Information notice for the processing of personal data

Information notice for the processing of personal data (art.13 EU Regulation 679/2016)

Pietro Romanengo fu Stefano S.r.l. (“Romanengo”) considers as fundamental the protection of users’ personal data browsing and/or purchasing products on its website (“Users”) and therefore guarantees that the processing of personal data carried out through the website (“Site”) is carried out protecting the rights of data subjects in compliance with the provisions of European Regulation no. 679/2016 (“GDPR”) and other relevant national and EU provisions.

1. Who processes the User’s personal data?

The Controller is Pietro Romanengo fu Stefano S.r.l., with registered office and headquarters in Genova, via Soziglia 74/76 r 16123 Genova, e-mail address:
You may contact any time the Controller at the addresses specified above.
Any employee of Romanengo who may access to Users’ data will be appointed by the Data Controller as subjects authorised to process personal data and will receive adequate operating instructions in respect thereof.

2. Which data are processed?
Romanengo collects some Users’ personal data (“Data”), such as aggregated information while browsing the Site and personal data voluntarily provided by the User during the purchase of the products offered on the Site and/or as a consequence of the request for information sent to the Site by e-mail or through the specific box “Contact Us”.
For more information concerning the types and use of cookies on the Site, please refer to cookie policy of Romanengo available on this Site.

Browsing data

During their normal operation, IT systems and software procedures governing the functioning of the Site acquire some personal data whose transmission is implicit in the use of communication protocols of Internet. Such information is not collected to be associated with identified data subjects, but by their nature could, through processing and association with data held by third parties, allow the identification of Users.
This type of data includes IP addresses or names of a domain of the computers used by Users who connect to the site, URI (Uniform Resource Identifier) of the requested resources, time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT system environment of the Users.

Data voluntarily provided by the User

Romanengo collects mainly the data necessary to complete the purchase of the products requested by the User or to contact them in order to respond to a request for information.
Romanengo may collect, for example, the following Data:
i. Name and surname;
ii. address;
iii. e-mail;
iv. tax code or VAT number;
v. date of birth;
vi. sex;
vii. telephone number.

3. What are the purposes and legal basis of the processing?
Romanengo will process Users’ Data for the following purposes:
a. allow registration on the Site, allow navigation on the Site and enjoy the services dedicated to registered users;
b. enter into and execute the purchase of products offered on the Site;
c. reply to requests for information sent via e-mail or through the specific box “Contact us”;
d. carry out direct marketing activities, aimed at promoting Romanengo’s products and brand;
e. send newsletters and periodic updates relating to products, initiatives and events organised by Romanengo, including invitations to restricted events;
f. carry out statistical surveys.

Data processing for the purposes listed above is carried out:
i. to provide the requested service by browsing the Site (e.g. registration and creation of the restricted area, communications related to the provision of the service) and to perform a contract or pre-contractual measures requested by the User, as well as comply with legal obligations, in relation to purposes a., b. and c .;
ii. on the basis of the Users’ explicit consent of the User, in relation to purposes d. and e.;
iii. based on the legitimate interest of the Controller in relation to purpose f., specifying that in such case the User is always entitled to object to the processing.

4. Which are the consequences of failure to provide Data?

Except as specified for navigation data, Users have the right whether to provide or not the Data under the various sections of the Site for the purchase of products available on the Site or by submitting a request for information on the Site by e-mail or the specific box “Contact us”.
The provision of User Data to Romanengo, which is requested on the various collection occasions, may be, in some cases, indispensable for the pursuit of the purposes identified in this policy.
In case of refusal to provide the Data requested for the purposes listed in article 3. points a., b. and c., the consequence will be the impossibility for Romanengo to supply the User with the products and to respond to his requests.
The provision of Data for the purposes listed under article 3. d. and e. requires explicit consent, pursuant to the GDPR.
In the cases of the purposes listed in the aforementioned d. and e., the consent given for sending of commercial and promotional communications with electronic means is intended to be given by data subjects also in relation to traditional contact methods.
In the case of refusal to provide the Data requested for the purposes listed under the aforementioned d. and e., the consequence could be the impossibility for Romanengo to carry out the activities indicated therein and therefore for the User to receive commercial information and updates regarding business activity of Romanengo.

5. And what are the methods of processing?

Data processing will be based on the principles of lawfulness, correctness, transparency, proportionality and minimization and may be carried out also through automated methods suitable to store, manage and transmit them and will be made using suitable tools, which will, reasonably and at state of the art, guarantee security and confidentiality through the use of suitable procedures that avoid the risk of loss, unauthorised access, illegal use and disclosure.

6. Who are the recipients of Data communication?
In addition to employees and/or collaborators of Romanengo, Data will be (or could be) communicated to:
a. tax advisors of Romanengo;
b. IT consultants and suppliers of electronic / technological services of Romanengo;
c. legal advisors of Romanengo;
d. courier companies for the delivery of the purchased products;
e. competent authorities;
f. parties who are entitled to access to Data by law or secondary or EU legislation.

The updated list of recipients is available by sending a request to the e-mail address:
Data will not be disclosed.

7. Where will Data be processed?

Data will be processed within the European Economic Area.

8. What about Data retention period?

Data will be stored in electronic form and kept for the period of time strictly necessary to comply with legal and contractual obligations.

In this regard, Romanengo point out that Data:
1. necessary to process any request, will be kept for the period strictly necessary to process such request, if the request does not have a contractual follow-up;
2. necessary to Romanengo to comply with legal obligations (e.g. accounting and tax legislation) will be kept for the period required by the applicable legislation;
3. necessary to Romanengo to execute any contracts entered into with the User will be kept for the entire duration of the contract as well as for the period necessary to enable Romanengo to defend its rights in the event of disputes relating to the contract concluded with the User (6 months after the expiry of the statute of limitation period);
4. necessary to carry out the activities indicated in Article 3. d. and e. will be kept until the User withdraws his or her consent;
5. necessary to carry out statistical surveys, until the User object to the processing.

9. Which are the rights of data subjects?

The User has the right to obtain by the Controller:
1. confirmation as to whether or not Data are being processed and, in this case, access to Data and information listed under art. 15 of the GDPR (processing purposes, categories of personal data, categories of recipients, data retention period);
2. the rectification of incorrect personal data;
3. the integration of incomplete personal data;
4. the erasure of personal data, in the cases provided by law;
5. the restriction of the processing of personal data which allows them to obtain, in the cases provided by law, the marking of the personal data stored with the aim of restricting their processing in the future;
6. to receive the Data in a structured, commonly used and machine-readable format and to transmit them to another data controller (so-called portability);
7. to withdraw the given consent;
8. to object in whole or in part to the Data processing, in accordance with the law, where applicable;
9. not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning the person or which significantly affects the person in a similar way;
10. to lodge a complaint, pursuant to art. 77 of the GDPR, with the competent supervisory authority of the EU member where the data subject has habitual residence, place of work or place where the alleged infringement of right has occurred; if this State is Italy, the data subject may contact the Italian Data Protection Authority.

Please consider that the User’s right to object to the processing of his/her Data for the purposes listed under article 3. d. and e., carried out through automated contact methods, extends to traditional methods without prejudice to the User to exercise this right in part, namely, in this case, opposing, for example, only the sending of promotional communications made through automated tools.
These rights may be exercised by contacting Romanengo at the contact details specified under article 1 of this information notice.

10. Third party websites
This information notice applies to Users’ personal data collected through the Site only; the same does not apply to other websites owned by third parties, which can be accessed through a link placed on the Site. Romanengo cannot be held responsible for the contents of these websites and the rules they adopt, also with regard to the Users’ protection and the processing of their personal data during browsing on such websites. Users are therefore invited to pay attention, when they connect to these websites, through the links on our site and to carefully read their conditions of use and privacy policies.