Dear User, thank you for visiting our website. Below, we describe how the website is managed in relation to the processing of personal data of users who visit it.

WHY THIS NOTICE
This is a notice provided in accordance with art. 13 del D.lgs. n. 196/03 (Personal Data Protection Code) and Articles 13 and 14 of EU Regulation No. 679/2016 (hereinafter also “GDPR”) for those who interact with the services provided by the Company’s website.  

This notice applies to this website only and not to other websites that the user may visit through links. The notice is based on Recommendation No. 2/2001 adopted on May 17, 2001, by the European authorities for the protection of personal data, meeting in the Group established by Article 29 of Directive No. 95/46/EC, to establish minimum requirements for online personal data collection and, in particular, the methods, times, and nature of the information that data controllers must provide to users when they connect to web pages,regardless of the purposes of the connection. We therefore invite you to review our Privacy Policy outlined below. The Privacy Policy and Standards used for the protection of personal data are based on the following principles:

Data Controller
The data controller is Sabrina Gusmini (VAT number IT03199440169 – info@residenzailfiore.it), hereinafter referred to as the Company.

PRINCIPLE OF RESPONSIBILITY
The processing of personal data is managed over time by designated persons within the company’s organizational structure.

PRINCIPLE OF TRANSPARENCY
Personal data is collected and subsequently processed according to the principles outlined in this Privacy Policy. Upon any data provision, the data subject will be given clear, yet comprehensive, information as required by Article 13 of Legislative Decree No. 196/03 and Articles 13 and 14 of the GDPR.

PRINCIPLE OF RELEVANCE OF COLLECTION
Personal data is processed lawfully and fairly; it is recorded for specified, explicit, and legitimate purposes; it is adequate, relevant, and limited to what is necessary for the purposes of processing; it is kept for no longer than necessary for the purposes of collection.

PRINCIPLE OF PURPOSE OF USE
The purposes of personal data processing are made known to the data subjects at the time of collection. Any new data processing activities, if outside the declared purposes, will be initiated only after providing new information to the data subject and, if required, obtaining consent, as per Legislative Decree No. 196/03 and the GDPR. In any case, personal data will not be shared with third parties or disclosed without the prior consent of the data subject, except as expressly indicated in Article 24 of Legislative Decree No. 196/03 and the GDPR.

PRINCIPLE OF VERIFIABILITY
Personal data is accurate and kept up to date. It is also organized and stored in such a way that the data subject can know, if desired, which data has been collected and recorded, as well as check its accuracy and request correction, integration, deletion for legal violations, opposition to processing, and exercise all other rights under Article 7 of Legislative Decree No. 196/03 and Articles 15 and following of the GDPR, at the addresses provided in the Privacy Notices under Articles 13 of Legislative Decree No. 196/03 and Articles 13 and 14 of the GDPR available on the company’s website.

PRINCIPLE OF SECURITY
Personal data is protected by technical, IT, organizational, logistical, and procedural security measures against destruction or loss, even accidental, and unauthorized access or illegal processing. These measures are periodically updated based on technological progress, the nature of the data, and the specific characteristics of processing, constantly monitored, and verified over time. Third parties providing any kind of support for the delivery of services requested by the Company, which perform personal data processing operations, are designated as Data Processors and are contractually bound to respect the security and confidentiality measures for processing. The identity of these third parties is made known to the users. The Company also assumes no responsibility for:

1. The rules and methods of personal data management of other websites, accessible through links and references from our pages.
2. The content of any e-mail services, web spaces, chat forums provided to users

The processing related to the web services offered by this site takes place at the Company’s premises and possibly at the premises of the Data Processors, and is handled by appointed staff in charge of managing the requested services, marketing activities (if requested by the user), data retention activities, and occasional maintenance operations.

SCOPE OF DATA COMMUNICATION
Personal data may be communicated to third parties to comply with legal obligations, execute orders from public authorities, or defend a right in judicial proceedings. If necessary, in relation to specific services or products requested, personal data may be communicated to third parties acting as independent data controllers, performing functions strictly related and instrumental to the provision of services or delivery of products. Without such communication, these services and products could not be provided. Personal data will not be disclosed, unless the service requested requires it.

DATA PROVIDED VOLUNTARILY BY THE USER
The types of personal data collected and processed on this site are those necessary for the provision of the various services offered. The data collected is processed in paper, automated, and electronic formats, with methods strictly related to the purposes of processing. To provide services, your phone number and email address may be used. It is therefore evident that if these data are not provided, the requested services that require these tools will not be provided. Any voluntary submission of email to the addresses indicated on the site results in the acquisition of the sender’s address, as well as any other information contained in the message; this personal data will be used solely to perform the requested service or task.

BROWSING DATA
It is useful to know that the website’s software procedures acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. Although this information is not intended to be associated with identified users, if combined with other data held by third parties (e.g., the user’s internet service provider), it could allow for user identification. This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the URLs (Uniform Resource Locator) of the requested resources, the request time, the method used to submit the request to the server, the file size obtained in response, the numerical code indicating the status of the server’s response (successful, error, etc.), and other parameters related to the user’s operating system and IT environment. This data is used solely for anonymous statistics on site usage and to ensure its proper functioning. The Data Controller and, depending on the service requested, the designated Data Processors keep the log of the connections/browsing for a limited period as required by law, to respond to any requests from judicial authorities or other public bodies authorized to request the log for the investigation of potential responsibilities in case of cybercrimes.

Apart from what is specified for browsing data, the user is free to provide or not provide the requested personal data in the registration form for services. On the form, some data may be marked as mandatory; it should be understood that this data is necessary for the provision of the requested service. If such data is not provided, the requested service cannot be provided.

At the time of any data provision, in accordance with Article 13 of Legislative Decree No. 196/03 and Articles 13 and 14 of the GDPR, the data subject is provided with concise but complete and transparent information about the purposes and methods of processing, the mandatory or optional nature of providing data, the consequences of non-provision, the subjects or categories of subjects to whom personal data may be communicated, and the scope of data dissemination, the rights under Article 7 of Legislative Decree No. 196/03 and Articles 15 and following of the GDPR (access, integration, updating, correction, deletion for legal violation, opposition to processing, etc.), the identity and location of the Data Controller and Data Processors. The data subject is then called to express informed, freely given, specific, and documented consent as required by law. If personal data is provided in successive stages, additional information may be provided, and new consents may be requested for processing as stipulated by the Privacy Code and the GDPR.