PRIVACY POLICY
1. Data Controller Grace Villas Verona di Grazia Martinelli with registered office in Via Valpolicella 1 37024 – Arbizzano, VR, CF MRTGRZ30H64L781H (hereinafter, “Data Controller”), in its capacity as Data Controller, informs pursuant to Articles 13 and 14 of EU Regulation no. 2016/679 (hereinafter, “GDPR”) that the Data of natural persons residing in the European Union (hereinafter, “Customer” or “Interested Party”), which the company has come into possession during the performance of its activities, will be processed in the manner and for the following purposes.
2. The Data Controller processes personal data (e.g. name, surname, tax code, email address, telephone number, etc., hereinafter “personal data” or “data”) acquired orally or communicated by the Data Subject during registration on the website and/or when subscribing to the Data Controller’s newsletter service or when executing a contract in which the Data Subject is a party.
3. Legal basis and purpose of treatment. The personal data are processed:A) without the express consent of the interested party (art. 6 letter. B of GDPR), to achieve the corporate purpose of the owner, in particular: fulfill the pre-contractual, contractual and tax obligations arising from existing relationships with the customer, fulfill the obligations under the law, a regulation, Community legislation or an order of the Authority, allow the subscription to the newsletter service provided by the owner and any other services requested, exercise the rights of the owner.B) with the specific consent of the interested party (art. 6 letter A of the GDPR), by means of specific information and separate from it, for the purposes indicated therein.
4 It should be noted that to the customers of Villa Grace, may be sent commercial communications relating to services and products of the Owner similar to those of which the customer has already used, unless express consent of the interested party.4. The processing of the Customer’s personal data is carried out by means of the operations indicated in art. 4 no. 2 of the GDPR, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. The Owner will process personal data for the time necessary to fulfill the purposes set forth in art. 3 of this statement and in any case for no longer than 10 years from the termination of the relationship with the Customer. The data collected and not subject to retention determined by law will be kept for no more than 2 years from the termination of the relationship with the person concerned. the data will also be treated in accordance with the principle of confidentiality and security, in particular, will be adopted all technical, computer, organizational and procedural security measures to ensure an adequate level of data protection as indicated in art. 32 of GDPR.
5. Access to customer data may be made accessible for the purposes referred to in Article. 3. A) and 3. B) of this statement: a) employees and contractors of the Owner, in their capacity as agents and / or internal controllers and / or system administrators; b) third parties (eg, providers for the management and maintenance of the website, suppliers, credit institutions, professional firms, etc..) who perform activities in outsourcing on behalf of the Owner, in their capacity as external data controllers.
6. Communication of Data Without the express consent of the Customer (art. 6 letter. b) and c) of the GDPR), the Owner may communicate the data for the purposes referred to in art. 3.A) of this statement to supervisory bodies, judicial authorities and all other persons to whom communication is required by law or necessary for the performance of the purposes said.
7. The management and storage of personal data will take place on servers of the Owner located within the European Union and / or third companies appointed and duly appointed as data processors. Currently the servers are located in Italy. The data will not be transferred outside the European Union. In any case, it is understood that the Owner, if necessary, will have the right to move the location of the servers in Italy and / or European Union and / or non-EU countries. In this case, the Data Controller hereby guarantees that the transfer of non-EU data will take place in accordance with the applicable legal provisions, stipulating, if necessary, agreements guaranteeing an adequate level of protection and/or adopting the standard contractual clauses provided for by the European Commission.
8. Nature of the provision of data and consequences of refusal to respond The provision of data for the purposes referred to in Article. 3. Failure to provide the data will make it impossible for Alcoferdi to follow up the relationship with the person concerned.
9. In the capacity of interested party, the customer has the rights under Articles. 15 – 21 of the GDPR and precisely the rights of:I. to obtain confirmation of the existence or otherwise of personal data concerning him, even if not yet recorded, and their communication in intelligible form;II. obtain the indication: a) of the origin of the personal data; b) of the purposes and methods of processing; c) of the logic applied in the case of processing carried out with the help of electronic means; d) of the identification data concerning the data controller, data processors and the designated representative; e) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it in their capacity as designated representative in the territory of the State, data processors or persons in charge; III. obtain:a) updating, rectification or, when interested, integration of data; b) cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;IV. oppose, in whole or in part: a) for legitimate reasons to the processing of personal data concerning him, even if pertinent to the purpose of collection; b) to the processing of personal data concerning him for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated calling systems without the intervention of an operator by email and / or through traditional marketing methods by phone and / or mail. Please note that the right of opposition of the person concerned, as set out in point b) above, for direct marketing purposes by means of automated methods extends to the traditional ones and that, in any case, the possibility for the person concerned to exercise the right of opposition even only in part remains unaffected. Therefore, the interested party may decide to receive only communications by traditional means or only automated communications or neither of the two types of communication. where applicable, the customer has therefore the rights under Articles. 15-21 of the GDPR, ie the right of access, the right of rectification, the right to oblivion, the right to limitation of processing, the right to data portability, the right of opposition, and the right of complaint to a Control Authority.
10The Customer may at any time exercise his rights by sending:- a registered letter with return receipt to Grace Villas Verona di Grazia Martinelli – Via Valpolicella 1 37024 – Arbizzano, VR- an e-mail to info@gracevillas.it
11. The Holder’s Services are not intended for children under 18 years of age and the Holder does not intentionally collect personal information relating to minors. In the event that information on minors is unintentionally recorded, the Data Controller shall delete it in a timely manner, upon request of the interested party.
12. The Data Controller, Data Processor and Person in Charge is Alcofer S.r.l. in the name of its legal representative.13 The updated list of Data Processors and Persons in Charge of Processing is kept at the Data Controller’s registered office.
13. Changes to this Policy. This Policy may be subject to change. We therefore recommend that you regularly check this information also on our website and refer to the latest version.
Recent Comments