Pursuant to Italian Legislative Decree 196/2003 and Regulation (EU) 2016/679 (the “Regulation” or “GDPR”), this page describes how the personal data of users who browse the website accessible at: https://www.navonaqueenrome.com is processed.

We inform users that, as a result of consulting this website, data relating to identified or identifiable persons may be processed.

This information does not apply to other websites, pages or online services reachable via hyperlinks that may be published on this website.

Identity of the Data Controller

The Data Controller is Navona Queen Roof Top S.R.L., with registered office in Rome (RM) at Corso Vittorio Emanuele II, 251 (Email: info@navonasuiterome.com, PEC: navonaqueenrooftop@pec.it, Tel.: +39 334 72 22 247), hereinafter also referred to as the “Controller”.

Source of Data and Types of Data Collected

1. Data provided by the User

The Controller collects personal data provided by users:

a) when subscribing to the newsletter service offered on the Website. Data collected may include, by way of example and not limitation: identification data (first and last name) and contact data (email address).

b) when sending a message using the contact channels and/or contact forms available on the Website. The optional and voluntary sending of messages to the contact addresses, as well as the completion and submission of the forms on the Website, entails the acquisition of the sender’s contact details necessary to respond, as well as any personal data included in the communications.

2. Browsing data

The Controller collects data relating to the user’s use of the Website. The IT systems and software procedures used to operate this Website acquire, during their normal functioning, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers and terminals used by users, the URI/URL addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server, and other parameters relating to the user’s operating system and IT environment.

Such data, necessary for the use of web services, are also processed in order to:

• • obtain statistical information on the use of services (most visited pages, number of visitors by time slot or day, geographical areas of origin, etc.);

  • verify the proper functioning of the services offered.

Browsing data are not retained for more than seven days and are deleted immediately after aggregation (without prejudice to any need to ascertain crimes by judicial authorities).

3. Cookies and Other Tracking Systems

In order to make its services as efficient and easy to use as possible, this Website uses cookies. When visiting the Website, a minimal amount of information is placed on the user’s device, in the form of small text files called “cookies”, saved in the user’s web browser directory. There are different types of cookies, but essentially the main purpose of a cookie is to allow the Website to operate more effectively and to enable certain features.

For more information about the cookies used by this Website, please refer to the Cookie Policy at: https://www.navonaqueenrome.com/en/cookie-policy/.

Purposes of Processing

Depending on the type of processing, the Controller uses the data collected and/or provided by the user for the following purposes:

1. to send newsletters containing information and/or commercial promotional content (e.g., event invitations, communications about new services, promotional offers). This processing may be carried out in an automated manner via email and may take place provided that the Data Subject has not withdrawn their consent to the use of their data;

2. to suggest features, products and services that may be of interest to you. We ask for your consent to identify your preferences and personalise commercial offers and promotions based on your interests (so-called “profiling”);

3. to respond to communications, requests for information and/or services submitted by users by sending a message via the contact addresses and/or contact forms available on the Website;

4. to manage and control risks, prevent possible fraud, insolvency or non-compliance; prevent and manage disputes, and take legal action where necessary.

Legal Basis for Processing

With reference to the purposes indicated above, the legal basis is, in relation to:

1. the data subject’s explicit consent;

2. the necessity to perform a contract to which the data subject is a party or to take pre-contractual steps at the request of the data subject;

3. the necessity to pursue the Controller’s legitimate interest (in particular with regard to the prevention of fraud and insolvency).

Data Recipients

Personal data processed by the Controller are not disseminated, i.e., they are not made known to an indefinite number of persons in any form, including by making them available or through simple consultation.

However, they may be communicated to employees who work under the authority of the Controller. Based on their roles and duties, such employees have been authorised to process personal data, taking into account their respective competencies and in accordance with the instructions provided by the Controller.

The Controller appoints third-party service providers in relation to the operation of the Website, such as hosting providers, IT maintenance providers, as well as providers enabling the integration into the Website of other functions that the user may use at their discretion. These providers, appointed as Data Processors, are provided only with the personal data necessary to deliver the relevant services and are not permitted to use or disclose personal data for other purposes without the prior authorisation of the data subject.

Finally, data may be communicated to persons entitled to access them pursuant to laws, regulations, or EU provisions.

Data Transfers

Under no circumstances does the Controller transfer personal data to third countries or international organisations.

Data Retention

The Controller retains and processes personal data for as long as necessary to fulfil the purposes indicated. Thereafter, personal data will be retained and no longer processed, for the period established by applicable civil and tax regulations.

Data provided for marketing purposes relating to services different from those already purchased by the data subject, for which consent was initially given, will be retained for 24 months, unless consent is withdrawn.

Data provided for profiling purposes will be retained for 12 months, unless consent is withdrawn.

In the event of a dispute, the data collected will be retained for the entire duration of the dispute, until the expiry of the time limits for any appeals.

It should also be noted that, if a user provides the Controller with personal data that are not requested or not necessary for the performance of the requested service or for the provision of a strictly related service, Navona Queen Roof Top S.R.L. cannot be considered the controller of such data and will delete them as soon as possible.

Data Subject Rights

With regard to the processing described in this notice, the data subject has the right at any time to:

• request from the Controller access to their personal data and related information (Art. 15 GDPR); rectification of inaccurate data or completion of incomplete data (Art. 16 GDPR); erasure of personal data concerning them by submitting a request via the contact form (where one of the conditions of Art. 17(1) GDPR applies and subject to the exceptions in Art. 17(3) GDPR); restriction of processing (where one of the situations in Art. 18(1) GDPR applies);

• request and obtain from the Controller—where the legal basis is contract or consent and processing is carried out by automated means—personal data in a structured, commonly used and machine-readable format, also for the purpose of transmitting such data to another controller (data portability, Art. 20 GDPR);

• object at any time to the processing of their personal data where particular circumstances relating to them apply (Art. 21 GDPR);

• withdraw consent at any time, limited to cases where processing is based on consent for one or more specific purposes. Processing based on consent carried out prior to withdrawal remains lawful (Art. 7(3) GDPR).

Requests may be submitted by contacting the Controller via PEC at navonaqueenrooftop@pec.it, via email at info@navonaqueenrome.com, via the contact form on the Contact page, or by registered letter with return receipt to Corso Vittorio Emanuele II, 251 – 00186 Rome (RM) – Italy.

If the data subject believes that the processing of their data is in breach of the GDPR, they may lodge a complaint with a supervisory authority (Italian Data Protection Authority – www.garanteprivacy.it) as provided for by Art. 77 GDPR, or take legal action (Art. 79 GDPR).

Refusal to Provide Data

If the data subject does not provide the data identified as necessary to perform the requested service, the Controller will not be able to carry out the processing related to the management of that service, nor any obligations arising from it.

If the data subject does not give consent to the processing of personal data for activities requiring consent, such processing will not take place for those purposes, without affecting the provision of other requested services, nor those for which consent has already been given. If consent was given and later withdrawn or if the data subject objects to processing, the data will no longer be processed for such activities, without any negative consequences for the data subject or for any other requested services.

Automated Decision-Making

The Controller does not carry out processing involving automated decision-making processes concerning individuals’ data.

Read also our cookie management policy.

Last update: 10/02/2026