logo rc istituz pos

 

PRIVACY POLICY
Regulation (EU) 2016/679 – GDPR
Metropolitano Urban Center Roma - Events

This Privacy Policy is provided pursuant to Article 13 of Regulation (EU) 2016/679 (“General Data Protection Regulation” – GDPR) and explains how Roma Capitale processes personal data provided by data subjects in connection with activities and events hosted at the Metropolitano Urban Center Roma.

Roma Capitale processes personal data lawfully, fairly, and transparently, fully respecting fundamental rights and freedoms, with particular attention to confidentiality, personal identity, and data protection.

1. Data Controller

The Data Controller is:

Roma Capitale

Palazzo Senatorio – Via del Campidoglio 1, 00186 Rome (Italy)

Certified email (PEC): protocollo.gabinettosindaco@pec.comune.roma.it

An updated list of appointed Data Processors and System Administrators is available at the above address.

2. Data Protection Officer (DPO)

The Data Protection Officer (DPO) of Roma Capitale can be contacted at the following email address: dpo@comune.roma.it

3. Categories of Personal Data

Depending on the services requested and the activities carried out, the following personal data may be processed:

  • Identification and contact details (e.g. name, surname, email address, telephone number);
  • Photographic images and audio/video recordings taken during events;
  • Where event access requires identity verification, identity documents may be visually checked only, without copying, recording, or storing any data.

4. Purposes of Processing, Legal Basis and Retention

4.1 Event Management and Participation

Personal data are processed to manage registrations, participation, and all organizational, contractual, or legal obligations related to events.

  • Legal basis:

    Article 6(1)(b) and (c) GDPR – performance of a contract and compliance with legal obligations.

  • Retention period:

    Up to 30 days after the event.

4.2 Event Documentation and Promotion

Photographs and audio/video recordings taken during events may be used to document, communicate, and promote institutional initiatives organized by Roma Capitale and authorized entities (e.g. Risorse per Roma S.p.A.).

Close-up images of participants or speakers are used only with specific and explicit consent.

  • Legal basis:

    Article 6(1)(a) GDPR – consent.

  • Retention period:

    Until consent is withdrawn.

Images may be published on official websites and social media channels of Roma Capitale, Risorse per Roma, and/or Metropolitano Urban Center Roma.

General images of public events are processed in accordance with Article 97 of Italian Copyright Law (Law No. 633/1941) and will never be used in a way that may harm the dignity or reputation of the individuals portrayed.

4.3 Institutional Communications Personal data may be used to send updates, materials, and communications related to events the user has expressed interest in (e.g. newsletters or event-related emails).

With separate consent, data may also be used to inform users about future initiatives organized by Roma Capitale.

  • Legal basis:

    Article 6(1)(b) GDPR (event-related communications);

    Article 6(1)(a) GDPR (optional communications).

  • Retention period:

    Until consent is withdrawn.

5. Processing Methods and Security

Personal data are processed using paper-based and electronic tools, including automated systems, by authorized personnel only.

Roma Capitale adopts appropriate technical and organizational measures to ensure data security, confidentiality, integrity, and availability, in compliance with the principles of:

  • lawfulness and fairness;
  • purpose limitation;
  • data minimization;
  • accuracy and relevance.

6. Data Provision Requirements

Providing personal data for event management purposes is mandatory. Failure to do so will prevent participation in events or access to related services.

Data processing for documentation and communication purposes is optional and based on explicit consent. Refusal does not affect event participation.

7. Communication of Personal Data

Personal data may be shared with:

  • public authorities where required by law;
  • authorized employees and collaborators of Roma Capitale;
  • service providers and Data Processors appointed under Article 28 GDPR, including Risorse per Roma S.p.A.;
  • public or private entities where necessary to perform institutional activities.

Personal data are not publicly disclosed, except where legally required or expressly consented to.

8. Data Subject Rights

Data subjects may exercise their rights at any time, including:

  • access to personal data (art. 15 GDPR);
  • rectification or erasure (where applicable) (Artt.16-17 GDPR);
  • restriction or objection to processing (artt.18-21 GDPR);
  • withdrawal of consent.

Requests may be sent via certified email (PEC) to the addresses indicated above or to:

the Data Processor pursuant to art. 28 GDPR Risorse per Roma S.p.A.: risorseperroma@pec.rpr-spa.it

9. Right to Lodge a Complaint
Data subjects have the right to lodge a complaint with the Italian Data Protection Authority:

They may also seek judicial remedies under Article 79 GDPR.

 

Rev. 1.1 – 03.18.2026