Protection of Personal Data.Information pursuant to article 13 of the General Regulations on Personal Data Protection 2016/679.
I) Who is the Data Controller?
The Controller is Gruppo Toscano S.p.A. in the person of the pro tempore Legal Representative - Dr. Ilario Antonio ToscanoII) What personal data do we collect?
The personal data we collect are:- identifiers;
- for contact;
- data related to the preferences and liking of the interested party.
III) For what purposes do we process your data? Is the provision of data mandatory?
The Data Controller will process personal data for the following purposes:- management of the request for evaluation of the property, through the communication of data to an affiliate, and the visit to be made to provide the service;
- carrying out the evaluation and providing the outcome of the evaluation. The requested provision of personal data for these purposes is not mandatory, but refusal to supply them may make it impossible for the Data Controller to provide the requested service.
- survey of the degree of customer satisfaction on the quality of services rendered and on the activities carried out by the companies of Group, development studies and market research carried out through personal or telephone interviews, questionnaires, etc.;
- promotion and sale of services offered by the companies of Gruppo Toscano or third parties, also through letters, landlines and/or mobile phones, advertising materials, automated communication systems, e-mails, mms messages (multimedia messaging service) and sms (short message service), etc.;
- sending of newsletters on the services, events and assets available; 6. user profiling in order to offer goods and services offered by Group companies tailored to his needs, tastes and habits.
IV) Why is the processing we carry out legitimate?
The processing of personal data carried out by the Data Controller is legitimate because it is based on the following factors and situations:- Fulfilment of pre-contractual services (Purpose mentioned in points 1 and 2);
- Consent of the data subject (Purpose mentioned in points 3, 4, 5 and 6);
- Legitimate interest for intra-group communications.
V) How are your personal data processed and how long are they stored?
The Data Controller processes your personal data in both paper and electronic format (servers, cloud databases, application software, etc.) and keeps your personal information for a certain period in order to achieve the purposes for which it was collected, or for the periods provided for by specific regulations or by the rules that manage the requirement. To specifically know the storage periods of each type of personal data processed by the data controller, you may contact the Data Controller via the contact details found at the bottom of this information document.VI) Categories of persons to whom the data may be communicated or that may gain knowledge of it as data processors and persons in charge of data
- to companies belonging to Gruppo Toscano, or subsidiaries or associates pursuant to Article 2359 of the Italian Civil Code when such disclosure is necessary to pursue the legitimate interest of the Group;
- to companies, entities or external organisations that assist us in the provision and/or promotion of services, carrying out part of the processing in our name and on our behalf;
- to companies that provide Gruppo Toscano with information systems and software supports;
- to organisations where such communication must be carried out in compliance with the duty established by law, by regulation or by community legislation (i.e. deriving from an anti-money laundering law);
VII) What are your rights as an interested party and how can you exercise them?
The new European Regulation on the protection of personal data (2016/679) guarantees you, as a data subject in processing, specific rights.For each process, you may exercise the following rights:
- Right of access: you have the right to obtain a copy of the personal data we hold and which are subject to processing;
- Right to rectify: you have the right to rectify your personal data stored by the Data Controller if they are not updated or correct;
- Right to object the processing of personal data for commercial purposes: you may request the Data Controller cease sending commercial communications any time;
- Right to oppose decisions based on solely automated processes: you may request to not be the recipient of decisions on the basis of exclusively automated processes, including profiling activity;
- Right to revoke consent already granted: you have the right to revoke consent already granted for a given process at any time;
- Right to contact the Privacy Authority for the protection of personal data: you have the right to contact the Privacy Authority for the protection of personal data in the case of doubts regarding the processing of personal data made by the Data Controller;
You may also exercise the following rights in the event of certain situations:
- Right to cancel: you may request the Data Controller delete your personal data if the purposes of processing have ceased and there are no legitimate interests or legal provisions required for the continuation of data;
- Right to object to processing: you may request the Data Controller cease performing a specific process on your personal data;
- Right to restrict processing: you have the right to request the Data Controller limit the processing operations on your personal data;
- Right to data transferability: you have the right to obtain a copy of your data in a structured and computerised format transferable to another Data Controller.
If you wish to exercise your rights, please send an email or write to the following address specifying your request and providing us with the necessary information for identification (including a copy of your identity document): [email protected] The Controller will reply within one month. If for some reason we fail to respond to you, the Data Controller will provide you with a detailed explanation on why your request cannot be fulfilled.