EN
  • IT
  • Privacy Policy

    Date of issue of the latest version of this Privacy Policy: 21s October 2019

    This Privacy Policy is governed by Regulation EU 2016/679 (“GDPR”) as well as by Legislative Decree No. 196 of 30 June 2003 (“Data Protection Code”). The GDPR and the Data Protection Code guarantee that the processing of personal data will be performed in respect of rights and fundamental freedom and dignity, with particular reference to confidentiality, personal identity and the right to protection of personal data.

    The joint data controllers, collectively the “Companies” or the “A.S. Roma Entities”, this policy refers to are:

    • A.S. Roma S.r.l., with registered offices in Rome, Italy, at P.le Dino Viola No. 1, - Tax Code and entry in the Register of Companies of Rome under No. 03294210582, VAT No. 01180281006; 
    • Soccer S.r.l., with registered offices in Rome, Italy, at Via Emilia 47 - Tax Code, VAT Number and entry in the Register of Companies of Rome under No. 09305501000

    The Companies act as joint data controllers and take your privacy seriously and understand the importance of maintaining the confidentiality of your personal data and other information stored about you. 

    The Companies are committed to ensuring the confidentiality, integrity and availability of your personal data, as well as to respect your privacy, in the course of its day-to-day activities and in compliance with applicable relevant data protection laws. 

    This privacy policy (the “Privacy Policy”) describes the values, principles of action, and behaviour of the Companies and are established in compliance with applicable Italian and European laws. 

    This Privacy Policy has been drafted in English and has been translated into Italian. In the event of any discrepancy between the English and the Italian text, the English text shall prevail and be used to solve doubts of interpretation. 


    APPLICATION OF THIS POLICY

    COLLECTION OF YOUR PERSONAL DATA

    FORMAT OF COLLECTION

    USE OF YOUR PERSONAL DATA

    SHARING AND DISCLOSING YOUR PERSONAL DATA

    TRANSFERING YOUR PERSONAL DATA

    RETAINING AND ARCHIVING YOUR DATA

    This Privacy Policy applies specifically to A.S. Roma Entities' processing of your personal data when you visit and use any A.S. Roma Entities’ website, social media profile and page, app or service which links to this Privacy Policy. This means information that identifies you personally such as your name, location, photo and contact details or data that can be linked with such information in order to identify you directly or indirectly. We refer to these websites, apps, social media profiles and pages and services in this Privacy Policy, collectively the “A.S. Roma Platforms”.

    This Privacy Policy also covers A.S. Roma Entities' collecting and processing of any personal data that A.S. Roma Entities' business partners share with the Companies.

    + COLLECTION OF YOUR PERSONAL DATA  

    A.S. Roma Entities collect and process personal data in respect of your use of and interactions with the A.S. Roma Platforms in order to provide you with a service, to respond to you and to publish and share information plus documents related to football and A.S. Roma. “Personal data” means any information that may be linked directly or indirectly to you as an individual. The types of Personal Data we may collect and process vary from A.S. Roma Platform to A.S. Roma Platform but can be summarised as follows: 

    (i)    Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender and ID number.

    (ii)    Contact Data includes billing address, delivery address, email address and telephone numbers.

    (iii)    Financial Data includes bank account and payment card details.

    (iv)   Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.

    (v)   Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access A.S. Roma Platforms.

    (vi)   Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.

    (vii)    Usage Data includes information about how you use A.S. Roma Platforms.

    (viii)   Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

    (ix)    Cookie and Device Data. Details can be found in Section 10.

    (x)    Other. Other information you may provide to us, for example photographs, competition entries.

    Some of the personal data requested on the A.S Roma Platforms such as your first and last name, telephone number, and e-mail address, may be marked as “mandatory” [e.g., indicated with an (*)] as they are necessary to access the services of the A.S Roma Platforms you wish to use (e.g., if you place an order). Failure to provide this data marked as “mandatory” will result in our inability to provide you the requested service (e.g., if you fail to give us your e-mail address, we cannot send you a newsletter). Failure to provide data marked as “optional” will not have any consequences. 


    + FORMAT OF COLLECTION
        

    We collect your personal data in a number of ways as described below.

    Information you give to us directly:

    We collect information on you where you:


    (i)    register an account with us (including via social media profiles such as Facebook and Google+) or log in and make changes to your online account;

    (ii)    register to receive marketing communications from us;

    (iii)    purchase products or service or tickets from us;

    (iv)    enter into a competition on A.S. Roma Platforms;

    (v)    interact with our social media profiles; and

    (vi)    contact us (including over the phone, or via email, post, live chat or social media messaging);

    (vii)      submit your application for a job position.


    Personal data we collect from third parties:

    We collect information on you from third parties, such as A.S. Roma Entities’ commercial and media partners and A.S. Roma Entities suppliers, where you:

    (i)    have a contract in place with such third parties which requires the transfer of your personal data to us; and/or

    (ii)    register through such third parties to receive marketing communications from us.


    Personal data we collect automatically:

     
    A.S. Roma Entities also automatically receive and record non-sensitive information on their technical infrastructure database about your computer when you visit A.S. Roma Platforms, regardless of whether you have registered for an account or not by just browsing our servers. The Companies may collect information about, including but not limited to, your Web browser software, your internet protocol (IP) address which identifies Your computer, our cookies, the referring website and the page you requested. The Companies may also collect information about your location, and your online activity on the A.S. Roma Platforms. Please refer to Section 10 for more details in relation to our use of cookies. 

    + USE OF YOUR PERSONAL DATA  

    The personal data we hold on you will be used in a number of ways depending on the A.S. Roma Platform as explained below. Under data protection laws we have to have a lawful basis for processing your personal data. We have indicated the lawful basis we rely on below in the headings.

    Where we rely on legitimate interest as this lawful basis, our legitimate interest is necessary for promoting our business, improving the services we offer to you and your experience when you interact with us, and ensuring effective operational management and internal administration of our business and the exercise of our rights.


    To fulfil contracts

    If you enter into a contract with us (for example to purchase a ticket, open an account, purchase a product or to enter into a competition) we need to process personal data in order to fulfil the contract by providing the services, processing payments and corresponding in relation to the same. If you do not provide the information to us, we may not be able to fulfil the contract and provide the products or services to you.

    If you submit an application for a job position offered in one of the A.S. Roma Entities, we need to process personal data in order to take steps at your request prior to entering into a contract. If you do not provide the information to us, we may not be able take in consideration your submission.

    Where we have your consent

     
    We ask for your consent to send you direct marketing communications relating to ticketing sales, merchandise sales, events, competitions, promotions, and other activities we run. You can choose to unsubscribe at any time as explained in ‘your rights’ below. In some limited circumstances, we do not need to obtain your consent for marketing as explained in the legitimate interest section below. 

    Where we have a legal obligation

    To protect, investigate, deter and report fraudulent, unauthorised or illegal activity. Where you are interested in purchasing tickets this includes the prevention of credit card fraud and the retention of certain payment details to enable refunds and for financial record keeping requirements.

    We are also under legal obligations in respect of health and safety, ensuring that individuals who have been banned do not attend our events and other requirements relating to the integrity of the sport. This may involve the processing of personal data about you and the disclosure of information to the police, state authorities and other bodies where required by law.


    Where we have a legitimate interest

    We may process your personal data where it is necessary for our legitimate interests as a business in the following situations:

    ·      Account management and record keeping and correspondence in relation to products and services you receive from us.

    ·      Fraud detection and checks.

    ·       To respond to any enquiries, information requests or complaints you make to us or that are made about you.

    ·       To inform you of upcoming events, promotions and community initiatives and communicate with you about these, where you have shown an interest.

    ·      To send you marketing communications by e-mail where we have a commercial relationship (for example where you pay us for tickets to an event or purchase items from our store) with you and you have not objected to receiving such communications from us.

    ·      To contact you for your views and feedback on our events and activities.

    ·      To assist with internal record keeping.

    ·       To provide you with, and maintain the quality of, our website and to analyse the use of our website in order to help guide improvements.

    ·      Profiling to enable better service and personalisation as explained in more detail below.

    ·      To assist in the prevention of or detection of a crime or equivalent malpractice.

    ·      To assist in the identification and prosecution of offenders.

    ·      To monitor the security of A.S. Roma Entities’ events, activities and stadia.


    Where we rely on legitimate interest as a ground for processing your personal data, we carry out an assessment to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests, before we go ahead with such processing. We keep a record of these assessments. You have a right to the personal data contained in these balancing tests on request and can find out more by contacting us using the details below.

    We may also use aggregate anonymised information in order to help us develop our services and may provide such information to third parties. This information cannot identify you.

    We may share your personal data with the parties set out below for the purposes set out above.

    ·      With our other group companies Soccer S.r.l. and Stadio TdV S.p.A., for internal reasons, primarily for business and operational purposes in line with this Privacy Policy.

    ·      With external third parties who perform functions on our behalf and who also provide services to us, such as professional advisors, technology providers and hosting companies; advertising companies and exchanges; analytics companies; payment providers; fraud and credit checking companies; companies which provide us with services instrumental to our personnel selection activities. These third parties comply with similar and equally stringent undertakings of privacy and confidentiality.

    ·      With external third-party data services; who help up to segment and understand our audience by providing additional information.

    ·      With external third-party advertisers (such as Facebook or Google) to help us identify customers similar to our audience or to serve relevant adverts to you on third party websites. The information shared with these advertisers is pseudonymised to protect your personal data.

    ·      With police and state authorities in particular to carry out security or administrative controls in relation to venues or events You have requested access to.

    ·      With external third parties, where the Companies. find that it is necessary, as determined in the Companies’ sole discretion, to investigate, prevent or take action regarding illegal activities, suspected fraud, emergency situations involving potential threats to the physical safety of any persons, violations of contractual obligations or as otherwise required by law.

    ·      Certain third parties pursuant to court orders or warrants.·      To third parties where you give us express permission to share your personal data in the course of your relationship with us from time to time.

    A.S. Roma Entities will not sell, rent or transfer your personal data to third parties without your consent and for reasons other than those consistent with the purpose for which the data were originally collected or for other purposes authorised by law.


    + TRANSFERING YOUR PERSONAL DATA  

    The Companies may transfer and process your data anywhere in the world where we maintain data processing operations. We shall at all times ensure we provide an adequate level of protection for the Customer Data processed, in accordance with the requirements of data protection regulations.

    To the extent that we process any Personal Data protected by the GDPR in a country that has not been designated by the European Commission as providing an adequate level of protection for your data, we will provide adequate protection (within the meaning of GDPR) for your data by working with Data Processors who have self-certified its compliance with Privacy Shield principles or by assuring adequate safeguards according to the GDPR .

    Personal data processed by the Companies will be retained only for as long as is necessary to fulfil the purposes outlined above in this Privacy Policy. This will generally (but not in all cases) be for the duration of time where you utilise our services, to comply with our legal obligations or to protect A.S. Roma Entities’ rights. When determining the relevant retention periods for your personal data, we will take into account factors including: 

    ·      our contractual obligations and rights in relation to the personal data involved;

    ·      legal obligation(s) under applicable law to retain data for a certain period of time;

    ·      statute of limitations under applicable law(s) which is the period during which contractual claims could be brought, being 10 years in Italy;

    ·      our legitimate interests where we have carried out balancing tests (see section on ‘How do we use your personal data’ above);

    ·      (potential) disputes; and

    ·      guidelines issued by relevant data protection authorities.

     
    + THE RIGHTS YOU HAVE TO YOUR DATA  

    By law, you have a number of rights (subject to certain conditions) when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country. 


    Rights

    What does this mean?
     Your right to object to processing

    You have the right to object to certain types of processing, including processing based on the legitimate interest of the Companies or processing for direct marketing purposes (i.e. if you no longer want to be contacted with potential offers or opportunities). Unsubscribing from newsletters and e-mail marketing communications can most easily be done by clicking on the unsubscribe link at the bottom of any e-mail newsletter we have sent to you or, alternatively, by modifying your account settings and preferences.

     Your right to be informed

    You have the right to be provided with clear, transparent and easily understandable information about how we use your personal data and your rights. This is why we are providing you with the information in this Privacy Policy.

     Your right to Access your personal data

    You have the right to obtain access to your personal data (if A.S. Roma Entities are processing it), and certain other information (similar to that provided in this Privacy Policy).

    This is so you are aware and can check that we are using your personal data in accordance with data protection law.



    Your right to Update and Rectification


    You are entitled to have your personal data corrected if it is inaccurate or incomplete.

    You are generally able to review, correct or update your personal data at any time by accessing your account on any A.S. Roma Platform where it has been created. However, you may choose to send us a written request to do so on your behalf at any time.


     The right to erasure


    This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your personal data where there is no compelling reason for the Companies to keep using it. This is not a general right to erasure, there are exceptions.

    You are generally able to delete your personal data at any time by accessing your account on the A.S. Roma Platform where it was created. However, you may choose to send us a written request to do so on your behalf at any time.

     Your right to restrict processing

    You have rights to ‘block’ or suppress further use of your personal data. When processing is restricted, the Companies can still store your personal data, but will not use it further. We keep lists of people who have asked for further use of their personal data to be ‘blocked’ to make sure the restriction is respected in future.

     Your right to data portability

    You have rights to obtain and reuse your personal data for your own purposes across different services.

     Your right to lodge a complaint

    You have the right to lodge a complaint about the way the Companies handle or process your personal data with your national data protection regulator by contacting the applicable data protection regulator directly. 

     Your right to withdraw consent
    If you have given A.S. Roma Entities your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.



    You can exercise any of these rights by contacting us in writing (including via email or regular mail) on the details below. Please note that we may require to receive a proof of your identity before we can respond to your request.

    Email:  privacy@asroma.it

    Mail:


    Data Office
    AS ROMA S.P.A.
    Piazzale Dino Viola, 1
    00128 Roma
    Italy


    We usually act on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:

    ·   baseless or excessive/repeated requests, or

    ·   further copies of the same information.

    A.S. Roma Entities may refuse, restrict or defer the provision of information where the Companies have the right to do so under current data protection legislation.

    Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will come back to you and let you know.


    OUR APPROACH TO DATA SECURITY

    We want you to feel confident about using the A.S. Roma Platforms. Therefore, the Companies define and implement the reasonable technical and organisational measures necessary to maintain the security of personal data, according to the nature of the personal data processed and the circumstances of the processing, with the objective of avoiding (in the realm of the possible and having regard to the state of the art) non-authorised processing or access, alteration or loss (to ensure confidentiality, integrity and availability respectively).

    The Companies use industry standard SSL encryption to protect data transmissions. If You communicate with the Companies in any format other than via A.S. Roma Platforms (e.g. by e-mail), You should be aware that the secrecy of the Internet is uncertain. By sending sensitive or confidential e-mail messages or information which are not encrypted, you accept the risk of such uncertainty and possible lack of confidentiality over the Internet.

    Identity theft and the practice currently known as “phishing” are of great concern to the Companies. Safeguarding information to help protect You from identity theft is a great concern. A.S. Roma Entities do not and will not, at any time, request your credit card information, your account ID, login password or national identification numbers in a non-secure or unsolicited e-mail or telephone communication.


    ABOUT COOKIES

    Cookies are text files that are placed on your computer and may be used to store your information. The Companies use cookies to provide you with content specific to your interests and track your use of A.S. Roma Platforms. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the A.S. Roma Platforms may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy here.


    ABOUT PROFILING

    We may use the personal data you provide to us to better understand your interests so we can try to predict what other products, services and information you might be most interested in. We call this profiling. This enables us to tailor our communications and those of our third parties to make them more relevant and interesting for you.

    If you don’t want us to do this you may opt-out here http://www.networkadvertising.org/choices/, or http://www.aboutads.info/or, for EU users only here: http://youronlinechoices.eu/. You may also use your right to object set out in Section 8 above.

    We do not use your personal data to make automated decisions about you that may have legal effects or otherwise significantly impact you.


    PRIVACY FOR CHILDREN

    The protection of personal data of children and adolescents is of particular concern to the Companies. The A.S. Roma Platforms and their content are not directed at children under the age of fourteen (14). The Companies recommend that parents discuss the use of the Internet and the provision of personal data on websites with their children before allowing minors between fourteen (14) and sixteen (16) to register.

    A.S. Roma Entities will not knowingly collect personal data from or about children under fourteen (14). If a parent or legal guardian becomes aware that his or her child under fourteen (14) has registered as a user without their consent, he or she should delete the relevant account or if this is not possible, inform the Companies immediately. If the Companies become aware that a child under fourteen (14) has registered as a user, their access as a user will immediately be denied and their account deleted as quickly as possible (including all personal data associated with that account).

    If you believe that the Companies might have any personal data from or about a child under thirteen (13), please notify the Companies in writing by email to privacy@asroma.itor mail to Roberto Aiello, A.S. Roma S.r.l., P.le Dino Viola No. 1, Rome, Italy.


    OUR DATA PROTECTION OFFICER

    The Data Protection Officer appointed by A.S. Roma S.r.l. and Soccer S.r.l. can be contacted at the e-mail address: dpo@asroma.it.

    LINKS TO OTHER SITES

    If any part of the A.S. Roma Platforms link to other websites, those websites do not operate under this Privacy Policy. If you choose to visit an advertiser or click on another third party link, you will be directed to that third party’s website. We do not exercise control over third party websites and therefore recommend you examine the privacy statements posted on these other websites to understand their procedures for collecting, using and disclosing personal data.

    PRIVACY POLICY CHANGES

    The Privacy Policy is available at any time through the A.S. Roma Platforms and may be amended from time to time. We shall place an updated version on the applicable page of the A.S. Roma Platforms. The applicable A.S. Roma Platform may also provide notices of changes to this Privacy Policy or other matters by displaying notices or links to notices to you generally on or within the A.S. Roma Platforms.

    You are responsible for regularly reviewing this Privacy Policy. A.S. Roma Entities reserve the right to change this Privacy Policy at any time without prior notice to you. We will however notify you where we have made significant changes and where we have a relationship with you.


    CONTACT US

    If you have any questions about this Privacy Policy, please contact us on the details below. If you are not satisfied with our response to a complaint you have made, or think we are not complying with data protection law, you can make a complaint to the data protection regulator of the Member State of your habitual residence, place of work or place of the alleged infringement.

    Email:
    privacy@asroma.it
    Mail:

    Data Office
    AS ROMA S.P.A.
    Viale Tolstoj, 4
    00144 Roma
    Italy

    The full text of Regulation EU 2016/679 is available on the Website of the Italian Data Protection Authority (www.garanteprivacy.it).