Privacy Policy

The Data Controller is:

Romiltec S.r.l. - Innovative Startup (Startup Innovativa)
Registered office: Via Luciano Lama 44, 56012 Calcinaia (PI), Italy
Operational office: Via Provinciale Francesca Nord 92, 56020 Santa Maria a Monte (PI), Italy
VAT / Tax ID: IT02476290503
Share Capital: €10,000 fully paid
ATECO: 62.01 - Software production
Email: [email protected]

Pursuant to Article 37 of the GDPR, Romiltec S.r.l. is not required to appoint a Data Protection Officer (DPO) as it does not carry out large-scale processing of special categories of data nor systematic monitoring of data subjects as a core activity. For any questions regarding the protection of personal data, you may contact the Data Controller at [email protected].

2.1 Browsing data

The computer systems and software procedures used to operate the Website automatically collect certain personal data during normal operations. This data, inherent in the use of Internet communication protocols, includes: IP addresses, browser type, operating system, domain name, URI (Uniform Resource Identifier) of requested resources, request timestamps, method used to submit the request, response file size, and other parameters relating to the operating system and user's computing environment.

This data is used solely to obtain anonymous statistical information about Website usage and to ensure its proper functioning, and is deleted after processing. The data may be used to ascertain liability in the event of hypothetical cybercrimes against the Website.

2.2 Data voluntarily provided by the user

The voluntary, explicit sending of messages to the email address indicated on the Website, as well as the completion and submission of requests through integrated scheduling systems (Cal.com), involves the collection of the following personal data:

• First and last name
• Email address
• Company name and role (if provided)
• Timezone and availability
• Message content or booking notes

2.3 Data from chatbot interactions

The Website integrates "Chatty", a chatbot developed internally by Romiltec. Interacting with the chatbot involves the collection of messages sent by the user. The chatbot does not request nor process directly identifying data, unless the user voluntarily provides such information in the conversation.

2.4 B2B client data

In the context of service delivery, Romiltec processes business data of its clients, including: company name, fiscal and billing data, contact details of company representatives. Such processing is governed by the service agreement entered into with the client.

Once the retention periods have expired, data is deleted or irreversibly anonymised.

Personal data may be disclosed to:

• Data Processors - third parties that process data on behalf of the Controller pursuant to specific contractual agreements under Article 28 GDPR, including:
  • Hosting and cloud infrastructure providers
  • Cal.com (appointment scheduling service)
  • Email service providers
• Professional advisors - accountants, labour consultants, legal counsel, in fulfilment of contractual, accounting, tax and legal obligations
• Public authorities - when required by law or by order of a competent authority

Personal data will not be disseminated nor communicated to third parties for their own purposes without the data subject's consent.

Some of the data processors referred to in Section 5 may be established in countries outside the European Economic Area (EEA). In such cases, data transfers are carried out in compliance with the safeguards set out in Chapter V of the GDPR, including:

• Adequacy decisions - for transfers to countries that benefit from an adequacy decision by the European Commission (e.g. the EU-US Data Privacy Framework, decision of July 10, 2023)
• Standard Contractual Clauses (SCCs) - approved by the European Commission under Article 46(2)(c) GDPR, for transfers to countries without an adequacy decision

A copy of the safeguards adopted may be obtained by contacting the Data Controller at [email protected].

As a data subject, pursuant to Articles 15-22 of the GDPR, you have the right to:

• Access (Art. 15) - obtain confirmation as to whether your personal data is being processed and, if so, to access it
• Rectification (Art. 16) - obtain the rectification of inaccurate personal data or the completion of incomplete data
• Erasure (Art. 17) - obtain the erasure of personal data where one of the grounds provided by the GDPR applies
• Restriction (Art. 18) - obtain the restriction of processing in the cases provided by the GDPR
• Portability (Art. 20) - receive personal data in a structured, commonly used and machine-readable format
• Objection (Art. 21) - object at any time to the processing of personal data based on legitimate interest
• Withdrawal of consent (Art. 7(3)) - withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal
• Automated decision-making (Art. 22) - not be subject to decisions based solely on automated processing, including profiling, which produce legal effects. Romiltec does not carry out automated decision-making processes

To exercise your rights, simply send a request to [email protected]. The Data Controller will respond within one month of the request, extendable by a further two months in cases of particular complexity pursuant to Art. 12(3) GDPR.

Without prejudice to any other administrative or judicial remedy, a data subject who considers that the processing of their personal data infringes the GDPR has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali):

• Piazza Venezia 11, 00187 Rome, Italy
• Email: [email protected]
• PEC: [email protected]
• Website: www.garanteprivacy.it

The provision of browsing data is necessary for the functioning of the Website. The provision of data for contractual and pre-contractual purposes is necessary to fulfil the data subject's requests and to perform the contract; failure to provide such data will make it impossible for the Controller to fulfil the request or provide the services.

The provision of data for marketing purposes is optional, and withholding consent does not affect use of the Website or services.

The Data Controller reserves the right to amend this notice at any time by publishing the updated version on the Website. In the event of material changes, appropriate notice will be given to data subjects. We recommend checking this page periodically.