FREE SHIPPING for orders over € 200,00

Ship to Europe

shopping bag 0 items

You have no items in your shopping cart.

Information about the processing of personal data collected at the Boutiques GENTE Roma


  1. Introduction


This document (hereinafter, "Privacy Policy") was drafted in accordance with Article 13 of the Regulation EU 2016/679 (hereinafter “Regulation” or “GDPR”) and it is intended to inform the clients and visitors of the Boutiques belonging to the network GENTE ROMA (hereinafter, the "Clients") about the way their personal data (as voluntarily provided by the Clients to the shop assistants at the Boutiques) will be processed.

"Personal Data" means any information which allows a Client to be identified as an individual, either directly o indirectly.


"Processing" of personal data means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


The processing of Personal Data shall follow principles of correctness, lawfulness, transparency, purpose and retention limitation, data minimization, accuracy, integrity, confidentiality and accountability pursuant to article 5 of the GDPR. Client's Personal Data will therefore be processed in accordance with the data protection regulations and other applicable laws.


  1. Personal Data


The Personal Data processed as described hereunder are those ones that are voluntarily provided by the Client, by completing the designated paper form available at the Boutiques GENTE ROMA or through any other communication channel used by the Client at his discretion.


By means of the above mentioned paper form the following Personal Data can be provided: first name, family name, email address, phone number (landline and mobile), address in Italy, address in the country of residence.


  1. Data Controller


The Data Controller is the company that manages the Boutique that the Client has provided with his Personal Data, in particular:


  • with respect to the Boutique located in via del Babuino 77 Rome, the company BD77 s.r.l., win office in Via del Babuino, 77 – 00187 Rome,  VAT Number 10826481003;
  • as to the Boutique located in via del Babuino 81 Rome, the company BABUINO 81 s.r.l., with office in Via del Babuino 81 – 00187 Rome, VAT Number 08723031004;
  • as to the Boutique located in via Cola di Rienzo 277 Rome, the company COLA 277 s.r.l., with office in Via Cola di Rienzo, 277 – 00192 Rome, VAT Number 08723071000;
  • as to the Boutique located in via di Vigna Stelluti 177 Rome and Boutique located in Porto Rotondo, Piazza Quadrata 14, Sardinia the company VIGNA 177 s.r.l., with office in Via di Vigna Stelluti, 177 – 00191 Rome, VAT Number 06695321007;
  • as to the Boutique located in via Viale Europa 91 Rome, the company EUROPA 91 s.r.l., with office in Viale Europa, 91 – 00144 Rome, VAT Number 05809961005;
  • as to the Boutique located in via Frattina 92,93, Rome and The Boutique P.A.R.O.S.H. located in Via Frattina 69 the company FRATTINA 69 s.r.l., with office in Via Frattina 69 – 00187 Roma, VAT Number 019267910023;
  • as to the Boutique located in via del Babuino 185, Rome, the company BABU s.r.l., with office in Via del Babuino 185 – 00187 Roma, VAT Number 05809991002;
  • as to the Boutique located in Via Cola di Rienzo 246, Rome, the company Properzio 5 srl – with office in Via Cola di Rienzo, 246, VAT Number 10113161003;

all Boutiques are reachable at the following email address:


  1. Purposes of the processing


The Personal Data will be processed for the following purposes:


a)      To provide the services requested by the Client (e.g., in connection to the sale of a product, a contact request, a subscription to the newsletter, a request for information).


b)      To answer specific requests addressed to the Data Controller.


c)      To carry out marketing activities, conduct studies, research, market statistics and send advertising and information material related to the activities, the products and the services regarding the brand GENTE ROMA, also by third parties. If the Client gave his consent to the above processing activities, said activities can be performed by way of postal mail, a phone calls with operator (“traditional methods”), e-mail, SMS and through the use social networks (“automated methods”). The Client can, at any time, withdraw his consent by giving notice to the Data Controller without any formality, by simple email message to, without prejudice to the lawfulness of the processing based on previous consent.


d)      To fulfill the obligations provided for by law, regulations or EU legislation or request from competent Authorities.


e)      To carry out statistical analysis without the possibility to identify the Client.


f)       To carry out direct marketing activities via e-mail for services similar to those the Client has subscribed to, unless the Client objects to such processing.


  1. Legal basis and mandatory or optional nature of the processing


The legal basis for the processing of Personal Data as described in sections 4 a) and b) is Article 6(1)(b) of the GDPR (“[…] processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”), since processing operations are required in order to provide the services or to respond to requests. The provision of Personal Data for these purposes is optional, however, failure to provide them would imply the inability to initiate the requested services or respond to requests.


Processing operations carried out for the marketing purposes described under Section 4 c) are based on the granting of Client's consent pursuant to Article 6(1)(a) of the GDPR (“[…] the data subject has given consent to the processing of his or her personal data for one or more specific purposes”).


The processing of Personal Data described in Section 4 d) represents a legitimate processing of personal data pursuant to Article 6 (1) (c) of the GDPR (“[…] processing is necessary for compliance with a legal obligation to which the controller is subject”).


Please note that the processing referred to in Section 4 e) is not performed on Personal Data and therefore it can be freely performed by the Data Controller.


The processing of Personal Data for the purposes described in Section 4 f) represents a legitimate processing under the applicable law, which does not require the Client's consent. The Client can object to the processing of Personal Data at any time by simply writing to the following email address:


  1. Recipients of Personal Data


For the purposes referred to in Section 4 above, Personal Data may be shared with:


(i)      subjects acting as Data Processors, e.g., persons, companies or firms providing the Data Controller with advice and consulting services in accounting, administrative, legal, tax, financial and other matters. Among the Data Processor, a primary role is played by the company VAIR S.p.A., with office in Rome, via Properzio n. 4, VAT Number: 05809951006, in its quality as provider of consulting and general managing services to the Data Controller regarding all those activities pertaining to IT, communication/marketing and commercial development matters; upon authorization by the Data Controller, VAIR S.p.A., can also appoint third parties to act as sub-Processors, e.g., those subjects providing maintenance services of network equipment and electronic communications networks;


(ii)     subjects, bodies or authorities, in accordance with the provisions of the applicable law;


(iii)    persons authorized by the Data Controller, who have committed themselves to confidentiality or have an appropriate legal obligation of confidentiality (e.g., the employees of the Data Controller);


(iv)    business partners for their own autonomous and separate purposes, only if the Client has given specific consent.


The complete list of the Data Processors, as well as of the employees authorized to process Personal Data, can be requested to the Data Controller by email to:


  1.  Transfers of Personal Data


In the use of certain IT services (provided by third parties in their quality as Data Processor of sub-Processors) some Personal Data may be transferred outside the European Economic Area.


That may happen as a consequence of the use of the following services:


- Mailchimp: a service to manage email addresses and to send email messages, provided by the company The Rocket Science Group, LLC.

Personal Data communicated to Mailchimp: first name, family name, email address, nationality.

Place of the processing: United Stated – Country bound by the Privacy Shield.

Privacy Policy:


- Amazon Glacier: a storage and back-up service provided by Amazon Web Services Inc.

Personal Data communicated to Amazon Glacier: different categories of data, as indicated in the service's privacy policy:

Place of the processing: United Stated – Country bound by the Privacy Shield.


  1. Retention of Personal Data


Personal Data will be retained in both paper and digital format.


The Personal Data processed for the purposes referred to in Section 4 a) and b) will be retained for the period deemed strictly necessary to fulfill such purposes.


For the purposes referred to in Section 4 c), Personal Data will be processed until withdrawal of Client's consent.

The Personal Data processed for the purposes referred to in Section 4 d) will be retained for the period required by the specific obligations or by the applicable law.


Personal Data referred to in Section 4 f) will be processed until the Client objects to the processing.


Further information on the data retention period and the criteria adopted in determining this period may be requested at the following address:


The Data Controller has, in any case, the possibility of retaining Personal Data for the period allowed by Italian law to protect its own interests (art. 2947 of the Italian Civil Code).


  1. Data Subjects Rights


Under Articles 15 and following of the GDPR, the Client, as a data subject, is entitled to request from the Data Controller, at any time, access to the Personal Data, the correction and erasure of the Personal Data, as well as to object to the processing according to Article 21 of the GDPR. The Client is also entitled to request the restriction of the processing of the Personal Data in the cases set out in Article 18 of the GDPR, as well as to obtain the Personal Data in a structured, commonly used and machine-readable format, in the cases set out in Article 20 of the Regulation. Requests should be made in writing to


In any case, the Client will always be entitled to file a complaint with the competent supervisory authority (the Italian Data Protection Authority), pursuant to Article 77 of the GDPR, if the Client believes that the processing of the Personal Data violates applicable law.


  1. Amendments to this Privacy Policy


The Data Controller reserves the right to partly or fully amend this Privacy Policy, or simply to update its content, e.g., as a result of changes in applicable law.


The Clients will be informed of any such amendments by means of publication of the updated I Privacy Policy on our website


We therefore invite you to regularly visit our website in order to acquaint yourself with the latest, updated version of the Privacy Policy.