Privacy Policy

Information pursuant to art. 13 and 14 of EU Regulation 679/2016

This page represents the “Privacy Policy” of this website and aims to provide information on how the personal data of users interacting with this website are processed. It also addresses the services offered to users by the site and provides the information required under Articles 13 and 14 of EU Regulation 2016/679.

This notice is provided solely for this website and not for other websites that users may access via links contained on this site’s web pages.

The EU Regulation 2016/679 on personal data protection (hereinafter referred to as the “Regulation”) establishes rules concerning the protection of natural persons with regard to the processing of personal data, as well as rules concerning the free movement of such data. It safeguards the fundamental rights and freedoms of natural persons, with particular emphasis on the right to the protection of personal data.

Article 4, paragraph 1 of the Regulation defines “Personal Data” as any information relating to an identified or identifiable natural person (hereinafter referred to as the “Data Subject”).

“Processing” refers to any operation or set of operations performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction (Article 4, paragraph 2 of the Regulation).

Pursuant to Articles 12 et seq. of the Regulation, the Data Subject must be provided with appropriate information regarding the Processing activities carried out by the Data Controller, as well as the rights of the Data Subjects.

Data Controller

CASTELLO DI CALLIANO MONFERRATO

Via Roma, 108
14031 Calliano Monferrato (AT)
P.IVA: 01750000059
Email: info@castellodicalliano.com
Telefono: +39 3387235359
Purpose of the processing and legal bases of the processing

The user’s personal data will be processed for the following purposes and based on the legal grounds indicated below:

  • For the conclusion and proper execution of the contract to which the data subject is a party or for the execution of pre-contractual measures adopted at their request, including the provision of requested information and/or services/products, such as subscription to informational newsletters; also to respond to requests sent by the data subject (information/products/services/informational newsletter subscriptions). The legal basis for the listed processing activities is Article 6, paragraph 1, letter b) of EU Regulation 2016/679.
  • To periodically send, through remote communication technologies (email, phone, SMS, WhatsApp), commercial communications regarding services, products, and activities offered by the Data Controller. The legal basis is consent as provided for under Article 6, paragraph 1, letter a) of EU Regulation 2016/679.
  • To periodically send, through remote communication technologies (email, phone, SMS, WhatsApp), newsletters and communications about services, products, and activities offered by the Data Controller’s partners and sponsors, which may be of greater interest to the data subject. The legal basis is consent as provided for under Article 6, paragraph 1, letter a) of EU Regulation 2016/679.
  • To carry out retargeting activities and/or use email to identify social media profiles (e.g., Facebook, Instagram) for personalized marketing campaigns. The legal basis is consent as provided for under Article 6, paragraph 1, letter a) of EU Regulation 2016/679.
  • To send emails for commercial and promotional purposes related to the sale of our products/services of the same type as those previously purchased by the data subject, unless they object to such processing, which they may do at any time. The legal basis for this type of processing is the legitimate interest of the Data Controller as provided for under Article 6, paragraph 1, letter f) of EU Regulation 2016/679.
  • To respond to requests sent by the user via email and/or forms available on the website. The legal basis for the listed processing activities is Article 6, paragraph 1, letter b) of EU Regulation 2016/679.
  • To enable and facilitate website navigation and ensure an adequate level of security, integrity, and availability. The legal basis for this type of processing is the legitimate interest of the Data Controller as provided for under Article 6, paragraph 1, letter f) of EU Regulation 2016/679.
  • To analyze statistical data on aggregated or anonymous data to monitor the proper functioning of the website, traffic, usability, and interest. The legal basis for this type of processing is the legitimate interest of the Data Controller as provided for under Article 6, paragraph 1, letter f) of EU Regulation 2016/679.
  • To establish, exercise, or defend a legal claim. The legal basis for this type of processing is the legitimate interest of the Data Controller as provided for under Article 6, paragraph 1, letter f) of EU Regulation 2016/679.
  • To comply with obligations established by law, regulations, community legislation, or an order from an Authority. The legal basis for this type of processing is compliance with a legal obligation as provided for under Article 6, paragraph 1, letter c) of EU Regulation 2016/679.
  • To conduct market research to develop and improve the range of products, services, and activities offered by the Data Controller and its partners. The legal basis is consent as provided for under Article 6, paragraph 1, letter a) of EU Regulation 2016/679.
Data type

The data necessary for the pursuit of the purposes set out above will be collected and processed:

  • identification data
  • contact details
  • data relating to the contractual relationship
  • data relating to the preferences and interests of the interested party
Browsing data

Computer Systems and Navigation Data

The computer systems and software procedures responsible for the operation of this website collect, during their normal use, certain personal data whose transmission is implicit in the use of Internet communication protocols.

These are pieces of information not collected to be associated with identified data subjects but which, by their nature, could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (success, error, etc.), and other parameters related to the user’s operating system and IT environment.

These data are used solely to obtain anonymous statistical information on the website’s use and to ensure its proper functioning and are deleted immediately after processing.

The data may be used to ascertain responsibility in case of hypothetical IT crimes against the website.

Refusal to Provide Data

Apart from what is specified for navigation data, users/visitors are free to provide their personal data. Providing such data is sometimes necessary because failure to do so might prevent the conclusion or proper execution of a contract involving the data subject and/or compliance with legal obligations to which the Data Controller is subject.

Providing data for processing activities that require consent is optional, and refusal will not prevent users from accessing the products/services offered by the Data Controller. Even after giving consent, the data subject retains the right to object, in whole or in part, to the processing of their personal data for the purposes outlined above by simply contacting the Data Controller at the addresses provided.

Source of Data

Data will be provided by the data subject or collected from third parties.

Processing Methods

In compliance with Article 5 of the Regulation, Personal Data will be:

  • Processed lawfully, fairly, and transparently in relation to the data subject;
  • Collected and recorded for specific, explicit, and legitimate purposes and processed in ways compatible with those purposes;
  • Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed;
  • Accurate and, where necessary, kept up to date;
  • Processed in a manner ensuring appropriate security;
  • Stored in a form that allows identification of the data subject for no longer than necessary to achieve the purposes for which they are processed.

Processing will be carried out using manual and/or computerized and telematic tools, strictly related to the stated purposes, and ensuring the data’s security, integrity, and confidentiality in compliance with organizational, physical, and logical measures required by current regulations.

Data Disclosure

Personal data may be disclosed to authorized personnel and external data processors appointed by the Data Controller (a full list of external processors is available from the Data Controller). With prior consent, data may also be disclosed to third-party sponsors and/or commercial partners of the Data Controller, who may use them for the purposes outlined in point 3 of the “Processing Purposes” section. For the above purposes, data may also be disclosed to other parties acting as independent controllers.

Data Dissemination

Personal data will not be disseminated.

Data Transfer Abroad

For the above purposes, personal data will be processed within the European Economic Area (EEA). If transferred to non-EEA countries, in the absence of an adequacy decision by the European Commission, applicable regulations on transferring personal data to third countries will be respected, such as using the European Commission’s Standard Contractual Clauses.

Data Retention

In general, personal data will be retained for as long as necessary to fulfill the purposes for which they were collected and processed, including the retention period required by applicable laws. In any case, data will be retained for a maximum of 10 years after the end of the relationship with the Data Controller and for a maximum of 2 years for purposes requiring consent, unless the Data Controller needs to defend a legal claim.

Rights of the Data Subject

Pursuant to Articles 15–21 of Regulation (EU) 2016/679 and applicable national law, the data subject may exercise the following rights within the limits and in accordance with current regulations:

  • Request confirmation of the existence of personal data concerning them (right of access);
  • Know their origin;
  • Receive comprehensible communication of the data;
  • Obtain information on the logic, methods, and purposes of processing;
  • Request the updating, rectification, integration, deletion, anonymization, or blocking of data processed in violation of the law, including data no longer necessary for the purposes they were collected for;
  • File a complaint with the supervisory authority (Data Protection Authority);
  • Exercise all other rights recognized by applicable laws.

Requests to exercise these rights can be made informally to the Data Controller using the contact details provided above.