Privacy policy

Information note according to Article 13 of EU Regulation 2016/679 - Article 13 of Legislative Decree 196/2003 (Personal data protection code) and subsequent amendments.
Last updated May 2018.

In application of the European Regulation n. 679 of 2016 of Legislative Decree no. 196 of 2003 relating to the protection of personal data, we inform you that the Data Controller is Chiara Papi, a sole proprietorship in the person of Chiara Papi (hereinafter referred to as "the Data Controller").

Personal data are processed fully with EU Regulation 679/2016 and Legislative Decree 196/2003 and subsequent amendments.

The data you provide (hereinafter referred to as "the interested party") will be used for the sole purpose of following up on your requests and may be disclosed to third parties only if this is necessary for this purpose or with your explicit consent.

The data will be processed by personnel appointed by the Data Controller with procedures, technical and IT tools suitable for protecting the confidentiality and security of the data of the interested party and consists in their collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, dissemination, cancellation, destruction of the same including the combination of two or more of the aforementioned activities.

The data will be stored during the time strictly necessary to provide the interested party with the requested services. They will, in any case, be deleted following the request of the interested party, without prejudice to further conservation obligations required by law.

The data not be disclosed.

As part of its activity and for the purposes indicated above, the Data Controller may use services rendered by third parties who operate on behalf of the Data Controller and, according to his instructions, as data processors.

These are suppliers, commercial and production partners, intermediaries, technical consultants, and other similar subjects who collaborate with our organization to fulfill the contractual commitments undertaken with you; subjects who provide a service strictly and necessarily connected to the activity of the Data Controller such as tax consultants, banks, shippers, insurance companies, public and private entities, also concerning inspections or verifications; subjects who can access the data under legal provisions.

The data may also be communicated to all those subjects authorized by law to collect them (e.g., provincial companies for health services, financial administration, etc.).

The interested party may request a complete and updated list of the persons appointed as data processors by contacting the contact indicated below.

Rights of the interested party
Right of access (Article 15 of the GDPR). Right of the interested party to obtain access to their data and lodge a complaint with the supervisory authority.

Right of rectification (Article 16 of the GDPR). The right of the interested party to obtain the correction of inaccurate personal data concerning him from the Data Controller.

Right to cancellation (right to be forgotten) (Article 17 of the GDPR). The interested party has the right to obtain the deletion of personal data concerning him without undue delay from the Data Controller.

Right to limitation of processing (Article 18 of the GDPR). Right of the interested party to obtain a limitation of data processing.

Notification obligation (Article 19 of the GDPR). The Data Controller communicates to each of the recipients to whom the personal data have been transmitted any corrections or cancellations or limitations of the processing carried out pursuant to art. 16; 17; 18.

Right to data portability (Article 20 of the GDPR). The interested party has the right to receive personal data concerning him provided to the Data Controller and has the right to transmit such data to another data controller without impediments by the Data Controller.

Right to object (Article 21 of the GDPR). Right of the interested party to oppose the processing of his personal data.

Profiling (Article 22 of the GDPR). The interested party has the right not to be subjected to a decision based solely on automated processing, including profiling or which significantly affects his person.

The Data Controller is Chiara Papi, owner of the homonymous sole proprietorship.

847 / 5000
Risultati della traduzione
Art. 7 - Right to access personal data and other rights
The interested party has the right to obtain confirmation of the existence or not of personal data concerning him, even if not yet registered, and their communication in an intelligible form.

The interested party has the right to obtain the indication:

a) the origin of personal data;
b) the purposes and methods of the processing;
c) of the logic applied in case of processing carried out with the aid of electronic tools;
d) the identity of the owner, manager, and the representative appointed under Article 5, paragraph 2;
e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the State, managers, or agents.

The interested party has the right to obtain:

a) updating, rectification, or, when interested, integration of data;
b) the cancellation, transformation into anonymous form, or blocking of data processed in violation of the law, including data which need not be kept for the purposes for which the data were collected or subsequently processed;
c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment is proved impossible or involves the use of means that are manifestly disproportionate to the protected right.

The interested party has the right to object, in whole or in part:

a) for legitimate reasons, to the processing of personal data concerning him, even if pertinent to the purpose of the collection;
b) to the processing of personal data concerning him for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication.
The person in charge of protecting personal data is Chiara Papi, owner of the individual company of the same name.


Owner and manager of the processing of personal data
Pursuant to art. 28 of Legislative Decree 196/2003:

The Data Controller of personal data: Chiara Papi sole proprietorship

The person in charge of the processing of personal data: Chiara Papi
Registered office: Vicolo Imbuto 3, 10023 - Chieri (TO) ITALY
VAT number: 11967980019
Email: [email protected]
Domain: www.storie-dimore.it

Links to other sites
The sites to which we redirect, including (but not limited to) secondary sites and third-party service providers, may have a different privacy policy than the one set out here.

We take no responsibility for the privacy policies of linked sites and therefore encourage you to learn about them.

Children
If you are under 16, you shouldn't make an online booking or any inquiries, but ask a parent to do it for you.

Questions or concerns
If you believe that the Data Controller has not followed the aforementioned policy, we invite you to let us know by sending an email to [email protected], and we will try to do our best to identify and solve any problem.

You can also write to us at Storie e Dimore di Chiara Papi, vicolo Imbuto 3, 10023 Chieri (TO) ITALY.

Changes to this online privacy policy
We may vary this Privacy Statement from time to time to accommodate changes in regulations, business needs or to meet the requirements of our visitors, guests, market partners, and service providers. Updated versions will be published on our site, together with the update dates, to inform you of the latest update of the privacy policy.