Privacy Policy

PERSONAL DATA PROCESSING POLICY pursuant to Art. 3 of Regulation (EU) 2016/679

Controller details
FITALOG SERVICE Soc. Coop. as Data Controller of your personal data, pursuant to and in accordance with Regulation (EU) No. 2016/679, hereinafter the GDPR, hereby informs you that the above-mentioned law provides for the protection of data subjects regarding the processing of personal data and that such processing shall be based on principles of correctness, lawfulness, transparency and protection of your privacy and your rights. Your personal data will be processed in accordance with the legislative provisions of the above-mentioned regulation and the confidentiality obligations set forth therein.

Processing purposes
We would like to inform you that your data will be processed for the following purposes:

The processing of functional data for fulfilling these obligations is necessary to correctly manage the existing service contract and the granting thereof is mandatory for implementing the purposes indicated above. The Controller also informs you that any failure to communicate, or any incorrect communication, of one of the mandatory pieces of information, may make it impossible for the Controller to ensure the congruity of the processing itself.

Type of data
The data processed, where the existing relationship requires it, are: personal data. In any case, all these data are processed in compliance with the above-mentioned law and the duty of confidentiality that has always inspired the company’s activities.

Legal basis
The data are processed for the above-described purposes in order to implement the service contract and, where required, to fulfil a contractual, legal, regulatory, or statutory obligation, as well as to comply with provisions issued by authorities that have the power to do so and by monitoring and control bodies. Therefore, any refusal to provide these data, in whole or in part, may render it impossible to provide the services requested.

Processing methods
Your personal data may be processed in the following ways and using the following means:

We would also like to specify that:
The collection of personal data is limited to the minimum necessary for each specific processing purpose.
All processing occurs in compliance with the methods referred to in Arts. 6 and 32 of the GDPR and via the adoption of the appropriate security measures required. The processing is done through operations that are performed with or without the use of electronic tools and consists in: collecting, recording, organising, storing, consulting, analysing, altering, selecting, extracting, comparing, using, interconnecting, blocking, communicating, deleting, and destroying data. The processing is undertaken by the controller and by its authorised parties or external processors, who have all been expressly authorised in advance by the controller and appropriately trained.

Without prejudice to communications made to fulfil legal and contractual obligations, all the data collected and processed may only be communicated for the purposes indicated above and to the following categories of concerned parties:

Associate and registered members
In managing your data, in addition, only people authorised and/or internal and external processors identified in writing and to whom specific, written instructions have been provided regarding the data processing may learn about them. Your personal data will, in addition, only be transferred for the purposes set out above, to EU countries, the United Kingdom, Switzerland and, on an exceptional basis, countries outside the EU, for the sole purpose of correctly providing the service you have requested from our company.

Storage period
Please note that, in compliance with the principles of lawfulness, purpose limitation, and data minimisation, pursuant to Art. 5 of the GDPR, the storage period for your personal data is established for a timeframe necessary for the performance and conclusion of the contractual relationship and, in any case, for no more than ten years from the end of the business activity.

The Data Controller for your personal data is:
Via Giovanni Severano, 28 - 00161 Rome Tel. 06/84242609 - Fax 06/84242612 VAT no. 07024310638
email: – registered email:
Rights of the Data Subject - Regulation (EU) 2016/679: Arts. 15, 16, 17, 18, 19, 20, 21, 22.                      
The data subject has the right to obtain confirmation of the existence (or lack thereof) of personal data concerning him or her, even if not yet recorded, and the communication thereof in an intelligible form.

The data subject has the right to obtain indication:
a) of the origin of the personal data
b) of the processing purposes and methods
c) of the logic applied in case of processing carried out with the aid of electronic instruments
d) of the identifying details of the controller, the processors and of the designated representative pursuant to Article 5, paragraph 2
e) the parties or categories of parties to which the personal data may be communicated - or which may become aware of it in their capacity as designated representative in the territory of the State - processors, or persons in charge of processing.

The data subject has the right to obtain:
a) the updating, rectification, restriction of processing, or, where interested, integration of the data
b) the cancellation, anonymisation or blocking of data processed unlawfully, including data that is not required to be kept for the purposes for which the data was collected or subsequently processed
c) the certification that the operations referred to in points a) and b) have been notified, also as regards their content, to those to whom the data has been disclosed or disseminated, unless this proves impossible or involves the use of means clearly disproportionate to the right protected
d) data portability, i.e. to obtain from the data controller, without impediment, the data in a structured, commonly used and machine-readable format, in order to transmit those data to another data controller.

The data subject has the right to:
a) object, in whole or in part, for legitimate reasons to the processing of personal data regarding them, even if pertinent to the collection purposes
b) object, in whole or in part, to the processing of personal data regarding him/her for the purposes of sending advertising or direct sales material or for carrying out market research or commercial communications
c) withdraw consent to the processing, without this prejudicing the lawfulness of processing based on the consent that was given before the withdrawal
d) lodge a complaint with the Personal Data Protection Authority.