About Us - Roma Autonoleggi

Privacy Policy

Information note pursuant to article 13 of legislative decree 30.6.2003 no 196 and gdpr – eu regulation 2016/679 on privacy.​

1. Subject of the Information Notice

This Information Notice has as its object the processing of personal data of users visiting the website www.romaautonoleggi.it. The Information Notice is provided pursuant to Article 13 of Legislative Decree No. 196/2003 (Code on the Protection of Personal Data), the Provision of the Guarantor for the Protection of Personal Data of May 8, 2014, No. 229, and the new GDPR, i.e., the EU Regulation 2016/679 on Privacy.INFORMATION NOTE IN ACCORDANCE WITH ART. 13 OF LEGISLATIVE DECREE 30.6.2003 No. 196 AND THE GDPR – EU REGULATION 2016/679 ON PRIVACY.

The Information is provided only for the site www.romaautonoleggi.it and not also for other websites that may be consulted by the user through links on the aforementioned site over which the Owner has no control and assumes no responsibility. The Owner is not responsible for the processing of personal data carried out independently by said sites. In this regard, the user is invited to read the privacy notices provided by each site.

2. Name and address of the controller

Controller for the purposes of the General Data Protection Regulation (GDPR) is Caterina Errico (email: antonioroma1970@gmail.com) to whom each user may contact in order to exercise their rights under Article 7 of Legislative Decree No. 196/2003 and EU Regulation 2016/679 on Privacy. Any interested person may, at any time, directly contact our Data Protection Officer with all questions and suggestions related to data protection.

3. Name and address of the data protection officer

The data protection officer of www.romaautonoleggi.it is Antonio Roma, email: info@autonoleggioroma.it.

4. Navigation data

The computer systems and software procedures used to operate www.romaautonoleggi.it acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with specific users, but which by its very nature could, through processing and association with other data held by third parties, allow users to be identified.

This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computer environment.

Anonymously collected data and information are statistically analyzed in order to increase the data protection and data security of our company and to ensure an optimal level of protection for processed personal data. Anonymous data from server log files are stored separately from any personal data provided by a data subject.

The data could be used for liability investigation in case of hypothetical computer crimes against the site.

5. Disclaimer

The material and content presented on the site has been carefully screened and analyzed, and has been prepared with the utmost care. In any case, errors, inaccuracies and omissions are possible. www.romaautonoleggi.it disclaims all liability, direct and indirect, to users and in general to any third party, for errors, omissions, delays, inaccuracies that may be present on the site, for damages (direct, indirect, consequential, punishable and sanctionable) resulting from the above content.

This site may contain links to other Internet sites; these are not under the control of RomaAutonoleggi.it and therefore you acknowledge that RomaAutonoleggi.it is not responsible for the truthfulness, copyright compliance, legality, morality or any other aspect of the content of such sites. The inclusion of a link does not imply endorsement or approval of any site by RomaAutonoleggi.it or the existence of any associative relationship between it and the operators of the site in question.

6. Routine deletion and blocking of personal data

The controller processes and stores the personal data of the data subject only for the period necessary to achieve the purpose of storage, or to the extent that this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject. If the archiving purpose is not applicable or if a retention period prescribed by the European legislature or other relevant legislature expires, personal data are routinely blocked or deleted in accordance with legal requirements.

7. Contact possibilities through the website

Our website contains information that enables quick electronic contact with our company, as well as direct communication with us, which also includes a general address of so-called electronic mail (info@autonoleggioroma.it). If a data subject contacts the controller by e-mail or through a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purpose of processing or contacting the data subject. There is no transfer of these personal data to third parties.

Rights of the person concerned

a) Right of confirmation

Every data subject has the right conferred by the European legislator to obtain from the data controller confirmation of the existence or non-existence of personal data concerning him or her. If a data subject wishes to avail himself or herself of this right of confirmation, he or she may, at any time, contact the data controller of our site.

b) Right of access

Every data subject has the right conferred by the European legislator to obtain from the controller free information about his or her stored personal data at any time and a copy of that information. In addition, European directives and regulations grant the data subject access to the following information:

  • the purposes of processing;
  • the categories of personal data involved;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
  • where possible, the expected period for which the personal data will be stored or, if not possible, the criteria used to determine this period;
  • the existence of the right to request from the data controller the rectification or erasure of personal data, or the restriction of the processing of personal data relating to the data subject, or to object to such processing;
  • the existence of the right to lodge a complaint with the supervisory authority;
  • where personal data are not collected from the data subject, any available information about their source;
  • the existence of automated decision-making processes, including profiling, as referred to in Article 22, paragraph 1 and 4, of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and expected consequences of such processing for the data subject.

In addition, the data subject has the right to obtain information about the transfer of personal data to a third country or international organization. In such a case, the data subject has the right to be informed of the appropriate safeguards relating to the transfer. If a data subject wishes to avail himself or herself of this right of access, he or she may, at any time, contact the data controller of our site.

c) Right of rectification

Every data subject has the right conferred by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject has the right to complete incomplete personal data, including by submitting a supplementary declaration. If a data subject wishes to exercise this right of rectification, he or she may, at any time, contact the personal data controller of our site.

d) Right to erasure (Right to be forgotten)

Every data subject has the right conferred by the European legislator to obtain from the data controller the erasure of personal data concerning him or her without undue delay, and the data controller has the obligation to erase personal data without undue delay if one of the following grounds applies, provided that the processing is not necessary:

  • Personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • The data subject withdraws the consent on which the processing is based in accordance with Article 6, paragraph 1 (a) of the GDPR, or Article 9, paragraph 2 (a) of the GDPR, and where there is no other legal basis for the processing.
  • The data subject objects to processing under Article 21, paragraph 1, of the GDPR and there is no legitimate ground for processing or the data subject objects to processing under Article 21, paragraph 2, of the GDPR.
  • Personal data has been processed unlawfully.
  • Personal data must be deleted in order to comply with a legal obligation in Union or Member State law to which the controller is subject.
  • Personal data have been collected in connection with the provision of information society services referred to in Article 8, paragraph 1, of the GDPR.

If one of the aforementioned grounds applies and the data subject wishes to request the deletion of personal data stored by our website, he or she may, at any time, contact the data controller of our website, who shall promptly ensure that the request for deletion is complied with immediately.

Where the controller has made personal data public and is required under Article 17, paragraph 1, to erase personal data, the controller, taking into account available technology and implementation costs, shall take reasonable measures, including technical measures, to inform other controllers of personal data that the data subject has requested the erasure by such controllers of any links, copies or replications of such personal data, to the extent that processing is not required. The personal data controller of our site will provide the necessary measures in individual cases.

e) Right to restriction of processing

Every data subject has the right, granted by the European legislator, to obtain from the controller the restriction of processing if one of the following conditions applies:

  • The accuracy of the personal data is contested by the data subject, for a period that allows the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject objects to the deletion of the personal data and instead requests the restriction of its use.
  • The controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defense of legal claims.
  • The data subject has objected to the processing under Article 21. paragraph 1, of the GDPR pending verification that the data controller’s legitimate grounds prevail over those of the data subject.

If any of the above conditions are met and the data subject wishes to request the restriction of processing of personal data stored by our website, he or she may at any time contact the data protection officer, who will arrange for the restriction of processing.

f) Right to data portability

Every data subject has the right, recognized by the European legislator, to receive personal data concerning him or her that has been provided to a controller in a structured, commonly used and machine-readable format. He or she shall have the right to transmit such data to another controller without hindrance to the controller to whom the personal data were provided, provided that the processing is based on the consent referred to in Article 6, paragraph 1, letter a, of the GDPR or point (a) of Article 9, paragraph 2, of the GDPR, or a contract under Article 6, paragraph 1, letter b, of the GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising his or her right to data portability under Article 20, paragraph 1, of the GDPR, the data subject has the right to transmit personal data directly from one controller to another, where technically feasible and in doing so not adversely affect the rights and freedoms of others.

To assert the right to data portability, the data subject may at any time contact the data controller of our website.

g) Right to object

Every data subject has the right, recognized by the European legislator, to object, on grounds relating to his or her particular situation, at any time, to the processing of personal data concerning him or her, which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions. The site will no longer process personal data if you object, unless we can demonstrate compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.

If our site processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of personal data concerning him or her for such marketing. This applies to profiling insofar as it is related to such direct marketing. If the data subject submits www.romaautonoleggi.it to processing for direct marketing purposes, www.romaautonoleggi.it will no longer process the personal data for such purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to the processing of personal data concerning him or her www.romaautonoleggi.it for scientific or historical research purposes, or for statistical purposes pursuant to Article 89 (1) of the GDPR, unless the processing is necessary for the performance of an activity carried out for reasons of public interest. To exercise the right to object, the data subject may contact the Data Protection Officer at www.romaautonoleggi.it. In addition, the data subject is free in the context of the use of information society services and, by way of derogation from Directive 2002/58/EC, to make use of his or her right to object by automated means using the technical specifications.

h) Automated individual decision-making, including profiling

Every data subject has the right, granted by the European legislator, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on him or her, or significantly affects him or her, provided that the decision (1) is not necessary for entering into or performing a contract between the data subject and a data controller or (2) is not authorized by the legislation of the Union or the Member State to which the controller is subject and which also establishes appropriate measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.

If the decision (1) is necessary to enter into, or execute a contract between the data subject and a data controller, or (2) is based on the data subject’s explicit consent, our website implements appropriate measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention by the data controller, to express his or her views, and to contest the decision. If the data subject wishes to exercise rights related to automated individual decision-making, he or she may, at any time, contact the data controller of our site.

i) Right to withdraw consent to data protection

Every data subject has the right, granted by the European legislator, to withdraw his or her consent to the processing of his or her personal data at any time. If the data subject wishes to exercise the right to withdraw consent, he or she may, at any time, contact the data protection officer of our site.

Data protection for applications and application procedures

The data controller collects and processes personal data of applicants for the purpose of processing the application procedure. Processing may also be done electronically. This is the case, in particular, if an applicant sends the corresponding application documents by e-mail or via a web form on the website to the controller. If the data controller concludes an employment contract with an applicant, the data sent will be stored for the purpose of processing the employment relationship in accordance with legal requirements. If the controller does not conclude an employment contract with the applicant, the application documents are automatically deleted two months after the notification of the rejection decision, provided that no other legitimate interest of the controller is against the deletion. Other legitimate interest in this relationship is, e.g., a burden of proof in a procedure under the General Equal Treatment Act (AGG).

Data protection provisions related to the application and use of Facebook

On this website, the controller has integrated components of the company Facebook. Facebook is a social network, that is, a place for social gatherings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network can serve as a platform for exchanging opinions and experiences or allow the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos and network through friend requests. Facebook’s operating company is Facebook, Inc. at 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside the United States or Canada, the controller is FacebookIrelandLtd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.

With each call to one of the individual pages of this Internet site, which is operated by the controller and in which a Facebook component (Facebook plug-in) is integrated, the Web browser on the computer system of the person concerned is automatically prompted to download the display of the corresponding Facebook component. An overview of all Facebook plug-ins can be accessed under https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is aware of which specific subsite of our Web site was visited by the data subject.

If the data subject is logged into Facebook at the same time, Facebook detects each call to our Web site by the data subject – and for the entire duration of the data subject’s stay on our Web site – which specific secondary site of our Internet the page was visited by the data subject. This information is collected through the Facebook component and associated with the data subject’s respective Facebook account. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g., the “Like” button, or if the data subject submits a comment, Facebook matches this information with the data subject’s personal Facebook account and stores the personal data.

Facebook always receives, via the Facebook component, information about a data subject’s visit to our website, whenever the data subject logs on to Facebook at the same time during the call period to our website. This occurs regardless of whether the data subject has clicked on the Facebook component or not. If such transmission of information to Facebook is undesirable for the data subject, then it is possible that this will prevent them from logging out of their Facebook account before a call to our website is made. The data protection guideline published by Facebook, available at https://facebook.com/about/privacy/, provides information on Facebook’s collection, processing and use of personal data. It also explains what setting options Facebook offers to protect the privacy of the data subject. In addition, there are several configuration options available to enable the elimination of data transmission to Facebook. These applications can be used by the data subject to eliminate a data transmission to Facebook.

Data protection provisions regarding the application and use of Google Analytics (with anonymizer function)

On this website, the controller has integrated the Google Analytics component (with the anonymizer function). Google Analytics is a web analytics service. Web analytics is the collection, collation, and analysis of data about the behavior of visitors to Web sites. A web analytics service collects, among other things, data on the Web site from which a person arrived (the so-called referrer), which subpages were visited, or how often and for what duration a subpage was viewed. Web data analytics is mainly used for optimizing a Web site and performing a cost-benefit analysis of Internet advertising.

The operator of the Google Analytics component is Google Inc, 1600 AmphitheatrePkwy, Mountain View, CA 94043-1351, United States.

For web analysis using Google Analytics, the controller uses the application “_gat. _anonymizeIp”. Through this application, the IP address of the data subject’s Internet connection is shortened by Google and anonymized when accessing our websites from a member state of the European Union or another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze traffic on our website. Google uses the data and information collected, among other things, to evaluate the use of our Web site and to provide online reports, which show activity on our Web sites and to provide other services related to the use of our Internet site for us.

Google Analytics places a cookie on the data subject’s computer system. The definition of a cookie is explained above. By setting the cookie, Google is enabled to analyze the use of our website. With each call to one of the individual pages of this website, which is operated by the controller and in which a Google Analytics component has been integrated, the Internet browser on the computer system of the data subject will automatically send data via the Google Analytics Component for the purpose of online advertising and commission settlement to Google. In the course of this technical procedure, the Google company acquires knowledge of personal information, such as the IP address of the data subject, which provides Google with, among other things, an understanding of the origin of visitors and clicks and subsequently the creation of commission settlements.

The cookie is used to store personal information, such as the time of access, the location from which access was made, and the frequency of visits to our website by the data subject. With each visit to our website, this personal information, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer this personal data collected through the technical procedure to third parties.

The data subject may, as stated above, prevent the setting of cookies through our Web site at any time by a corresponding adjustment to the Web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would prevent Google Analytics from setting a cookie on the data subject’s computer system. In addition, cookies already in use by Google Analytics can be deleted at any time via a Web browser or other software program.

In addition, the data subject has the ability to object to a collection of data that are generated by Google Analytics, which is related to the use of this website, as well as the processing of these data by Google and the ability to preclude such. To this end, the data subject must download a browser add-on under the link https://tools.google.com/dlpage/gaoptout and install it. This browser add-on tells Google Analytics via a JavaScript that data and information about Internet page visits may not be transmitted to Google Analytics. The installation of browser add-ons is considered an objection by Google. If the data subject’s computer system is subsequently deleted, formatted, or newly installed, the data subject must reinstall the browser add-ons to disable Google Analytics. If the browser add-on has been uninstalled by the data subject or any other person that is attributable to the data subject’s sphere of responsibility or is disabled, reinstallation or reactivation of the browser add-ons can be performed.

Further information and the applicable data protection provisions of Google can be found at https://www.google.com/intl/it/policies/privacy/ and at https://www.google.com/analytics/terms/it.html

Google Analytics is further explained under the following link https://www.google.com/analytics/

Data protection provisions related to the application and use of Twitter

On this website, the controller has integrated components of Twitter. Twitter is a publicly accessible multilingual microblogging service on which users can post and spread so-called “tweets,” e.g., short messages, which are limited to 140 characters. These short messages are available to everyone, including those who are not connected to Twitter. The tweets are also displayed to so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. In addition, Twitter allows you to target a wide audience through hashtags, links, or retweets.

Twitter’s operating company is Twitter, Inc. at 1355 Market Street, Suite 900, San Francisco, CA 94103, UNITED STATES.

With each call to one of the individual pages of this Internet site, which is managed by the controller and on which a Twitter component (Twitter button) has been integrated, the Internet browser on the computer system of the person concerned is automatically prompted to download a display of the corresponding Twitter component. More information on Twitter buttons can be found at https://about.twitter.com/de/resources/buttons. During the course of this technical procedure, Twitter acquires knowledge of which specific subpage of our Web site was visited by the data subject. The purpose of the integration of the Twitter component is the retransmission of the content of this Web site to enable our users to present this Web page to the digital world and increase the number of visitors.

If the data subject is logged in at the same time on Twitter, Twitter detects each callback to our Web site by the data subject and for the entire duration of his/her stay on our Web site that was subjected to a specific subpage of our Web page. visited by the data subject. This information is collected via the Twitter component and associated with the data subject’s respective Twitter account. If the data subject clicks one of the integrated Twitter buttons on our website, Twitter assigns this information to the data subject’s personal Twitter user account and stores the personal data.

Twitter receives information via the Twitter component that the data subject has visited our Web site, provided that the data subject is logged into Twitter at the time of the call to our Web site. This occurs regardless of whether the person clicks on the Twitter component or not. If such transmission of information to Twitter is undesirable for the data subject, this may prevent them from logging out of their Twitter account before a call to our Web site is made. Twitter’s applicable data protection provisions can be accessed at https://twitter.com/privacy?lang=it

Data protection provisions related to the application and use of YouTube

On this website, the controller has integrated components of YouTube. YouTube is an Internet video portal that allows video publishers to set up video clips and other users for free, which also provides free viewing, reviewing and commenting on them. YouTube allows you to post all kinds of videos, so you can access both full movies and TV shows, as well as music videos, trailers, and user-made videos through the Internet portal.

YouTube’s operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES. YouTube, LLC is a subsidiary of Google Inc., 1600 AmphitheatrePkwy, Mountain View, CA 94043-1351, UNITED STATES.

With each call to one of the individual pages of this Internet site, operated by the controller and on which a YouTube component (YouTube video) has been integrated, the Internet browser on the computer system of the person concerned is automatically prompted to download a display of the corresponding YouTube component. More information about YouTube can be obtained under https://www.youtube.com/intl/it/yt/about/

In the course of this technical procedure, YouTube and Google acquire knowledge about the specific subpage of our Web site visited by the data subject. If the data subject has logged into YouTube, YouTube recognizes with each call to a subpage that contains a YouTube video, which specific subpage of our Web site was visited by the data subject. This information is collected by YouTube and Google and assigned to the data subject’s respective YouTube account.

YouTube and Google will receive information via the YouTube component that the data subject has visited our website, if the data subject at the time of the call to our website is logged into YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If such transmission of this information to YouTube and Google is undesirable for the data subject, delivery may be prevented if the data subject logs out of their YouTube account before a call to our Web site is made.

YouTube’s data protection provisions, available at https://support.google.com/youtube/answer/2801895?hl=it

provide information on the collection, processing, and use of personal data by YouTube and Google.

Legal basis for processing

Infine, le operazioni di trattamento potrebbero essere basate sull’articolo 6, paragrafo 1, lettera lit. f GDPR. Questa base legale viene utilizzata per le operazioni di trattamento che non sono coperte da nessuno dei summenzionati motivi legali, se il trattamento è necessario ai fini degli interessi legittimi perseguiti dalla nostra azienda o da una terza parte, eccetto laddove tali interessi siano superati dagli interessi o diritti e libertà fondamentali dell’interessato che richiedono la protezione dei dati personali. Tali operazioni di trattamento sono particolarmente ammissibili in quanto sono state espressamente menzionate dal legislatore europeo. Egli ha ritenuto che si potesse assumere un interesse legittimo se l’interessato è un cliente del responsabile del trattamento (considerando 47, frase 2, GDPR).

Article 6 (1). The GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, such as when the processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6 (1) lit. b GDPR. The same applies to processing operations that are necessary for the execution of pre-contractual measures, such as in the case of requests regarding our products or services. Our company is subject to the legal obligation to process personal data, e.g. for the fulfillment of tax obligations, the processing is based on Art. 6 (1) GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor was injured on our premises and his or her name, age, health insurance information, or other vital information had to be transmitted to a doctor, hospital, or other third party. Then the processing would be based on Article 6 (1) GDPR.

Finally, processing operations could be based on Article 6 (1) lit. f GDPR. This legal basis is used for processing operations that are not covered by any of the above-mentioned legal grounds, if the processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, except where such interests are outweighed by the interests or fundamental rights and freedoms of the data subject that require the protection of personal data. Such processing operations are particularly permissible because they were expressly mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, sentence 2, GDPR).

Period of retention of personal data

The criteria used to determine the retention period of personal data are the respective statutory retention periods. After the expiration of this period, the corresponding data is routinely deleted, provided that it is no longer necessary for the fulfillment of the contract or the initiation of a contract.

Provision of personal data as a legal or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide personal data; Possible consequences of not providing such data

We clarify that the provision of personal data is partly required by law (e.g., Tax Regulations) or may also result from contractual provisions (e.g., information about the contractual partner). Sometimes it may be necessary to enter into a contract that the data subject provides personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company enters into a contract with him or her. Failure to provide personal data would result in the contract with the data subject not being able to be concluded.

Before personal data is provided by the data subject, the data subject should contact the data protection officer. He or she will be able to clarify to the data subject whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide personal data, and the consequences of not providing personal data.

Existence of automated decision-making processes

As a responsible company, we do not use automated decision making or profiling.