Privacy

Privacy Information pursuant to Article 13 of the European Regulation EU 2016/679 (GDPR)

1. Data Controller

The Data Controller is Villa Lucrezia, with its registered office at Via S. Sebastiano, 33, 12050, Guarene, CN – VAT No. 04030300042, contactable at info@villa-lucrezia.it. The Data Protection Officer (DPO) can be contacted at the following email address: info@villa-lucrezia.it. The Data Controller processes data according to the principles established by the GDPR (EU General Data Protection Regulation 2016/679), including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, integrity, and confidentiality.

2. Purpose of Processing

The personal data provided to the Data Controller by the Data Subject will be processed for the following purposes:
a) to provide responses to the user's request made through the contact channel;
b) to provide a quote to the user who requested it through the contact channel;
c) to provide the information requested by the user through the contact channel (e.g., a customer requesting information to use a purchased product);
d) to send a resume or a collaboration request to the Data Controller;
e) to comply with obligations established by law, regulation, community legislation, or an order from an Authority;
f) to exercise the rights and legitimate interests of the Data Controller or third parties, such as the right to defense in court;
g) to send (via email, mail, SMS, phone contacts, newsletters) commercial communications or advertising material about products or services offered by the Data Controller, or to measure the satisfaction level regarding the quality of services.

3. Legal Bases of Processing

The legal bases for processing are as follows: For the purposes mentioned in points 2a), 2b), 2c), 2d), 2e), and 2f):
- the necessity to fulfill a contract to which the Data Subject is a party, or to fulfill the user's request (including any pre-contractual measures);
- the necessity to comply with any legal obligations or requests from an Authority;
- the necessity to pursue a legitimate interest of the Data Controller or third parties (such as defense in court);
For the purposes mentioned in point 2g):
- the consent of the Data Subject;

4. Mandatory and Optional Nature of Providing Personal Data

Providing data for the purposes mentioned in points 2a), 2b), 2c), 2d), 2e), and 2f) is optional: however, failure to provide data will make it impossible for the Data Controller to provide the Data Subject with the requested services. Consent to processing for the purpose mentioned in point 2g) is optional: in case of non-consent, the Data Subject will not receive newsletters, commercial communications, and advertising material related to the products offered by the Data Controller, but will still receive the requested services for other purposes.

5. Rights of the Data Subject

The Data Subject has the right to:
- access their Personal Data held by the Data Controller;
- request its rectification and/or deletion ("right to be forgotten");
- request the limitation or oppose the processing;
- request data portability;
- oppose processing under the conditions of Article 21;
- lodge a complaint with a Supervisory Authority.
The Data Subject can also withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

6. Communication to Recipients, Transfers to Third Countries, and Dissemination

Data acquired through the website will not be disseminated.
Data will be communicated to recipients to the extent strictly necessary in relation to the purposes mentioned above. Possible categories of recipients are as follows:
- employees and other subjects authorized by the Data Controller;
- any third parties used by the Data Controller for processing and appointed as Data Processors pursuant to Article 28 GDPR, with a specific contract;
- other subjects (public or private), where communication is necessary to comply with legal obligations, orders from Authorities, or to defend a legitimate interest of the Data Controller or third parties. The Data Controller does not intend to transfer processed data to a country outside the European Union or to an international organization.

7. Data Retention Period

The Data Controller retains data for the time necessary for the aforementioned purposes. In any case, the Data Controller undertakes not to retain data for more than 10 years.

© Villa Lucrezia Holiday Homes and Apartments in Guarene (CN)  -  VAT number: 04030300042  -  CIR: 004101-CIM-00003  -  CIN: IT004101B4LT3L9FZU  -  privacy