“PRIVACY POLICY” (pursuant to Legislative Decree 196/03 and Regulation (EU) 2016/679)

“DATA CONTROLLER”, DATA PROCESSOR AND DATA PROCESSING MANAGERS

With regard to privacy, when users consult this website, personal data is collected. For these purposes, the Data Controller of the personal data you provide is Palazzo Crovato, in the person of its legal representative Mariano Crovato, with registered office and operational headquarters (not open to the public) at Strada Nona San Felice 5 – 20054 Segrate (MI). Within the company itself, the personal data collected is processed by employees acting as ‘Data Processors’, who comply with the specific instructions and guidelines given to them.

Place of data processing

The processing operations connected to the web services of the website www.palazzocrovato.it take place at the company headquarters in Strada Nona San Felice 5 – 20054 Segrate (MI), of the Data Controller, and are carried out only by personnel in charge of processing, or by persons in charge of occasional maintenance operations. No data deriving from the web service is communicated or disclosed (Art. 90 GDPR). Personal data provided by users who request the sending of informative material is used only to perform the service or provision requested and is communicated to third parties only if this is necessary for that purpose (Art. 3 GDPR).

Privacy Policy for website visitors

This Privacy Policy is intended to describe how this website is managed with regard to the processing of personal data of users/visitors who consult it. This information is also provided pursuant to Article 13 of Legislative Decree 196/03 – Code regarding the protection of personal data – to those who connect to the Palazzo Crovato website and use the related web services starting from the address [https://palazzocrovato.it/]. The website [https:// palazzocrovato.it /] is owned and managed by Palazzo Crovato, which guarantees compliance with the legislation on the protection of personal data (Legislative Decree 196/03).

What is meant by personal data and personal data processing

Any operation or set of operations, carried out with or without the aid of electronic means, concerning the collection, recording, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, deletion and destruction of data, even if not recorded in a database.

Type of data processed and purposes of processing

  • Browsing data

The computer systems and software procedures used to operate this website acquire, during normal operation, some personal data that are then implicitly transmitted in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. All our activities are governed by ethical principles and we are committed to protecting the privacy of all visitors to our website. For this reason, the way we collect and store data is closely linked to how our website and related services are used.

  • Data provided voluntarily by users/visitors

If users/visitors connect to this website and send their personal data to access certain services or to make requests via email, Palazzo Crovato will acquire the sender’s address and/or any other personal data, which will be processed exclusively to respond to the request. The personal data provided by users/visitors will be disclosed to third parties only if such disclosure is necessary to comply with the requests of the users/visitors themselves.

  • Cookies

Various technologies may be used on our website to improve it and make it easier to use, more effective and secure. These technologies allow us, or third parties working on our behalf, to collect data automatically. Examples of such technological solutions are cookies. Cookies are not used to transmit personal information, nor are so-called persistent cookies of any kind used, i.e. systems for tracking users. The use of so-called session cookies (which are not permanently stored on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable the safe and efficient exploration of the site. The so-called session cookies used on this site avoid the use of other IT techniques that could potentially compromise the confidentiality of users’ browsing and do not allow the acquisition of personal data identifying the user. For more information, please refer to the Cookie Policy page.

Data provided by you

In addition to the data collected automatically, we also process the data you provide. Below is a non-exhaustive list of examples: your contact details, including company name and VAT number or, for individuals, first and last name and tax code, address (to be indicated on the invoice and delivery address for the receipt), email address and, fax number, website and date of birth, your telephone number or mobile number for individuals, should we need to ask you any questions or request any information regarding your booking; other information necessary to process your booking request: for example, information about the accommodation you have booked, bank account details, IBAN and SWIFT code. All of this data has in common the fact that it has been provided by you. This information will be used for the purposes described in this Policy. You have the right to rectify your personal data at any time or to prevent its processing. (See Section Rights of the data subject).

How the collected data is used: purposes

We will use your personal data for purposes related to your booking requests: for example, to inform you of the status of your booking. If you have provided us with your personal data, for example during a promotional initiative or event, we may send you emails or other messages relevant to the service you have requested. If you have contacted customer service, we will use your personal data (including your contact and call history) to facilitate the processing of your requests and provide you with the best possible service. If a sale is interrupted, we will send you an email to notify you. You can unsubscribe at any time, free of charge and with immediate effect, from the list of recipients of these communications: simply send an email (see Section on Data Subject Rights). With your explicit consent, we may contact you using the contact details you have provided (by post, email, SMS, telephone or other electronic means) for marketing, advertising and survey purposes on behalf of Palazzo Crovato. This may include, for example, special offers and promotional initiatives. In the Rights of the Data Subject section, you can read information about your rights, for example, how to withdraw your consent or how to correct your personal data. Personal data will be processed for the following purposes:

  1. functional to the fulfilment of legal obligations, regulations or provisions of EU legislation;
  2. performance of the contract or to fulfil your specific requests prior to the performance of the contract.
  3. customer management and related administrative activities, with relative processing, in accordance with current legislation, invoicing.
  4. preparation of measures aimed at protecting against credit risk, including activities aimed at identifying the customer’s economic reliability/solvency, either before or during the contractual relationship. Palazzo Crovato may verify that the bank/postal details provided are correct.
  5. relating to the performance of activities aimed at conducting market studies and research, carrying out direct sales activities, including by telephone, sending commercial information, and sending advertising/informational material, carried out using ‘traditional’ methods (for example, paper mail and/or telephone calls) or through “automated” contact systems (for example, SMS and/or MMS, telephone calls, e-mails, faxes) pursuant to Article 130, paragraphs 1 and 2, of the Privacy Code and Regulation (EU) 2016/679. The data subject may object to the processing at any time by sending a request to the dedicated email address: posta@palazzocrovato.it.
  6. relating to the performance, by third parties, commercial partners, to whom Palazzo Crovato may communicate/transfer the data acquired, for the performance of activities aimed at processing market studies and research, carrying out direct sales activities, including by telephone, or product placement, for sending commercial information, including interactive information, as well as for sending advertising/informational material, carried out using ‘traditional’ methods (for example, paper mail and/or telephone calls) or through ‘automated’ contact systems (for example, SMS and/or MMS, telephone calls, e-mail, fax) pursuant to Article 130, paragraphs 1 and 2, of the Privacy Code and Regulation (EU) 2016/679;
  7. relating to the performance of activities aimed at conducting market studies and research, carrying out direct sales activities, including by telephone, sending commercial information, and sending advertising/informational material, carried out using ‘traditional’ methods (for example, paper mail and/or telephone calls) or through “automated” contact systems (for example, SMS and/or MMS, telephone calls, e-mails, faxes) pursuant to Article 130, paragraphs 1 and 2, of the Privacy Code and Regulation (EU) 2016/679. The data subject may object to the processing at any time by sending a request to the dedicated email address: posta@palazzocrovato.it.
  8. Relating to the processing of data by third parties, commercial partners, to whom Palazzo Crovato may communicate/transfer the data acquired, for the purpose of carrying out activities aimed at market research and studies, direct sales activities, including by telephone, or product placement, for sending commercial information, including interactive information, as well as for sending advertising/informational material, carried out using ‘traditional’ methods (for example, paper mail and/or telephone calls) or through ‘automated’ contact systems (for example, SMS and/or MMS, telephone calls, e-mail, fax) pursuant to Article 130, paragraphs 1 and 2, of the Privacy Code and Regulation (EU) 2016/679;
  9. Litigation management (breaches of contract, formal notices, settlements, debt collection, arbitration, legal disputes).

Processing of personal data: mandatory consent and optional consent

The processing of personal data is generally permitted only with the consent of the data subjects, which must be freely given, informed, expressed in a specific form and documented in writing. The data subject is free to provide the personal data requested from time to time; failure to provide such data, or providing partial or inaccurate data, may make it impossible to provide the services requested (Article 7 of the GDPR).

Consent to the processing of personal data is required for all the above-mentioned processing operations connected with and/or necessary to comply with legal obligations, EU legislation, to perform obligations arising from a contract to which the data subject is party or to fulfil, prior to the conclusion of the contract, specific requests made by the data subject (purposes: points 1-2-3-4-7). Consent to the processing of personal data for the purposes referred to in points 5-6 is optional and may be revoked at any time in accordance with the procedures described in the ‘Rights of the data subject’ section of this policy. Any refusal by the data subject to respond to points 5 and 6 will make it impossible for us to send advertising material and carry out promotional activities. You may revoke your consent to receive commercial communications previously issued, both by Palazzo Crovato and by third-party companies, at any time in the following ways: By sending a request to posta@palazzocrovato.it.

Processing and storage methods

Personal data is processed using paper, computerised, telematic and automated tools, including profiling (Article 22 of the GDPR). Profiling may be carried out using individual or identifying data (e.g. personal details) or aggregated data derived from individual personal data. All this is done in compliance with the confidentiality guarantees and security measures provided for by current legislation, with logic strictly related to the purposes of the processing. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorised access. The data retention period is linked to the purpose of the processing in progress. Palazzo Crovato will not retain personal information for longer than is necessary to fulfil the purposes for which such information was processed, including the security of our processing procedure in accordance with regulatory and legal obligations (e.g. control, accounting and legal retention periods), the management of disputes and for the determination, exercise or defence of legal rights in those countries where we conduct business.

Disclosure of information

One of our fundamental principles is our commitment to treat your data with caution and confidentiality. We will never sell your data to third parties. Your data may be disclosed to third parties only if required by law and under the condition that it is permitted by applicable laws. We may use service providers and data processors working on behalf of Palazzo Crovato. These are operators who provide hosting and maintenance services, analysis services, email messaging services, delivery services, payment management, credit checks, address verification, etc. These third parties are allowed access to the personal data they need for the purposes of their specific services. Service providers and data processors have a contractual obligation to treat this information in the strictest confidence. The contract prohibits them from using the data for purposes other than those specified in the contract. Palazzo Crovato has taken the necessary steps to ensure that our service providers and data processors working for Palazzo Crovato protect the confidentiality of your data.

CATEGORIES OF SUBJECTS WHO MAY BECOME AWARE OF THE USER’S DATA

In addition to Palazzo Crovato employees, some of the user’s personal data may also be processed by third parties, including companies to which Palazzo Crovato entrusts or may entrust certain activities functional to the consultation of the website. These parties will operate as independent Data Controllers or as Data Processors. In the latter case, the Data Controller will provide the Data Processors with adequate operating instructions, with particular reference to the adoption of minimum security measures, in order to guarantee the confidentiality, integrity and security of the data. The user’s data may also be disclosed to the judicial or administrative authorities or to other public entities entitled to request it, in the cases provided for by law. For the pursuit of the above purposes, Palazzo Crovato may communicate and process the personal data of the data subject, in Italy and abroad, including countries outside the European Union, to third parties with whom it has relations: the latter will only provide them with the information necessary to perform the services requested, taking all measures to protect your personal data (Article 44 of the GDPR). Personal data may also be disclosed to employees, self-employed workers, project workers, temporary workers, consultants, temporary agency workers and collaborators of Palazzo Crovato who have been specifically appointed/designated as Data Processors or Persons in Charge of Processing. Accounting and invoicing staff; staff responsible for the marketing of goods/services; The above data may be transferred and communicated to the following categories of subjects: companies operating in the transport sector, our suppliers, our affiliates, banks and credit institutions, debt collection companies, law firms, insurance companies, professional firms and/or companies and/or associations of companies and entrepreneurs that provide us with certain accounting and/or tax services, social security institutions, etc.;

Rights of data subjects

Palazzo Crovato reminds the interested party that, pursuant to Article 7 of the Privacy Code, Legislative Decree 196/03 and Regulation 2016/679, it is possible, at any time, to obtain confirmation of the existence or otherwise of the data and to know its content and origin, as well as the logic on which the processing is based, verify its accuracy or request its integration, updating or correction. Pursuant to the same article, the data subject has the right to request the deletion, transformation into anonymous form or blocking of data processed in violation of the law, as well as to oppose their processing in any case, for legitimate reasons. For processing related to direct marketing (in ‘traditional’ and ‘automated’ form), it will always be possible to revoke consent and exercise the right to object. Unless otherwise specified, opposition will refer to both traditional and automated communications. In order to exercise the above rights, a request must be sent to the dedicated email address posta@palazzocrovato.it.

Your rights

If you provide us with your personal data via our websites or other channels, this is done entirely voluntarily. If you choose not to provide the requested information, you may miss out on various opportunities available to customers. There are cases in which only those who have sent us the necessary personal data can take advantage of certain services and benefit from activities and offers available on our website. You may also unsubscribe or receive information about the data we hold by writing to: posta@palazzocrovato.it.

Right to request information

You have the right to receive information at any time about the personal data stored about you, its origin and recipients, as well as the purposes for which it has been stored. Information about stored personal data can be obtained by contacting us at the following email address: posta@palazzocrovato.it. The subjects to whom the personal data refer have the right at any time to obtain confirmation of the existence or otherwise of such data and to know its content and origin, verify its accuracy or request its integration or updating (Art. 7 of Legislative Decree 196/03 and Regulation 2016/679).

Right of rectification

You have the right to correct, supplement, update, delete your stored personal data or to have its storage blocked. Within four weeks of receiving your request, we will inform you whether and, if so, to what extent we will comply with your request. If, for any reason, we are unable to comply with your request, we will inform you of the reasons (Art. 7 of Legislative Decree 196/03 and Articles 12 and 16 of the GDPR).

Right to object and unsubscribe

Pursuant to the same article, you have the right to request the deletion, transformation into anonymous form or blocking of data processed in violation of the law, as well as to oppose their processing in any case, for legitimate reasons (Article 21 GDPR). Emails sent by Palazzo Crovato containing, for example, a newsletter or marketing messages, offer the option to stop receiving such emails. If you no longer wish to receive our emails, simply send an email to ‘posta@palazzocrovato.it’ and we will immediately stop sending you emails. If you no longer wish to receive promotional information and sales offers in general, including by post, email, SMS, telephone or other electronic means, or if you wish to withdraw your consent, you can do so at any time by writing to posta@palazzocrovato.it (Art. 17 GDPR).

Information Security and Data Integrity

We have implemented appropriate technical and organizational measures to protect personal data from accidental or unlawful destruction, loss, alteration, and unauthorized use, disclosure, or access, especially where processing involves the transmission of data over a network, and against any other form of unlawful processing and abuse.

Protection of Minors’ Personal Data

Protecting the personal data of minors is of the utmost importance. Palazzo Crovato is aware of its obligation to protect the privacy of minors and refuses to collect data from minors under the age of 16. We encourage parents and other guardians to browse the Internet and send emails together with their children and to use the Internet responsibly. If a minor under the age of 16 attempts to provide information about themselves from the outset, they must obtain parental consent. Data sent by the minor, or otherwise relating to them, collected during their visit (e.g., via cookies) may be used as described above. For this reason, we ask parents and other guardians to monitor and monitor their minors’ internet use, for their safety (Article 8 of the GDPR).

How to contact us

The data controller is: Palazzo Crovato, located at Strada Nona San Felice 5 – 20054 Segrate (MI). – email: posta@palazzocrovato.it

Changes to this policy

Palazzo Crovato is committed to embracing the fundamental principles of data protection and considers the protection of personal data a natural duty. Therefore, we frequently review our data protection policies to ensure they are error-free, clearly visible on our website, and include all necessary information. We also verify that they are strictly observed and compliant with the principles of applicable legislation. This Privacy Policy may be subject to change from time to time to keep it up to date with the evolution and new opportunities of the Internet and to ensure compliance with applicable legislation. We will never apply provisions that restrict the rights granted to you in this Policy without your explicit consent. Significant changes to this Policy will be posted on our website concurrently with the publication of the updated Privacy Policy.