Privacy Policy

Last updated: 2 March 2026 In accordance with Art. 13 of Regulation (EU) 2016/679 (GDPR) and Legislative Decree 196/2003 as amended.

1. Data Controller

Vinoroma di Di Franco Maurizio Arsenio Piazza Francesco Morosini 12, 00153 Roma (RM), Italy P.IVA: 00951550946 | REA: RM-1763549 Email: ciao@vinoroma.com | PEC: maurizio.difranco@mypec.eu

2. Types of Data Collected

We collect the following categories of personal data:

• Navigation data: IP address, browser type, operating system, pages visited, time spent — collected automatically by our server and analytics tools.
• Data you provide voluntarily: Name, email address, and any other information submitted via contact forms, booking requests, or direct email.
• Cookie data: See Section 8 below for full details.

3. Purposes of Processing

Your data is processed for the following purposes:

• To respond to your enquiries and booking requests.
• To manage course registrations and communicate relevant information.
• To send newsletters or promotional communications (only with your explicit consent).
• To ensure the security of the website and prevent fraud.
• To analyse website traffic and improve user experience (analytics).
• To comply with legal, tax, and accounting obligations.

4. Legal Basis for Processing

• Consent (Art. 6.1.a GDPR): For newsletters, marketing emails, and non-essential cookies.
• Contract performance (Art. 6.1.b GDPR): When processing is necessary to fulfil a booking or course registration.
• Legitimate interest (Art. 6.1.f GDPR): For website security, fraud prevention, and basic analytics.
• Legal obligation (Art. 6.1.c GDPR): For accounting, tax, and administrative records.

5. How Data Is Processed

Personal data is processed electronically at the Controller’s registered office using systems and procedures that guarantee security, confidentiality, and integrity. All appropriate technical and organisational measures are in place to protect your data against unauthorised access.

6. Retention Period

• Contact enquiries: Retained for up to 2 years after the last interaction.
• Booking/Course registration data: Retained for 10 years for legal and accounting purposes.
• Navigation and server logs: Up to 12 months.
• Newsletter subscription: Until you unsubscribe.

7. Recipients and Third Parties

We may share your data with the following categories of recipients (Data Processors under Art. 28 GDPR):

• Web hosting and email service providers.
• Google LLC (Google Analytics): Data transfer outside the EU occurs under the EU-U.S. Data Privacy Framework and Standard Contractual Clauses.
• Our accountant (commercialista) for legal and tax obligations.
• We do not sell your personal data to third parties.

8. Cookie Policy

• Technical cookies (always active): Essential for the website to function correctly.
• Analytics & Marketing cookies: Only placed with your explicit consent via our cookie banner.
• You can change your choices at any time by clicking the cookie settings link in the footer.

9. Your Rights

Under the GDPR, you have the right to: Access (Art. 15), Correction (Art. 16), Erasure (Art. 17), Restriction (Art. 18), Portability (Art. 20), and Objection (Art. 21). You may lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) at www.garanteprivacy.it.

10. How to Exercise Your Rights

To exercise these rights, please contact us at ciao@vinoroma.com or maurizio.difranco@mypec.eu. We will respond within 30 days.