PRIVACY POLICY
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation”).
Data Controller
Following the consultation of this website, data relating to identified or identifiable persons may be processed. The “Controller” of such processing is MAG S.r.l. (VAT No.: 02842680411), with registered office at Via Alfredo Faggi 62 – (61121) Pesaro (PU) Italy, email: info@palazzolucepesaro.com.
Types of Data Processed
Browsing Data
The computer systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified individuals, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes IP addresses or domain names of the computers used by users who connect to the website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the server’s response (successful outcome, error, etc.), and other parameters relating to the user’s operating system and computer environment.
These data are used solely to obtain anonymous statistical information on website usage and to check its proper functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of potential computer crimes against the site.
Data Voluntarily Provided by the User
The optional, explicit, and voluntary sending of personal data by the user via the registration forms present on this website or by calling any phone numbers listed within the site entails the subsequent acquisition of the sender’s data, necessary for the provision of the requested service or information.
Data of Minors
Personal data provided and relating to minors are processed exclusively when necessary to ensure the proper use of the product/service requested following the conclusion of a contract to which the data subject is a party. Such data will not be used for any further purposes unless necessary to ensure the enjoyment of all the benefits of the product/service (by way of example and not limitation, to ensure: the protection of the minor’s credit card, insurance coverage, or bookings for flights, hotels, or cruises).
Anonymous or Aggregated Data
Anonymization is a process designed to prevent the identification of the data subject. Data rendered anonymous do not fall within the scope of data protection legislation. We collect, process, and share aggregated data such as statistical or demographic data for various purposes. Aggregated data may derive from personal data provided by the user but are not considered personal data as they do not allow, directly or indirectly, the identification of the data subject. Such data will also be used to improve the quality of our existing products/services, develop new functionalities, and for general research purposes (for example, to determine the frequency of use of a specific product or service or to calculate the percentage of users accessing a specific website feature). Since such data do not allow the identification of an individual and are not considered personal, they may be shared with third parties, affiliates, subsidiaries, or partners.
Links to Other Websites
This website may contain links or references to access other websites. Please note that the Controller does not control cookies or other tracking technologies used by such websites to which this Policy does not apply.
Optional Nature of Data Provision
Except as specified for browsing data, users are free to provide their personal data. However, failure to provide such data may result in the inability to obtain the requested information or services.
Processing Methods
Personal data are processed by authorized personnel, also using automated tools. Specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access. The Controller has adopted all minimum security measures required by law and, inspired by leading international standards, has also adopted additional measures to minimize risks related to the confidentiality, availability, and integrity of collected and processed personal data.
Location of Data Processing and Retention Periods
The processing connected to the web services of this website takes place at the aforementioned registered office of the Controller and is handled by personnel expressly authorized by the Controller, or at the premises of third-party providers appointed as Data Processors pursuant to Article 28 of the GDPR. The collected Data will be retained – for each category of processed data – only for the time necessary to fulfill the specific purposes indicated in the summary notices displayed on the website pages and prepared for specific products/services. The Data will be stored in full for the duration of the contract executed with the Controller or for the entire period of service/product delivery. Subsequently, the Data will be retained for a period of ten years to comply with legal obligations, including those under Article 2220 of the Italian Civil Code. Further retention of Data or part thereof may be carried out to establish or defend the Controller’s rights in any forum, particularly in judicial proceedings.
Data Sharing, Communication, and Disclosure
The collected data may be shared, transferred, or communicated to other companies for activities strictly connected and instrumental to the operation of the service, such as system management, newsletter service, or occasional maintenance operations performed by third-party providers. In such cases, the Controller appoints those third parties as Data Processors under Article 28 of the GDPR. Outside these cases, personal data will not be communicated to third parties except where required by contract, law, or explicit consent from the data subject. In this regard, personal data may be transmitted to third parties only if:
a) vi sia consenso esplicito a condividere i dati con terze parti;
b) it is necessary to share the information with third parties to provide the requested service;
c) it is necessary to comply with requests from Judicial or Public Authorities.
No data deriving from the web service are disseminated.
Transfer of Personal Data Outside the EU
Where it becomes necessary to transfer, process, or grant access to personal data by entities located outside the European Union, the Controller obtains the necessary guarantees to ensure that such transfers are made in compliance with Chapter V of the GDPR (for example, verifying adequacy decisions, Privacy Shield certification, or by signing standard contractual clauses for data protection).
Data Subjects' Rights
Data protection law explicitly provides certain rights to the individuals to whom the data refer (so-called “data subjects”). In particular, pursuant to Articles 15 et seq. of Regulation (EU) 2016/679, each data subject has the right to obtain confirmation of the existence or non-existence of personal data concerning them, to know their origin and purposes, to request updates, rectification, integration, or deletion of data processed unlawfully or where one of the conditions of Article 17 applies. If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the Supervisory Authority or seek judicial remedy (Articles 77 and 79 GDPR).
Changes to This Privacy Policy
The Controller periodically reviews its privacy and security policy and, where appropriate, revises it in relation to regulatory, organizational, or technological changes. In case of modifications, the new version will be published on this webpage.
Questions, Complaints, Suggestions, and Exercise of Rights
Anyone wishing to receive further information, provide suggestions, or file complaints regarding this privacy policy or the way in which our Company processes personal data, or to exercise their rights under data protection law, may contact the Controller by writing to MAG S.r.l. (VAT No.: 02842680411), Via Alfredo Faggi 62 – (61121) Pesaro (PU) Italy, or by emailing info@palazzolucepesaro.com.
Types of Data Processed – Law and Jurisdiction
The interpretation and execution of these conditions are governed by Italian law. The Court of Pesaro shall have exclusive jurisdiction over any dispute related to these conditions. The Controller reserves the right to seek urgent remedies before any court, including abroad, to protect its interests and enforce its rights.
Additional Privacy Notices can be found in the specific forms available on this website.
PRIVACY NOTICE – STAY REQUEST FORM
Pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR), we inform you that your personal data will be processed, both electronically and on paper, by MAG S.r.l., as Data Controller, for:
A) responding to your request.
If you provide appropriate consent, the Controller may process your data for:
B) fulfilling your request to subscribe to our periodic newsletter for promotional and marketing purposes through the sending of information and advertising materials related to our services and/or products, as well as communications about changes in offers and commercial promotions; and
C) communicating your data to third parties so that they may carry out their own marketing purposes.
The legal basis for processing under point A) is the performance of pre-contractual measures adopted at the request of the data subject (Art. 6(1)(b) GDPR).
The legal basis for processing under points B) and C) is consent (Art. 6(1)(a) GDPR).
The data you provide will not be disseminated or used for purposes other than those stated. No data are mandatory; failure to provide them will only result in the inability to process your request. Fields marked with an asterisk (*) indicate information deemed necessary to respond. Such data will be used solely to provide the requested information.
If you do not consent to purposes B) and C), there will be no consequences, and your request will still be processed. If you provide your data, they will be processed by personnel authorized by the Controller and retained:
– for purpose A), only for the time necessary to fulfill the purpose indicated and, in any case, for no longer than twelve months from the request (unless otherwise required by law, and in any event no longer than ten years);
– for purposes B) and C), until you withdraw consent, which you may do at any time by clicking the unsubscribe link in each newsletter.
To withdraw consent granted to third-party companies, you may simply notify them directly. Further retention of the above data or part thereof may occur to establish or defend rights in any venue, particularly judicial.
Your data may be communicated to third parties performing specific services on behalf of the Controller to ensure proper pursuit of the stated purposes. For recipients of Data located outside the EU, the Controller obtains the necessary guarantees for transfers in accordance with Chapter V of the GDPR. To exercise your rights under Articles 15 et seq. of the Regulation (obtain confirmation of the existence of your data, access its origin and content, verify accuracy, request integration, update, portability, rectification, or deletion if not retained by legal obligation, and object to processing for marketing purposes), you may contact, without formalities, the Data Controller: MAG S.r.l. (VAT No.: 02842680411), Via Alfredo Faggi 62 – (61121) Pesaro (PU) Italy, or write to info@palazzolucepesaro.com. If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the Supervisory Authority or pursue legal remedies (Articles 77 and 79 GDPR).
PRIVACY NOTICE – NEWSLETTER SUBSCRIPTION FORM
Pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR), we inform you that your personal data, freely provided by you, will be processed, both electronically and on paper, by MAG S.r.l., as Data Controller, solely to fulfill your request to subscribe to our periodic newsletter for promotional and marketing purposes through the sending of information and advertising materials relating to our services and/or products, as well as communications about changes in offers and commercial promotions.
Additionally, with your express consent, we may share your data with third-party companies so that they may send you their commercial offers. The legal basis for processing is consent (Art. 6(1)(a) GDPR).
Providing your data is optional; however, failure to do so will prevent us from fulfilling your subscription request. If you provide your data, it will be processed by personnel authorized by the Controller and retained exclusively for the duration of the requested service or until you withdraw your consent, which you may do at any time by clicking the unsubscribe link in each newsletter.
To withdraw consent granted to third parties, you may simply notify them directly. Further retention of the above data or part thereof may occur to establish or defend rights in any venue, particularly judicial.
Your data will not be disseminated but may be communicated to third parties performing specific services on behalf of the Controller to ensure proper pursuit of the stated purposes. For recipients of Data located outside the EU, the Controller obtains the necessary guarantees for transfers in accordance with Chapter V of the GDPR.
To exercise your rights under Articles 15 et seq. of the Regulation (access, rectification, integration, update, portability, deletion, or objection to processing for advertising purposes), you may contact, without formalities, the Data Controller: MAG S.r.l. (VAT No.: 02842680411), Via Alfredo Faggi 62 – (61121) Pesaro (PU) Italy, or write to info@palazzolucepesaro.com. If you believe that the processing of your personal data violates the GDPR, you have the right to lodge a complaint with the Supervisory Authority or seek judicial remedies (Articles 77 and 79 GDPR).