Privacy Policy

Privacy Policy

PRIVACY POLICY
Information on the processing of personal data of users visiting the Castello di Casalborgone website, pursuant to Article 13 of Regulation (EU) 2016/679


This page describes how the website manages the personal data of users who visit it and their privacy. This notice is provided pursuant to Art. 13 of European Regulation 679/2016 – on the Protection of Personal Data – to those who interact with the web services of Castello di Casalborgone, accessible online at: www.casalborgone.com, the official website of Castello di Casalborgone, Via Broglia 3, 10020 Casalborgone (TO), Italy.


This information does not apply to other websites, pages or online services accessible via hyperlinks published on this site but referring to resources outside the Castello di Casalborgone domain.

 

DATA CONTROLLER
The data controller for personal data is:
Castello di Casalborgone Via Broglia 3, 10020 Casalborgone (TO), Italy Email: info@casalborgone.com Phone: +39 345 628 9769

 

DATA PROTECTION OFFICER (DPO)
Dr. David Kubes Margaretenstrasse 9/12, 1040 Vienna, Austria Email: david.kubes@kpnet.at

 

PLACE OF DATA PROCESSING
All processing connected to the web services of this site takes place at the Data Controller's premises and is handled exclusively by authorised and trained staff, or by parties occasionally engaged in maintenance operations.
Personal data provided by users submitting booking requests or enquiries is used solely to fulfil the requested service and is not disclosed to third parties, except in the following cases:

  • commercial partners responsible for managing online bookings;
  • professionals and companies providing assistance and consultancy to Castello di Casalborgone in accounting, administrative, legal, tax and financial matters;
  • parties entitled to access data by law or by order of competent authorities.

Credit card data used for bookings will be automatically made unavailable six months after the end of the stay.

 

TYPES OF DATA PROCESSED – LEGAL BASIS – NATURE OF PROCESSING
Browsing data
The computer systems and software procedures used to operate this website collect, in the course of their normal operation, certain personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified individuals, but by its very nature could, through processing and association with data held by third parties, allow users to be identified.
This category includes: IP addresses or domain names of the computers used by users connecting to the site, URI/URL addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numerical code indicating the server response status, and other parameters relating to the user's operating system and IT environment.
This data is processed to obtain statistical information on the use of the services and to monitor the correct functioning of the site. It may also be used to establish liability in the event of potential cybercrimes against the site.
Legal basis: legitimate interest of the Data Controller, strictly necessary for the operation of the site (Recital 47 – Art. 6(1)(f) GDPR). Nature of provision: necessary for browsing the site.

Data voluntarily provided by the user
The optional, explicit and voluntary sending of messages to the Data Controller's contact addresses, as well as the completion and submission of forms on the site, result in the acquisition of the sender's contact details necessary to respond, along with all personal data included in the communications. Visitors remain anonymous. The only exception concerns information necessary to fulfil contractual booking obligations.


A. Information requests and contact
Data provided via the contact form (name, email address, phone number, message) will be used solely to respond to the user's request and will not be disclosed to third parties.
Legal basis: execution of pre-contractual measures taken at the request of the data subject (Art. 6(1)(b) GDPR). Nature of provision: optional. Failure to provide data will make it impossible to receive a response.

B. Bookings
When making a booking through the site, users are required to provide their name, phone number, email address, credit card details and payment method. Castello di Casalborgone will use this information solely to process the booking and send communications necessary for its confirmation (receipt, booking code, terms and conditions). The information provided will not be used for marketing purposes and will not be sold, transferred or disclosed to third parties, except to credit card issuing companies, contacted solely to verify card validity.
Legal basis: performance of a contract to which the data subject is party (Recital 44 – Art. 6(1)(b) GDPR). Nature of provision: necessary. Failure to provide data will make it impossible to complete the booking.

C. Newsletter and promotional communications
Visitors may subscribe to the newsletter service by entering their name and email address in the dedicated form. The data provided will be used solely to send periodic communications, including commercial and promotional information relating to Castello di Casalborgone's initiatives and offers, and will not be disclosed to third parties.
Legal basis: consent of the data subject (Recitals 42 and 43 – Art. 6(1)(a) GDPR). Nature of provision: optional. Failure to provide data will make it impossible to receive communications.

D. Administrative and accounting management
For organisational, administrative and accounting activities, the Data Controller may process customers' personal data.
Legal basis: performance of a contract and compliance with legal obligations (Art. 6(1)(b) and (c) GDPR). Nature of provision: mandatory for the fulfilment of legal obligations.

 

COOKIES AND TRACKING TECHNOLOGIES
This site uses cookie technologies for various purposes, in compliance with the Italian Data Protection Authority's Guidelines on cookies and other tracking tools (10 June 2021) and the EDPB Guidelines (May 2020). For detailed information on the cookies used, please refer to the Cookie Policy of this site.
Legal basis: for non-technical cookies, processing is based on the data subject's consent (Art. 6(1)(a) GDPR), given through the site's cookie banner.

 

DATA RETENTION PERIOD
In compliance with Art. 5(1)(e) of GDPR 2016/679, personal data collected will be retained for no longer than necessary to achieve the purposes for which it was processed. In particular:

  • Browsing technical data: no longer than 7 days, unless required for the establishment of liability;
  • Contact requests and enquiries: maximum 12 months;
  • Bookings and administrative/accounting records: 10 years, as required by tax law;
  • Newsletter and promotional communications: maximum 24 months, or until consent is withdrawn;
  • Cookies: please refer to the Cookie Policy of this site.

 

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
Personal data is not transferred to third countries outside the EU, in compliance with Chapter V of GDPR 679/2016.

 

DATA PROCESSING METHODS AND SECURITY MEASURES
Personal data is processed using automated tools for the time strictly necessary to achieve the purposes for which it was collected. The Data Controller adopts appropriate organisational, technical and physical measures to ensure a level of security appropriate to the risk, in compliance with Art. 32 of GDPR 679/2016. Specific security measures are in place to prevent data loss, unlawful or incorrect use, and unauthorised access. No automated decision-making processes are envisaged in the processing of data.

 

RIGHTS OF DATA SUBJECTS
Data subjects may at any time exercise the rights provided for under Chapter III of GDPR 679/2016, in particular:

  • right of access to personal data;
  • right to rectification or erasure (right to be forgotten);
  • right to restriction of processing;
  • right to object to processing;
  • right to data portability;
  • right to withdraw consent at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal.

To exercise these rights, please contact the Data Controller at: info@casalborgone.com

 

RIGHT TO LODGE A COMPLAINT
Data subjects who consider that the processing of their personal data infringes the Regulation have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali), as provided for by Art. 77 of the GDPR, or to seek judicial remedy (Art. 79 of the GDPR).