Information on the processing of personal data for the website
Privacy Policy
​
Data Controller, Processors, and Authorized Persons
The Data Controller is ROLANDI LUISA "Residenza Palazzo Negri", with registered office at Vicolo San Matteo no. 2, 37121, Verona (VR), Tax Code RLNLSU64B49L781G and VAT no. 02614530232.
The updated list of data processors and authorised persons is kept at the registered office of the Data Controller.
Introduction
This privacy policy applies exclusively to the online activities of this website and is valid for visitors/users of the site. It does not apply to information collected through channels other than this website. The purpose of this privacy notice is to provide maximum transparency regarding the information the site collects and how it is used.
Processing is carried out in compliance with the criteria set out in the European regulation on personal data protection, Regulation (EU) 2016/679, in force since May 25, 2018 (hereinafter "GDPR"). According to this regulation, processing must be based on principles of fairness, lawfulness, transparency, and protection of your privacy and rights.
Types of Data Processed
Personal Data
For example: first name, last name, company name, phone number, email, including payment-related data (credit cards, etc.).
Browsing Data
The IT systems and software procedures used to operate the website acquire, during normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These data are not collected to be associated with identified individuals but could, by their nature, allow users to be identified.
This category includes:
-
IP address
-
Browser type and device parameters
-
Name of the Internet Service Provider (ISP)
-
Date and time of visit
-
Referring and exit web pages
-
Number of clicks (if applicable)
Cookies
For data processing via cookies, please refer to the specific policy available at:
https://www.residenzapalazzonegri.com/cookie-policy
Methods of Processing
The Data Controller adopts appropriate security measures to prevent unauthorised access, disclosure, modification, or destruction of Personal Data.
Processing is carried out using IT and/or telematic tools, with organisational methods and logic strictly related to the purposes indicated below. In addition to the Data Controller, in some cases, other parties involved in the organisation of this Application (administrative staff, system administrators) or external parties (such as third-party technical service providers, hosting providers, IT companies) may have access to the data. These may also be appointed, if necessary, as Data Processors by the Controller.
The updated list of Data Processors can always be requested from the Data Controller.
Legal Basis for Processing
The Data Controller processes Personal Data relating to the User if one of the following conditions applies:
-
The data subject has given consent (for marketing and promotional activities);
-
Processing is necessary for the performance of a contract with the User and/or for pre-contractual measures;
-
Processing is necessary to comply with a legal obligation;
-
Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority;
-
Processing is necessary for the purposes of the legitimate interests pursued by the Controller or by third parties.
It is always possible to request clarification from the Controller regarding the specific legal basis of each processing activity.
Purpose of Processing
Personal data will be processed by the Controller and Data Processors for managing the Controller’s services and providing the requested service (e.g., responding to user inquiries).
Personal data may also be processed, subject to your specific and explicit consent, to send newsletters, commercial communications, and advertising material via email, post, SMS, and/or phone, and to measure customer satisfaction.
Data will be used until consent is withdrawn (see “User Rights”).
Place of Processing
The data collected by the website are processed at the Controller’s premises and at the web hosting data center, within the European Union.
Data Retention Period
Data are processed and stored for as long as required by the purposes for which they were collected.
At the end of the retention period, Personal Data will be deleted. Therefore, after this period, rights of access, deletion, rectification, and data portability can no longer be exercised.
For consent-based processing, data will be retained until consent is withdrawn.
Choices and Obligations
a. By entering personal data, the user accepts processing for the purposes described in point 1 of “Purpose”.
b. The user may withdraw consent for marketing purposes at any time (see “User Rights”).
c. The user may disable Google Analytics tracking (see cookie policy) by installing the opt-out component provided by Google.
For more information, please refer to Google’s privacy documentation.
Social Network Plugins
This website includes social network plugins/buttons to allow easy sharing of content. These plugins are designed not to set cookies when accessing the page, to protect user privacy. Cookies may be set only when the user actively uses the plugin.
If the user is logged into a social network, they have already consented to the use of cookies transmitted via this site at the time of registration.
The collection and use of information via plugins are governed by the respective privacy policies of the social networks.
Data Transfer Outside the EU
Data provided through forms will be stored within the European Union.
Some browsing data may be shared with services located outside the EU (e.g., Google, Facebook, Microsoft/LinkedIn), including via social plugins and Google Analytics.
These transfers are authorized under EU decisions (notably Decision 1250/2016), and no additional consent is required. The companies mentioned adhere to the Privacy Shield.
Security Measures
This website processes user data lawfully and correctly, adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction.
Processing is carried out using IT tools with methods strictly related to the stated purposes. In addition to the Controller, access may be granted to authorized personnel (e.g., system administrators) or external providers (technical services, hosting, IT companies, communication agencies).
User/Data Subject Rights
Users may exercise the following rights:
i. Withdraw consent at any time
ii. Object to processing
iii. Access their data
iv. Verify and request rectification
v. Obtain restriction of processing
vi. Request deletion of personal data
vii. Receive or transfer their data
viii. Lodge a complaint
Exercising Rights
If data are processed based on legitimate interests, users still have the right to object.
You may exercise your rights at any time by sending:
-
A registered letter to:
ROLANDI LUISA, "Residenza Palazzo Negri",
Vicolo San Matteo n. 2, 37121 Verona (VR) -
An email to: residenzapalazzonegri@gmail.com