Notice pursuant to Article 13 of Regulation (EU) 2016/679 General Data Protection Regulation (GDPR) Effective as of May 25, 2018
Dear Customer,
Pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR), we hereby provide the following information regarding the processing of personal data carried out by Chiesa Luxury Home.
First and foremost, we believe it is important to clarify the scope of the GDPR and, consequently, this notice.
The GDPR applies exclusively to data falling within the category of “personal data” as defined by the Regulation, that is, “any information relating to an identified or identifiable natural person.” The term “natural persons” also includes sole proprietorships and self-employed professionals (the Data Subject).
Data exclusively related to corporations, partnerships, organizations with legal personality, or public authorities do not fall under the category of “personal data.”
The processing of your data will, in any case, be conducted in accordance with the principles of fairness, lawfulness, data minimization, transparency, and the protection of confidentiality and the rights of the Data Subject, in compliance with the provisions of the GDPR, any applicable national legislation, and the guidelines of the Italian Data Protection Authority.
The full text of the GDPR can be downloaded and reviewed at the following link.
1) Data Controller and Data Protection Officer
The Data Controller of personal data, as defined in Article 4, Paragraph 7 of the GDPR, is:
Chiesa Luxury Home Via Brigata Bisagno 24/26 R 16129 Genoa
info@chiesaluxuryhome.it
2) Purpose of Data Processing
The Data Controller processes or may process your personal data for the following purposes:
To execute the contract concluded between the Data Controller and the Data Subject;
To fulfill legal obligations arising directly or indirectly from contractual and commercial relationships between the Data Controller and the Data Subject, such as the issuance and retention of tax and fiscal documents;
To send commercial communications via email, including newsletters, commercial offers, discount campaigns, etc. Please note that the sending of newsletters—carried out through a third-party mailing list service provider—may include the recording of preferences and interests regarding specific professional and work-related content;
Should the Data Controller intend, in the future, to process personal data for purposes other than those indicated above, prior to such further processing, the Data Subject will be provided with information regarding the new purpose and any additional relevant details.
3) Legal Basis for Processing:
The legal bases for the processing of personal data by the Data Controller are as follows:
The processing is necessary for the performance of a contract to which the Data Subject is a party or for the execution of pre-contractual measures (Art. 6, 1, b) of the GDPR), or
The processing is necessary for compliance with a legal obligation to which the Data Controller is subject (e.g., for tax and fiscal obligations such as issuing invoices) (Art. 6, 1, c) of the GDPR), or
The processing is necessary for the legitimate interests pursued by the Data Controller (e.g., if the Data Subject has provided their data via the Controller’s website, the Controller has a legitimate interest in maintaining contact with clients or potential clients to send direct marketing communications, including product information, promotional offers, etc.). The Data Subject can object to such processing at any time by notifying their objection via email at info@letsell.com (Recital 47, Art. 6, 1, f) of the GDPR), or
The Data Subject has given consent to the processing of their personal data for direct or indirect marketing purposes. The Data Subject can revoke their consent and object to such processing at any time by notifying their objection via email at info@chiesaluxuryhome.it (Art. 6, 1, a) of the GDPR).
4) Data Recipients:
To pursue the purposes outlined in section 1 of this notice, the Data Controller discloses or may disclose your personal data to the following categories of recipients:
Employees and collaborators of the Data Controller or entities connected to the Controller, acting as authorized personnel and/or corporate data processing officers and/or system administrators.
Public authorities and entities to whom the Data Controller is or may be required to disclose your data (e.g., the Revenue Agency).
Service providers to the Controller for payment and invoice collection services and for digital payment and online money transfer services (e.g., banking institutions, Stripe, etc.).
Service providers to the Controller for accounting and tax-related services (e.g., accountants, consultants, etc.).
Service providers to the Controller for legal assistance and advice or for debt collection services.
Service providers to the Controller for the maintenance and technical support of IT equipment (e.g., company PCs, laptops, smartphones, servers, etc.) and business software (management systems) used by the Controller.
Service providers to the Controller for mailing list management, newsletter distribution, and direct marketing communications (e.g., Mail Chimp, etc.), business email services (including certified email), and hosting services for the Controller’s business websites.
Service providers to the Controller for online file storage and synchronization in a cloud computing environment (e.g., Google Drive).
Service providers to the Controller for logistics services (e.g., packaging and transportation of goods, warehousing, customs processing, etc.).
Other categories of entities to whom the Controller must disclose your personal data to execute contracts between the Controller and your company or to comply with legal obligations or at the request of an authority.
5) Transfer to Third Countries
Some of the recipients listed in the previous section are located in or process data in third countries. Consequently, the Controller may transfer personal data outside the European Union.
These recipients, such as Mail Chimp, Google Drive, or PayPal Stripe, ensure their data processing activities comply with European data protection standards.
A table detailing the relevant countries and the respective adequacy decisions by the European Commission is available in Annex A.
6) Data Retention Period
Your personal data will be retained for the duration strictly necessary to achieve the specific purposes outlined in section 2 of this policy, and specifically:
For the purposes outlined in section 2, letter a), your personal data will be processed for the period required to fulfill the pre-contractual and contractual obligations incumbent on the Controller in relation to the provision of services covered by the contract, and in any case, no longer than the period established by Italian law for the statute of limitations on rights (e.g., contractual and/or extra-contractual liability) related to the said contract.
For the purposes outlined in section 2, letter b), your data will be processed for the time necessary to comply with legal or regulatory obligations (e.g., data and documentation retention obligations for tax purposes), as mandated by applicable laws and regulations governing such obligations.
For the purposes outlined in section 2, letter c), if the processing of your personal data is carried out to pursue the legitimate interest of the Controller (e.g., direct marketing), such processing will continue as long as this legitimate interest exists or until you request the cessation of processing for this purpose.
For the purposes outlined in section 2, letter d), where the processing of your personal data is solely based on your consent, such processing will be conducted for a period not exceeding 36 (thirty-six) months from the date of your consent.
7) Data Subject Rights
At any time, you have the right to:
Request access to your personal data from the Controller (i.e., to know whether the Controller is processing your data), and obtain their rectification or deletion, restrict the purposes for which such data are processed, or object to their processing. You also have the right to data portability. To exercise these rights, contact the Controller at the following email address: amministrazione@chiesaimmobiliare.it
Where the processing is based on Article 6(1)(a) (consent to the processing of personal data) or Article 9(2)(a) (explicit consent to the processing of special categories of personal data) of the GDPR, withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. To exercise this right, contact the Controller at: info@chiesaluxuryhome.it
Lodge a complaint with a supervisory authority, namely the Italian Data Protection Authority at the website (http://www.garanteprivacy.it/).
8) Optional or Mandatory Nature of Data Provision
For the processing of your data aimed at fulfilling contractual or pre-contractual obligations, as well as to comply with legal obligations incumbent on the Controller, providing data is MANDATORY. Refusal to provide such data may result in the inability to fully or partially execute the service contract by the Controller, as these data are essential for the proper and complete performance of the contract and/or for complying with legal requirements incumbent on the Controller.
For processing based on the pursuit of the Controller's legitimate interest, YOUR CONSENT IS NOT REQUIRED as the legitimate interest of the Controller is pursued. However, you may object to the processing of your data for this purpose at any time by communicating your objection to: amministrazione@chiesaimmobiliare.it
For processing carried out for direct or indirect marketing purposes, where such purposes do not pursue the Controller's legitimate interest, CONSENT IS OPTIONAL and can be withdrawn at any time by sending a request to the Controller at: amministrazione@chiesaimmobiliare.it.
Please note that the withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
9) Data Processing Methods
Your personal data are not subject to automated decision-making processes. Your personal data are stored in secure digital archives located at the offices of Chiesa Luxury Home, Via Brigata Bisagno 24/26 R, 16129 Genoa.
Cookie Policy
We and our trusted partners use cookies and other technologies in our related services, including when you visit our Site or access our services.
A "cookie" is a small piece of information that a website assigns to your device while you are viewing a website.
Cookies are very useful and can be used for different purposes, including enabling efficient navigation between pages, enabling automatic activation of certain features, remembering your preferences, and facilitating faster and easier interactions between you and our services.
Cookies are also used to ensure that advertisements you see are relevant to you and your interests and to compile statistical data on the use of our Services.
The Site uses the following types of cookies:
a. 'Session cookies' stored only temporarily during a browsing session to allow normal use of the system, deleted from your device when the browser is closed;
b. 'Persistent cookies' read only by the Site, saved on your computer for a set period, and not deleted when the browser is closed. Such cookies are used when it is necessary to identify the user for repeat visits, for instance, to store your preferences for future access;
c. 'Third-party cookies' set by other online services that track content on the page you are viewing, such as third-party analytics companies that monitor and analyze access to our website.
Cookies do not contain any information that personally identifies the User, but the personal information we store about the User may be linked, by us, to the data stored and collected by cookies.
You can remove cookies by following the instructions in your device's preferences; however, if you choose to disable cookies, some features of our Website may not function properly, and your online experience may be limited.
We also use a tool called "Google Analytics" to gather information about how the Website is used.
Google Analytics collects data such as the frequency with which Users visit the Website, which pages they visit, when they visit them, and so on. We use this information solely to improve our Website and services.
Google Analytics collects the IP address assigned to the user at the time they visit the Website, rather than their name or other identifying information.
We do not combine the information collected via Google Analytics with personally identifiable information. Google's ability to use and share the data collected through Google Analytics about visits to this Website is governed by Google's Terms of Use and Privacy Policy.
Marketing
We may use personal information such as the name, email address, phone number, etc., either internally or with the assistance of third-party collaborators, to provide the User with promotional materials related to our services that we believe may be of interest to them.
In respect of the User's right to privacy, such marketing materials will include options to opt-out of receiving further marketing offers from us. If the User unsubscribes, we will remove their email address or phone number from our marketing distribution lists.
Note: Even if the User unsubscribes from receiving marketing emails from us, we may still send other types of important email communications without offering an option to opt-out. These communications may include customer service announcements or administrative notices.
Updates or Changes to this Privacy Policy and Cookie Notice
We reserve the right to periodically modify or review this Privacy Policy. Material changes will take effect immediately upon the display of the updated Privacy Policy. The most recent revision date will be indicated in the "Last Modified" section.
Continued use of the Platform following the notification of such changes on our website constitutes acceptance of and consent to these modifications to the Privacy Policy, and consent to abide by the associated terms.
Last Modified: July 5, 2022
