Privacy policy

Processing of personal data: information pursuant to articles 13 and 14 of EU Regulation 2016/679 (Regulation on the protection of personal data)

With this document (the “Information”), the Data Controller, as defined below, wishes to inform you of the purposes and methods of processing of your personal data and of the rights that Regulation (EU) 2016/679, relating to the protection of natural persons with regard to the processing of personal data, as well as the free circulation of such data (“GDPR”), recognizes to you. This Information may be integrated by the Data Controller if any additional services requested by you should involve further processing.

  1. Who is the Data Controller?

The Data Controller is ROMANO'STAYS di Romano Vincenzo.

To exercise your rights, as well as to receive any information relating to them and/or this Policy, you can write to:

  • ROMANO'STAYS by Romano Vincenzo, Viale Louis Pasteur 23/a , 70124 Bari (Ba), ITALY;
  • by sending an email to info@prometheusimmobiliare.it

The Data Controller will take charge of your request and provide you, without undue delay, with information relating to the action taken regarding your request.

We inform you that if the Data Controller has doubts about the identity of the person submitting the request, he/she may request additional information necessary to confirm the identity.

  1. What personal data we process

2.1. Personal data

For the purposes indicated in this Policy, the Data Controller may process common personal data, which are, for example, personal data (name, surname, address, telephone number, e-mail and other contact details, an identification number, an online identifier) and economic data (i.e. data relating to the operations/services carried out during the contractual relationship with the Data Controller).

In the absence of such personal data, the Company will not be able to carry out the operations and manage the relationships that require the processing of your personal data.

2.2. Special categories of personal data

It may happen that the Company comes to process special categories of data, such as data suitable for revealing racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, as well as personal data suitable for revealing the state of health and sexual life.

In particular, the Company will process special categories of your personal data in two cases:

  1. a) indirectly and possibly, to fulfill your specific requests, the satisfaction of which requires the processing of particular categories of personal data. In such cases, your specific request will be considered as explicit consent to the processing of particular categories of personal data for the sole purpose of carrying out the requested activities;
  2. b) directly, if this is necessary for the management of the contractual relationship in some specific cases in which the Company is required to observe certain procedures to verify situations involving particular categories of customer data (For such processing, the Company requires your specific consent (see the following point 3.1 of this Notice).

2.3 Source of personal data. Your personal data processed by the Company are those provided directly by you to the Data Controller or collected from third parties such as, for example, in the event that the Data Controller acquires data from external companies for the purposes of commercial information, market research, direct offers of products or services. This Notice also covers the processing of your personal data acquired from third parties.

  1. What are the purposes of the processing?
  • Contract execution and regulatory compliance

The processing of your personal data is necessary for the acquisition of preliminary information for the conclusion of the contracts that you will stipulate with the Company and for the subsequent management and execution, also through remote communication means, of the assignment concluded with the Company, for the fulfillment of obligations provided for by laws (e.g. Anti-Money Laundering legislation, tax legislation), by regulations and/or community regulations, or by supervisory and control bodies or by other authorities authorized to do so.

In line with the provisions of the previous point 2.2., this processing purpose may also concern special categories of personal data.

3.2 Marketing activities

The Company may send you commercial communications about the Company's products and services, as well as proceed with direct sales and carry out surveys or market research (including surveys on the quality of services). The Company will use automated contact methods (such as, for example, email, fax, SMS, MMS, instant messaging, social networks, apps, automated calling systems without the intervention of an operator, etc.) and/or traditional methods (such as, for example, telephone calls with an operator and paper mail).

In any case, the Company reserves the right to process the email address and/or certified email address provided by you for the purposes of direct sales of the Company's products or services, in the context of the sale of products or services similar to those already purchased by you.

Right to object to direct marketing activities

We inform you that, at any time, you have the right to object to direct marketing activities, including profiling related to such direct marketing by contacting the Data Controller at one of the contacts indicated in point 1 of this Policy.

3.3 Profiling activities

The Company may also process your personal data to define your profile, through the analysis of the use of the products/services chosen by you, as well as your preferences, in order to formulate offers of products or services of possible interest to you and send you personalized marketing communications.

Right to object to profiling related to direct marketing

We inform you that, at any time, you have the right to object to profiling related to direct marketing activities by contacting the Data Controller at one of the contacts indicated in point 1 of this Notice.

  1. How will your personal data be processed?

The processing of your personal data will take place, in compliance with the provisions of the GDPR, using paper, computer and telephone tools, with logic strictly related to the purposes indicated and, in any case, with methods suitable to guarantee their security and confidentiality in compliance with the provisions of Article 32 GDPR.

  1. To which parties may your personal data be communicated and who may become aware of them

In order to pursue the purposes described in the previous point 3, your personal data will be known by the employees, similar personnel, collaborators, financial consultants and agents of the Company who will operate as persons in charge and/or responsible for the processing.

Furthermore, the Data Controller may need to communicate your personal data to third parties based outside the European Union, in compliance with the regulatory requirements that allow it) belonging, for example, to the following categories:

  1. entities that provide services for the management of the Company's IT system;
  2. entities that manage debt collection or provide professional tax, legal and judicial consultancy and assistance services;
  3. entities that carry out accounting auditing and financial statement certification;
  4. supervisory and control authorities and bodies and in general public or private entities with public functions;
  5. marketing firms and market research firms.

Your personal data will be transferred outside the European Union only to the subjects indicated in the previous point and exclusively in the presence of an adequacy decision by the European Commission or other adequate guarantees provided for by the GDPR (including binding corporate rules and standard protection clauses).

The personal data processed by the Company are not subject to disclosure.

  1. What rights do you have as a data subject?

In relation to the processing described in this Policy, as an interested party you may, under the conditions set out in the GDPR, exercise the rights established by Articles 15 to 21 of the GDPR and, in particular, the following rights:

  • right of access: the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to your personal data – including a copy of them – and communication of, among other things, the following information:
  • purpose of the processing;
  • categories of personal data processed;
  • recipients to whom these have been or will be communicated;
  • data retention period or the criteria used; rights of the interested party (rectification, erasure of personal data, restriction of processing and right to object to processing;
  • right to lodge a complaint
  • right to receive information on the origin of my personal data if they were not collected from the data subject;
  • the existence of automated decision-making, including profiling;
  • right of rectification: right to obtain the rectification of inaccurate personal data concerning you and/or the integration of incomplete personal data;
  • right to erasure (right to be forgotten): the right to obtain the erasure of personal data concerning you, when:
  • the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • You have withdrawn your consent and there is no other legal basis for the processing;
  • You have successfully objected to the processing of your personal data;
  • the data has been processed unlawfully,
  • the data must be deleted to comply with a legal obligation;
  • the personal data have been collected in relation to the offer of information society services referred to in Article 8, paragraph 1, GDPR.

The right to erasure does not apply to the extent that processing is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or for the establishment, exercise or defense of legal claims;

  • right to restriction of processing: right to obtain restriction of processing, when:
  • the interested party contests the accuracy of the personal data;
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • personal data are necessary for the interested party to ascertain, exercise or defend a right in court;
  • right to data portability: the right to receive, in a structured, commonly used and machine-readable format, the personal data concerning you provided to the Data Controller and the right to transmit them to another controller without hindrance, if the processing is based on consent and is carried out by automated means. Furthermore, the right to obtain that your personal data are transmitted directly from the Company to another controller if this is technically feasible;
  • right to object: right to object, at any time, to the processing of personal data concerning you based on the condition of legitimacy of legitimate interest, including profiling, unless there are legitimate reasons for the Data Controller to continue the processing that prevail over the interests, rights and freedoms of the interested party or for the establishment, exercise or defense of a right in court.

Furthermore, the right to object at any time to processing where personal data are processed for direct marketing purposes, including profiling to the extent that it is related to such direct marketing.

With particular regard to the processing of your personal data for the purposes of sending advertising or direct sales material or for carrying out market research or commercial communication, you may also object to the use of automated communication methods (such as email, fax, SMS, MMS, instant messaging, use of social networks, apps, automated calling systems without the intervention of an operator);

  • lodge a complaint with the Personal Data Protection Authority, Piazza di Montecitorio n. 121, 00186, Rome (RM).

The above rights may be exercised against the Data Controller by contacting the references indicated in the previous point 1.

The exercise of your rights as a data subject is free of charge pursuant to Article 12 of the GDPR. However, in the case of manifestly unfounded or excessive requests, including due to their repetitiveness, the Data Controller may charge you a reasonable fee, in light of the administrative costs incurred in managing your request, or deny the satisfaction of your request.This is a placeholder and will not be displayed on the published site.