PRIVACY NOTICE PURSUANT TO ARTICLE 13 AND 14 OF REGULATION (EU) 2016/679 – General Data Protection Regulation (GDPR)

Dear sir or madam,

this notice regarding the handling and protection of personal data (the “Privacy Notice”) is provided in accordance with Article 13 of Regulation (EU) 2016/679 – “European General personal data protection Regulation – GDPR”.

  1. “Data Controller” (Article 4(7) GDPR) identification and contacts

RomARS S.r.l.

Legal address: Via Palestro 95, 00185, Roma

C.F./P.I. 15852311008

Data Controller: Prof. Francesco Zampognaro (vice president)



  1. Legal basis for processing personal data

We collect and use personal data provided by you, the data subject, e.g. your personal details, to the extent that is needed and helpful to attain the purposes for which they are provided. The types of sensitive data are kept in a Data Register managed by the Data Controller and available on request.

  1. Data retention

We will keep personal data for the time required to implement the contract and subject to legal, accounting and financial requirements.

  1. How data is processed

We process your personal data on electronic form and enter your data into relevant databases that may be accessed – hence your data be disclosed to – our company’s employees, contractors/consultants  interns and other authorised individuals. Said employees, contractors/consultants  interns and other authorised individuals may consult, use, process, compare the data as well as carry out any other appropriate action, including using automated means, always in compliance with statutory requirements that ensure, inter alia, protection of the confidentiality and security of the personal data, as well as data accuracy, update and appropriateness to the purposes for which the data is collected and used, as stated above.

  1. Mandatory and optional data

All data required are mandatory and failure to provide it may result in the impossibility to establish the contractual services.

  1. Data Subject Rights

In relation to your personal data you can exercise your rights as data subject under the  GDPR, namely:

  • Right of access [article  15 of the GDPR];
  • Right to rectification [article  16 of the GDPR];
  • Right to erasure (‘right to be forgotten’) [article  17 of the GDPR];
  • Right to restriction of processing [article  18 of the GDPR];
  • Right to data portability [article  20 of the GDPR];
  • Right to object [article  21 of the GDPR].

You have the right to withdraw your consent at any time.

The rights set out above can be exercised in writing by sending a Certifed mail, certified email (PEC) or email as detailed in art. 1. pursuant to article 19 of the GDPR, we shall communicate any rectification or erasure of personal data or restriction of processing requested  by you, the data subject, to each recipient to whom your personal data has been disclosed, unless this proves impossible. You as data subject have also the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).

  1. Profiling

Your data will not be subject to any automated processing and profiling

  1. Use of your data

If the Data Controller intends to further process the personal data for a purpose other than that for which they were collected, including the transfer to third-party marketing or profiling companies, even outside the EU, before such further processing the Data Controller will provide the information regarding this different purpose and any further relevant information to update the privacy consent.

Without your express consent (ex Article 24 (a), (b), (d) of the Privacy Code and Article 6 (b), (c) of the GDPR), the Controller may disclose your data with the above-mentioned purposes to supervisory bodies, judicial authorities and to any third-party to which the disclosure of data is mandatory under the law.

Rome, 25-10-2020

The Data Controller

RomARS S.r.l. – Prof. Francesco Zampognaro