Subject: Information on the processing of personal data provided pursuant to Art. 13 Reg. 2016/679/EU.
This is to inform you that our company processes your personal data. The processing is carried out in compliance with the criteria established by the European regulation on personal data protection, Reg. 2016/679/EU (hereinafter G.D.P.R.) and any other national legislative text, provision, or authorization from the competent Authority connected thereto. According to the indicated regulations, the processing must be based on principles of fairness, legality, and transparency, as well as the protection of your privacy and your rights.
1) Data Controller: The data controller is CACEFFO MARCO, sole proprietorship, represented by Mr. Marco Caceffo, based at Strada Staffalo, 15 - 37066 Sommacampagna (VR), tel. 045 24 29 197, email info@agriturismoprincipeamedeo.it.
2) The collected data will be used for the following purposes:
a) Sending requested information, for which explicit consent is not required (Art. 6.1 letter a), G.D.P.R.);
b) Commercial marketing, for which explicit consent is required (Art. 6.1 letter a) and f), G.D.P.R.).
3) Methods: Personal data is processed by the controller and duly appointed processors for the proper fulfillment of the purposes indicated in point 2) through electronic tools and paper archives, as well as with the use of security measures to ensure the confidentiality of personal data and to prevent unauthorized access.
4) Communication: Data may be communicated to duly appointed internal and external subjects who carry out activities on behalf of the data controller. There is no provision for communication to third countries outside the EU, nor is there any provision for dissemination (e.g., social networks, websites, etc.). The data controller does not use solely automated processes to achieve the purposes outlined in this notice and does not perform profiling.
5) The Data Controller will process personal data for the time necessary to fulfill the above purposes and in any case for no longer than 2 years from the end of the relationship for the indicated purposes.
6) The data subject has the right to request access to their personal data from the data controller, as well as the rectification or deletion of the same or the restriction of processing concerning them, or to object to their processing, in addition to the right to request data portability.
The request can be made by email, fax, or registered letter with the subject: “request from the data subject” specifying in the request the right the data subject wishes to exercise (deletion, rectification, portability, oblivion), along with a valid email/PEC address to which the response should be sent.
The data controller or anyone appointed by them will proceed to fulfill the request within 30 days from the date of receipt. If the response is complex, the time may be extended by an additional 30 days, with timely communication to the data subject.
If you deem it appropriate to assert your rights, you have the right to lodge a complaint with the competent supervisory authority, corresponding to the National Privacy Guarantor, located at Piazza Venezia, 11 - 00187 Rome, garante@gpdp.it.
---------------------------------------------------------------------------
Privacy Policy
(pursuant to Article 13 of EU Regulation 2016/679)
This page describes the methods for managing this website with regard to the processing of personal data of users who consult it. Data processing is carried out in accordance with the criteria laid out in the European Regulation on personal data protection, EU Regulation 2016/679, and any other national legislation, measures or authorizations issued by the competent authority.
In accordance with the law, data processing must be based on the principles of fairness, lawfulness and transparency, and must protect your privacy and your rights.
This notice applies only to this website and not to other websites that may be accessed through links. Personal data are collected for the following purposes:
a) to enable navigation on the website;
b) to respond to your requests for information regarding the products offered for sale by the Data Controller.
DATA CONTROLLER
The data controller is MARCO CACEFFO, sole proprietor, with registered office at Strada Staffalo, 15 – 37066 Sommacampagna (VR), Italy, Tel. +39 045 24 29 197, email: info@agriturismoprincipeamedeo.it
LOCATION OF DATA PROCESSING, DISCLOSURE AND DISSEMINATION
Data processing related to the web services of this site takes place at the aforementioned company office and is handled by internal staff or, where necessary, by external personnel duly appointed (e.g., for maintenance and IT system updates).
No data derived from the web service is subject to dissemination.
Data may be disclosed to third parties, duly appointed, only if necessary for the performance of the service.
Payment data will be processed directly by the selected payment provider (e.g., credit card, PayPal, cash on delivery).
The Data Controller also informs that no fully automated decision-making processes, including profiling, are used to achieve the purposes set out in this notice.
PURPOSE AND LEGAL BASIS OF THE PROCESSING
Personal data provided by users who request product information or place orders will be used only to fulfill the requested service.
The legal bases for processing are:
1) Art. 6.1 letter f) G.D.P.R. – “legitimate interest of the Data Controller”, namely to enable use of the “contact us” service;
Art. 6.1 letter a) G.D.P.R. – “consent of the data subject”.
2) Art. 6.1 letter b) G.D.P.R. – “performance of pre-contractual and contractual measures” for the viewing and purchase of company products and services.
TYPES OF DATA PROCESSED
Browsing data
The IT systems and software procedures used to operate this website collect some personal data during their normal operation, the transmission of which is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified individuals, but by its nature could allow users to be identified through processing and associations with data held by third parties.
This category of data includes IP addresses or domain names, URI addresses of the requested resources, request time, request method, response file size, server response code (success, error, etc.), and other technical data.
This data is used solely for anonymous statistical information and to monitor proper functioning. It may be used to determine responsibility in case of cyber crimes. No explicit consent is required for this data.
Data voluntarily provided by the user
This refers to identifying data provided voluntarily by users when filling out forms on the website. This data is necessary to process the request. Processing is optional, but failure to provide the required data will make it impossible to perform the service.
Cookies
Cookie policy is defined in the specific cookie policy section.
DATA TRANSFER TO NON-EU COUNTRIES
The Data Controller does not transfer (nor store) personal data collected from the website in countries outside the European Union.
DATA RETENTION PERIOD
The Data Controller will process personal data for as long as necessary to fulfill the above purposes, and in any case, no longer than the period established by Italian law for invoicing record retention.
Contact data may be deleted immediately upon exercising the right to erasure.
RIGHTS OF DATA SUBJECTS
Pursuant to Articles 15–22 of the G.D.P.R., the data subject has the right to request from the Data Controller access to their personal data, rectification or erasure, restriction of processing, object to processing, and the right to data portability.
The request may be submitted via email, fax, or registered mail with the subject: “Request from data subject”, specifying the right being exercised, together with a valid email/PEC address to receive a response.
The Data Controller will respond to the request within 30 days. If the request is complex, this period may be extended by another 30 days with timely notification to the data subject.
If you believe your rights have been violated, you have the right to file a complaint with the Data Protection Authority, Piazza Venezia, 11 – 00187 Rome, email: protocollo@gpdp.it.
