PERSONAL DATA PROTECTION NOTICE
This information notice is provided, in compliance with Articles 13 and 14 of EU Regulation 679/2016 (hereinafter: “Regulation”), to the users (hereinafter: “Users” or “User”) of the website magazine.romanwalks. org in desktop, mobile and smartphone application versions (hereinafter: “Site and App”) owned by Roman Walks with registered office in Via della Camilluccia 643 Rome, the Data Controller (hereinafter: “Data Controller”), and is aimed at describing the methods of management of the Site and App with reference to the processing of personal data, as well as to allow the Users of the Site and App to know the purposes and methods of processing of personal data by the Data Controller in case of their provision.
As specified in the terms and conditions of use of the Site’s services, which can be found in the “DISCLAIMER” section of the Site, the services offered by the Controller are intended for persons aged 18 years or over. Should the Data Controller become aware of the processing of data of persons under 18 years of age, it reserves the right to unilaterally interrupt the use of the service offered as well as to delete the data acquired.
Terms that are not defined in this Privacy Policy have the same meaning as described in the conditions of use of the services of the site, which can be found in the “DISCLAIMER” section of the Site.
PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA
The Data Controller, pursuant to and for the purposes of the Regulation, hereby announces that the aforementioned legislation provides for the protection of individuals with regard to the processing of personal data, and that such processing will be based on the principles of correctness, lawfulness, transparency and protection of confidentiality and fundamental rights.
PURPOSE, LEGAL BASIS OF THE PROCESSING AND OPTIONAL NATURE OF CONFERMENT
The personal data provided by Users through the use of the Site and App, will be processed with their consent, for the purposes described below:
Provision of the “USER REGISTRATION” service:
In order to provide this service, it is necessary for the User to register through the Website. The data required for Registration are limited to the provision of:
    • E-mail address
    • Nickname, or pseudonym, under which the user will appear as the author of any comments he or she makes
    • Indication of age of majority, by which the user declares that he/she is either over or under 18 years of age
    • The User, during registration or later, by accessing his/her own personal section, (hereinafter referred to as “User Profile”), may provide further personal data as optional and additional information that will be collected by the Controller if provided, such as: name and surname.
    • Provision of the service “USER REGISTRATION FOR PURCHASE OF EDITORIAL PRODUCTS”:
    • The purpose of the service is to enable the User to make a purchase of editorial products, in the “PURCHASE EDITION” section.
In order to provide this service, it is necessary for the User to register through the Website, in the “PURCHASE EDITION” section, or through the Smartphone Application. The data required for Registration are distinct, depending on the type of publishing product and the payment method used, in detail:
  • For the purchase of single editorial copies:
    if you do not require an invoice for the purchase, they are limited to the provision of:

    • E-mail address
    • Telephone number (n.b. this information will only be requested for the telephone payment channel, made through the use of a smartphone)
    • Indication of age of majority, whereby the user declares that he/she is over 18 or under 18 years of age.
  • If an invoice for the purchase is requested, this is limited to the provision of:
    • E-mail address
    • Telephone number (n.b. this information will only be requested for the telephone payment channel, made through the use of a smartphone)
    • Indication of age of majority, by which the user declares that he/she is 18 years of age or younger
    • First name
    • Surname
    • City
    • POSTCODE
    • Address
    • Tax code
  • For the purchase of individual editorial subscriptions or packages of editorial subscriptions via a business offer:
    if you do not require an invoice for the purchase, they are limited to the provision of:

    • E-mail address
      Indication as to whether the purchaser is over 18 years of age
      Indication if the purchaser is a Public Administration
  • If an invoice of the purchase is requested, they are limited to the provision of:
    • Email address
    • Indication as to whether the purchaser is over the age of 18 or under the age of majority
    • Indication if the purchaser is a Public Administration
    • First name
    • Surname
    • City
    • POSTCODE
    • Address
    • Tax Code
  • The User, during registration or afterwards, by accessing his/her personal section, (hereinafter referred to as User Profile), may provide additional optional personal information that will be collected by the Controller if provided:
    1. For case I (a)(i) and I (b)(i) are as follows:
      1. Name, surname, city, postal code, address, tax code, date of birth, profession, telephone number, sex, company name, company city, postal code, company address, company telephone number, company fax number, company VAT number.
    2. For cases I (a)(ii) and I (b)(ii) are as follows:
      1. Date of birth, profession, telephone, sex, company name, company town, company postcode, company address, company telephone, company fax, company VAT number.

Provision of the “USER PROFILE FOR THE SENDING OF COMMERCIAL AND PROMOTIONAL INFORMATION BY THE PUBLISHER” service

The purpose of the service is to provide the User, through the use of the e-mail address provided during registration, with a marketing service directly provided by the Publisher, through which sector information such as news and curiosities will be sent, as well as advertising e-mails, promotional activities, market research, opinion polls and other marketing activities.
The use of personal data may include but is not limited to the use, distribution and communication on the Publisher’s institutional website, partner websites, websites dedicated to special initiatives, landing pages, materials related to online and offline campaigns – banners, promotional materials, Google Adsense campaigns and other online marketing management channels – social networks where the Publisher is present, such as Facebook, Twitter, Google Plus, Instagram and Pinterest.
Furthermore, in order to ensure user/visitor/customer satisfaction and to meet their expectations, processing is also aimed at the optimal management of production and stocks of the various materials, through statistical processing of the data collected. The processing, with the specific consent of the data subject, may also be carried out to detect the tastes, preferences and habits of customers, the degree of customer satisfaction, through user profiling, aimed at sending commercial information or advertising material, for direct marketing campaigns, for participation in games, competitions or prize operations, for the provision of customer protection services, for market research and other operations directly or indirectly related to marketing activities.

 

Provision of the “USER PROFILE FOR THE SENDING OF COMMERCIAL AND PROMOTIONAL INFORMATION BY THIRD-PARTY COMPANIES” service
The purpose of the service is to provide the User, through the use of the e-mail address provided during registration, with a marketing service provided by third party companies, to which the Data Controller will transmit the data relating to the User’s e-mail address, through which sector information such as news and curiosities, as well as advertising e-mails, promotional activities, market research, opinion polls and other marketing activities will be sent.
The use of personal data may include but is not limited to the use, distribution and communication on the publisher’s institutional website, partner websites, websites dedicated to special initiatives, landing pages, materials related to online and offline campaigns – banners, promotional materials, Google Adsense campaigns and other online marketing management channels – social networks where the publisher is present, such as Facebook, Twitter, Google Plus, Instagram and Pinterest.
Furthermore, in order to ensure user/visitor/customer satisfaction and to meet their expectations, the processing is also aimed at the optimal management of production and stocks of the various materials, through statistical processing of the data collected. Processing, with the specific consent of the data subject, may also be carried out for the purpose of detecting the tastes, preferences and habits of customers, the degree of customer satisfaction, through user profiling, aimed at sending commercial information or advertising material, for indirect marketing campaigns, for participation in games, contests or prize operations, for the provision of customer protection services, for market research and other operations directly or indirectly related to marketing activities.
The processing of data for the purposes referred to in letters A, B, C and D finds its legal basis in Article 6 (a) of the Regulation ([…] the data subject has given consent to the processing of his/her personal data for one or more specific purposes).
The provision of data for the purposes referred to in letters A, B, C and D is optional, but any refusal by the User will make it impossible for the Controller to fulfil requests or provide the services referred to in the above letters.
In the hypothesis referred to in letter A (II), failure to provide such information will not compromise the provision of service A.
In the hypothesis of letter B (II), failure to provide the data will not jeopardise the provision of service B.
In particular, in the hypothesis of letter A (I) or B (I), failure to provide the data necessary for the User’s registration will also make it impossible to provide the services referred to in letters C and D below.

 

METHODS OF PROCESSING AND STORAGE OF PERSONAL DATA
The Controller ensures that personal data are processed in full compliance with the Regulations, by means of manual, computerised or telematic systems. Processing may also be carried out by means of automated tools designed to store, manage and transmit the data.
The data collected and processed will be protected with physical and logical methods such as to minimise the risks of unauthorised access, dissemination, loss and destruction of data, pursuant to Articles 25 and 32 of the Regulation.
Data processing will last no longer than is necessary to fulfil the purposes for which it was collected.
Pursuant to Art. 7 paragraph 3 of the Regulation, the data subject has the right to obtain at any time the withdrawal of consent to the processing and request the deletion of his/her personal data, by sending a communication to the Data Controller at the following e-mail address: info@romanwalks.org . Following the User’s request for cancellation, all the User’s personal data will be deleted, without prejudice to any further storage required by regulatory obligations.
If the Controller does not receive a request for cancellation, the personal data will be kept for a period not exceeding 10 (ten) years, starting from the date of the last access to the Site and/or App by the User.

 

RECIPIENTS OF PERSONAL DATA
The personal data collected may be processed by subjects or categories of subjects who act as Data Processors pursuant to Article 28 of the Regulations or who are authorised to process the data pursuant to Article 29 of the Regulations.
Furthermore, for some services, the data may be communicated to companies that collaborate with or use the services of the Owner, with the sole purpose of providing the services requested by the User. The Data Controller, in providing the data for the purpose of providing the services requested by the User, has ensured that these companies have appropriate requirements and adopt appropriate security measures to protect the same.
In particular, the data provided by the User may be shared by the Controller with the following third parties exclusively for the purpose of providing the services requested by the User or to comply with other regulatory obligations
Service Companies, which the Data Controller uses to provide the services referred to in purposes (A), (B) and (C), in order to equip itself with appropriate technological tools, relating to web platforms, management and publishing platforms;
Service Companies, which the Controller uses for the provision of services as per purpose (D), in order to fulfil the User’s request.
Apart from the above-mentioned cases, personal data will not be disclosed except to persons, entities and authorities to whom disclosure is mandatory by law or regulation.

 

DATA TRANSFER TO A THIRD COUNTRY OR INTERNATIONAL ORGANISATION
Personal data collected through the Site and App, may be transferred outside the national territory, only and exclusively for the performance of the services requested through the Site and App and in compliance with the specific provisions of the Regulation.
The countries where personal data may be transferred belong to the European Economic Area. The Data Controller ensures that the processing of personal data by these recipients takes place in compliance with the Regulation.

 

NAVIGATION DATA COLLECTION
The computer systems and the technical and software procedures underlying the operation of the Site and App acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the access and operation mechanisms and protocols in use on the Internet.
Each time the User connects to the Site and App and each time they call up or request content, access data is stored on our systems in the form of tabular or linear data files.
This category of data includes, for example, IP addresses, the domain names of the computers used by the Users who connect to the Website and App, the request from the User’s browser, in the form of URI (Uniform Resource Identifier) notation addresses, the date and time of the request to the server, the method used to submit the request to the server, the amount of data transmitted, the numerical code indicating the status of the response given by the server and other parameters relating to the User’s operating system and computer environment.
This data may be used by the Data Controller for the sole purpose of obtaining anonymous statistical information on the use of the Site and the App in order to identify the pages preferred by Users and thus provide more suitable content and to check that they are working properly.

At the Authority’s request, the data could be used to ascertain liability in the event of hypothetical computer crimes against the Site and App or its Users

 

INFORMATION ON COOKIES, SEARCH ENGINES AND LOCATION DATA
The purpose of cookies is to speed up the analysis of Internet traffic, make it easier for Users to access the services offered by the Site and App and provide useful and relevant advertising to visitors. With the use of cookies, no personal data is transmitted or acquired and no User tracking systems are used.
If the User does not wish the information he or she provides to be collected through the use of cookies, the User can implement a simple procedure in his or her browser that allows him or her to refuse the function of cookies
Cookies are pieces of information that can be stored on the computer while browsing a website in order to process and identify usage data. The cookie file is usually very small in size and does not contribute to the saturation of physical hard disk space. The cookie is transferred to the reader’s disk for record-keeping purposes in order to ‘remember’ which areas of a website have been visited. This saves time, allowing the reader to reach the main parts of a site previously visited more quickly. There are different types of cookies:
  • permanent, i.e. they remain on the hard disk, even after closing the browser;
  • temporary or session data, which are only stored for the duration of browsing and are deleted from the computer when the browser is closed;
  • third-party cookies, which are generated by a website other than the one the reader is visiting.
The cookies used are a combination of these three types: some serve only for opening and maintaining a session (temporary cookies). In this case, closing the session or the browser will make them unusable both by the user and by third parties, although they physically remain on the computer being used (permanent cookies).
For purely statistical purposes, third-party cookies are also issued for the measurement of aggregate information. In order to offer a site that responds to the expectations and interests of the reader, an analysis of the data collected on the cookies is constantly carried out; this data indicates solely and anonymously how the site is used, i.e. the areas and sections that have been deemed of greatest interest and usefulness to surfers.
The User has the option of setting his or her browser to accept all cookies, only some, or reject them. Please note, however, that non-acceptance of cookies may make it impossible to provide the service when accessing certain areas of the site. Please also note that at the end of each browsing session the user may in any case delete both the browsing cache-memory and the cookies collected from his/her hard disk.
For more information on the use of Cookies, to check and possibly modify your consent to the use of the types of cookies used, please consult the “Cookie Policies” page

 

RIGHTS OF THE DATA SUBJECT
Pursuant to Articles 15 to 22 of the Regulation, the User, as a data subject, is entitled to exercise specific rights concerning his or her Personal Data. In particular, the Data Subject has the right to obtain
  1. confirmation as to whether or not personal data concerning him/her exist, even if they have not yet been recorded, in a concise, transparent, intelligible and easily accessible form, using simple and clear language;
  2. the indication:
    1. the origin of the personal data
    2. of the purposes and methods of processing
    3. of the legitimate interests pursued by the Controller or by third parties;
    4. of any categories of recipients of the personal data;
    5. of the controller’s intention, if any, to transfer personal data to a third country or international organisation
    6. the retention period of the personal data;
    7. the logic applied, as well as the importance and expected consequences of such processing for the data subject, in the event of processing carried out with the aid of electronic instruments as part of an automated collection and/or profiling process
    8. the identification details of the Data Controller, the Data Processors, the Designated Representative (if any) and the Data Protection Officer (DPO)
    9. the subjects and categories of subjects to whom the personal data may be communicated or who may become aware of the data in their capacity as designated representative in the territory of the State, data processors or persons in charge of processing;
  3. the possibility of lodging a complaint with a supervisory authority;
  4. updating, rectification or, where interested therein, integration of the data;
  5. the cancellation, transformation into anonymous form or blocking of data processed in breach of the law, including data whose storage is not necessary in relation to the purposes for which the data were collected or subsequently processed
  6. limitation of processing;
  7. the portability of personal data concerning him/her to another data controller;
  8. the revocation of the processing;
  9. certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected
  10. to object, in whole or in part, on legitimate grounds, to the processing of personal data concerning him/her, even though they are relevant to the purpose of the collection

 

DATA CONTROLLER AND DATA PROTECTION OFFICER
In order to exercise the rights referred to in the preceding point, the data subject may contact the Data Controller and/or the Data Protection Officer at any time for any communications regarding the processing of his/her Personal Data, or to know the updated list of any Data Processors appointed by the Company, by sending a communication by registered mail with return receipt to the contacts listed below:
  • The Data Controller:
    • Company name:Roman Walks
    • Registered office address: Via dela Camilluccia 643 Rome
    • E-mail address: info@romanwalks.org
  • The Data Protection Officer (DPO):
    • Contact details: info@romanwalks.org
MODIFICATIONS
This privacy policy may be subject to change. If substantial changes are made to the use of data relating to the User by the Data Controller, the latter shall notify the User by publishing them as prominently as possible on its pages.