Privacy Notice for Website User Data Processing

Articles 13 and 14 of Regulation (EU) 2016/679 (hereinafter referred to as "GDPR")

Why this notice

PALAZZO RICCUCCI RESORT, owned by Riccucci Franco C. snc (hereafter referred to as the "Company" or "Data Controller"), is committed to respecting and protecting your privacy. We want you to feel secure whether you're simply browsing our website or registering with us by providing your personal information to access the services we offer to our Users and/or Customers.
This page provides some information on how we handle the personal data of users who visit or interact with our website, accessible online at [https://palazzoriccucci.com/](https://palazzoriccucci.com/) (the "Website"). This notice applies only to the Company's website and not to any other websites you may visit via external links (please refer to the privacy policies of those sites for details).
Reproduction or use of the pages, materials, or information contained on this Website, by any means or on any medium, is not permitted without prior written consent from the Company. You may copy and/or print content for personal, non-commercial use only (for requests and clarifications, please contact the Company at the provided contact details). Any other use of the content, services, and information on this site is not allowed.
With respect to the content offered and the information provided, the Company will make reasonable efforts to keep the Website content up-to-date and accurate, but does not guarantee the adequacy, accuracy, or completeness of the information provided, and explicitly disclaims any liability for errors or omissions on the Website.

Origin - browsing data

Data Collection - Browsing Information
The Company informs you that the personal data you provide, as well as the data collected during requests for information or contact, site registration, and use of services via smartphone or any other internet-connected device, will be processed in compliance with applicable regulations. This includes data necessary for providing services, such as browsing data and data used for the purchase of products and services offered by the Company, as well as general browsing data collected from users.
The IT systems and software procedures used to operate this website acquire, during their normal operation, certain personal data that is inherently transmitted during internet usage. This information is not collected to be associated with identified users but, by its nature, could potentially allow for user identification through processing and association with data held by third parties.
This category of data includes "IP addresses" or domain names of computers used by users to connect to the site, URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the web server, the size of the file received in response, the numerical code indicating the status of the server’s response (successful, error, etc.), and other parameters related to the user's operating system and IT environment.
These data are used solely to compile anonymous statistical information about the site’s use and to monitor the proper functioning of the Company’s website. It should be noted that such data may be used to establish liability in case of any cybercrimes committed against the Company’s website or connected sites. Except for this possibility, web contact data is stored for only a few days.

Origin - user-provided data

The Company collects, stores, and processes your personal data to provide the products and services offered on the Website, as well as to comply with legal obligations. For certain specific services, products, promotions, etc., the Company may also process your data for commercial purposes. In such cases, specific, separate, optional consent will be requested, which you can always revoke using the methods and contact details provided below.
The optional, explicit, and voluntary submission of email to the addresses provided in the designated section of the Website, as well as filling out questionnaires (e.g., forms), communicating via chat, push notifications through the app, social media, call centers, etc., will result in the subsequent collection of some of your personal data, including data gathered through the use of apps and related services necessary to respond to your requests.
Additionally, please note that when using a mobile connection to access digital content and services offered directly by the Company or through our partners, it may be necessary to transfer your personal data to those third parties.
You may also access the Website or connect to areas where you can publish information using blogs or bulletin boards, communicate with others, for example, through the Company’s Facebook®, LinkedIn®, YouTube®, and other social media pages, review products and offers, and post comments or content. Before interacting with these areas, we encourage you to carefully read the Terms of Use, considering that in certain circumstances, the information you publish may be viewed by anyone with internet access, and all information you include in your publications may be read, collected, and used by third parties.

Purpose of data processing and legal basis

The data is processed for the following purposes:

1. strictly related to and necessary for the registration on the website [https://palazzoriccucci.com/](https://palazzoriccucci.com/), the services and/or apps developed or made available by the Company, the use of related informational services, the management of contact or information requests, and for making purchases of products and services offered through the Company’s website.
2. for ancillary activities related to managing User/Customer requests and sending responses, which may include the transmission of promotional material; for the completion of purchase orders for the products and services offered, including aspects related to credit card payments, managing shipments, exercising the right of withdrawal for distance purchases, and providing updates on the availability of temporarily out-of-stock products and services.
3. related to fulfilling obligations set forth by community and national regulations, safeguarding public order, and the detection and prevention of crimes.
4. direct marketing, which includes the sending of advertising materials, direct sales, conducting market research, or commercial communication regarding products and/or services offered by the Company. This activity may also pertain to products and services from companies within the Company Group and be conducted through the distribution of promotional/informational materials and/or invitations to participate in initiatives, events, and offers aimed at rewarding users/customers. Such communications may occur through "traditional" methods (e.g., physical mail and/or operator calls) or via "automated" contact systems (e.g., SMS and/or MMS, phone calls without operator intervention, email, fax, interactive applications), in accordance with Article 130, paragraphs 1 and 2 of Legislative Decree 196/03 and subsequent amendments.

Il conferimento dei dati per le finalità di cui ai punti 1), 2) e 3), connessa ad una fase pre-contrattuale e/o contrattuale ovvero funzionale ad una richiesta dell’utente o prevista da una specifica previsione normativa, è obbligatorio e, in difetto, non sarà possibile ricevere le informazioni ed accedere ai servizi eventualmente richiesti; relativamente al punto 4) della presente Informativa, il consenso al trattamento dei dati da parte dell’utente/cliente è invece libero e facoltativo e sempre revocabile senza conseguenze sulla utilizzabilità dei prodotti e servizi salvo l’impossibilità per Azienda di tenere aggiornati sulle nuove iniziative o su particolari promozioni o vantaggi eventualmente disponibili gli utenti/clienti.
The Company may send commercial communications related to products and/or services similar to those already provided, in accordance with Directive 2002/58/EC, using the email or physical addresses you provided on such occasions. You have the right to object to these communications using the methods and contact details provided below.

Methods, logic of processing, retention periods, and security measures

The processing of personal data is carried out using electronic or automated means by the Company and/or third parties that the Company may engage to store, manage, and transmit this data. The processing will be conducted in an organized manner, taking into account your personal data, including logs generated from accessing and using the web services and products related to the aforementioned purposes, while ensuring the security and confidentiality of the data.
Personal data will be retained for the periods required by applicable regulations.
Regarding data security, in sections of the website designed for specific services where personal data is requested from users, the information is encrypted using a security technology known as Secure Sockets Layer (SSL). This SSL technology encodes information before it is exchanged over the Internet between the user's device and the Company’s central systems, making it unintelligible to unauthorized parties and ensuring the confidentiality of the transmitted information. Furthermore, transactions made using electronic payment methods are processed directly through the payment service provider's (PSP) platform, and the Company retains only the minimum set of information necessary to handle potential disputes.
In relation to personal data protection, users/customers are invited, in accordance with Article 33 of the GDPR, to report any circumstances or events that may lead to a potential data breach, allowing for immediate evaluation and the implementation of measures to address the situation. This can be done by sending a communication to privacy@Azienda.it or by contacting Customer Service.
The measures implemented by the Company do not exempt the Customer from exercising necessary caution regarding the use, where required, of sufficiently complex passwords/PINs, which should be updated regularly, especially if there is concern that they may have been compromised or disclosed to third parties. Customers should also carefully safeguard this information to prevent unauthorized and improper use.

Cookies

A cookie is a short text string sent to your browser and may be saved on your computer (or on your smartphone/tablet or any other device used to access the Internet). This transmission typically occurs each time you visit a website. The Company uses cookies for various purposes, aiming to provide you with a fast and secure digital experience. For example, cookies help keep your connection to the secure area active while you navigate through the site’s pages.

The cookies stored on your device cannot be used to retrieve any data from your hard drive, transmit computer viruses, or identify and use your email address. Each cookie is unique to the browser and device you use to access the Company’s Website or app. Generally, the purpose of cookies is to enhance the website's functionality and improve your user experience, although cookies may also be used to deliver advertising messages (as specified below).
For more information about what cookies are and how they work, you can visit the website “All about cookies” at [http://www.allaboutcookies.org](http://www.allaboutcookies.org).

For detailed information about Cookies, please refer to the dedicated page at [https://palazzoriccucci.com/cookie-policy/](https://palazzoriccucci.com/cookie-policy/).

Rights of the data subjects

You can exercise your rights recognized by law at any time, including the right to:

a) to access your personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom the data may be disclosed, the applicable retention period, and the existence of automated decision-making processes;

b) to obtain without delay the correction of inaccurate personal data concerning you;

c) to obtain, in the cases provided for by law, the deletion of your data;

d) to obtain the restriction of processing or to object to it when possible;

e) to request the portability of the data you have provided to the Company, meaning to receive it in a structured, commonly used, and machine-readable format, also for the purpose of transmitting such data to another controller, within the limits and constraints provided by Article 20 of the GDPR;
Furthermore, you have the right to lodge a complaint with the Data Protection Authority pursuant to Article 77 of the GDPR.

For the processing referred to in point 4) of the purposes, the Customer can always withdraw consent and exercise the right to object to direct marketing (in both “traditional” and “automated” forms). The objection, unless stated otherwise, will apply to both traditional and automated communications.

Data controller

The data controller, pursuant to Article 4 of the GDPR, is PALAZZO RICCUCCI RESORT of Riccucci Franco C. snc, located at Via Palazzo, 36 – 63835 Montappone (FM), VAT: 01977900446 - Tax Code: 01977900446.The Data Controller, pursuant to Article 4 of the GDPR, is PALAZZO RICCUCCI RESORT of Riccucci Franco C. snc, located at Via Palazzo, 36 – 63835 Montappone (FM), VAT: 01977900446 - Tax Code: 01977900446.

The rights mentioned above can be exercised upon request by the Data Subject using the methods provided by the Customer Service or on the Company's website, or by using the following contact: info@palazzoriccucci.com.

The use of the Website, including those intended for tablets and/or smartphones, by the Customer and/or User implies full awareness and acceptance of the content and any indications included in this version of the notice published by the Company at the time the site is accessed. The Company informs that this notice may be modified without prior notice, and therefore recommends periodic reading.

The Data Controller
PALAZZO RICCUCCI RESORT of Riccucci Franco C. snc