ROI Group S.r.l. considers the protection of its users’ privacy fundamental. It has therefore adopted all necessary measures to this end and constantly strives to process personal data with maximum attention and great respect. Indeed, in the processing of personal data that has been gathered, ROI Group S.r.l. adopts all suitable measures to guarantee the security and confidentiality of data, in compliance with the regulations in effect.
The Data Controller for the processing of data is ROI Group S.r.l., located in Macerata (MC), 67 Via G. Carducci (hereafter “Controller”).
The legal basis for the provision of data
The Controller refuses all responsibility if the data subject provides incorrect or inaccurate data or data pertaining to third parties without authorisation or explicit permission to provide consent for the processing of such data. The data subject assumes full responsibility in such cases.
Categories of data processed
The Controller processes the following personal data:
a. Personal details: personal details (name and surname);
b. Contact details (telephone number, email address).
The purposes and legal basis of processing
The provision of the above-mentioned data serves the following purposes:
a. Pre-contractual activities relating to courses/events, upon the data subject’s request (request for information);
b. The sending of free content of an informative nature, including in the form of a newsletter, upon the data subject’s request by ROI Group S.r.l. and linked companies (request for information and for subscription to the newsletter).
The provision of data for the above-mentioned purposes is mandatory as it is necessary to send the information requested by the data subject successfully.
The above-mentioned processing operations constitute the execution of pre-contractual measures (article 6, comma 1, letter b GDPR), as well as being based on the data subject’s consent (article 6, comma 1, letter a GDPR), expressed as the conditions of validity for the request in question. Any refusal on the part of the data subject to provide such data and/or give consent, or the withdrawal of consent, will preclude him/her from using the service requested.
The data subject has the right to withdraw consent at any time without prejudice to the lawfulness of processing operations carried out before the withdrawal of consent. For information regarding how to exercise the right to withdrawal, see the section entitled “Exercising the rights of the data subjects”. Furthermore, with regard to the newsletter, consent can be withdrawn using the relevant link included in every communciation.
Processing is also carried out for the following purposes:
c. management of any disputes.
Processing for this purpose is based on the legitimate interest of the Controller (article 6, comma 1, letter f GDPR) for the legal and extra-judicial protection of its rights.
Retention period of data
Data is retained for 10 years from the date of provision or of any successive interactions (subscription, participation in events and courses, new requests etc.) on the part of the data subject.
Communication of data
Personal data can be communicated to external subjects who, where appropriate, have been nominated as data processors (article
28 GDPR), who process data on behalf of the Controller.
In particular, data can be communicated to the following categories of recipient:
technical experts and software houses assisting the Controller to develop, maintain and run its website and IT infrastructure;
external subjects assisting the Controller in the organisation and execution of the purposes indicated in points a, b and c;
companies, including new companies, that are part of the Controller’s group.
The processing of data takes place within the European Union.
No diffusion of the personal data undergoing processing is foreseen.
Personal data is subject to both paper-based and electronic processing. To this end, all procedures designed to protect the confidentiality, integrity and availability of information have been adopted, in line with existing regulations.
The rights of the data subject
Pursuant to articles 13-21 of the GDPR and subject to the conditions therein, the data subject can, at any time, exercise the following rights vis-à-vis the Controller:
– the right to withdraw consent to the processing of data (see the section entitled “The purposes and legal basis of processing”
– the right to access (the data subject has the right to
know whether his/her data is being processed as well as information regarding the data being processed, and to receive a copy of this data);
– the right to rectification (the data subject can request that this/her personal data is updated or corrected);
– the right to the erasure of data (so-called “right to be forgotten”) (the data subject can request the deletion of his/her personal data, in the cases and circumstances referred to in article 17 GDPR);
– the right to data portability (in the cases and circumstances referred to in article 20 GDPR, the data subject has the right to receive his/her personal data in a structured, commonly used and machine-readable format, and, if technically possible, the right to transmit this data to another controller without hindrance).
– the restriction of processing (the data subject can request that the processing of his/her data is restricted in the cases referred to in article 18 GDPR. In such eventualities, data may be processed by the Controller, as well as for retention, with the consent of the data subject or for the protection of his/her rights or the rights of others in a court of justice or for reasons of public interest).
– the right to object (if personal data is processed in the public interest or based on the legitimate interest of the Controller, the data subject has the right to object to processing on grounds relating to his or her particular situation. In the case of processing for direct marketing purposes, the objection may be exercised without any reason).
– the right to lodge a complaint with the Ombudsman (www.garanteprivacy.it).
Exercising the rights of the data subject
To exercise the rights indicated above, the data subject must send a written request to the Data Controller, using the contact details indicated below.
For any requests and to exercise his/her rights, the data subject may contact the Data Controller using the following email address: firstname.lastname@example.org.
Last updated: 5 June 2019