This page describes means of managing the website with reference to the processing of personal data of the Users consulting the website. This concerns a policy that is also provided pursuant to Article 13 of Italian Legislative Decree no. 196/2003 - Personal Data Protection Code and in compliance with Articles 13 and 14 of EU Regulation 2016/679 concerning those who interact with the web services of the website www.villadestehometivoli.it/en for the protection of personal data, accessible electronically from the address www.villadestehometivoli.it/en, corresponding to the home page of the website www.villadestehometivoli.it/en .
The Data Controller
Following consultation of this website, data relating to identified or identifiable persons may be processed. The Data Controller is: Galileo S.p.A., in the person of its legal representative, with registered office in Strada Galli, 27 - 00019 Tivoli (RM). You have the right to obtain from the owner the cancellation (right to be forgotten), limitation, updating, rectification, portability, opposition to the processing of personal data concerning you, and in general can exercise all the rights provided for in Articles 15, 16, 17, 18, 19, 20, 21, 22 of the GDPR.
Data Processing Location
The processing operations connected to the web services of this website occur at our head office and are executed only by the technical personnel of the Office in charge of processing. No data deriving from the web service is communicated or disseminated. The personal data provided by Users who request the sending of informative material or make purchases through the website www.villadestehometivoli.it/en is utilized solely to perform the service or provision requested and is communicated to third parties only whereby necessary for such purpose.
The computer systems and software utilised to operate this website acquire, as part of their regular operation, some personal data, the transmission of which is implicit in the utilisation of the Internet communication protocols and TCP/IP protocol.
This information does not in itself permit association to identified subjects, but by its very nature could, through processing and association with data held by third parties, permit the identification of Users. This category of data includes IP addresses or domain names of computers utilised by Users connecting to the website, the URI (Uniform Resource Identifier) of requested resources, the time of the request, the method utilised to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the operating system and computer environment of the User.
Such data is used only to obtain anonymous statistical information on the use of the website, to monitor the proper functioning of the services rendered or to ascertain the operators and responsibilities in the event of computer crimes to the detriment of the website.
Data Provided Voluntarily by the User
The optional, explicit and voluntary sending of electronic mail to the addresses indicated on this website leads to the subsequent acquisition of the sender's address, necessary to respond to any requests, along with any other personal data included in the message.
Optional Provision of Data
In addition to that specified regarding navigation data, the User is free to provide personal data contained in the website registration forms, along with information or quotes for merchandise.
Failure to provide such may render it impossible to obtain the information requested.
The Legal Basis of Processing
The legal basis of the processing is: a) the expression of consent to the processing of personal data for one or more specific purposes (in accordance with Article 6, paragraph 1, letter a) of EU Regulation 2016/679.
Means of Processing
Personal data is processed via automated tools for the time strictly necessary to achieve the purposes for which it was collected. Appropriate security measures are observed to prevent the data loss, its illegal or incorrect use, and unauthorised access. All processing occurs in compliance with the procedures indicated in Articles 6, 32 of EU Regulation 2016/679 and through the adoption of the appropriate security measures foreseen.
Rights of the Data Subjects
The subscriber, as the Data Subject, can exercise the rights set forth in Article 7 of the Privacy Code and Articles 15 et seq. of the EU Regulation 2016/679 in the manner outlaid by Articles 8 and 9 of the Privacy Code and by Article 12 of EU Regulation 2016/679:
confirmation of the existence or otherwise of personal data concerning the Data Subject, even if not yet registered, and its communication in intelligible form;
an indication of the origin of the personal data, the purposes and means of processing, the logic applied in case of processing with the aid of electronic tools, the identificative details of the Data Controller;
the updating, rectification, integration, cancellation, transformation into anonymous form, or blocking of data processed unlawfully (including data whose retention is unnecessary for the purposes for which it was collected or subsequently processed), the recipients or categories of recipient to whom the personal data has been or will be communicated or disclosed, including with regards to the content, unless this requirement proves impossible or involves a disproportionate burden in respect of the protected right.
The Subscriber also has the right:
at any time, to revoke consent (where given) to the processing of personal data (without prejudice to the lawfulness of the processing based on the consent provided prior to the revocation);
to oppose, in whole or in part, for legitimate reasons, the processing of personal data concerning him or her, even if pertinent to the purpose of collection;
to object, in whole or in part, to the processing of personal data concerning him or her for purposes of sending advertising materials or direct sales or for undertaking market research or commercial communication;
to lodge a complaintreportappeal with the Data Protection Authority for the protection of personal data in the cases foreseen by the Privacy Code, directly addressing the Personal Data Protection Authority, in Piazza di Monte Citorio no. 121 - 00186 Rome. The Data Subject may avail, for the exercise of his or her rights, of natural persons, entities, associations or bodies, conferring a written proxy for this purpose. The Data Subject may also be assisted by a person of trust. For information, please consult the website www.gpdp.it - www.garanteprivacy.it or send an email to: firstname.lastname@example.org Fax: (+39) 06.69677.3785 or telephone the switchboard: (+39) 06.69677.1.
To receive a detailed and constantly-updated list of subjects to whom the Data Subject's personal data may be communicated and to exercise the rights pursuant Article 7 of the Privacy Code and Articles 15 et seq. of EU Regulation 2016/679, the same can apply without formality and without incurring costs as set forth under current legislation, to the Data Controller, by sending an email to the following address: email@example.com or through written communication to the Data Controller, Galileo S.p.A., with headquarters in Tivoli (Rome) - Strada Galli no. 27. The list of internal and external processors is available from the Data Controller. The Privacy Manager Pro Tempore of Galileo S.p.A. (appointed in accordance with the law) can be contacted at firstname.lastname@example.org.
In accordance with Article 11, letter e) of the Code and Article 5, letter e) of EU Regulation 2016/679, the detailed data subject to processing will be stored for the time strictly necessary in relation to the aforementioned purposes and, in any case, for a period not exceeding 12 months for profiling purposes and 24 months for marketing purposes. The provision of consent to data processing for marketing purposes remains valid until revoked by the customers.
Web Measurement Systems
This website adopts a system for analysing and evaluating website traffic.
For the aforementioned purposes, Session Cookies may be utilised (not subsequently stored permanently on the User's computer), the utilisation of which is strictly limited to the transmission of session identifiers. The Session Cookies utilised do not permit the acquisition of personal data that could identify the User.
The Data Protection Officer
The Data Protection Officer - DPO is Avv. Gian Piero Evangelisti. He can be contacted here: