In this section, in accordance with the European legislation introduced by EU Regulation 679/2016 and the Italian legislation (Legislative Decree No. 196/2003), information is provided regarding the processing of personal data of Users who consult the pages of the website (hereinafter: “Site”) or who use the purchasing services on the same made available (hereinafter: “Users” or “Interested Parties”).

This information is provided solely for the Site and not also for any other websites that may be consulted by the user through links within the Site.

Data controller

The Data Controller for the processing of personal data of users of the Site is Roman Soft Limited (henceforth also “Company“), Registration number: 14888151, located in London, 5th Floor, 22 Eastcheap, EC3M 1EU. Email address:

E-mail to contact the owner and request deletion of your data, if collected, subject to your consent:


A – Type of data processed

  1. Identifying data

In accordance with the European legislation introduced by EU Regulation 679/2016, the consultation of the Site and the possible purchase of products sold on the Site may involve the processing of data that can directly or indirectly identify a natural person such as: first name, last name, residential address, e-mail address, telephone number, IP address.

The Site does not require the Data Subject to provide so-called “special” data, i.e., in accordance with the GDPR (Art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to a person’s health or sexual life or sexual orientation. In the event that the requested service requires the processing of such data, the Interested Party will receive appropriate information in advance and will be asked to give explicit consent.

  1. Bank data

Purchasing products on the Site will also process bank information, such as card number or bank account number given to make payment, cardholder and bank account holder.

This data may be processed exclusively by third-party companies that handle the payment methods used on the site.

Please note that the Site uses the following payment services whose respective privacy policies are referred to:

III. Navigation data

Browsing data are data automatically acquired by the systems and programs responsible for the operation of the Site and are necessary for the enjoyment of web services [e.g. IP addresses, browsers used, domain names of systems used by users to connect to the web portal, addresses in URI notation (Uniform Resource Identifier) of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters related to the user’s operating system and computer environment].

These data are acquired even in the absence of Site registration or information request.

Browsing data are used only in an aggregate manner to process anonymous statistics on the consultation of the Site and to check its proper functioning and do not allow the identification of the users concerned, being, moreover, deleted immediately after processing in an anonymous form.

They may, however, be used for the establishment of liability in case of computer crimes committed against the website.

  1. Data voluntarily provided by the user

Personal data voluntarily provided by the User (such as first name, last name, telephone number, e-mail address) for the purpose of sending messages to the Site and/or purchasing the products made available are used for the sole purpose of responding to the needs of the data subject and to comply with legal obligations.

The legal basis for such processing is the fulfillment of services inherent in the applications made and purchases made, as well as compliance with legal obligations.

The information that the User of the Site deems to be made public through the services and tools made available to the Site, is provided by the User knowingly and voluntarily, absolving the Site of any liability for any violations of law.

It is up to the User to verify that he or she has permissions to enter personal data of third parties or content protected by national and international regulations.

  1. Data collected by analytical cookies

The Site also acquires data about the User through the use of cookies.

For more information about the data processed through cookies, the types of cookies that are active and how to disable them, please refer to the cookie policy.

These cookies are used to track the user’s browsing preferences and to collect statistical data. Users can disable these cookies by accessing their browser settings as outlined in the Site’s cookie policy.


B – Purpose of processing

The personal data collected are used for:

  • Enable the shipment by e-mail of products purchased by the User;
  • Respond to contact requests sent by the User;
  • Enable the User’s use of Customer Service;
  • To derive anonymous statistical information on the use of the web portal;
  • To check its proper functioning of the web portal;
  • the sending of communications and newsletters, both in paper and electronic format, to the e-mail address provided by the User: in the event that the user decides to subscribe to the newsletter of only after eventual and specific consent, the personal data will be processed by the Data Controller for the purpose of sending commercial or promotional communications, updates regarding, for example, exclusive offers, special events and promotions. To unsubscribe from the newsletter, simply click on the unsubscribe link provided at the bottom of the e-mails you receive or by writing to
  • The establishment of liability in case of hypothetical computer crimes against the website;
  • Compliance with any other legal obligations not included in the preceding purposes.

Data may be disclosed only following a request by the Judicial Authority within the terms of the law.


C – Legal basis for processing

Legal basis for the processing of personal data is the performance of the services inherent in the relationship established by signing the Terms and Conditions, the consent of the data subject, compliance with legal obligations and the legitimate interest of the Data Controller in carrying out processing necessary for these purposes.

  1. Execution of a contract

The Controller processes Personal Data related to the User when the processing is necessary for the performance of a contract with the User and/or the execution of pre-contractual measures.

  1. Consent of the person concerned

The optional, explicit and voluntary sending of electronic mail, messages or any type of communication addressed to the addresses indicated on this Site entails the subsequent acquisition of the sender’s address, telephone number or any other personal data that will be used to respond to requests. Such processing is done on the basis of the consent of the data subject.

It is assured that such processing will be based on the principles of lawfulness, fairness, transparency, appropriateness, relevance and necessity as set forth in Art. 5(1) of the GDPR. Specific summary disclosures will be progressively reported or displayed on pages of the sites set up for particular on-demand services.

III. Fulfilling legal obligations

The processing of personal data may take place without the consent of the data subject in the event that the Data Controller needs to fulfill a legal obligation.

  1. Legitimate interest of the data controller

The Data Controller processes Personal Data related to the User where the processing is necessary for the pursuit of the legitimate interest of the Data Controller or third parties.

  1. Optional provision of data

Apart from what is specified for the fulfillment of contract or legal obligations, for cookies and navigation data, you are free to provide or not to provide your personal data. However, failure to provide the data may result in the inability to obtain as much as the performance of the service.


D – Method and duration of treatment

Personal data are processed through computerized means and in accordance with EU Regulation no. 679/2016.

The storage of processed data will last as long as necessary for the purposes described in this policy and, therefore, for the minimum time necessary or until explicitly requested by the data subject and in any case within the time limits imposed by law.

The Holder undertakes to take all appropriate security measures to prevent the loss and alteration of personal data, as well as any illicit and unauthorized use of the same.

Data will be processed exclusively by individuals authorized by the Data Controller, including any data processors, representatives and public entities for the fulfillment of obligations under the law, who carry out their respective processing activities as independent data controllers.

Subjects authorized by the Data Controller who may process data include but are not limited to: commercial and legal department employees, as well as third-party technical service providers, hosting providers, and IT companies (this list is not intended to be exhaustive). The processed data will not, however, be disseminated to unspecified recipients.

Parties authorized by the Data Controller who may process data for profiling purposes include the online marketing platforms “Klaviyo”( and “Omnisend” ( and “WordPress” (

The security of the collected information cannot be guaranteed from hacking and, in general, from violations of the security standards put in place for data protection.

In the event of attacks or violations, however, the same will be communicated to the interested parties and the competent authorities according to legal regulations.


E – Place of processing

Processing related to web portal services is carried out by identified and expressly designated personnel according to the specific purposes of the services requested and subscribed to.

For the processing in question, the Owner may use the help of external companies, forwarding agents, consultants, consortia, software and service providers operating, through identified and appointed personnel, within the scope of the intended purposes and in such a way as to ensure maximum security and confidentiality of the data. In other cases, the personal data collected will not be disclosed to third parties, except with the express consent of the data subject, except in cases where disclosure to third parties is necessary to fulfill obligations imposed by laws, regulations or measures of supervisory authorities, or is essential to protect the rights of other users or the website itself.

Personal data will be processed and stored, solely for the purposes stated above and to keep and store them securely, on remote servers operated by industry-leading providers that ensure compliance with high standards of protection regarding the processing of personal data.

This could result in data being transferred to countries outside the EU, where all or part of these servers may be based.

In particular, personal data may be transferred outside the European Union to the company “WordPress” (, an e-commerce plug-in used by the Site operated by the Owner.

The processing and storage of data by the said provider will take place to an “adequate” third country within the meaning of the decision taken by the European Commission, of which in particular the decision for the adequacy of protection provided by the Canadian Personal Information Protection and Electronic Documents Act (Canadian Personal Information Protection and Electronic Documents Act) or certification Privacy Shield (U.S.), or on the basis of a contractual bond or standard contract clauses approved by the European Commission, or binding corporate rules approved through the specific procedure set forth in Art. 47 GDPR.

For the transfer of data to non-EU countries, there is usually no need to wait for national authorization from the Supervisor. However, authorization from the Supervisor will still be required if a holder wishes to use specific contractual clauses that have not been recognized as appropriate through a decision of the European Commission or administrative agreements made between public authorities.

F – Rights of data subjects

In constancy of processing, the data subject may exercise the following rights at any time:

  • To obtain confirmation of the existence or non-existence of the same data and, if so, to know their content and origin;
  • verify its accuracy request correction of inaccurate data, supplementation of incomplete data, or updating of outdated data;
  • obtain the restriction of processing, where one of the cases provided for in Article 18 GDPR applies;
  • Request the deletion of data processed in violation of the law, or in the presence of one of the other conditions provided for in Article 17, paragraph 1, lett. a), b), c), (e) and (f) GDPR;
  • oppose in any case, for legitimate reasons, their processing, or to oppose their processing in the other cases provided for in Article 21, paragraphs 2 and 3 and 22 GDPR;
  • revoke at any time their freely given consent to the processing of personal data for the purposes specified below;
  • Obtain the release of the processed personal data in a format compatible with standard computer applications, to enable its transfer to other platforms of your choice, without impediments to the direct transmission of the processed data to another Data Controller, where such direct transmission is technically feasible (so-called right to data portability).

Requests regarding the exercise of the above rights should be addressed to the Owner by e-mail (

In the event of failure or partial response from the Data Controller to the aforementioned requests, the data subject shall have the right to lodge a complaint with the Guarantor for the Protection of Personal Data( or judicial recourse within the terms and according to the procedures provided for under Articles 77 et seq. EU Regulation 2016/679 (GDPR).

G – Updates to the disclosure

Future regulatory updates may result in changes to the current disclosure, uploaded to the Site on 20.01.2023.

In case of a change, the Owner will give notice on the Site.