Villa Serfini's Privacy Policy

Privacy Policy

In compliance with the obligations of European Regulation 679/2016 GDPR on the protection of personal data, the villaserafini.com site observes and protects the privacy of its visitors and users.
Users may be subject to different levels of protection. Some users therefore benefit from higher protection. Further information on protection criteria can be found in the section on applicability.

Data controller

Villa Serfini - Via del Sole, 1 - 33047 Remanzacco (UD)

Indirizzo email del Titolare: info@villaserafini.com

Types of data collected

The data collected either by this website itself or via third parties, depending on the forms enabled (see the section on ‘Details on the processing of personal data’), includes email address, first name and surname, telephone number, postal code and city of residence, usage data, date of birth, street address, province and tax code.

Full details on each type of data collected are given in the relevant sections of this privacy policy or in specific information texts displayed before the data is collected.
Personal data may be provided freely by users, or in the case of usage data, collected automatically during use of the website.
Unless otherwise specified, all data requested by this website is mandatory. If a user refuses to provide the data, it may not be possible for the application to provide the service. Where the website indicates that certain data is optional, users may refrain from providing the data without affecting the availability or functionality of services.
If users are in doubt as to what data is compulsory they are encouraged to contact the data controller.
Unless otherwise specified, any use of cookies or other tracking tools by this application or by the owners of third-party services used by this application is for the purpose of providing the service requested by the user and any other purposes described in this document and in the Cookie Policy.

Users assume responsibility for any personal third-party data obtained, published or shared via this website and must ensure they are entitled to communicate or disseminate it, holding the data controller free of any liability towards third parties.

Method and place of processing the data collected

Processing method
The data controller will take appropriate security measures to prevent the unauthorised access, disclosure, modification or destruction of personal data.
Data processing is carried out using IT and/or electronic telecommunication tools, according to organisational procedures and for reasons strictly related and limited to the stated purposes. In addition to the data controller, other parties involved in the processing of this application (administrative, commercial, marketing and legal personnel and systems administrators) and external parties such as third-party technical service providers, couriers, hosting providers, IT companies and communication agencies appointed by the data controller, may also have access to the data in certain circumstances. An updated list of data managers is available on request from the data controller.

Legal grounds for processing
The data controller may process personal data relating to a user where one of the following conditions is satisfied:

• the User has given consent for one or more specific purposes. NB Under some judicial systems, the data controller may be authorised to process personal data without the user's consent or on any other of the legal bases specified below, unless the user objects to such processing (opts out). However, this does not apply if the processing of personal data is governed by European legislation on the protection of personal data;
• the processing is necessary to execute a contract with the user and/or to execute pre-contractual disclosures;
• the processing is necessary to fulfil a legal obligation to which the controller is subject;
• the processing is necessary to execute a duty in the public interest or to exercise an official authority vested in the controller;
• the processing is necessary to pursue the legitimate interest of the controller or a third party.

However, the data controller may be asked to clarify the specific legal grounds for any processing and to specify in particular whether the processing is for legal purposes, in execution of a contract, or necessary for the conclusion of a contract.

Place
Data is processed at the data controller's operational headquarters and at any other location where those involved in the processing are based. Contact the data controller for more information.
Personal data may be transferred to a country other than that in which user is based. More information on the place of processing is available in the section on ‘Details of personal data processing’.

Period of retention
Data is processed and retained for the time necessary for the purposes for which it was collected.

Therefore:

• Personal data collected for purposes related to the execution of a contract between data controller and user will be retained until the execution of the contract is complete.
• Personal data collected for purposes related to the legitimate interest of the controller will be retained until the interest is satisfied. Further information regarding the legitimate interest pursued by the controller can be obtained from the relevant sections of this document or by contacting the controller.

Where the processing of personal data is based on user consent, the controller may retain the data for longer, until consent is revoked. The controller may also be obliged to retain personal data for a longer period in accordance with a legal obligation or by order of an authority.

Personal data will be deleted at the end of the retention period. The right to access, annul and rectify personal date and the right to portability of data can therefore no longer be exercised after this period has ended.

Purposes of processing data collected
User data is collected to enable the controller to provide its services and for the following purposes:  

• To access accounts in the reserved area for customers and suppliers
• To respond to requests submitted via forms on the website
• To communicate with customers and service information providers

See the relevant sections of this document for more detailed information on the purposes of processing and on the specific personal data related to each purpose.
No data entered on this website will ever be transferred to third-party operators for marketing purposes.

 

List of active forms enabled for data collection on this website

Requests
There is a form for requesting information on the website. When filling in the form users insert the requested data, which is stored on the website. The data is processed as indicated in the relevant section of this page.

Registered users
The 'Registered Users' START ENGINE form is for the exclusive use of customers and suppliers. Each registered individual or company user is associated with a complete data set and an access PIN.
Registration takes place, after consent is given to the data being processed manually, in the back-office area of the CMS. Once added to the system, each individual or company user can be authorised to access one or more reserved areas.

User rights
Users may exercise certain rights with regard to the data processed by the controller.
For users with higher protection, these rights are as listed below. Users may contact the data controller to find out what rights are applicable in other eventualities and how to exercise these rights.

In particular, users have the right to:

• withdraw their consent at any time;
  Users may withdraw their consent to the processing of their personal data as described above.
• object to the processing of their data;
  Users may object to the processing of their data when it is done so on legal grounds other than consent. More details on the right to object are given in the section below.
• access their data;
  Users have the right to obtain information on what data is processed by the controller and on particular aspects of the processing, and to obtain a copy of any data processed.
• check and ask for the data to be corrected;
  Users may check that their data is correct and ask for it to be updated or corrected.
• have the processing restricted;
  When certain conditions are satisfied, users may ask for the processing of their data to be restricted. In this eventuality the controller may not process the data for any purpose other than for its retention.
• have their personal data removed or deleted;
  Where certain conditions are satisfied, users may ask the controller to remove or delete their data.
• have their data sent to themselves or transferred to another controller;
  Users have the right to receive their data in a structured format that is commonly used and readable by automatic devices or, where technically feasible, have it transferred without hindrance to another controller. This instruction is applicable where the data is processed by automated means and processing is based on user consent or in respect of a contract to which the user is a party or related contractual measures.
• submit a complaint.
  Users may submit a complaint with the competent supervisory authority for data protection or take legal action.

Details on the right to object
Where personal data is processed in the public interest, in the exercise of public powers vested in the data controller or to pursue a legitimate interest of the data controller, users have the right to object to processing of the data for reasons related to their particular situation.
Users are reminded that where their data is processed for direct marketing purposes, they may object to the processing without giving any reason. To find out whether the controller processes data for direct marketing purposes, users should refer to the relevant sections of this document.

Hoe to exercise rights
To exercise their rights, users should send a request to the data controller at the contact details given in this document. Requests are submitted free of charge and processed by the data controller as soon as possible, within one month at the latest.

Breach of data
In the event of a breach of personal data, the provisions of article 33 apply. The data controller undertakes to notify the Data Protection Agency (Il Garante) of any violation of data within 24 hours for biometric data, 48 hours for health status data, and 72 hours for all other types of data. Under article 34, if the data violated is likely to present a high risk for the rights and freedom of natural persons, the interested party must also be informed.

Further information on data processing

Legal defence
A user's personal data may be used by the data controller in legal proceedings or in the preparatory stages for legal proceedings, for its potential utility in a defence against the misuse of this application or the services related to it by the user.
Users declare that they are aware that the data controller may be obliged to disclose the data by order of public authorities.

Specific information
At the user's request, this application may provide users with additional, contextual information about specific services or the collection and processing of personal data over and above the information contained in this privacy policy.

System logs and maintenance
For legal purposes relating to operations and maintenance, this application and any third-party services it uses may collect system logs, i.e. files that record interactions and may also contain personal data such as the user's IP address, for operational and maintenance purposes.

Information not included in this policy
Further information on the processing of personal data may be requested at any time from the data controller using the contact details provided.

Changes to this privacy policy
The data controller reserves the right to make changes to this privacy policy at any time by informing users via this page and if possible on this application, and where technically and legally feasible by sending notification to users at one of the contact addresses held by the data controller. Please consult this page regularly and check the date of the latest update, which is indicated at the bottom of the page.
Where changes involve processing on the legal grounds of user consent, the data controller will seek to obtain renewed user consent if necessary.