Privacy Policy

Privacy Notice for the Processing of Personal Data – Information document pursuant to Articles 13–14 of the GDPR (General Data Protection Regulation) 2016/679

In compliance with Regulation (EU) 2016/679 (GDPR), we hereby provide you with the necessary information regarding the processing of the personal data you have provided. This notice does not apply to any other websites that may be consulted via links present on the Controller’s websites; the Controller cannot be held responsible in any way for third-party websites.

1) Data Controller, Data Processor, and Place of Processing
THE “DATA CONTROLLER”

The Data Controller is Castello di Cigognola s.a.r.l., with registered and administrative office at Piazza Castello, 1 – Cigognola (PV), Italy, represented by its pro tempore legal representative.

PLACE OF DATA PROCESSING

Processing is carried out at the premises of the Data Controller and at the premises of duly appointed external entities.

2) Types of Data Processed
Personal and Browsing Data

“Personal data”: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Browsing Data

The IT systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects; however, due to its nature, it may—through processing and association with data held by third parties—allow users to be identified. This category includes IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response provided by the server (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment.

Data Voluntarily Provided by the User

The optional, explicit, and voluntary sending of email to the addresses indicated on this website and/or the completion of data collection forms results in the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included.

Please refer to the contact privacy notice at the following link: Terms and conditions on the processing of personal data.

Cookies

Please refer to the cookie policy at the following link: Terms and conditions on the use of cookies.

3) Purposes of Processing for Which Consent Is Given Where Required (Art. 6 GDPR)
A) Personal data voluntarily provided will be processed for the following purposes:

browsing this website;

possible completion of data collection forms for quotations and/or contacts and/or submission of applications;

possible completion of data collection forms for online booking;

administrative and accounting activities in general.

For the purposes of applying personal data protection provisions, processing carried out for administrative and accounting purposes includes processing connected to organizational, administrative, financial, and accounting activities, regardless of the nature of the data processed. In particular, these purposes include internal organizational activities, activities necessary to fulfil contractual and pre-contractual obligations, and information activities.

B) Personal data provided through data collection forms on websites or data collection forms in general (such as first name, last name, email address) will be processed—subject to consent—by the Data Controller and the Data Processors for commercial and promotional activities and email newsletters.

4) Processing Methods – Data Retention
Processing will be carried out both by automated and manual means, using methods and tools designed to ensure maximum security and confidentiality, by specifically authorized persons in compliance with Articles 13–14 of the GDPR. Data will be stored for a period no longer than is necessary for the purposes for which it was collected and subsequently processed.

5) Scope of Communication and Disclosure
Your data, which is subject to processing, will not be disclosed and may be communicated to companies contractually linked to Castello di Cigognola s.a.r.l. in order to comply with contracts or related purposes. Data may also be communicated to third parties belonging to the following categories:

entities providing services for the management of the information system used by Castello di Cigognola s.a.r.l. and telecommunications networks;

firms or companies involved in assistance and consultancy relationships;

competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request.

Entities belonging to the above categories act as Data Processors, or operate independently as separate Data Controllers. The list of Data Processors is continuously updated and available at the registered and administrative office of Castello di Cigognola s.a.r.l., Piazza Castello, 1 – Cigognola (PV), Italy. Any further communication or disclosure will take place only with your explicit consent.

6) Nature of Data Provision and Refusal
Except as specified for browsing data, the user is free to provide personal data. Providing data for the purposes set out in point A) is necessary. Any refusal to provide data for the purposes set out in point A) will make it impossible to obtain what is requested or to use the Data Controller’s services. Consent to the processing of data for the purposes set out in point B) is optional. Any refusal to consent for the purposes described in point B) will have no negative consequences with regard to the purposes set out in point A).

7) Rights of Data Subjects
You may exercise your rights as set out in Articles 12–23 by contacting the Data Controller or the Data Processor at our office by phone at [company phone number], or by email at [company email address].

As a data subject, you have the rights provided for in Article 15 GDPR, namely the right to:

obtain confirmation as to whether or not personal data concerning you exists, even if not yet recorded, and to have it communicated in an intelligible form;

obtain information regarding:
a) the origin of the personal data;
b) the purposes and methods of processing;
c) the logic applied in the case of processing carried out with the aid of electronic instruments;
d) the identity details of the Data Controller, the Data Processors, and the representative appointed pursuant to Art. 5, paragraph 2 of the Italian Privacy Code and Art. 3, paragraph 1 GDPR;
e) the subjects or categories of subjects to whom personal data may be communicated or who may become aware of it as appointed representative within the territory of the State, or as Data Processors or authorized persons;

obtain:
the updating, rectification, or integration of data;
the deletion, anonymization, or blocking of data processed unlawfully, including data that does not need to be retained for the purposes for which it was collected or subsequently processed;
confirmation that the operations referred to in points (a) and (b) have been notified—also as regards their content—to those to whom the data has been communicated or disclosed, except where such compliance proves impossible or involves the use of means manifestly disproportionate to the right protected;

object, in whole or in part:
a) on legitimate grounds, to the processing of personal data concerning you, even if relevant to the purpose of collection;
b) to the processing of personal data concerning you for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication, by means of automated calling systems without the intervention of an operator, by email and/or by traditional marketing methods by telephone and/or paper mail.

Where applicable, you also have the rights set out in Articles 16–21 GDPR (Right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Supervisory Authority. At any time you may obtain confirmation as to whether or not personal data concerning you exists and receive communication of such data and of the purposes on which processing is based. You may also obtain the deletion, anonymization, or blocking of data processed unlawfully, as well as the updating, rectification, or—where you have an interest—completion of the data. You may object, on legitimate grounds, to the processing itself.

8) Changes to this Privacy Notice
The Data Controller reserves the right to modify, update, add, or remove parts of this Privacy Notice at its sole discretion and at any time. Data subjects are required to periodically check for any changes. To facilitate such verification, this notice will include the date on which it was last updated. Use of the website after the publication of changes shall constitute acceptance of those changes.

9) Social Plug-ins
Our web pages may contain plug-ins from Social Networks (e.g., FaceBook.com, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, United States (“Facebook”)). If you access one of our web pages equipped with such a plug-in, your internet browser connects directly to the social network and the plug-in is displayed on the screen through the connection with your browser. Before using such plug-ins, we invite you to consult the privacy policy of the relevant social networks on their official pages.