Privacy Policy
INFORMATION REGARDING THE WEBSITE PRIVACY POLICY
- Dear user, we thank you for choosing our website. We commit to protecting the privacy and ensuring the security of your personal data. The information we gather enables us to improve the quality of our website’s services. The present Privacy Policy, in accordance with Regulation Law No. 2014-038 (DP Law) describes how user’s personal data are processed when consulting the website www.casagalateo20gallipoli.it.
- However, this information does not concern other sites, pages, or online services accessible via hypertext links published on our site (see paragraph IV) and referring to resources that are external to the casagalateo20gallipoli.it domain, in respect of which the user may manage his/her own settings and withdraw consent by visiting the related links directly and using the tools described in the individual privacy policies of third parties or by contacting them.
- The information may undergo changes due to the introduction of new rules; we therefore invite the user to periodically check this page.
DATA PROCESSING
- The data controller is the natural or legal person, public authority, service, or other body that, individually or together with others, determines the purposes and means of the processing of personal data. Following consultation with the website www.casagalateo20gallipoli.it, data relating to identified or identifiable natural and legal persons may be processed.
- With regard to this website, the data controller is: GALLINVEST srls – Via Galateo 20, 73014 Gallipoli (LE).
- The responsible of the data is the natural or legal person, public authority, service, or other body that processes personal data on behalf of the data controller.
TYPES OF COLLECTED DATA
The website www.casagalateo20gallipoli.it collects the following general categories of data:
Information provided directly by the user
When the user visits the website www.casagalateo20gallipoli.it, it provides some information, which is necessary for the adequate analysis of requests and consequent provision of services, thereby allowing to act in accordance with legal obligations. Without these data, the data controller, the responsible and the persons in charge may not be able to provide all the requested services.
It should be borne in mind that the data indicated above mainly coincide with the data requested in the contact form or comments on the posts. For example, may be included:
- Profile data (name, surname, date and place of birth, tax code, address, telephone number and profile picture…).
- Authentication information (e.g., a photo of an identity document, passport or driving license…) or other authentication information.
- Payment information (e.g., bank account or credit card details…) to facilitate payment processing.
Communication with the staff in charge of data collection and processing, with whom the data provided by the user in communication are collected.
Optional information
The user, when communicating with the data controller, the responsible and the persons in charge, can choose to provide additional personal data to improve the experience and services. Such additional data will be processed on the consent of the interested party, where applicable. For example, may be included:
- Additional profile data.
- Address book contact data.
- Other information (e.g., responses to surveys, participation in forums, communication with service personnel, comments).
- Location information.
- Information regarding the use and satisfaction of the website and the services.
- Log data and information on the devices used.
Information relating to Payment Services
This site does not collect data relating to payments but makes use of external services, which can be directly consulted in order to obtain information relating to their specific privacy policy.
Data retention place
Data are processed on the server, at the data controller’s operating offices and in any other place where the parties involved in the processing are located, with the exception of data collected with cookies set by third parties/marketing cookies/tracking/profiling, to which reference is made to the next paragraph. This site uses an Aruba hosting provider service that allows us to make the website accessible. Therefore, the user’s data will also be hosted on the hosting provider’s data centre, which will operate as a third party.
Data retention period
We retain personal data only for the time necessary to attain the purposes for which they were collected or for any other legitimate connected purpose, such as navigation times of the website or contact with the website, and the related statistical surveys. The consent to the data processing can be revoked at any time.
COOKIES – PLUGIN – SOCIAL NETWORKS – SERVICES
Cookies
The casagalateo20gallipoli.it website uses cookies to make the user’s browsing experience easier and more intuitive: cookies are small text strings used to store some information, which may concern the user, his/her preferences or the internet access device (computer, tablet or mobile phone) and are mainly used to adapt the functioning of the website to the user’s expectations, offering a more personalised browsing experience and memorising the choices made previously. A cookie consists of a reduced set of data transferred to the user’s browser from a web server and can only be read by the server that made the transfer. It is not executable code and does not transmit viruses. Cookies do not record any personal information and any identifiable data will not be stored. We use technical cookies on this site. By continuing to browse the site and accepting the privacy policy, the user accepts the use of cookies; otherwise, he can abandon the navigation of the site. The use of these cookies is governed by the rules established by the third parties themselves. Therefore, users are invited to read the privacy policies and indications in order to manage or disable the cookies published directly on the related web pages.
Types of cookies mostly used by the website:
- Strictly necessary cookies: for example, authentication cookies, used to know if the user has logged in to the site or not.
- Preference cookies: cookies that store the preferences set by users, such as account name, language, and location, and memorise whether the user has chosen to view the mobile version of a site.
- Statistics cookies: collect information on how users interact with the website, including the pages that are visited the most, as well as other analytical data. These details are used to improve the performance of the website functions.
- Cookies set by third parties/marketing cookies/tracking/profiling: used to target advertising to website visitors, as well as to monitor the number of visitors. They track visitor details such as the number of unique visitors, the number of times certain ads have been viewed, the number of clicks received by the ads, and are also used to measure the effectiveness of advertising campaigns by creating detailed user profiles. These types of cookies are set by third party networks and are generally of a persistent nature. As specified above, the site uses different third-party applications and services in order to improve the visitor experience. As a result, cookies can be set by third parties and used to track user activity. Third-party analytical cookies are used to detect information on user behaviour on our site. The survey takes place anonymously, in order to monitor the performance and improve the usability of the site. Third-party profiling cookies are used to create profiles relating to users browsing casagalateo20gallipoli.it and to suggest advertising messages in line with the choices made by the users themselves. Indeed, with reference to cookies installed by third parties, the user can manage his settings and withdraw consent by visiting the relative link, using the tools described in the third party’s privacy policy or by contacting the same directly.
PURPOSE OF THE PROCESSING
- Providing the requested services and managing customer relations. The provision of personal data is mandatory and refusal to provide them makes it impossible to carry out what is requested.
- Fulfilling the requirements dictated by national and community regulations.
- Ensuring safety goals (spam filters, firewalls, virus detection), recorded data may eventually include personal data such as the IP address, which could be used, in accordance with applicable laws, with the purpose to stop attempts of damage of the website or to other users (or in any case harmful activities or activities constituting a crime).
The aforementioned information is treated on the basis of the legitimate interests of the data controller.
The personal data collected for the aforementioned purposes could also be processed to carry out activities functional to the promotion and sale of products through the site and to carry out market and customer satisfaction surveys: the provision of data for these purposes is optional and for the processing of such data consent is required.
USER RIGHTS
The user can, according to the methods and within the limits established by current legislation, exercise the following rights:
- demanding confirmation of the existence of personal data concerning him/her (right of access).
- having information about the logic, methods, and purposes of the processing.
- requesting the updating, rectification, integration, cancellation, transformation into anonymous form, and blocking of data which have been processed unlawfully, including those no longer necessary for the pursuit of the purposes for which they were collected.
- in cases of consent-based processing, receiving his/her data, provided to the controller, and held by it, in a structured and readable form by a data processor and in a format commonly used by an electronic device, with the only cost of any support.
- the right to lodge a complaint with the Privacy Guarantor or the Judicial Authority.
- finally, more generally, to exercise all the rights that are recognized by the current provisions of the law.
Requests should be addressed to the data controller.
If the data are processed on the basis of legitimate interests, the rights of the data subjects are still guaranteed (except the right to portability, which is not provided for by the rules); in particular the right to object to the processing that can be exercised by sending a request to the data controller. It is possible to object to the processing of your personal data:
- for legitimate reasons.
- (Without having to justify the opposition) when the data are processed for commercial or marketing purposes.
OBLIGATIONS
In the case of a PERSONAL DATA BREACH (DATA BREACH), i.e. a security breach that involves – accidentally or illegally – the destruction, loss, modification, unauthorised disclosure or access to personal data transmitted, stored or otherwise processed, the data controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
The responsible of the data who becomes aware of a possible violation is required to promptly inform the supervisory authority so that he can take remedial action.
If the violation involves a high risk for people’s rights, the data controller will communicate the violation to all interested parties, using the most suitable channels, unless it has already taken measures to reduce its impact. The data controller, regardless of the notification to the Guarantor, will document all violations of personal data, for example by preparing a specific register. This documentation will allow the Authority to carry out any checks on compliance with the legislation.
Only personal data breaches that can have significant adverse effects on individuals, resulting in physical, material, or immaterial harm, should be reported.
SECURITY OF PROVIDED DATA
This website processes the data of the data subjects in a lawful and correct manner and adopts the appropriate security measures aimed at preventing unauthorised access, disclosure, modification, or unauthorised destruction of the data. The processing is carried out using IT and / or telematic tools, organisational and with logic strictly related to the purposes indicated. In addition to the owner, in some cases, categories of managers and agents involved in the corporate organization of the Site (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third party, technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data.