Privacy Policy

Why This Information

Pursuant to Legislative Decree 196/2003 and subsequent amendments, as well as Regulation (EU) 2016/679 (hereinafter referred to as the "Regulation"), this page describes the methods of processing personal data of users who visit the website of Home.Tour S.r.l., accessible online at the following address: https://www.palazzopaisiello.it/.
We inform the user that, as a result of browsing this website, data relating to identified or identifiable individuals may be processed.
This information does not apply to other websites, pages, or online services that may be accessible via hyperlinks published on this site.

Identity of the Data Controller

The data controller is Home.Tour S.r.l., with its registered office at Via del Platano, n. 5 (Castromediano) – 73020 Cavallino (Le), (Email: info@palazzopaisiello.it, PEC: home.tour@legalmail.it, Tel.: +39 392 2253596).

The operational headquarters is located at Palazzo Paisiello, Piazzetta Bonifacio IX n. 4 – 73100 Lecce (Le). The contact details of the facility correspond to those indicated above.

Source of Data and Types of Data Collected

1) Data provided by the user

The data controller collects personal data provided by users:

  • when sending a message using the contact addresses and/or contact forms available on the website, including the online booking form.

The voluntary and optional sending of messages to the provided contact addresses, as well as the completion and submission of communications through the website's forms, result in the acquisition of the sender’s contact details, which are necessary to provide a response, along with any personal data included in the communications.

It should be noted that the data strictly necessary for sending messages is limited to the sender's name and email address. Any additional information entered by the user in the message subject or body is provided voluntarily, and if not strictly necessary for responding to the message or providing the requested service, it will be immediately deleted in compliance with the principles of data minimization and necessity.

The data provided will be processed using IT and telematic tools solely for the purpose of providing the requested information or service.

2) Data collected from website usage

The data controller collects information related to the user’s interaction with the website. These details are acquired by the IT systems and software procedures responsible for the website’s operation during normal activity. Additionally, the transmission of such data is inherent to the use of Internet communication protocols.
This category of data includes IP addresses or domain names of the computers and terminals used by users, the URI/URL (Uniform Resource Identifier/Locator) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the response file, the numerical code indicating the server's response status, and other parameters related to the user’s operating system and IT environment.
Such data, necessary for accessing web services, is also processed for the purpose of:

  • obtaining statistical information on the use of services (most visited pages, number of visitors per time slot or day, geographical origin, etc.);
  • verifying the proper functioning of the offered services.

Browsing data is retained for no longer than seven days and is immediately deleted after aggregation, unless it is required for crime investigation by judicial authorities.

3) Cookies and other tracking systems

To make its services as efficient and user-friendly as possible, this website uses cookies.
Therefore, when visiting the website, a small amount of information is stored on the user’s device in the form of small text files called “cookies,” which are saved in the web browser’s directory. There are different types of cookies, but their primary function is to enhance the website’s efficiency and enable certain features.
For more information about the cookies used on this website, please refer to the cookie policy in the dedicated section of the website.

Purpose of Processing

Depending on the type of processing to be carried out, the data controller uses the data collected and/or provided by the user for the following purposes:

  1. to respond to any communications, requests for information, and/or services submitted by users by sending a message using the contact addresses and/or contact forms available on the website, including those related to service bookings;
  2. to manage and monitor risks, prevent potential fraud, insolvencies, or non-compliance; to prevent and handle possible disputes, and to take legal action if necessary.

Legal Basis for Processing

With reference to the purposes indicated in the previous section, the legal basis for processing is as follows:

  1. the necessity to execute a contract to which the data subject is a party or to take pre-contractual measures at the data subject's request;
  2. the necessity to pursue the legitimate interest of the data controller (particularly concerning the prevention of fraud and insolvencies).

Recipients of Data

The personal data processed by the data controller is not disseminated or made available to unspecified parties in any form, including through disclosure or simple consultation.
However, the data may be communicated to employees working under the authority of the data controller or to individuals authorized to process data as they operate under the controller’s authority. Based on their roles and job functions, these employees are authorized to process personal data, considering their specific competencies and in compliance with the instructions provided by the data controller.
The data controller has engaged third-party service providers related to the website’s operation, such as hosting providers, website service providers, IT maintenance providers, and providers of services that enable the integration of additional features into the website that users may use at their discretion.
These service providers, designated as data processors, are given only the personal data necessary to provide their respective services and are not permitted to use or disclose the data subject’s personal data for other purposes without prior authorization from the data subject.
Additionally, the data may be communicated, where strictly necessary, to entities that, for the purpose of fulfilling orders, handling other requests, or providing services related to the transaction or contractual relationship with the data controller, must supply goods and/or perform services on behalf of the data controller.
Finally, the data may be disclosed to entities legally authorized to access it under legal provisions, regulations, or European Union directives.

Transfer of Data

The data controller does not transfer personal data to third countries or international organizations under any circumstances.

However, the use of cloud services may be considered. In such cases, service providers will be selected among those that offer adequate guarantees, as required by Article 46 of EU Regulation 2016/679.

Retention of Data

The data controller retains and processes personal data for the time necessary to fulfill the specified purposes. Subsequently, personal data will be stored but not further processed for the period established by applicable civil and tax regulations.

Additionally, if a user provides the data controller with unsolicited or unnecessary personal data that is not required for the execution of the requested service or for the provision of a strictly related service, Home.Tour S.r.l. will not be considered the controller of such data and will proceed with its deletion as soon as possible.

Rights of the Data Subject

Regarding the data processed as described in this privacy notice, the data subject has the right to:

  • request from the data controller access to their personal data and related information (Article 15 of the GDPR); the rectification of inaccurate data or the completion of incomplete data (Article 16 of the GDPR); the erasure of personal data concerning them (if one of the conditions set out in Article 17, Paragraph 1 of the GDPR applies, subject to the exceptions provided in Paragraph 3 of the same article); the restriction of processing of their personal data (if one of the cases outlined in Article 18, Paragraph 1 of the GDPR applies);
  • request and obtain from the data controller – when the legal basis for processing is a contract or consent and processing is carried out by automated means – their personal data in a structured and machine-readable format, also for the purpose of transmitting such data to another data controller (so-called right to data portability, Article 20 of the GDPR);
  • object at any time to the processing of their personal data when specific personal circumstances apply (Article 21 of the GDPR).

The request must be submitted by contacting the data controller at the addresses provided in the section titled Identity of the Data Controller.

If the data subject believes that the processing of their personal data violates applicable regulations, they may lodge a complaint with the supervisory authority (Italian Data Protection Authority – www.garanteprivacy.it), as provided by Article 77 of the GDPR, or take legal action before the competent courts (Article 79 of the GDPR).

Refusal to Provide Data

If the data subject does not provide the data identified as necessary for the execution of the requested service, the data controller will be unable to carry out the processing related to the management of that service or fulfill the obligations deriving from it.

Automated Decision-Making Processes

The data controller does not carry out processing activities that involve automated decision-making on personal data.

 

DATA SUBJECT RIGHTS EXERCISE FORM



This privacy policy was last updated on 25/09/2024.

Close
Close