Curtains: exclusive promotion - Find your nearest dealer and discover the offer

Privacy Policy

Your personal data is safe on viaroma60.it - Our data protection policy ensures that personal data is used exclusively for order management and thus for the shipment of ordered products, as well as for communications regarding orders, returns, cancellations, payments, and billing.
We also guarantee that the provided email addresses will never be disclosed to third parties but exclusively used for sending newsletters and promotions related to our business.

All data provided to VIA ROMA 60 on the website pages accessible at the internet address https://www.viaroma60.it at the time of registration and subsequently for the use of services provided by VIA ROMA 60 from time to time will be processed in compliance with the provisions of Legislative Decree 196/2003 on the protection of personal data (“Privacy Code”) and Article 13 of EU Regulation no. 2016/679 (hereafter, “GDPR”).

VIA ROMA 60, a brand of Gruppo Carillo S.p.A., CF and VAT 03192251217 (hereafter, “Data Controller”), as data controller, informs you pursuant to art. 13 of Legislative Decree 30.6.2003 no. 196 (hereafter, “Privacy Code”) and art. 13 of EU Regulation no. 2016/679 (hereafter, “GDPR”) that your data will be processed as follows:
 
1. Subject of the Processing
The Data Controller processes personal, identification data (e.g., name, surname, company name, address, phone, email, bank, and payment details) - hereafter, “personal data” or “data” - provided by you upon concluding contracts for the services of the Data Controller.
 
2. Purpose of the Processing
Your personal data are processed:
2.A) without your explicit consent (art. 24 lett. a), b), c) Privacy Code and art. 6 lett. b), e) GDPR), for the following Service Purposes:
- to conclude contracts for the services of the Data Controller;
- to fulfill pre-contractual, contractual, and tax obligations deriving from relationships with you;
- to comply with legal obligations, regulations, EU legislation, or an order from an Authority (e.g., in matters of anti-money laundering);
- to exercise the rights of the Data Controller, e.g., the right of defense in court;
- mandatory obligations for tax and accounting purposes;
- post-sales assistance;
- dispute management;
- customer management;
- quality management;
- activity scheduling;
- customer satisfaction assessment;
2.B) Only with your specific and distinct consent (art. 23 and 130 Privacy Code and art. 7 GDPR), for the following Marketing Purposes:
to send you, via email, postal mail, and/or SMS and/or telephone contacts, newsletters, commercial communications, and/or advertising materials on products or services offered by the Data Controller and assess the satisfaction with the quality of services;

Please note that if you are already our customer, we may send you commercial communications related to services and products similar to those you have already used, unless you object (art. 130 c. 4 Privacy Code).
The processing of data necessary to fulfill these obligations is essential for proper management of the relationship, and its provision is mandatory for implementing the purposes indicated above. The Data Controller also informs that any failure to communicate, or incorrect communication, of any required information may prevent the Data Controller from ensuring the proper handling of the processing.
All processing is carried out in accordance with the methods set out in articles 6, 32 of the GDPR, adopting the necessary security measures.

The confidentiality of the data provided by users is a fundamental prerogative of the company, which is committed to adopting the most appropriate measures to prevent the loss, appropriation, and disclosure of the user’s personal information, to prevent unauthorized uses.
To this end, the company is committed to constantly adopting and implementing all means and technologies aimed at protecting such information.

However, given the scope and complexity of web-connected IT systems, as well as the impossibility of guaranteeing complete protection of data transmissions, the company cannot ensure complete confidentiality of information received or sent through the server to the user.
By accepting this privacy policy, the user releases the company from any liability if the security system is breached.
 
3. Processing Methods
Your personal data are processed through the operations specified in art. 4 Privacy Code and art. 4 no. 2) GDPR, specifically: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data. Your personal data are processed both in paper and electronic and/or automated form.
The Data Controller will process personal data for the time necessary to fulfill the purposes mentioned above and, in any case, for no more than 10 years from the end of the relationship for Service Purposes and no more than 2 years from the data collection for Marketing Purposes.
 
4. Data Access
Your data may be made accessible for the purposes in art. 2.A) and 2.B):
- to employees and collaborators of the Data Controller, as persons in charge and/or internal data processors and/or system administrators;
- to third-party companies or other entities (such as banks, professional firms, consultants, etc.) performing outsourcing activities on behalf of the Data Controller as external data processors.
 
5. Data Communication
Without requiring explicit consent (ex art. 24 lett. a), b), d) Privacy Code and art. 6 lett. b) and c) GDPR), the Data Controller may communicate your data for the purposes in art. 2.A) to Supervisory Bodies (such as IVASS), judicial authorities, insurance companies for the provision of insurance services, and those entities required by law to perform the said purposes. These entities will process data as independent data controllers.
Your data will not be disseminated.
Your data will be communicated exclusively to competent persons duly appointed for the necessary services to manage the relationship, ensuring the protection of the rights of the data subject.
Your data will be processed solely by authorized personnel of the Data Controller, specifically in the following departments:
- Marketing Department
- Administration and Accounting Department
- Customer Service Department
- Programmers and Analysts
- Commercial Department
Your data may be communicated to duly appointed third-party Data Processors, specifically:
- Google Tag Manager: Analytics/Measurement, Content Personalization, Optimization;
- Couriers, Logistics companies, carriers;
- consultants and freelancers, even as a group;
- banks, credit institutions, online payment systems;
Disclosure: Your personal data will not be disclosed in any way.

6. Retention Period
Please note that, in compliance with the principles of lawfulness, purpose limitation, and data minimization, pursuant to art. 5 GDPR, the retention period of your personal data is:
- set for a period no longer than necessary to fulfill the provided services
- set for a period no longer than necessary to achieve the purposes for which they are collected and processed and in compliance with mandatory legal requirements
- set for a period no longer than necessary to achieve the purposes for which they are collected and processed for executing and fulfilling contractual purposes.
 
7. Cookie Management
If you have doubts or concerns about the use of cookies, you can always intervene to prevent their setting and reading, for example, by changing the privacy settings within your browser to block certain types of cookies.
Since each browser - and often different versions of the same browser - differ significantly, if you prefer to act independently through your browser preferences, you can find detailed information on the necessary procedure in your browser's help guide. For an overview of the actions required for the most common browsers, you can visit www.cookiepedia.co.uk.
Advertising companies also allow you to opt out of receiving targeted ads if desired. This does not prevent cookies from being set, but it stops the use and collection of some data by these companies.
For more information and options to opt out, visit www.youronlinechoices.eu/.
You have the right to obtain from the Data Controller the deletion (right to be forgotten), limitation, updating, rectification, portability, and objection to the processing of personal data concerning you, and in general, to exercise all the rights provided for in Articles 15, 16, 17, 18, 19, 20, 21, 22 of the GDPR.

8. Data Transfer
Personal data are stored on servers located within the European Union. In any case, the Data Controller reserves the right, if necessary, to transfer the servers outside the EU. In such cases, the Data Controller assures that the transfer of data outside the EU will comply with applicable legal provisions, subject to the conclusion of the standard contractual clauses provided by the European Commission.

9. Nature of Data Provision and Consequences of Refusal to Respond
The provision of data for the purposes mentioned in art. 2.A) is mandatory. In their absence, we cannot guarantee the Services in art. 2.A).
The provision of data for the purposes mentioned in art. 2.B) is optional. You may, therefore, decide not to provide any data or later deny the possibility of processing data already provided: in this case, you will not receive newsletters, commercial communications, and advertising material related to the services offered by the Data Controller. However, you will continue to be entitled to the Services referred to in art. 2.A).

10. Rights of the Data Subject
As a data subject, you have the rights under art. 15 GDPR, namely the right to:
1. obtain confirmation of whether or not personal data concerning you exist, even if not yet recorded, and their communication in an intelligible form;
2. obtain information on the origin of personal data, processing purposes and methods, logic applied in case of processing with the aid of electronic instruments, identification details of the Data Controller, data processors, and designated representatives pursuant to art. 5, paragraph 2 of the Privacy Code and art. 3, paragraph 1, GDPR, entities or categories of entities to whom personal data may be communicated or who may become aware of it as designated representatives within the State's territory, data processors, or persons in charge;
3. obtain:
a) updating, rectification, or, when interested, integration of data;
b) deletion, anonymization, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which they were collected or subsequently processed;
c) certification that the operations under letters a) and b) have been notified, also as regards their content, to those to whom the data have been communicated or disseminated, except in cases where this proves impossible or involves a manifestly disproportionate use of means with respect to the protected right;
4. object, in whole or in part:
a) for legitimate reasons, to the processing of personal data concerning you, even if pertinent to the collection purpose;
b) to the processing of personal data concerning you for sending advertising or direct sales material or for market research or commercial communications, through the use of automated call systems without operator intervention via email and/or through traditional marketing methods via phone and/or postal mail.
Where applicable, you also have the rights referred to in Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to limitation of processing, right to data portability, right to object), as well as the right to complain to the Authority.
 
11. How to Exercise Your Rights
You can exercise your rights at any time by sending:
a registered letter to Gruppo Carillo S.p.A. Via S. Leonardo Trav. Migliaro, 80 (SA);
or an email to privacy@gruppocarillo.com.

Privacy Policy

Personal Data Processing Information
This Privacy Policy aims to describe the methods of managing the website https://www.viaroma60.it/en (hereinafter referred to as “Website”) with regard to the processing of users' personal data. This is general information provided in compliance with art. 13 of Regulation (EU) 2016/679 concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data (hereinafter referred to as “Regulation”) to all users who consult and/or register and, more generally, interact with the services provided through the Website by Gruppo Carillo S.p.A., with registered office at Via Bosco Fangone - Località Interporto di Nola - Lotto H – Blocco F – Mod. 1 - 80035 NOLA (Na) (hereinafter also referred to, for brevity, as “the Controller”). In this notice, we will explain the purposes and methods by which the Controller collects and processes your personal data, the categories of data that are processed, the rights of the data subjects regarding the processing, and how they can be exercised. This notice is provided exclusively for this Website; therefore, GRUPPO CARILLO S.P.A. does not assume any responsibility for other websites possibly accessed through hyperlinks on the same site. Users, by using this Website, accept this notice and are, therefore, invited to read it before providing personal information of any kind.
Categories of Personal Data
a. Browsing Data
The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature, it could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, addresses in URI (Uniform Resource Identifier) notation of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment. These data are used solely to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. Data could be used to ascertain liability in case of hypothetical computer crimes against the site.
b. Data Voluntarily Provided by the User
Notwithstanding the above regarding browsing data, the Controller will acquire any personal data provided by the user through the Website to access the restricted area of the site or to make requests via email. For example, the Website will acquire the user’s name, surname, email address, and any other information, including personal information, that is communicated directly by the data subject. Through the Website, the Controller will not acquire sensitive data or data belonging to special categories under art. 9 of Regulation (EU) 2016/679 or data related to criminal convictions or offenses.
c. Data Acquired When Using Services
The Controller may also acquire certain personal data related to the user when using services offered by GRUPPO CARILLO S.P.A. through the restricted area of the Website. This data includes: name, surname, date of birth, residence address, shipping address, home phone number, mobile phone number, personal email address, and all data required if invoicing is requested. Credit card data (card number, cardholder name, expiration date, security codes) will be acquired by the payment service provider, which will act as an independent Controller. These data will be acquired in encrypted format and in compliance with security requirements according to industry certifications. Providing certain data necessary for managing the contractual relationship may be considered optional, while providing the data necessary to fulfill administrative, legal, or tax obligations related to your purchases is mandatory. Therefore, any refusal to provide such data will prevent the fulfillment of your orders. The above-mentioned personal data will be processed by the Controller exclusively for the purposes and within the limits indicated in the following paragraph.
Purposes and Legal Basis of Processing
a. for the provision of requested services
The data indicated in the previous paragraph, point b), will be processed by the Controller to allow you to register on the Website and use the services specifically connected to it. Therefore, the data will be processed to execute the existing legal relationship with the Controller. Providing such data is necessary.
b. for marketing purposes
With your specific consent, GRUPPO CARILLO S.P.A. may process your data to send commercial communications through automated systems (e.g., email, SMS, app notifications) and traditional systems (e.g., postal mail). The data mentioned in the previous paragraph, point b), will be used for this processing purpose. The consent given can be revoked at any time in the following ways:

  • via the specific link at the bottom of any promotional email sent by the site lacasaitaliana.com;
  • by sending an email to info@viaroma60.it;
  • by accessing the "contact us" section within the site and submitting a specific request for deletion/modification of the agreed preferences or by writing to Gruppo Carillo S.p.A., at Via Bosco Fangone - Località Interporto di Nola - Lotto H – Blocco F – Mod. 1 - 80035 NOLA (Na);

Consent can also be revoked concerning only automated contact systems.
c. for profiling purposes
With your specific consent, Gruppo Carillo S.p.A. may process your data to understand your habits and interests and offer you products and services that you might like. For this purpose, the Company may process the data mentioned in the previous paragraph, points b) and c). The consent given can be revoked at any time in the following ways:

  • via the specific link at the bottom of any promotional email sent by the site lacasaitaliana.com;
  • by sending an email to info@viaroma60.it;
  • by accessing the "contact us" section within the site and submitting a specific request for deletion/modification of the agreed preferences or by writing to Gruppo Carillo S.p.A., at Via Bosco Fangone - Località Interporto di Nola - Lotto H – Blocco F – Mod. 1 - 80035 NOLA (Na);
    d. for the communication of your data to third parties for marketing purposes
    With your specific consent, Gruppo Carillo S.p.A. may communicate your data to third parties who may process them to send their own commercial communications through automated systems (e.g., email, SMS, app notifications) and traditional systems (e.g., postal mail). The data mentioned in the previous paragraph, point b), will be used for this processing purpose. The consent given can be revoked at any time in the following ways:
  • via the specific link at the bottom of any promotional email sent by the site lacasaitaliana.com;
  • by sending an email to info@viaroma60.it;
  • by accessing the "contact us" section within the site and submitting a specific request for deletion/modification of the agreed preferences or by writing to Gruppo Carillo S.p.A., at Via Bosco Fangone - Località Interporto di Nola - Lotto H – Blocco F – Mod. 1 - 80035 NOLA (Na);
    Categories of entities to whom personal data may be disclosed and purposes of the disclosure
    The Controller may disclose, for the same purposes, some of your personal data to third parties, who will process your personal data as Data Processors. The list of Data Processors can be requested from the Controller at any time by writing to info@viaroma60.it.

Data Retention Period and Duration of Processing
Your Personal Data will be processed by automated tools for the time strictly necessary to achieve the purposes for which they were collected. In particular, Personal Data concerning your personal information will be processed:

  • in the event of purchases on the Site, for a maximum period of ten years from the conclusion of the contract; if no purchase is made, for a maximum period of 24 months for direct marketing purposes, and for a maximum period of 12 months for profiling purposes (in accordance with the Privacy Authority’s decision of February 24, 2005). Gruppo Carillo S.p.A. will retain Log Files and IP addresses for the longest limitation period provided by law for online fraud.

Data Subject’s Rights - Information and Access to Personal Data
We inform you that, in accordance with current legislation, you may exercise, where applicable, the following rights towards the Controller:
Right of access - (Article 15 EU GDPR)
The data subject has the right to obtain confirmation as to whether or not personal data concerning them are being processed and, if so, the right to access such data and information concerning the purposes of the processing, the categories of personal data involved, the recipients or categories of recipients to whom the data have been or will be disclosed.
Right to rectification - (Article 16 EU GDPR)
The data subject has the right to obtain the correction of inaccurate personal data concerning them without undue delay. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by providing an additional declaration.
Right to erasure - (Article 17 EU GDPR)
The data subject has the right to obtain the erasure of personal data concerning them without undue delay, and the data Controller has the obligation to erase personal data without undue delay.