24/7 assistance
+39 06 61 561 837
This information is provided pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR) and concerns the processing of personal data of users accessing and interacting with the website www.colosso.org, owned by Colosso Agency Società Cooperativa.
1. Data controller
Colosso Agency Soc. Coop
Registered office: Via Maretto, 24/26 - 00166 Rome (RM)
VAT / FISCAL CODE: 14915191002
SDI: M5UXCR1
Email: info@colosso.org
PEC: Colosso@pec.it
2. Purpose and legal basis of processing
| Aims |
|———-|—————-|
| a. Management of service requests and bookings (transport of persons, goods, breakdown assistance, rental) | Contract execution (Art. 6.1.b GDPR) |
| b. Invoicing and tax accounting obligations | Legal obligation (Art. 6.1.c GDPR) |
| c. Payment handling via Stripe | Contract execution + legal obligation |
| d. Technical site management, security and performance | Legitimate interest (Art. 6.1.f GDPR) |
| e. Sending promotional communications/newsletters | Explicit consent (art. 6.1.a GDPR) |
| f. Anonymous statistical analysis on navigation | Legitimate interest / Consent for non-technical cookies |
| Legal basis |
3. Type of data processed
- Personal and contact details (name, email, telephone)
- Booking data (date, time, service required, location)
- Payment data (e.g. last card digit) - managed by Stripe, not stored on our servers
- Browsing data (IP, browser type, access log)
- Cookies: see dedicated section below
4. Methods of processing
The data are processed using electronic and/or paper-based tools, protected by adequate security measures to guarantee confidentiality, integrity and availability, in accordance with Article 32 GDPR.
5. Data retention
- Contractual data/invoices: up to 10 years (tax obligations)
- Contact data for marketing: until consent is revoked
- Technical navigation data: max. 6 months
- Log cookie: according to regulations
6. Data recipients
The data may be communicated to:
- Payment provider (Stripe Inc.)
- IT service providers (hosting, email management, CRM)
- Partner companies for the management of bookings (external management)
- Professionals and consultants (e.g. accountants)
- Tax or judicial authorities, if provided for by law
7. Transfer to third countries
Some data (e.g. for Stripe payments) may be transferred to non-EU countries (e.g. USA). The transfer takes place only to entities that guarantee an adequate level of data protection, via:
- EU Commission Adequacy Decision
- Standard Contract Clauses (SCC)
- Adherence to recognised frameworks (e.g. EU-U.S. Data Privacy Framework)
8. Rights of the data subject
You may exercise your rights under Articles 15-22 of the GDPR at any time:
- Access to one's own data
- Corrigendum or update
- Deletion ('right to be forgotten')
- Limitation of treatment
- Objection to treatment
- Data portability
- Withdrawal of consent (without prejudice to treatments already carried out)
- Complaint to the Guarantor Authority (www.garanteprivacy.it)
9. Cookies and similar technologies
The site uses:
- Technical cookies (essential for operation)
- Analytical cookies (Google Analytics in anonymous form)
- Profiling cookies (only with prior consent)
For more details and to change or revoke consent at any time, a dedicated Cookie Policy with management banner is available.
10. Marketing and newsletters
Newsletters, promotions or commercial communications are sent only after explicit consent of the user. Each communication includes the possibility to unsubscribe with one click.
11. Automatic decision-making and profiling
The data collected are not subject to automated decision-making or profiling processes that have legal or significant effects on the data subject.
12. Updates
This notice may be subject to change. The user will be informed by notices visible on the site or by email, if registered. You are invited to consult this page periodically.
13. Contact
For any request relating to privacy and the exercise of one's rights:
Email: m.montoneri@colosso.org
PEC: Colosso@pec.it
