU Regulation 2016/679.
Right to limitation of processing (Art. 18)
The data subject has the right to obtain from the data controller the restriction of processing when one of the following cases occurs:
(a) the data subject disputes the accuracy of personal data, for the period necessary for the data controller to verify the accuracy of such personal data;
(b) the processing is unlawful and the data subject objects to the deletion of personal data and instead requests that their use be restricted;
(c) although the data controller no longer needs them for the purposes of processing, the personal data are necessary for the data subject to establish, exercise or defend a right in court;
(d) the data subject has objected to the processing pursuant to Article 21(1) of EU Regulation 2016/679 pending verification as to whether the data controller’s legitimate grounds prevail over those of the data subject.
Right to data portability (Art. 20)
As stipulated in Art. 20 of EU Regulation 2016/679, in some special cases (e.g., processing carried out by automated means), the data subject has the right to receive personal data concerning him or her provided to a data controller and has the right to transmit it to another data controller. The data subject has the right to obtain the direct transmission of personal data from one controller to another, if technically feasible and if it does not infringe the rights and freedoms of others.
Right of opposition (Art.21)
Data subjects have the right to object at any time to the processing of personal data concerning them, including profiling. The data controller shall refrain from further processing personal data except in special cases. Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her carried out for such purposes, including profiling insofar as it relates to such direct marketing.
If the data subject objects to processing for direct marketing purposes, personal data are no longer processed for such purposes.
Legal basis for processing
The holder processes your personal data if any of the following conditions exist:
– you have given consent for one or more specific purposes. (Note that in some jurisdictions the controller may be allowed to process personal data without the consent of the data subject or another of the legal bases specified below, until the data subject objects (opts out) of the processing. This mode is not applicable when the processing of personal data is regulated by European data protection legislation);
– processing is necessary for the performance of a contract entered into with you and/or the execution of pre-contractual measures;
– processing is necessary to fulfill a legal obligation to which the owner is subject;
– the processing is necessary for the performance of a task of public interest or the exercise of public authority vested in the holder;
– processing is necessary for the pursuit of the legitimate interest of the owner or third parties.
However, it is always possible to ask the data controller to clarify the concrete legal basis of each processing and in particular to specify whether the processing is based on law, required by a contract or necessary to conclude a contract.
To whom we may disclose your information
The owner processes users’ personal data by taking appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of personal data.
Processing is carried out by means of computer and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated.
In addition to the data controller, certain categories of appointees who are part of the company (e.g., administrative, sales, marketing, legal, system administrators, etc.) or external parties (e.g., third-party technical service providers, postal couriers, hosting providers, IT companies, communications agencies, etc.) also appointed, if necessary, as Data Processors by the data controller, may have access to the data. The updated list of Data Processors can be obtained from the data controller.
In the event that it becomes necessary to disclose your data to third parties, data processing will be allowed only to individuals with appropriate skills, who will use electronic and non-electronic tools, configured to ensure the confidentiality and protection of your personal data.
Hosting and backend infrastructure
The function of this type of service is to host data and files that enable the website to function, allow it to be published, and provide a ready-to-use infrastructure to deliver specific services. Some of these services operate through geographically dispersed servers in different locations, making it difficult to determine the exact location where personal data are stored.
Your personal data may be disclosed, for the purposes defined above, to external collaborators.
Information on the transfer of data to a third country
There are no data transfers to third countries or international organizations.
The company reserves the option of using cloud services, in which case the service providers will be selected from among those who provide adequate guarantees, as stipulated in Art. 46 of the EU Regulation.
Automated decision making
The company does not currently have an automated decision-making process.
The cookies in use on this site do not allow the collection of personal information, do not link the user’s IP address to his or her identity, and are not for advertising or marketing purposes, even when they are managed by external sites.
Treatment for other purposes
In the event that the company should process your personal data for purposes other than those listed in this policy, you will receive adequate information before proceeding with such processing and, if necessary, you will be asked to give consent again.
Subject to administrative or judicial action, you may file a complaint with the Data Protection Authority, unless you reside or work in another EU member state. In the latter case, or in the case where the violation of data protection legislation takes place in another EU country, the competence to receive and hear the complaint will be of the Supervisory Authorities of the country where the processing takes place.
Where changes affect processing whose legal basis is consent, the owner will re-collect consent as necessary.