Privacy Policy

Regulation 679/2016/EU

Information for Data Subjects – Tourist Virtual Assistant (TVA) for consulting data of interest

Pursuant to Article 13 of Regulation 679/2016/EU "General Data Protection Regulation", we inform you that Roma Capitale processes the personal data you have provided and freely communicated. Roma Capitale ensures that the processing of your personal data is carried out in compliance with fundamental rights and freedoms, as well as your dignity, with particular reference to confidentiality, personal identity, and the right to the protection of personal data.

1. Data Controller of personal data (Art. 13.1.a Regulation 679/2016/EU)

   The Data Controller of personal data is Roma Capitale. As of today, all information regarding the Data Controller, along with the updated list of Data Processors and System Administrators, is available at Palazzo Senatorio, via del Campidoglio 1, 00186 Rome; PEC: protocollo.gabinettosindaco@pec.comune.roma.it.

2. Data Protection Officer (DPO) / Data Protection Manager (DPM) (Art. 13.1.b Regulation 679/2016/EU)

   The Data Protection Officer (DPO) of Roma Capitale can be reached at the following email address: dpo@comune.roma.it

3. Purposes of personal data processing and legal bases (Art. 13.1.c Regulation 679/2016/EU)

   1. For the purposes of the normal functioning of the TVA, the Data Controller may process the personal data contained within the requests addressed to the chatbot, including the collection of the history of interactions held by the user through all the contact channels activated, with the aim of offering citizens and tourists useful services and information already offered through other more traditional public channels. For this purpose, the Data Controller may also process personal data belonging to the categories referred to in articles. 9 and 10 of Regulation 679/2016/EU, if they are freely and autonomously provided by the interested party within the requests addressed to the chatbot and exclusively to the extent that such data are necessary to provide the information and/or services requested in this way.
      The legal basis of the processing described above is, therefore, the exercise of a task of public interest or connected to the exercise of public powers with which the Data Controller is invested (Article 6.1.e, Article 9.2.g Regulation 679/2016/EU).
   2. In order to have more targeted support and/or open a report to an operator of 060606/060608, the Data Controller may also record, enter and manage some personal data of the users through the CRM of Roma Capitale (mandatory: e-mail address, mobile number, name, surname, nationality; optional: personal identification code, period of stay, place of stay). For this purpose, the chatbot interface does not allow the insertion or collection of such data, but rather provides the user with a registration link that will redirect him/her to the CRM of Roma Capitale.
      This additional service will be provided exclusively upon the release, by the interested party, of his/her free, specific, informed and unequivocal consent (article 6.1.a and article 9.2.a EU Reg. 679/2016).

4. Methods of personal data processing

   The processing of your personal data takes place at the offices and premises of the Data Controller or, if necessary, at the subjects indicated in paragraph 6, using both paper and electronic means, by telephone and telematic means, including automated tools designed to store, manage, and transmit the data, with the observance of all precautionary measures that ensure their security and confidentiality.
   The processing takes place through a generative artificial intelligence chatbot, but the data of the interested party are in no case used for training the same or for purposes other than those described above.
   The processing will be carried out in such a way as to minimize the risk of destruction or loss, unauthorized access, or processing not in accordance with the purposes of the data collection. Your personal data are processed:

   • in compliance with the principle of data minimization, pursuant to Articles 5.1.c and 25.2 of Regulation 679/2016/EU;
   • lawfully and fairly.

   Your data are collected:

   • for specified, explicit, and legitimate purposes;
   • accurate and, if necessary, updated;
   • relevant, complete, and not excessive in relation to the purposes of the processing.

5. Nature of the collection and consequences of any failure to provide personal data (Art. 13.2.e Regulation 679/2016/EU)

   The provision of your personal data is mandatory for the purposes set out in paragraph 3. However, failure to provide such data may result in the failure to provide the requested service, its correct performance and any legal obligations. Your data is stored at the Offices and Services of Rome Capital and external conservators. If necessary, your data may also be stored by the other parties indicated in paragraph 6.

6. Communication and dissemination of personal data (Art. 13.1.e Regulation 679/2016/EU)

   Your personal data, if necessary, may be communicated (meaning to make it known to one or more specific subjects) to:

   • subjects whose right to access the data is recognized by law, secondary and community regulations;
   • collaborators, employees, and consultants of Roma Capitale, within the scope of their duties and/or any contractual obligations;
   • suppliers, including Data Processors designated pursuant to Art. 28 of Regulation EU 2016/679, acting on behalf of Roma Capitale;
   • natural and/or legal persons, public and/or private, when communication is necessary or functional to the activities of Roma Capitale in the ways and for the purposes outlined above.

   Your personal data will not be disseminated in any way, meaning to make it known in any way to an indeterminate number of subjects, except for legal obligations.

7. Criteria used to determine the retention period (Art. 13.2.a Regulation 679/2016/EU)

   The personal data of the interested party subject to the processing processed in the normal use of the chatbot will be stored for a maximum of 24 hours from the provision and, in any case, only for the time necessary to recover the conversation with the user. Where the user decides to proceed with the registration as explained in point b) of paragraph 3, for which the user has given consent, the data will be stored prior to the revocation of consent by the interested party and, in any case, for the period necessary to comply with the terms of the regulations in force on the matter (90 days).

8. Rights of the Data Subject (Art. 13.2.b Regulation 679/2016/EU)

   It is communicated that, at any time, the data subject can exercise:

   • the right to request from the Data Controller, pursuant to Art. 15 Reg. 679/2016/EU, access to their personal data;
   • the right to request from the Data Controller, pursuant to Art. 16 Reg. 679/2016/EU, to rectify their personal data, where this does not conflict with the current regulations on the retention of the data;
   • the right to request from the Data Controller, pursuant to Art. 17 Reg. 679/2016/EU, to delete their personal data, where this does not conflict with the current regulations on the retention of the data;
   • the right to request from the Data Controller, pursuant to Art. 18 Reg. 679/2016/EU, to limit the processing of their personal data;
   • the right to object to the processing, pursuant to Art. 21 Reg. 679/2016/EU.

   The above rights can be exercised by contacting the address supporto.julia@comune.roma.it

9. Right to lodge a complaint (Art. 13.2.d Regulation 679/2016/EU)

   It is noted to the data subject that they have the right to lodge a complaint with a supervisory authority (in particular with the Italian Data Protection Authority www.garanteprivacy.it).