Privacy Policy

Pursuant to regulation (eu) 2016/679 (hereinafter “gdpr”), this page describes the methods of processing personal data. This is information that is provided pursuant to art. 13 gdpr. The information is not to be considered valid for other third-party websites, possibly accessible through links present on this website, for which no responsibility is assumed.

Personal data that can be processed

  • Personal data: any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more elements characteristic of his physical, physiological, genetic, mental, economic, cultural or social identity (c26, c27, c30 gdpr).
  • Data of contractors/users.
  • Personal data: the computer systems and software procedures responsible for the operation of this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This category of data includes ip addresses or domain names of computers and terminals used by users, addresses in uri/url (uniform resource identifier/locator) notation of requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful completion, error, etc.) And other parameters relating to the operating system and computer environment of the user.
  • Data communicated voluntarily: the optional, explicit and voluntary sending of messages to the contact addresses indicated on this site and/or the completion of data collection forms involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data entered.

Information about the processing of personal data carried out through social media platforms

Regarding the processing of personal data carried out by the managers of the social media platforms used by the data controller, reference is made to the information provided by them through their respective privacy policies. The data controller processes personal data provided by users through the pages of dedicated social media platforms, to manage interactions with users (comments, public posts, etc.) And in compliance with current regulations.

Specific information

Specific information may be present on the site pages in relation to particular services or data processing provided.

Cookies and other tracking systems. What are they? What are they for?

For cookies and other tracking systems see the cookies policy reported in the site footer and at the following https://www.palazzovenezia.com/cookies-policy  

1. Who is the data controller? How to contact them?

The data controller is palazzo venezia s.r.l., with registered office in via regina, 40, 22012 cernobbio (como), in the person of its legal representative pro-tempore, who can be contacted for any information via e-mail privacy@palazzovenezia.com

2. Purpose of processing, legal basis, data retention period, nature of provision

Purpose of processing

Navigation on this website:

Data necessary for the use of web services are also processed for the purpose of:

  • Obtaining statistical information on the use of services (most visited pages, number of visitors by time slot or daily, geographical areas of origin, etc.);
  • Controlling the correct functioning of the services offered.

Legal basis

The processing is necessary for the pursuit of the legitimate interest of the data controller or third parties, provided that the interests or fundamental rights and freedoms of the data subject that require the protection of personal data do not prevail, taking into account the reasonable expectations held by the data subject and the activities strictly necessary for the functioning of the site and navigation itself. (art. 6, par. 1 lett. F and c47 of the gdpr)

Data subjects are guaranteed the possibility of obtaining, upon request, information on the balancing test carried out.

Data retention period

The retention of navigation data will occur for the duration of the browsing session.

Nature of provision

The provision of data is necessary for navigation on the website.

Purpose of processing

Use of cookies and comparable technologies. See the cookies policy in the site footer.

Legal basis

For non-technical necessary cookies and comparable technologies, the processing is based on consent to the processing of personal data (art. 6 par. 1 lett. A and c42, c43 of the gdpr).

Consent is given through the banner and cookie policy of the site.

Data retention period

See the cookies policy in the site footer

Nature of provision

See the cookies policy in the site footer.

Nature of provision

A. Direct marketing

Direct marketing, for sending advertising or direct sales material or for carrying out market research, commercial and promotional communication, newsletters, through automated means (electronic mail, sms) and traditional means (telephone and postal mail).

Communications may contain promotional activities and/or logos of palazzo venezia s.r.l. Partners. There will be no transfer of personal data.

For the complete list of partners, interested parties can write to privacy@palazzovenezia.com

The data controller, to compare and possibly improve the results of automated communications, uses systems with reports. Thanks to reports, the data controller will be able to know, for example: the number of readers, openings, unique “clickers” and “clicks”; the devices and operating systems used to read the communication; details on the activity of individual users; details of emails sent, emails delivered and not, those forwarded. All this data is used for the purpose of comparing, and possibly improving, the results of communications.

Legal basis

The processing is based on consent to the processing of personal data (c42, c43). Art. 6 par. 1 lett. A) of the gdpr.

Data retention period

Until consent is revoked (or opt-out).

Nature of provision

The provision is optional.

The failure to provide the necessary data will result in the impossibility of receiving

Purpose of processing 

B. Non-automated profiling:

Personal data will be entered into company databases/crms/platforms, in order to carry out analyses, evaluations and to divide interested parties into homogeneous groups by specific characteristics of business activity for better service management and for sending targeted promotional communications.

Legal basis

The processing is based on consent to the processing of personal data (c42, c43).

Art. 6 par. 1 lett. A) of the gdpr.

Data retention period

Until consent is revoked and in any case maximum 12 months.

Nature of provision

The provision is optional.

The failure to provide the necessary data will result in the impossibility of carrying out analyses and sending targeted communications.

Purpose of processing

C. Management of your requests and requests from other interested parties, pursuant to arts. 15 et seq. Of the gdpr (rights of the data subject).

Legal basis

The processing is necessary to comply with a legal obligation to which the data controller is subject (c45).

Art. 6 par. 1 lett. C) of the gdpr.

Data retention period

5 years from the closure of the request, except for litigation.

Nature of provision

The provision of personal data is mandatory, as it is essential to be able to execute legal obligations.

Purpose of processing

D. Personnel selection in work with us area

To apply for personnel selections, carrying out research and personnel selection activities for the possible establishment of an employment relationship, also for any positions different from those for which the interested party spontaneously applied; retention of personal data also for future selections; management of applications in response to job offers published on our website; interviews and any video-interviews (processing of image/audio data as well). See specific information in dedicated area.

Legal basis

The processing is necessary for the execution of a contract to which the data subject is a party or for the execution of pre-contractual measures adopted at the request of the same (c44). Art. 6 par. 1 lett. B) of the gdpr.

Data retention period

Maximum 24 months.

In principle, data collected during the hiring process will be deleted as soon as it is evident that no job offer will be made or that the offer will not be accepted by the candidate.

Nature of provision

The provision is necessary.

The failure to provide the necessary data will result in the impossibility of applying.

Purpose of processing

E. Client area

To access restricted area

Legal basis

The processing is necessary for the execution of a contract to which the data subject is a party or for the execution of pre-contractual measures adopted at the request of the same (c44). Art. 6 par. 1 lett. B) of the gdpr.

Data retention period

Until the termination of the contract and for the technical time necessary to disable the credentials.

Nature of provision

The provision is necessary.

The failure to provide the necessary data will result in the impossibility of accessing the restricted area

Purpose of processing

F. Organizational, administrative, financial and accounting activities and client/user data management.

Legal basis

The processing is necessary for the execution of a contract to which the data subject is a party (c44) or for compliance with legal obligations (c45).

Data retention period

10 years or different legal obligation.

Nature of provision

The provision of personal data is mandatory, as it is essential to be able to execute legal obligations.

3. To whom will personal data be communicated? Data recipients

Personal data will be communicated to subjects who will process the data as autonomous data controllers, or data processors (art. 28 gdpr) and processed by natural persons (art. 29 gdpr) who act under the authority of the data controller and data processors based on specific instructions provided regarding the purposes and methods of processing. Data will be communicated to recipients belonging to the following categories:

  • Subjects based in italy, who provide services for the website and communication networks, including electronic mail, host and website management;
  • Subjects based in italy, with whom the data controller has signed agreements and with prior consent, where required;
  • For direct marketing, with prior consent to subjects for the management of direct marketing activities;
  • For work with us area, to subjects for the management of selection activities;
  • Competent authorities for compliance with legal obligations and/or provisions of public bodies, upon request.

The list of data processors art. 28 is available by writing to privacy@palazzovenezia.com or to the other contacts indicated above.

4. Will data be transferred to non-eea countries?

Personal data will not be transferred to extra-eea countries. It is specified, in particular, that data will be stored in italy for hosting, management, development and maintenance services of the site. All third parties to whom data may be communicated are based in italy.

5. Is there an automated process?

Personal data will be subject to traditional manual, electronic and automated processing. It is specified that completely automated decision-making processes are not carried out.

With reference to profiling activity, possibly carried out with the express consent of the data subject as indicated in the purposes, it will be carried out through the intervention of the operator who will elaborate the profile of the data subject and analyze their habits and consumption choices, in order to improve the commercial offer and services of the data controller (non-automated profiling).

6. What are your rights? How can you exercise them?

Data subjects may assert their rights as expressed by arts. 15 et seq. Gdpr, by contacting the data controller at the e-mail address: privacy@palazzovenezia.com, or by writing to the contacts indicated above.

The data controller guarantees data subjects the possibility to request, at any time, access to their personal data (art.15), rectification (art.16), deletion of the same (art.17), limitation of processing (art.18). The data controller communicates (art. 19), to each of the recipients to whom personal data have been transmitted, any rectifications or deletions or limitations of processing carried out. The data controller communicates to data subjects who request it such recipients.

The data controller guarantees the right to portability (art.20) and, in case of requests pursuant to art.20, will provide data subjects with data in a structured format, commonly used and readable by automatic device.

Data subjects are recognized the right to object (art.21), at any time, to the processing of data based on legitimate interest, by writing to the contacts reported above with subject “opposition”.

In case of exercise of the right to object to processing based on legitimate interest, the data controller recognizes data subjects the possibility to obtain, upon request, information on the balancing test carried out.

Data subjects are recognized the right to revoke the consent given, without prejudice to the lawfulness of processing based on consent given before revocation.

To no longer receive automated direct marketing communications (electronic mail, sms-type messages, instant messaging) data subjects are invited to write an e-mail to the address privacy@palazzovenezia.com with subject “cancellation from automated” or to use our automatic cancellation systems provided for e-mails only (opt-out).

To no longer receive traditional direct marketing communications (telephone calls with operator and postal mail) data subjects are invited to write an e-mail to the address privacy@palazzovenezia.com with subject “cancellation from traditional”.

To no longer receive any marketing communication data subjects are invited to write an e-mail to the address privacy@palazzovenezia.com with subject “marketing cancellation”.

At any time data subjects are free to revoke consent to profiling (non-automated) by writing an e-mail to the address privacy@palazzovenezia.com with subject “no profiling”.

In case data subjects believe that the processing of personal data carried out by the data controller occurs in violation of what is provided by regulation (eu) 2016/679, they are free to file a complaint with the national supervisory authority, particularly in the member state where they habitually reside or work, or in the place where the alleged violation of the regulation occurred (privacy authority https://www.garanteprivacy.it/), or to resort to appropriate judicial venues.

7. Changes to the information notice

The data controller may change, modify, add or remove any part of this privacy notice. In order to facilitate verification of any changes, the information notice will contain an indication of the update date of the information notice itself.

Update date: 04/08/2025