Privacy Policy for www.elsahouse.it

This page describes how the site manages the treatment of personal data of users who consult it.

This information is provided pursuant to Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, regarding the protection of personal data for those who interact with the web services named structure accessible electronically starting from the address: https://elsahouse.it/.

This policy is provided only for the site named structure and not for other websites that may be consulted by the user through links.

Figures and Contacts

The Data Controller is: Casa Sole (hereinafter referred to as “the controller”) Via Raimondo Scintu 58, 00185 Rome, Italy – email: danilooasi@gmail.com.

LOCATION OF DATA PROCESSING

Processing connected to the web services of this site takes place at the operational headquarters located at Via della Ferratella in Laterano, Rione Monti, 00184 Rome, Italy, and is managed solely by the controller, who is adequately trained and informed about the processing of personal data.

No data derived from the web service is communicated or disseminated.

Personal data provided by users who send requests for information materials (newsletters, CDs, annual reports, responses to inquiries, documents, etc.) are used solely for the purpose of executing the requested service or performance and are communicated to third parties only if necessary for that purpose.

In this latter case, data is processed anywhere the parties involved in the processing are located. For more information, contact the Controller.

The User’s Personal Data may be transferred to a country different from the one in which the User is located. For further information regarding the location of the processing, the User can refer to the section related to details on the processing of Personal Data.

TYPES OF DATA PROCESSED

Browsing Data

The IT systems and software procedures used to operate this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified data subjects, but by its very nature could, through elaboration and associations with data held by third parties, allow for the identification of users.

This category of data includes IP addresses or domain names of the computers used by users connecting to the site, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in response, the numeric code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the user’s operating system and IT environment.

This data is used solely for the purpose of obtaining anonymous statistical information about the use of the site and to check its correct functioning and is deleted immediately after processing. The data may be used to ascertain responsibility in case of hypothetical computer crimes against the site: barring this eventuality, the data on web contacts does not persist for more than seven days.

Data Provided Voluntarily by the User

The optional, explicit, and voluntary sending of emails to the addresses indicated on this site results in the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message.

Specific summary information will be progressively reported or displayed on the site pages prepared for particular requested services.

PERSONAL DATA COLLECTED FOR THE FOLLOWING PURPOSES AND USING THE FOLLOWING SERVICES (DETAILS ON THE PROCESSING OF PERSONAL DATA)

Contact Form: Used to receive requests and correspond.

Collected Data:

  • First Name
  • Last Name
  • Email
  • Phone Number

Location of Data Processing: Headquarters of the controller

Comments on Content: Used to allow the site to collect, publish, and respond to user comments.

Collected Data:

  • First Name
  • Email

Location of Data Processing: Headquarters of the controller

Room Booking Forms: Used to allow customers to book a room on the online booking site.

Collected Data:

  • First Name
  • Last Name
  • Address
  • Email
  • Phone
  • Tax Code or VAT Number

Location of Data Processing: Headquarters of the controller

Interaction with Social Networks of External Platforms: Used for content sharing and interaction with social profiles and pages. “Like” buttons and Facebook widgets.

Like Button and Social Widgets of Facebook

The “Like” button and Facebook social widgets are services provided by Meta, Inc.

Collected Data: Cookies and Usage Data.

Location of Processing: United States – Privacy Policy.

Like Button and Social Widgets of Instagram

The “Like” button and Instagram social widgets are services provided by Meta, Inc.

Collected Data: Cookies and Usage Data.

Location of Processing: United States – Privacy Policy.

LEGAL BASIS FOR PROCESSING

The Controller processes User Personal Data only if one of the following conditions is met:

  • The User has given consent for one or more specific purposes; Note: In some jurisdictions, the Controller may be authorized to process Personal Data without the need for the User’s consent or another legal basis specified below, until the User objects (“opt-out”) to such processing. This does not apply if the processing of Personal Data is governed by European legislation on personal data protection;
  • The processing is necessary for the execution of a contract with the User and/or for the execution of pre-contractual measures;
  • The processing is necessary to fulfill a legal obligation to which the Controller is subject;
  • The processing is necessary for the performance of a task carried out in the public interest or in the exercise of public powers vested in the Controller;
  • The processing is necessary for pursuing the legitimate interests of the Controller or third parties.

It is always possible to request the Controller to clarify the specific legal basis for each processing and, in particular, to specify whether the processing is based on law, stipulated by a contract, or necessary to conclude a contract.

No personal data of users is acquired in this regard by the site.

No cookies are used for transmitting personal information, nor are so-called persistent cookies of any kind used, or systems for tracking users.

The use of so-called session cookies (which are not persistently stored on the user’s computer and vanish when the browser is closed) is strictly limited to the transmission of session identifiers (composed of random numbers generated by the server) necessary to ensure the secure and efficient exploration of the site.

The so-called session cookies used on this site prevent the use of other IT techniques that could potentially compromise the confidentiality of users’ browsing and do not allow the acquisition of personal data that can identify the user.

For more information on the use of cookies by this site and for methods of consent, refusal, or deactivation, please refer to the cookie policy.

Data Collection for Statistics: Data is collected for statistics using a system managed within the site. No data is transferred elsewhere. The data (mainly IP address and location) may be accessed by the controller and their collaborators solely for the purpose of improving the site’s performance.

VOLUNTARY NATURE OF DATA PROVISION

Apart from what is specified for browsing data, the user is free to provide personal data reported in request forms or otherwise indicated in contacts with the office to solicit the sending of information materials or other communications.

Failure to provide such data may result in the inability to obtain what is requested.

For completeness, it should be noted that in some cases (not part of the ordinary management of this site), the Authority may request news and information pursuant to Regulation (EU) 2016/679 of the European Parliament, for the purpose of monitoring the processing of personal data. In these cases, the response is mandatory under penalty of administrative sanction.

METHODS OF PROCESSING

Personal data are processed using automated tools for the time strictly necessary to achieve the purposes for which they were collected.

Specific security measures are observed to prevent data loss, unlawful or incorrect use, and unauthorized access.

Rights of the Data Subject:

The data subject has the right to request the data controller:

  • Confirmation of the existence or absence of personal data concerning them, even if not yet registered, and their communication in intelligible form;
  • Rectification, integration, limitation, deletion of their data;
  • Portability of their data.

The data subject has the right to:

  • Withdraw their consent at any time;

  • Lodge complaints with the supervisory authority;

  • Know the consequences of not consenting (e.g., inability to conclude a contract or provide the service);

  • Know the existence of a profiling process of their data;

  • Know the existence of an automatic decision-making process, the logic governing it, and the possible consequences;

  • Object, in whole or in part:

    • for legitimate reasons to the processing of personal data concerning them, even if pertinent to the purpose of collection;
    • to the processing of personal data concerning them for direct marketing purposes (sending advertising material or direct sales or for market research or commercial communication) including profiling for marketing purposes.

Methods of exercising their rights

The data subject has the right to exercise all their rights simply by sending a written request, also electronically, to the data controller at the email address danilooasi@gmail.com.

Date of update of the privacy policy: October 20, 2024.