SelectLanguage

Privacy

This page describes how the website is managed with regard to the processing of personal data of users who consult it. This information is also provided pursuant to Article 13 of EU Regulation 2016/679, applicable from May 25, 2018 – General Data Protection Regulation (hereinafter referred to as GDPR) to those who interact with the web services of Ca’ dell’Arte Palace accessible online from the address:

www.cadellartepalace.com

The information is provided only for the site www.cadellartepalace.com
 and not for other websites that may be consulted by the user via links and complies with Recommendation No. 2/2001 regarding minimum requirements for online data collection in the European Union, adopted on May 17, 2001 by the Article 29 Working Party.

TITULAR OF DATA PROCESSING

Pursuant to Article 4(7) of GDPR 2016/679, the Data Controller is Dandolo S.R.L., with registered office in: San Marco 3286, tel: 041/0988073, email: info@cadellarte.com

DATA PROTECTION OFFICER

Pursuant to Article 37 of GDPR 2016/679, Dandolo S.R.L. has officially appointed a Data Protection Officer (DPO), whose contact details are: Laura De Zottis

The DPO is available to data subjects for any information regarding the processing of their personal data and the exercise of their rights.

PLACE OF DATA PROCESSING

Processing connected to the web services of this site takes place at the headquarters of the Data Controller and Data Processor. No data deriving from the web service is communicated to third parties or disclosed.

By using third-party cookies, processing may also take place outside the European Community by Google and companies that install third-party profiling cookies. Please refer to the Cookie Policy: www.cadellartepalace.com/cookie-policy/

Personal data provided by users requesting informational material is used solely for the requested service, while some data collection forms provide for sharing personal data with service providers to fulfill the contract and provide requested services.

TYPES OF DATA PROCESSED

Browsing Data
IT systems and software procedures used for this website acquire, in the course of normal operation, certain personal data whose transmission is implicit in Internet communication protocols. This information is not collected to be associated with identified individuals but could, through processing and association with data held by third parties, allow user identification. This category includes IP addresses, domain names, URI addresses of requested resources, request times, submission methods, response file sizes, server response codes (success, error, etc.), and other parameters related to the user’s IT environment. This data is used solely for anonymous statistical information and site functionality monitoring and is deleted immediately after processing. Data could be used to ascertain responsibility in the event of hypothetical cybercrimes; otherwise, web contact data does not persist for more than 30 days.

Data provided voluntarily by the user
Optional, explicit, and voluntary sending of emails to addresses indicated on this site entails collection of the sender’s address, necessary for responses, as well as any other personal data in the message. Specific summary information is progressively provided or displayed on dedicated service pages.

Cookies
Session cookies (not persistently stored and disappear when the browser is closed) are strictly used for session identifiers needed for secure and efficient browsing. These cookies avoid other potentially harmful techniques and do not allow acquisition of personal identification data.

To choose, modify, or receive detailed information about cookies used by Ca’ dell’Arte Palace, click on Cookie Policy.

PROCESSING METHODS

Personal data is processed using automated tools for the time necessary to achieve the purposes for which it was collected. Specific security measures prevent data loss, unlawful or incorrect use, and unauthorized access.

PURPOSE, LEGAL BASIS, AND NATURE OF PROVISION (EXAMPLE)

Personal Data provided through the Site will be processed by Dandolo S.R.L. for the following purposes:

    1. Purposes related to executing a contract to which the data subject is a party or pre-contractual measures at their request (e.g., contact form, bookings, special offers). Consent not required. Legal basis: Article 6(1)(b) GDPR.
    2. Sending promotional and commercial emails after voluntary newsletter registration. Requires explicit consent or soft spam. Legal basis: Article 6(1)(a) or 6(1)(f) GDPR.
    3. Evaluating job applications via CVs submitted through email in the “Work With Us” section. Requires explicit consent. Legal basis: Article 111 bis of Legislative Decree 196/2003.
    4. Profiling via third-party cookies; consent required per Cookie Policy.
    5. Research and statistical analysis on anonymous aggregated data to measure site performance, traffic, usability, and interest; consent not required.
    6. Compliance with laws and regulations; consent not required. Legal basis: Article 6(1)(c) GDPR.
  • Establish, exercise, or defend a legal right; consent not required. Legal basis: Article 6(1)(f) GDPR.
  1. Compliance with laws and regulations; consent not required. Legal basis: Article 6(1)(f) GDPR.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS

Some personal data is transferred to recipients outside the EU. Dandolo S.R.L. ensures electronic and paper processing of your Personal Data by such recipients is compliant with applicable law.

Otherwise, transfers are based on adequacy decisions, Standard Model Clauses approved by the European Commission, or Privacy Shield principles for transfers to the USA.

SCOPE OF COMMUNICATION OF PERSONAL DATA

Personal data may be communicated to:

  • Authorized persons;
  • Web agency D-EDGE (or other third-party managing the site) for technical support;
  • Public authorities as required by law or contracts;
  • Third-party companies hosting the website;

The updated list of external data processors can be requested from the Data Controller.

DATA RETENTION

Dandolo S.R.L. will process personal data only as long as necessary and as allowed by Italian law (Art. 2947(1)(3) c.c.).

Users remain registered to the newsletter until they unsubscribe directly from the email.

AUTOMATED PROCESSING

Dandolo S.R.L. does not send profiled emails but uses profiling cookies. See Cookie Policy for details.

BOOKING SYSTEM SECURITY

FastBooking uses credit cards during booking in compliance with PCI DSS. SSL information is encrypted and protected from third parties.

RIGHTS OF DATA SUBJECTS

Users may exercise rights under Articles 15 et seq. GDPR, including:

  • Withdraw consent;
  • Object to processing;
  • Access their data;
  • Verify and request rectification;
  • Request restriction of processing;
  • Request deletion of personal data;
  • Receive data or have it transferred to another controller;
  • Lodge complaints with the competent authority.

How to exercise rights

Dandolo S.R.L. has a process to facilitate exercising rights. Contact: info@cadellarte.com

UPDATES AND REVISION

Privacy policy last updated on 19/07/2021, Revision 1, and may be subject to future revisions.