Privacy Policy

Introduction

This information applies with reference to navigation and activities carried out within the following websites: https://www.villaserbelloni.com, https://staywithus.villaserbelloni.com/, https://weddings.villaserbelloni.com/weddings.html, https://welcome.villaserbelloni.com/

Data Controller

GRAND HOTEL VILLA SERBELLONI S.R.L
Address: Galleria Passerella, 1 - 20122 Milano (Italy) e-mail: info@villaserbelloni.com

Types of Common Data

• Identification data
• Contact details
• Other types of data provided spontaneously and with the user's consent
• Browsing data

Special data categories

• provided spontaneously by interested parties in case of contact with the Data Controller (eg religious orientation, sexual orientation)

Purpose and Legal Basis of the processing

• Management of requests to Grand Hotel Villa Serbelloni to satisfy information and assistance requests or to carry out one of the services offered on the Grand Hotel Villa Serbelloni website
  ◦ Legal basis: execution of a contract of which the interested party is a party or the execution of pre-contractual measures adopted at the request of the same
• Provision of services proposed on www.villaserbelloni.com
  ◦ Legal basis: execution of a contract of which the interested party is a party or the execution of pre-contractual measures adopted at the request of the same
• Use the personal data provided for commercial communications about products and services to update the user on news, offers, promotions and other communications regarding the company and the brands connected to it
  ◦ Legal basis: Consent of the interested party free, optional and revocable at any time
• Process personal data relating to website navigation
  ◦ Legal basis: Legitimate interest of the Data Controller to ensure network and information security and to facilitate the performance of the work activity
• Process the personal data collected through user profiling mechanisms for promotional and advertising purposes
  ◦ Legal basis: Consent of the interested party free, optional and revocable at any time

In relation to all the activities indicated above, personal data will be mainly processed through IT and electronic tools, in full compliance with current legislation on the subject.

Subjects who may process the data

• Authorized to process data duly trained and kept confidential.
• Data processing managers who have signed binding agreements according to European legislation.
• Autonomous controllers who present sufficient guarantees to process the data of the interested parties and with a valid legal basis to do so.

Profiling

Active for the treatments referred to this information but subject to the express consent of the user as detailed in Cookie Policy .

Mandatory provision

The requested data are mandatory unless otherwise indicated.
In case of failure to provide it, it will be impossible to use the services provided by the Data Controller for which consent is required.

Consent for Processing

The free, optional and revocable consent by the interested party is collected for the treatments that require it in a specific location, eg. in case of subscription to the newsletter service .

E-mail Communications

Email communications will be linked to the context in which this information is provided that the interested party can reasonably expect.

Further activities for specific purposes will eventually be carried out on the basis of the consent provided by the user.

Data retention period

The owner applies the principle of data minimization for all treatments. The data is processed for the time necessary to perform the service requested by the User, or required by the purposes described in this document. For some treatments the period can be determined more precisely than others. For this purpose, brief and specific information is provided for certain treatments (eg Cookie Policy).
For detailed information on specific treatments, you can ask the Owner.
For detailed information, you can ask the Data Controller.

Non-EU data transfer

Extra-EU transfers necessary for the performance of the Controller's activities or related to the management of requests from interested parties or related to the use of IT tools, will take place in accordance with current legislation:

• in countries recognized as safe by the EU Commission with which Europe has international agreements on data protection ( art. 45 GDPR )
• with which the Data Controller has entered into agreements aimed at protecting the data of the interested parties including SCC and BCR ( Article 46, 2, letters (c) and (d) GDPR ) >
• in the presence of exceptions such as necessity and occasionality for types and quantities of data that allow it ( art. 49 of the GDPR ).

Data protection measures

Organizational measures (e.g. legally binding agreements) and Technical measures (e.g. encryption) are adopted and periodically updated to protect the data of the interested parties.

Data Protection Officer (DPO)

The Data Protection Officer can be contacted at the e-mail address: rpd.villaserbelloni@consolleprivacy.it

Supervisory Authority

Interested parties have the right to lodge a complaint with the competent Supervisory Authority in the Member State in which they usually reside or work or in the State in which the alleged violation has occurred.

Rights of the interested parties

Data subjects have the following rights over their collected data:

• Obtain confirmation of the data existence or not
• Know the content and origin
• Verify accuracy
• Request integration, cancellation, updating, rectification, transformation into anonymous form
• Request the blocking of personal data processed in violation of the law
• Oppose their treatment for legitimate reasons.