If you are reading this policy, it means that you have landed on our website. We provide this information so that you can know how we process your personal data when you browse our website or when you interact with us through it: e.g. when you write to us, when you buy, when you subscribe to our newsletter. On all these occasions, and more, we process some of your personal data. We do so in compliance with EU Regulation 679/2016 (GDPR) and in accordance with the Privacy Code as amended by Legislative Decree 101/2018.

WHO IS THE CONTROLLER OF YOUR DATA?
The Data Controller of the data collected through this site is Romina’s S.r.l. with registered office in Bologna (BO), via Massimo D’Azeglio 48, (hereinafter also referred to as "Controller"). You can contact the Controller at rominas@legalmail.it or write to us at our postal address.

WHY DO WE PROCESS YOUR DATA AND WHEN DO WE COLLECT THEM?

- Browsing data
The computer systems and software procedures used to operate this site acquire,in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes the IP addresses or domain names of the computers and terminals used by users, the URI/URL addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.

- Can we do it without your consent?
Yes, as the data is necessary for Internet communication and to enable you to use the site (Art. 6(f) GDPR).

- How long do we keep this data?
Browsing data are not retained for more than seven days (except in the case of criminal investigations by judicial authorities)

- Cookie data
As Data Controller, when you browse our site, we collect some of your data for the purpose of analysis and processing of information, your preferences, browsing experiences. We use technologies such as cookies (our own or third-party) to perform this activity.

- Can we do it without your consent?
In part.The collection of data through the use of technical cookies, useful for the proper functionality and security of the site, is done on the basis of our legitimate interest (Art. 6(f) GDPR). The collection of personal data through the use of our own and third-party cookies that are not strictly necessary only takes place with your express consent(Art. 6(a) GDPR). You will be warned of this by the banner at the bottom of the site when you log in for the first time. Here you can choose analytically which cookies you want to install. For more information on what cookies are, their function, etc., you can read our cookie policy.

- How long do we keep this data?
The retention time of this data is defined in the cookie banner, by choosing to view it analytically, or in the settings menu on each page of the site.

- Contact us area
If you decide to contact us via the form on our site, we will process your personal
data and your e-mail address.
Can we do it without your consent?
Yes, because we are following up on your request (Art. 6(b) GDPR).
How long do we keep this data?
We keep this data for 1 year from the time the request was last sent.

- Create and account area
On the site you can create your own personal account, with which we will process
your personal and contact data (name, surname, telephone, e-mail address).
Can we do it without your consent?
Yes, to respond to your requests, to offer you services and assistance. The
processing is necessary for the fulfilment of pre-contractual measures (art. 6(b)
GDPR), as it is functional to provide the services of the site and to process any user
requests.

- How long do we keep this data?
The data will be stored until your account is closed, except where required by law (e.g. sales invoices). However, after two consecutive years of inactivity, your account may be disabled.

- E-commerce area
You can also buy our products on our site. In this case we will process your personal,
contact and payment data in order to send you your purchase.
- Can we process this data without your consent?
Yes, because we need them to perform a contract (Art. 6(b) GDPR).

- How long do we keep this data?
We keep this data for 10 years (Art. 2220 Civil Code).

- Newsletter
On the site you can also subscribe to our newsletter and in this case we will process
your name, surname and e-mail address.

CAN WE DO IT WITHOUT YOUR CONSENT?
Yes, because we are meeting your request (Art. 6(b) GDPR).

HOW LONG DO WE KEEP THIS DATA?
We will retain this data for 36 months after the last interaction. However, you can always
exercise your right to opt-out, in which case, you will no longer receive promotional
communications.


HOW DO WE PROCESS YOUR DATA?
Your data is processed using tools and procedures that guarantee its security and confidentiality, and may be processed both through our website and through other electronic tools (e.g. internal management systems) and sometimes even with the help of paper media. In addition to the Data Controller, in some cases, certain other parties involved in the organisation of this Web Site (administrative and sales staff, system administrators, etc.) or external parties (such as third-party technical service providers, hosting providers, IT companies, communication agencies, data entry agencies) appointed, in the cases provided for by law, as Data Processors by us, may have access to the data. You can obtain the full list of data processors by writing to us at rominas@legalmail.it.


WHERE IS YOUR DATA?
The processing we carry out with your personal data takes place on European soil. It is in any case understood that, should it become necessary, we will be entitled to transfer the data to countries outside the EU. In this case, we assure you as of now that the transfer of data outside the EU will take place in accordance with the applicable legal provisions by concluding, if necessary, agreements guaranteeing an adequate level of protection and/or by adopting the standard contractual clauses provided for by the European Commission and/or binding company regulations. Your browsing data (IP address), on the other hand, may be transferred outside the European Union and in particular to the United States (by way of example, Google) through the installation of cookies.


WHO HAS ACCESS TO YOUR DATA?
Your data may be made accessible to the Controller's employees and collaborators in their capacity as data processors and/or system administrators and/or other persons (by way of example: professional firms, advisers, software houses that supply us with management software, etc.) that perform outsourced activities on our behalf, in their capacity as external data controllers. In no way do we disseminate your data. The recipients of the processing, on the other hand, are those who receive communications of personal data from the Controller, but who, following such communication, act as autonomous controllers. These include:
- Instagram, TikTok and other platforms of the Controller. When you click on the social network and platform icons you will be redirected to pages outside the website and agree to share some of your data with te owners of that service. The information you share will then be governed by the privacy policies of the Social Network or Platform you choose.


WHAT ARE YOUR RIGHTS?
As a data subject, you have multiple rights. For instance, the right to obtain, in the cases provided for, access to your personal data and their rectification or deletion or the restriction of their processing or to object to their processing (to find out what your rights are, you can consult the Regulation in Articles 15 et seq.). To exercise your rights, you can instead write to us or telephone us at the contacts at the beginning of this notice.
- Right to complain
If you feel that the processing violates your rights in any way, you may lodge a complaint with the Data Protection Authority, checking the relevant procedures on the following website www.garanteprivacy.it. On the following page https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524 you can view the complaint form.
- Protecting the privacy of minors
This website is aimed at a general public, but its services are intended for persons aged 18 years and over. We do not request, collect, use or disclose personal data provided online by persons under 18 years of age. If we discover that we have personally collected data from a child, we will delete it immediately.