Information on the processing of personal data of the website www.villalapioppa.it di Virginia Della Zoppa, Strada Budellungo 123 – 43123 PARMA CF: DLLVGN49C69Z600G as Data Controller (hereinafter, “Controller”), informs you pursuant to EU Regulation 2016/679 (“GDPR“) and the applicable national legislation on personal data protection that your data will be processed in the following ways and for the following purposes:

1. OBJECT OF THE PROCESSING
The Controller processes personal identification and non-sensitive data (in particular, name, surname, email, telephone number, IP address, etc. – hereinafter referred to asData” or“Personal Data“) communicated by you when browsing the Owner’s website www.villalapioppa.it (hereinafter referred toas the “Site“) and/or in the event of a contact request forwarded to the Owner.

2. PURPOSE AND LEGAL BASIS OF THE PROCESSING
Your Data are processed without your prior consent for the following purposes and legal basis:

  • performance of the contract and/or pre-contractual commitments
    – managing and maintaining the Site;
    – managing a contact request from you
  • the pursuit of a legitimate interest of the Data Controller:
    – preventing or detecting fraudulent activity or abuse harmful to the Site;
    – exercising the Controller’s rights, such as the right of defence in court.
  • compliance with legal obligations:
    – Compliance with obligations under laws, regulations, EU rules, orders and prescriptions of the competent authorities.

3. METHODS OF PROCESSING
The processing of your Data is carried out electronically by means of the operations of collection, recording, updating, organisation, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, deletion and destruction of the Data.

4. DATA STORAGE

The Data Controller processes the Data for the time necessary to fulfil the above-mentioned purposes and in any case for no longer than 10 years from collection.

5. PROVISION OF DATA
The provision of personal data is compulsory and refusal to provide such Data may make it impossible to fulfil your requests.

6. ACCESS TO DATA
Your Data may be accessed for the above purposes:

  • employees and/or collaborators of the Data Controller, in their capacity as data processors and/or internal data controllers and/or system administrators
  • third party companies or other entities (e.g. IT service providers, suppliers, credit institutions, professional firms, etc.) that perform outsourcing activities on behalf of the Data Controller, in their capacity as external data processors.

7. COMMUNICATION OF DATA
Your Data may be communicated, even without your consent, for the purposes set out above, to control bodies, law enforcement agencies or the judiciary who will process them, at their express request, in their capacity as autonomous data controllers for, institutional purposes and/or by virtue of the law during investigations and controls. Your Data may also be communicated to third parties (e.g. partners, freelancers, agents, etc.), in their capacity as autonomous data controllers, for the performance of activities instrumental to the above purposes.

8. DATA TRANSFER
Data are not disseminated or transferred to countries outside the EU.

9. RIGHTS OF THE DATA SUBJECT
The Data Controller informs you that, as a data subject, if the limitations provided for by law do not apply, you have the right to:

  • obtain confirmation of the existence or otherwise of your Personal Data, even if not yet registered, and that such data be made available to you in an intelligible form;
  • obtain an indication and, where appropriate, a copy of (a) the origin and category of the Personal Data; (b) the logic applied in the event of processing carried out with the aid of electronic instruments; (c) the purposes and methods of processing; (d) the identification details of the data controller and data processors; (e) the subjects or categories of subjects to whom the Personal Data may be communicated or who may become aware of them, in particular if they are recipients from third countries or international organisations; (e) when possible, the data retention period or the criteria used to determine this period; (f) the existence of an automated decision-making processand if so, of the logic used, its importance and the consequences foreseen for the data subject; g) of the existence of adequate safeguards in the event of transfer of the data to a non-EU country or international organisation;
  • to obtain, without undue delay, the updating and rectification of inaccurate data or, where interested therein, the integration of incomplete data
  • revoke at any time the consents given, easily, without hindrance, using, if possible, the same channels used to provide them
  • obtain the deletion, transformation into anonymous form or blocking of data: a) processed unlawfully; b) no longer necessary in relation to the purposes for which they were collected or subsequently processed; c) if the consent on which the processing is based is revoked and there is no other legal basis, d) if you have objected to the processing and there is no overriding legitimate reason to continue processing; e) in the event of compliance with a legal obligation; f) in the case of data relating to minors. The Data Controller may refuse to erase data only in the event of: a) exercise of the right to freedom of expression and information; b) fulfilment of a legal obligation, performance of a task carried out in the public interest or exercise of official authority; c) reasons of public health interest; d) archiving in the public interest, scientific or historical research or for statistical purposes; e) exercise of a right in a court of law;
  • obtain the restriction of processing in the event of: a) contestation of the accuracy of personal data; b) unlawful processing by the Data Controller to prevent their deletion; e) exercise of a right of the Data Controller in court; d) verification of whether the Data Controller’s legitimate reasons prevail over those of the data subject;
  • receive, where the processing is carried out by automated means, without hindrance and in a structured, commonly used and readable format the personal data concerning you for transmission to another data controller
    – if technically feasible – to obtain direct transmission from the data controller to another data controller; to object, in whole or in part: a) on legitimate grounds relating to your particular situation, to the processing of personal data concerning you; b) to the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for the performance of market or commercial communication surveys, by automated calling systems without human intervention, by email and/or by traditional marketing methods, by telephone and/or by paper mail;
  • to lodge a complaint with the Personal Data Protection Authority.

In the above cases, where necessary, the Data Controller shall inform the third parties to whom your personal data is communicated of any exercise of rights by you, except in specific cases (e.g. when such fulfilment proves to be impossible or involves a manifestly disproportionate use of means compared to the right protected).

10.METHODS OF EXERCISING YOUR RIGHTS
You may exercise these rights at any time:

  • by sending a registered letter with return receipt to the Holder’s address: Virginia Della Zoppa, Strada Budellungo 123 – 43123 PARMA
  • by sending an email to info@villalapioppa.it:
  • by calling the number (+39) 0372 57031

11. DATA CONTROLLER AND PROCESSOR
The data controller is:
Virginia Della Zoppa, Strada Budellungo, 123 – 43123 PARMA CF: DLLVGN49C69Z600G The updated list of data processors is kept at the registered office of the Controller in Parma, Strada Budellungo, 123.