Loading…
Privacy policy

Privacy policy

Privacy policy

WHY THIS INFORMATION?

Pursuant to Regulation (EU) 2016/679 (hereinafter referred to as the “GDPR”), this page describes the methods of processing personal data. This information is provided in accordance with Art. 13 of the GDPR.

This notice should not be considered valid for other third-party websites that may be accessed through links on this website, for which no responsibility is assumed.

Personal Data That May Be Processed

Personal data: any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, an online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity (Recitals 26, 27, 30 GDPR).

Data of Contractors / Users

Personal data: the computer systems and software procedures responsible for the operation of this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes:

  • IP addresses or domain names of the computers and terminals used by users
  • addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources
  • the time of the request
  • the method used to submit the request to the server
  • the size of the file obtained in response
  • the numerical code indicating the status of the response given by the server (successful completion, error, etc.)
  • other parameters relating to the user's operating system and computer environment

Data Provided Voluntarily

The optional, explicit, and voluntary sending of messages to the contact addresses indicated on this website and/or the completion of data collection forms entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other personal data included in the communication.

Information on the Processing of Personal Data Through Social Media Platforms

With regard to the processing of personal data carried out by the operators of the social media platforms used by the Data Controller, reference should be made to the information provided by them through their respective privacy policies.

The Data Controller processes personal data provided by users through dedicated social media platform pages in order to manage interactions with users (comments, public posts, etc.) and in compliance with current regulations.

Specific Information

Specific information may be available on the website pages in relation to particular services or specific data processing activities.

COOKIES AND OTHER TRACKING SYSTEMS

WHAT ARE THEY AND WHAT ARE THEY USED FOR?

For information regarding cookies and other tracking systems, please refer to the Cookie Policy available in the website footer and at the following link:

https://www.palazzovenezia.com/cookie-policy

1. WHO IS THE DATA CONTROLLER? HOW CAN THEY BE CONTACTED?

The Data Controller is Palazzo Venezia S.r.l., with registered office at Via Regina 40, 22012 Cernobbio (Como), Italy, represented by its Legal Representative pro tempore.

For any information, the Data Controller can be contacted at the following email address:

privacy.pve@palazzovenezia.com

2. PURPOSES OF PROCESSING, LEGAL BASIS, DATA RETENTION PERIOD, AND NATURE OF PROVISION

PURPOSE OF PROCESSING

Website Navigation

Data necessary for the use of web services are processed for the following purposes:

  • obtaining statistical information on the use of services (most visited pages, number of visitors by time slot or per day, geographical areas of origin, etc.)
  • monitoring the correct functioning of the services offered

LEGAL BASIS

Processing is necessary for the pursuit of the legitimate interests of the Data Controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject requiring protection of personal data do not prevail, taking into account the reasonable expectations of the data subject and activities strictly necessary for the operation of the website and browsing itself (Art. 6(1)(f) and Recital 47 GDPR).

Data subjects may request information regarding the balancing test carried out.

DATA RETENTION PERIOD

Navigation data are retained for the duration of the browsing session.

NATURE OF PROVISION

The provision of data is necessary for browsing the website.

PURPOSE OF PROCESSING

Use of Cookies and Similar Technologies

Please refer to the Cookie Policy in the website footer.

LEGAL BASIS

For non-technical cookies and comparable technologies, processing is based on consent to the processing of personal data (Art. 6(1)(a) and Recitals 42, 43 GDPR).

Consent is provided through the website’s cookie banner and cookie policy.

DATA RETENTION PERIOD

See the Cookie Policy in the website footer.

NATURE OF PROVISION

See the Cookie Policy in the website footer.

NATURE OF PROVISION

A. DIRECT MARKETING

Direct marketing activities include the sending of advertising or direct sales material, market research, commercial and promotional communications, and newsletters through:

  • automated means (email, SMS)
  • traditional means (telephone and postal mail)

Communications may contain promotional activities and/or logos of Palazzo Venezia S.r.l. partners.

No personal data will be transferred.

For the complete list of partners, data subjects may write to:

privacy.pve@palazzovenezia.com

To compare and possibly improve the results of automated communications, the Data Controller uses reporting systems.

Through these reports, the Data Controller may obtain information such as:

  • number of readers
  • email openings
  • unique clicks and total clicks
  • devices and operating systems used to read communications
  • details on the activity of individual users
  • details regarding emails sent, delivered, not delivered, or forwarded

All such data are used to analyze and potentially improve communication performance.

LEGAL BASIS

Processing is based on consent to the processing of personal data (Art. 6(1)(a) GDPR; Recitals 42 and 43).

DATA RETENTION PERIOD

Until consent is withdrawn (opt-out).

NATURE OF PROVISION

Provision of data is optional.

Failure to provide the required data will result in the inability to receive communications.

B. NON-AUTOMATED PROFILING

Personal data will be stored in company databases / CRM systems / platforms in order to:

  • conduct analyses and evaluations
  • divide data subjects into homogeneous groups based on specific business characteristics
  • improve service management
  • send targeted promotional communications

LEGAL BASIS

Processing is based on consent (Art. 6(1)(a) GDPR; Recitals 42 and 43).

DATA RETENTION PERIOD

Until consent is revoked, and in any case no longer than 12 months.

NATURE OF PROVISION

Provision of data is optional.

Failure to provide the required data will result in the inability to perform analyses and send targeted communications.

C. MANAGEMENT OF REQUESTS

Management of requests from data subjects pursuant to Arts. 15 et seq. GDPR (data subject rights).

LEGAL BASIS

Processing is necessary for compliance with a legal obligation to which the Data Controller is subject (Art. 6(1)(c) GDPR; Recital 45).

DATA RETENTION PERIOD

5 years from the closure of the request, except in the case of litigation.

NATURE OF PROVISION

Provision of personal data is mandatory, as it is necessary to fulfill legal obligations.

D. RECRUITMENT – “WORK WITH US” SECTION

Processing activities include:

  • managing job applications
  • conducting recruitment and personnel selection processes
  • evaluating candidates for positions other than those initially applied for
  • retaining personal data for future recruitment
  • managing applications submitted in response to job postings on the website
  • conducting interviews and possible video interviews (processing of image/audio data)

See the specific notice in the dedicated section.

LEGAL BASIS

Processing is necessary for the performance of a contract or pre-contractual measures requested by the data subject (Art. 6(1)(b) GDPR; Recital 44).

DATA RETENTION PERIOD

Maximum 24 months.

In principle, data collected during the recruitment process will be deleted once it becomes clear that:

  • no job offer will be made, or
  • the offer will not be accepted by the candidate.

NATURE OF PROVISION

Provision of data is necessary.

Failure to provide the required data will result in the inability to apply.

E. CLIENT AREA

Processing necessary to access the restricted area.

LEGAL BASIS

Processing is necessary for the performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR; Recital 44).

DATA RETENTION PERIOD

Until termination of the contract and for the technical time necessary to deactivate credentials.

NATURE OF PROVISION

Provision of data is necessary.

Failure to provide the required data will result in the inability to access the restricted area.

F. ORGANIZATIONAL, ADMINISTRATIVE, FINANCIAL, AND ACCOUNTING ACTIVITIES AND CLIENT / USER DATA MANAGEMENT

LEGAL BASIS

Processing is necessary:

  • for the performance of a contract (Recital 44), or
  • for compliance with legal obligations (Recital 45).

DATA RETENTION PERIOD

10 years, or as required by applicable legal obligations.

NATURE OF PROVISION

Provision of personal data is mandatory, as it is necessary to comply with legal obligations.

3. TO WHOM WILL PERSONAL DATA BE DISCLOSED?

Personal data may be disclosed to entities that process data as:

  • independent Data Controllers, or
  • Data Processors (Art. 28 GDPR)

and may be processed by natural persons acting under the authority of the Data Controller or Data Processors (Art. 29 GDPR), based on specific instructions.

Data may be communicated to recipients belonging to the following categories:

  • entities based in Italy providing services for the website and communication networks, including email, hosting, and website management
  • entities based in Italy with whom the Data Controller has entered into agreements and, where required, obtained prior consent
  • entities managing direct marketing activities, with prior consent
  • entities managing recruitment and personnel selection activities
  • competent authorities, where required for compliance with legal obligations or requests from public bodies

The list of Data Processors pursuant to Art. 28 GDPR is available upon request by writing to:

privacy.pve@palazzovenezia.com

4. WILL DATA BE TRANSFERRED OUTSIDE THE EEA?

Personal data will not be transferred to countries outside the European Economic Area (EEA).

In particular:

  • data are stored in Italy for hosting, management, development, and maintenance of the website
  • all third parties to whom data may be communicated are based in Italy

5. ARE AUTOMATED DECISION-MAKING PROCESSES USED?

Personal data may be processed through manual, electronic, and automated means.

However, fully automated decision-making processes are not carried out.

Where profiling activities are conducted with the explicit consent of the data subject, as described above, they will involve human intervention. Operators will analyze habits and consumption choices in order to improve the Data Controller’s commercial offerings and services (non-automated profiling).

6. WHAT ARE YOUR RIGHTS AND HOW CAN THEY BE EXERCISED?

Data subjects may exercise the rights provided for by Arts. 15 et seq. GDPR by contacting the Data Controller at:

privacy.pve@palazzovenezia.com

The Data Controller guarantees the right to request:

  • access to personal data (Art. 15)
  • rectification (Art. 16)
  • erasure (Art. 17)
  • restriction of processing (Art. 18)

The Data Controller will communicate any rectification, erasure, or restriction of processing to each recipient to whom personal data have been disclosed (Art. 19), unless this proves impossible or involves disproportionate effort.

Data subjects also have the right to data portability (Art. 20). Upon request, the data will be provided in a structured, commonly used, and machine-readable format.

Data subjects may object at any time to the processing of personal data based on legitimate interest (Art. 21) by sending an email with the subject “opposition” to the contact indicated above.

Data subjects may also withdraw consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.

To stop receiving automated marketing communications (email, SMS, instant messaging), data subjects may:

  • send an email to privacy.pve@palazzovenezia.com with subject “cancellation from automated”, or
  • use the automatic unsubscribe systems included in emails (opt-out)

To stop receiving traditional marketing communications (telephone calls with an operator and postal mail), data subjects may send an email with subject:

“cancellation from traditional”

To stop receiving all marketing communications, send an email with subject:

“marketing cancellation”

To revoke consent to profiling (non-automated), send an email with subject:

“no profiling”

If data subjects believe that the processing of personal data carried out by the Data Controller violates Regulation (EU) 2016/679, they may lodge a complaint with the national supervisory authority, particularly in the Member State where they habitually reside, work, or where the alleged infringement occurred.

Italian Supervisory Authority:
https://www.garanteprivacy.it/

Data subjects may also pursue appropriate judicial remedies.

7. CHANGES TO THIS PRIVACY NOTICE

The Data Controller may change, modify, add, or remove any part of this Privacy Notice.

To facilitate verification of any changes, the notice will indicate the date of the latest update.

Last update: 04/08/2025