INFORMATION NOTICE FOR THE PROCESSING OF PERSONAL DATA PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679 (GDPR)
In accordance with the applicable legislation, including Regulation (EU) 2016/679 “General Data Protection Regulation” (“GDPR”), Legislative Decree No. 196/2003 (“Privacy Code”) and Legislative Decree No. 51/2018, as well as other applicable provisions on the protection of personal data (the “Privacy Legislation”), Fondazione Roma Regeneration ETS – Third Sector Entity, as the data controller, informs you that it will process the data provided by the user or otherwise obtained through the use of the website https://romaregeneration.it/v1/ (the “Site”) in the manner and for the purposes described below in this notice (the “Notice”).
The terms of this Policy apply exclusively to this Website and not to other websites owned by the Controller or third parties that the user may access via links contained on this Website. If the user accesses another website, it is recommended to review the privacy policy applicable to that site.
By browsing this Website, the user acknowledges having read and understood the content of this Policy.
1. Contact details of the Data Controller and the Data Protection Officer
The Data Controller is Fondazione Roma Regeneration ETS – Ente Terzo Settore (hereinafter also referred to as the “Controller” or the “Foundation”), with its registered office at Via Claudio Monteverdi, 16 – 00198 Rome. You can contact the Data Controller via email at privacy@romaregeneration.it or by regular mail at the address mentioned above.
2. Types of Personal Data Processed Through the Website
The Data Controller processes the following types of personal data of users who browse and interact with the website’s web services, in particular:
Browsing data
The IT systems and software procedures responsible for the operation of the Website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of internet communication protocols or is used to improve the quality of the service provided. These are information not collected to be associated with identified data subjects, but which, by their very nature, could, through processing and association, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users connecting to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and IT environment.
These data are used to gather anonymous statistical information on the use of the Website and to monitor the proper functioning of the IT systems. The data may also be used for the detection of responsibility in the case of hypothetical cybercrimes or in the event of damage to the Foundation or to third parties.
Data voluntarily provided by the data subject
Users are not required to provide personal data to visit the Website. However, contacts between users and the Foundation, through the completion of contact forms in the “Contact” section, sending emails, messages, or any type of communication to the addresses listed on the Website, result in the acquisition of common personal data, such as, by way of example, name, surname, email, as well as any other personal data that may be voluntarily provided by the user when interacting with the Foundation through the Website. Therefore, if the user wishes to avoid the processing of their data by the Foundation, they are encouraged not to submit any requests or, at the very least, to provide the smallest amount of personal data possible.
Further purposes of the processing
Within the Website, there are additional privacy notices (e.g., volunteer privacy notice, event privacy notice, etc.) depending on the specific categories of data subjects whose data are processed by the Foundation. These notices are provided to inform users about the methods and purposes of the processing, in accordance with Articles 13 and 14 of the GDPR.
Purpose and legal basis of the processing
Personal data may be collected and processed for the following purposes:
| Purpose of processing | Legal basis of processing | Nature of provision |
| Allow users to use the web services of the Website | ;Article 6, paragraph 1, lett. b) of the GDPR: for the execution of a contract to which the data subject is a party or for pre-contractual measures taken at the request of the data subject. | The provision of personal data is necessary and does not require your consent. Failure to provide the data may result in the inability of the Foundation to fulfill the requested service, comply with legal obligations, and respond to or process your requests. Providing personal data through the contact forms on the Website is not a legal or contractual requirement; however, providing the data is necessary to respond to your request. |
| Manage user information requests | ;Article 6, paragraph 1, lett. b) of the GDPR: for the execution of a contract to which the data subject is a party or for pre-contractual measures taken at the request of the data subject. | |
| Prevent the commission of illegal acts through the Website | ;Article 6, paragraph 1, lett. f) of the GDPR: for the pursuit of a legitimate interest of the Data Controller. | |
| Protect the rights of the Foundation in the event of potential legal disputes | ;Article 6, paragraph 1, lett. f) of the GDPR: for the pursuit of a legitimate interest of the Data Controller. | |
| Comply with the legal obligations to which the Foundation is subject | ;Article 6, paragraph 1, lett. c) of the GDPR: for the fulfillment of legal obligations to which the Data Controller is subject. |
For any personal data processing carried out through cookies, please refer to the dedicated Cookie Policy.
If the Data Controller intends to use the personal data collected for any other purpose incompatible with the purposes for which they were originally collected or authorized, the Data Controller will inform the user in advance, and the user may also deny or withdraw their consent.
Processing Methods
Within the organizational structure of the Foundation, personal data will be processed by individuals authorized to process the data who act under the authority of the Data Controller, properly trained by the Data Controller, primarily using electronic systems in accordance with the principles applicable to the processing of personal data under Article 5 of the GDPR.
Criteria used to determine the retention periods of personal data
Your data will be retained for the period necessary to fulfill legal obligations.
The retention period of the data depends on the purposes for which they are processed and may therefore vary. The criteria used to determine the applicable retention period are as follows: the personal data subject to this Privacy Notice will be retained for the time necessary (i) to manage the contractual relationship with the user, (ii) to manage complaints or specific requests from the user, (iii) to assert rights in legal proceedings, and (iv) for the period required by applicable legal regulations.
For the retention periods of any personal data processed through cookies, please refer to the Cookie Policy.
Communication, dissemination, and transfer of personal data
Personal data will not be subject to dissemination and may be communicated to the competent authorities or public or private entities for the fulfillment of legal obligations.
The personal data collected may be processed by third-party providers, acting as data processors in relation to services provided on behalf of the Foundation, based on specific contractual agreements, possibly for occasional maintenance operations and as necessary to carry out services upon specific requests.
Your personal data will not be transferred outside the European Union and/or the European Economic Area (“SEE“)
The complete list of these individuals or categories of individuals is available at the Data Controller’s office and can be requested by sending a communication to the contact details provided in paragraph 1 of this Privacy Notice.
Rights of the data subject
Within the limits established by Article 2-undecies of the Privacy Code, you have the right to exercise at any time the rights recognized by Articles 15 to 22 and 77 of the GDPR, as briefly summarized below:
- RIghts of access: You may request information regarding the processing we carry out on your data or confirmation that the Data Controller processes your personal data. In this case, you can request us to provide a copy of your data and verify which data we hold.
- Right to rectification: You have the right to request the correction of your personal data if it is inaccurate, including the right to request the completion of incomplete personal data.
- Right to cancellation: You have the right to request the deletion of your data (or part of it) that you have provided to us, including data that is no longer necessary to retain in relation to the purposes for which the data was collected or otherwise processed
- Right to restrict processing: You may request us to restrict the processing of your personal data if the legal circumstances apply.
- Right to object: You may object to the processing of your personal data, unless there are overriding legitimate grounds for continuing such processing.
- Right to data probability: You may obtain from the Foundation, in a structured, commonly used, and machine-readable format, the personal data you have provided to us, in order to transmit it to another entity. This right is applicable when the Foundation processes such data through automated means, based on consent or for the purpose of providing services.
- Right to withdraw consent: When the processing is based on consent, you have the right to withdraw it at any time, without affecting the lawfulness of the processing carried out before such withdrawal.
- Diritto di non essere sottoposto ad un processo decisionale automatizzato: potrà richiedere di non essere sottoposto ad un trattamento basato unicamente su un processo decisionale automatizzato, compresa la profilazione, che produca effetti giuridici che la riguardano o che incida in modo analogo significativamente sulla sua persona. Tale diritto non potrà essere esercitato qualora: i) il trattamento sia necessario per la conclusione di un contratto tra Lei e il Titolare; ii) il trattamento sia autorizzato dalla legge; iii) il trattamento si basi sul Suo consenso.
- Right to lodge a complaint with the Supervisory Authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the competent Supervisory Authority if you believe that the processing of your data violates the applicable data protection laws.
Subject to the methods provided by the Data Protection Authority to file a potential complaint, for all other rights, you may send a request to the Data Controller using the contact details provided in paragraph 1 of this Privacy Notice.