This Website collects some Personal Data from its Users.
On this page the management methods of the Website www.palazzocarletti.it are described, with reference to the processing of the Personal Data of the Users who visit it.
This Privacy Policy is drawn up on the basis of multiple legislative systems, including articles 13 and 14 of Regulation (EU) 2016/679.
This Privacy Policy refers exclusively to this Website, unless otherwise specified.
Palazzo Carletti S.r.l. Via Via dell’Opio nel Corso, 3 - 53045 Montepulciano (SI) Italy
Phone: +39 0578 756080
Website: www.palazzocarletti.it
Email: info@palazzocarletti.it.
Among the Data that this Website may collect there are: First Name, Last Name, Phone Number, Email, various types of Data, Cookie, Browsing, usage Data Credit card details associated with the reservation.
Other Personal Data collected may be highlighted by other sections of this Privacy Policy or by dedicated explanation text, in the moment when the Data collection happens.
The Personal Data may be freely inserted by the User or the Data Subject, or collected automatically when using the Website.
Any use of Cookies by the Application or the owners of third party services used by the Application, unless stated otherwise, serves to identify the User and remember his/her preferences for the sole purpose of providing the service required by the User.
Unless otherwise specified, all the Data requested by this Site are mandatory.
Failure to provide certain Personal Data, in particular Navigation Data, by deactivating the Application’s Cookies may make it impossible to surf or for the Website to provide its services.
The possible use of Cookies - or other tracking tools - by this Website or third party service providers used by this Website, unless otherwise specified, is used to identify the User and record the related preferences for purposes strictly linked to the provision of the service requested by the User.The User assumes responsibility for the Personal Data of third parties published or shared through the Website and declares that (s)he has the right to communicate or broadcast them, thus relieving the Owner of all responsibility towards third parties.
Method of Processing
The Data Controller processes the Data of the Interested Parties and Users in a lawful and proper manner and shall take appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of the Data.
Processing is carried out using computers and / or telematic means, with organizational methods and logics strictly related to the stated purposes. In addition to the owner, in some cases, access to the Data may be available to external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies, postal couriers). The updated list of Managers may be requested from the Owner at any time.
The use of the collected Data
The Data Controller processes the User's Personal Data for the following purposes:
Place
The Data are processed at the headquarters of the Data Controller, unless stated otherwise in the rest of this document. For further information, please contact the Data Controller.
The User can request information by contacting the Data Controller, on the legal basis of the transfer of Data outside the European Union or to an international organization; the User can also request information on the security measures implemented by the Data Controller to protect the Data.
Conservation Time
The Data are kept for the time necessary to perform the service requested by the User, and the User can always ask for their suspension or removal.
At the end of the aforementioned conservation time the Personal Data will be deleted.
Web Hosting OVH
Infrastructure security
OVH undertakes to guarantee the maximum security of its infrastructures, in particular by implementing an information systems security policy and responding to the requirements of numerous laws and certifications (PCI-DSS, ISO / IEC 27001 and certificates of SOC 1 type II and SOC 2 type II, etc. ...).
All OVH certifications and their perimeter can be consulted in the Certifications section of the OVH Website.
Website: https://www.ovh.it
Web Hosting Aruba
Supervision and control
Anti-intrusion sensors, video surveillance, mantrap with double authentication mechanisms and anti-tailgating technology systems.
H24 / 365 monitoring
Network Operation Center (NOC) on-site, redundant and manned 24 hours a day, 365 days a year and entrusted exclusively to our staff.
Data security
The management and protection of data in high security infrastructures are ISO 27001 certified.
Redundant installations
Power centers and cooling systems totally redundant and equipped with the most modern equipment.
Energy backup
Efficient backup areas, completely redundant, ensure maximum reliability of power and cooling.
Fire prevention
The separation of all systems and environments and the self-extinguishing detection systems ensure maximum safety against the risk of fire.
Website: https://www.datacenter.it/sicurezza-data-center-aruba.aspx
The User Data is collected to allow the Website to provide its Services, as well as for the following purposes: contact the User, allow the User to access accounts on third-party services, allow the User to interact with social networks and with platforms outside the Website, allow statistical analysis of visits to the Website.
Personal Data collected for the following purposes and using the following services:
Access to accounts provided by third parties
This type of service allows this Website to collect data from the user's accounts on third-party services and perform actions with them. These services are not activated automatically, but require the express permission of the User.
Facebook permissions required by this site
This Website may request some Facebook permissions which allow it to perform actions with the User's Facebook account and to collect information, including Personal Data, from it. This service allows this site to connect with the user's account on the social network Facebook, provided by Facebook Inc.
For more information on the following permissions, refer to the Facebook permissions documentation and to the Facebook privacy policy.
The required permissions are:
Access to the Twitter account
This Website may request to connect with the User's account on the Twitter social network, provided by Twitter Inc.
Personal Data collected: various types.
For more information, the user can refer to the Privacy Policy of Twitter.
Access to the LinkedIn account
This Website may request to connect with the User's account on the LinkedIn social network.
Personal Data collected: various types.
For more information, the user can refer to the Privacy Policy of LinkedIn.
Interaction with social networks and external platforms
This Website can allow interaction with social networks, or other external platforms, directly from its pages.
The interactions and information acquired during the interactions with social networks from this Site are subject to the User's privacy settings related to each social network.
+1 button and Google+ social widgets
The +1 button and Google+ widgets are services for interacting with the Google+ social network, provided by Google Inc.
Personal Data collected: Cookies and Usage Data.
For further information, the User can refer to the Privacy Policy of Google.
Like button and Facebook social widgets
The "Like" button and Facebook widgets are services of interaction with the social network Facebook, provided by Facebook, Inc.
Personal Data collected: Cookies and Usage Data.
For further information, the User can refer to Facebook Privacy Policy.
Tweet button and Twitter social widgets
The Tweet button and Twitter widgets are services of interaction with the Twitter social network, provided by Twitter, Inc.
Personal Data collected: Cookies and Usage Data.
For more information, the User can refer to the Privacy Policy of Twitter.
Instagram widgets
Instagram widgets are services of interaction with the Instagram social network run by Instagram, Inc.
Personal Data collected: Cookies and Usage Data.
For further information, the User can refer to the Privacy Policy of Instagram.
YouTube social button and widgets
The button and the YouTube widgets are services of interaction with the YouTube social network, provided by Google Inc.
Personal Data collected: Usage data.
For further information, the User can refer to the Privacy Policy of Google.
Online Transactions Management
Online transactions are processed through gateway providers.
Management at all levels of access to credit cards is managed according to the PCI-DSS guidelines.
Interaction with payment processing services
This type of service allows interactions with payment processing services, or with other external platforms, directly from the pages of this site.
PayPal
The PayPal button is an interaction service with the external PayPal platform, provided by PayPal Inc.
Personal Data collected: Usage data.
For more information, the user can refer to PayPal's Privacy Policy.
Security
To protect personal information, we take reasonable precautions and we follow best practices to ensure that we do not misuse, illegally use, read, disclose, modify or destroy any personal data.
If you provide us with your credit card information, the information will be encrypted using secure socket layer (SSL) technology and stored with AES-256 encryption. Our system follows all PCI-DSS requirements and implements additional industry standards generally used and accepted.
Payment gateway located in the United States
For example, if you are in Italy and the transaction is processed by a payment gateway located in the United States, your personal data may be subject to disclosure under US law, including the Patriot Act.
Once you leave the website of our store and / or when you are redirected to a website or a third-party application, you are no longer subject to our privacy policy or terms of service on our site.
Displaying content from external platforms
This site can allow you to view content hosted on external platforms and interact with them.
YouTube Video Widgets
This site can display YouTube video content on its pages, a service provided by Google Inc.
Personal Data collected: Cookies and Usage Data.
For more information, the user can refer to Google Privacy Policy.
Remarketing e Behavioral Targeting
These services allow this Website and its partners to communicate, optimize and serve advertisements based on the past use of this Website by the User. This activity is carried out by tracking Usage Data and the use of Cookies, information that is transferred to the partners to whom the activity of remarketing and behavioral targeting is connected.
Contact the User
Contact form (this Website)
By filling out the contact form with their Data, the User gives consent to their use to allow this Website to respond to requests made by the User regarding information, estimates, or any other purpose indicated in the form.
Personal Data collected: first name, last name, email address, phone number and various types of Data.
Manage contacts and send messages
This type of service allows managing a database of e-mail contacts, telephone contacts or any other type of contact indicated in the form; the aforementioned data will be used to maintain communications with the User.
MailChimp
MailChimp is a platform for managing email addresses and sending newsletters provided by The Rocket Science Group, LLC. Personal Data collected: e-mail address, first name, last name, place of birth, year of birth, profession.
For further information, the user can refer to the Privacy Policy of MailChimp.
Statistics
The statistical analysis services relating the visits to a website and its pages allow the Data Controller to monitor and analyze traffic data; the aforementioned services also allow the tracking of the User's behavior.
Google Analytics
and reports website traffic.
Google uses the Personal Data collected for the purposes of tracking and analyzing the use of this Site by the User, to draw up reports and share them with other services developed by Google.
Google may use the Personal Data to contextualise and personalize the advertisements of its advertising network.
Personal Data collected: Cookies and Usage Data.
For further information, the User can refer to the Privacy Policy and to the Opt Out of Google.
Users may exercise certain rights with reference to the Data processed by the Data Controller.
In particular, the User can::
Opposition right
Users have the right to oppose the processing of Personal Data for reasons related to their particular situation, in case they are treated in the public interest, in the exercise of public authority of which the Owner is invested or to pursue a legitimate interest of the Owner.
If the Personal Data are processed for direct marketing purposes, the Users can oppose their processing without providing the Holder with any reasons.
Exercise of rights
To exercise their rights, Users can make a request to the Owner, referring to the contacts indicated in this document. Requests will be processed by the Data Controller as soon as possible, always within one month of the request made by the User.
Defense in court
The User’s Personal Data may be used for legal purposes by the Owner of the Website in court or in the stages leading to possible legal action arising from its improper use or that of related services by the User.
The User declares to be aware that the Data Controller may be obliged to disclose the Data by order of the public authorities.
Additional Information
Specific information may be shown on the pages of the Website concerning particular services or the processing of Data provided by the User or by the Data Subject.
Maintenance
PThe User’s Personal Data may be further used in ways and for purposes required for Application maintenance.
System Logs
For operation and maintenance purposes, this Application and any third party services it uses may collect system logs, i.e., files that record interaction – including navigation. They may also contain personal data, such as IP addresses.
Information not contained in this policy
More information on processing Personal Information may be requested from the Owner at any time.
Personal Data (or Data)
Any information relating to an identified or identifiable real person. An identifiable real person is defined as any real person who can be directly or indirectly identified.
Usage Data
Information collected automatically from the Website, including the IP addresses or domain names of the computers utilized by the users who connect to the site, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the visitor, the various time details per visit (e.g., the time spent on each page) and the details about the path followed within the site with special reference to the sequence of pages visited, and other parameters about the operating system and the User's IT environment.
User
Means the individual user of the Website’s services or products.
Data Subject
The legal or natural person to whom the Personal Data refer.
Data Processor
The natural person, legal person, public administration or any other organization, association or organization designated by the Data Controller for the Personal Data processing system.
Data Controller (or Owner)
The natural person, legal person, public administration or any other body, association or organization with the right, also jointly with another Data Controller, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of this Website.
Website
The Website corresponds to the instrument, hardware or software, through which the Personal Data of Users are collected and processed.
Service
The Service provided by this Website.
European Union (or UE)
Any reference to the European Union contained in this Privacy Policy is extended to all current member states of the European Union and the European Economic Area, unless otherwise specified.
Cookie
A Cookie is a small piece of text that Websites send to the browser and is stored on the User's terminal.
The Data Controller reserves the right to make changes to this Privacy Policy at any time by giving notice to its Users on this page, and by ensuring analogous protection of the Personal Information in all cases. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.
Date of the last modification
23 may 2018
This site uses cookies to improve your browsing experience and provide you the best service possible. Continuing browsing the site you consent to their use in accordance with our Cookie Policy.
