INFORMATION ON THE PROCESSING OF PERSONAL DATA

Dear Interested Party,

This informative document explains the website’s data processing practices and the rights of the website’s users concerning the processing of their personal data. In compliance with art. 13 (for data collected from the interested party) and 14 (for data not collected from the interested party) of Regulation (EU) 2016/679 (hereinafter GDPR) the following information is provided to the Users of this Website, referring exclusively to the processing carried out through said Website and not through other websites that may be visited through links herein: it is suggested to read the relevant information provided by respective Data Controllers to find out about their data processing practices. This Website and any services offered through the Website are reserved for persons who have reached the age of eighteen. Therefore, the Data Controller does not process personal data relating to persons under the age of 18. At the request of such Users, the Data Controller will promptly delete all personal data involuntarily collected.

  1. Data Controller

Data Controller Lunicus srl, with registered office in Via Roma 2, 36045 Lonigo VI, Fiscal Code and VAT number 04024970248For the purposes of technical assistance, maintenance, technical management and the like on this Site, the Data Controller reserves the right to appoint as Data Processor to manage personal data a web agency or consultant, whose references may be requested through the contact information provided in this policy. The Data Controller and the Data Processor also process Users’ data through internal, specifically designated Appointees who are instructed and authorized to process the said data.

  • Category of data processed and sources of origin
    • Navigation data (the computer systems and software procedures used to operate this site acquire, during their normal operation, personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses, the type of browser used, the operating system, the domain name and the addresses of websites from which access or exit was made, information on the pages visited by users within the site, the time of access, the time spent on a single page, the analysis of the internal path and other parameters relating to the operating system and the user’s computer environment. This technical/IT data is collected and used exclusively in an aggregate and anonymous manner. This data is processed for the purpose of allowing and controlling the correct use of this site as well as to obtain anonymous statistical information on the use of the same, and is deleted immediately after processing)
    • Data provided voluntarily by the user

We may primarily process navigation data, as well as cookies.

We may also process data provided voluntarily by the user, for example through the contact form or by sending a communication via email, including common personal data (identification, personal data, billing, and the like).

  • Purpose of the processing

The personal data of Users of the Website will be processed in the manner and in the forms prescribed by the GDPR, for the performance of the functions of the Website, with particular, but not exclusive, reference to the navigation of the pages and the procedures described therein for data collection, contact forms, any registration/access process reserved area,  subscription to the newsletter and the like. In particular, the personal data provided to the Data Controller will be processed for the pursuit of the following purposes:

  • to follow up on the specific requests addressed to the Owner by the User through the Website and its communication tools (contact forms, information request forms, and the like);
    • for communications of an informative nature relating to the services of the same Data Controller, following the request for information through email messages or through filling in the contact form and other communication tools;
    • for any registration to events organized by the Data Controller, and other related activities (for example, verification of participation, notices relating to any updates or changes to the event, etc.);
    • for other purposes ancillary to or related to those indicated above and, in any case, falling within the scope of the activities of the Website.
  • Legal basis of the processing

The processing of personal data is based on the fulfillment of contractual or pre-contractual obligations related to the request made by the User (for example requests for information about the services performed by the Data Controller, requests for quotations, etc.), as well as, where necessary, upon consent through the free and conscious compilation of the appropriate information fields in the form dedicated to the collection and provision of data and the check in the appropriate checkbox where provided.

It should be noted that the compilation of special fields provided for in the form for the request for information is inherent in the request itself and that therefore this involves the fulfillment of a pre-contractual or contractual obligation, depending on the context. Consent may be requested later for the processing of further data.

A specific privacy policy will be provided wherever it is necessary (information other than this one).

  • Mandatory provision

The provision of data relating to navigation by Users, for the purposes mentioned above, depends on the degree of privacy that the User has enabled or disabled through their browser. In some cases, disabling it may affect navigation on this Website. For certain forms of this Website, the provision of navigation data and/or the use of technical cookies is mandatory for the proper functioning of the Site itself.

For example, without prejudice to the above, the provision of an email address and other mandatory data indicated therein with an asterisk is necessary to respond to the request made through contact forms. Other data is optional.

Failure to provide the data necessary for the requested action (for example, the email account via the form for requesting information by this means) make it impossible for the Data Controller to process the request.

PROVISIONS APPLICABLE TO ALL PROCESSING

In any case, even where the interested party has given consent to authorize the Data Controller to pursue all the purposes mentioned in the points above, they will still be free to revoke their consent at any time.

We inform you specifically and separately, as required by art. 21 of the Regulation, that the interested party has the right to object at any time to the processing of their personal data carried out for the aforementioned purposes and that, if the interested party opposes the processing, the personal data can no longer be processed for these purposes.

  • Any recipients of personal data

The data may be communicated to companies that are connected to or controlled by the Data Controller, as well as to their consultants, or to third parties who operate in the name and on behalf of the Data Controller, for the evasion of services related to the purposes indicated in this policy, both intra EU and non-EU (in the latter case, exclusively in adherence with current regulations).

Navigation and similar data (for which the above is recalled), as well as the profiling cookies of third parties (for which reference is made to the Cookie Policy of this Website), will be communicated to the respective interested third parties, where they do not manage it directly as Data Controllers.

In any case, the data may be communicated to Data Processors, as well as to persons duly instructed authorized to process it within the scope of the purposes of the processing.

For the sake of brevity, a detailed list of these persons is available at our office.

  • Retention period

The data provided voluntarily by the interested party will be kept until the express revocation of consent by the interested party. A revocation may occur through action on the party’s browser, cleaning of cookies, by express request, or otherwise manifested. The navigation data will be stored, in compliance with the principle of proportionality, in a form that allows the identification of the interested party for a period of time not exceeding that necessary for the purposes for which it was collected or subsequently processed.

Excluded from the above terms are cases in which it is necessary to keep the data for a further period of time to defend or assert a right or to fulfill any legal obligations or orders of the Authorities.

  • Rights of the interested party

Each interested party has rights to access, rectification, cancellation (oblivion), limitation, receipt of notification in case of rectification, cancellation or limitation, portability, and opposition, and to not be the subject of automated individual decision, including profiling, pursuant to Articles. from 15 to 22 of the GDPR. These rights can be exercised in the forms and terms referred to in art. 12 GDPR, by written communication sent to the Data Controller (see point 10).

The Data Controller will provide an adequate response as soon as possible and in any case within 1 month of receipt of the request.

  • Right to withdraw consent (How to exercise rights)

You can revoke your consent, where provided, at any time and/or exercise your rights by sending:

  • a registered letter with return receipt to the Data Controller with an express request;
    • an email to admin@donapalace.it.
  1. Complaints

Each interested party has the right to lodge a complaint pursuant to art. 77 and following of the GDPR to a supervisory authority, which for the Italian State is the Guarantor for the protection of personal data. The forms, methods, and terms of bringing complaint actions are provided for and governed by current national legislation. The complaint is without prejudice to administrative and judicial actions, which for the Italian State can be proposed alternately to the same Guarantor or to the competent Court.

  1. Data Controller, Appointees/Authorized Persons, Data Processors

Below we provide you with needed information, not only to comply with legal obligations but also because transparency and fairness towards interested parties are a fundamental part of our activity.

Data Controller. The Data Controller of your personal data is Lunicus srl, with registered office in Via Roma 2, 36045 Lonigo VI, Fiscal Code and VAT number 04024970248, responsible to you for the lawful and correct use of your personal data and who can be contacted for any information or requests at the following details: phone +39 0415202152, email: admin@donapalace.it.

Appointees / Authorized Personnel. The updated list of authorized data processors is kept at the Data Controller’s headquarters.

Data Processors.

For the sake of brevity, a detailed list of these persons is available at our office.

  1. Social media plug-ins

This site may contain plug-ins for social media platforms (e.g., Facebook). Social plug-ins are special tools that enable the incorporation of social network functions directly on the site (e.g., the “like” function of Facebook) and are marked with the logo of the respective social platform. When you visit a page of this site and interact with the plug-in (e.g. by clicking the “like” button) or decide to leave a comment, the corresponding information is transmitted from the browser directly to the social network platform (in this case Facebook) and stored by it. For information on the purposes, type, and methods of collection, processing, use, and storage of personal data by the social network platform, as well as for how to exercise your rights, please consult the respective social network’s privacy policy.

The Data Controller

Lunicus srl.

To contact us

Lunicus srl, with registered office in Via Roma 2, 36045 Lonigo VI is pleased to receive comments regarding this privacy policy.

Please contact us at: admin@donapalace.it