GENERAL INFORMATION

With this notice, MPG srls, Piazza Dei Caduti, 3 Sogliano Cavour 73010 (LE), Puglia, email: info@palazzogiustiniani.com, as the Data Controller (hereinafter simply “Data Controller“) – would like to inform you about the processing of personal data that you will provide through browsing this Website www.palazzogiustiniani.com (hereinafter simply “Website“).

For any clarification, information, or exercise of the rights listed in this notice, please contact:

Email: info@palazzogiustiniani.com
Mailing address for registered letters: MPG srls, Piazza Dei Caduti, 3 Sogliano Cavour 73010 (LE), Puglia.

The Italian Legislative Decree 196/2003, as amended by Legislative Decree 101/2018, and EU Regulation 2016/679 (“GDPR”) establish rules for protecting individuals with regard to the processing of their personal data. This Privacy Policy is drafted in compliance with the new legal framework.

This policy may be updated due to the introduction of new regulations, so we encourage you to periodically check this section for updates.

The Privacy Policy you are reading applies exclusively to the Website, and the Data Controller is not responsible for the data processing practices of third-party websites that can be accessed through links in the Cookie section or through any links appearing on the Homepage. The Cookie Policy is available by accessing the cookie banner on the first visit to the Website or whenever it appears.

Under the law, the processing of personal data is based on principles of fairness, lawfulness, transparency, accuracy, limitation of purposes and retention, data minimization, integrity, confidentiality, and protection of the user’s rights.

The Data Controller commits to adhering to these principles and, to this end, informs you right away that—except for those processing activities for which the law requires your explicit consent—by browsing this Website, uploading or providing personal data, you agree and consent to be bound by the conditions and terms of this Privacy Policy. The consent to data processing—if given by the user—can be revoked at any time by contacting the addresses mentioned above.

If you are under the age of 16, your consent is valid only if given or authorized by the person holding parental responsibility over you, as per Article 8 of EU Regulation 2016/679. For individuals in Italy, consent is also valid, under the same conditions, for persons who are at least 14 years old.

In any case, we would like to provide you with some information about the concept of personal data processing and the parties responsible for handling it.

1. DATA CONTROLLER
2. PERSONAL DATA PROCESSED
3. PROCESSING METHODS
4. LOCATION OF PROCESSING AND CIRCULATION OF DATA
5. PURPOSES OF THE PROCESSING
6. LEGAL BASIS FOR DATA PROCESSING
7. RETENTION PERIOD FOR DATA
8. RECIPIENTS OF PERSONAL DATA
9. DISSEMINATION OF DATA
10. TRANSFER OF DATA

  1. DATA CONTROLLER
    Regarding this Website, the data controller is MPG srls, as previously specified and identified. For any clarification or to exercise your rights, you can contact the data controller at the following email address: info@palazzogiustiniani.com.

2. PERSONAL DATA PROCESSED
“Personal data” refers to all information that may directly or indirectly allow the identification of users.
Such information may include, for example: name, address, username, email address, phone number, or even the IP address of the device used, browsing preferences, or information related to the user’s lifestyle, hobbies, interests, and online purchasing preferences.

The personal data processed on the Website is common data provided voluntarily by the user for the purchase of tickets online or pre-sale tickets entered into the online forms (e.g., common data such as identification data, contact details such as phone number, physical address, payment data, email address) as well as data collected through tracking technologies (cookies). In some cases, the user may provide sensitive data, as defined under Article 9 of EU Regulation 2016/679 (“GDPR”), for example, to request specific information regarding certain services, access to the park, attractions, etc. It is not the intention of the Data Controller to process this type of data, and therefore users are advised not to provide it unless necessary. If necessary, we encourage users to give specific consent to the processing of such data in the context of communication with the Data Controller.

3. METHOD OF DATA PROCESSING
On this Website, data is collected electronically and processed through operations carried out primarily with the aid of electronic tools, ensuring the implementation of appropriate measures to safeguard the security of the data processed and ensuring its confidentiality. In particular, the processing of data is done by minimizing the use of sensitive personal data.
Your personal data will be processed by collaborators and/or employees of the Data Controller as data processors or persons in charge of processing, within the scope of their respective functions and in accordance with the instructions provided by the Data Controller.

4. LOCATION OF DATA PROCESSING
The processing of personal data related to the services on the Website takes place at the above-mentioned Data Controller’s premises and is managed only by authorized personnel.
Your personal data may be communicated to Judicial Authorities and Law Enforcement Agencies only in cases where required by law, and may be used by the Data Controller for the possible defense of their rights in court, where strictly necessary.
The data collected will not be disseminated. However, for the actual provision of the requested service, some data may be shared with external parties, appointed as data processors pursuant to Article 28 of EU Regulation 2016/679, who are entrusted with specific tasks on behalf of the company (e.g., web agencies, professionals, other platforms for the execution of online services requested by the user, etc.).
The Data Controller is committed to protecting the security of personal data by adopting all necessary IT and physical measures to safeguard the personal data provided. No security system guarantees absolute protection, therefore, except in cases of liability due to negligence, the Data Controller is not responsible for any actions taken by third parties who unlawfully access systems without proper authorization.

5. PURPOSES OF DATA PROCESSING

  • Provide the Services through the Website: To enable you to purchase tickets or pre-sales online (this may involve user verification or identification). We process your data to allow you to request information, create your account for payment, manage administrative tasks related to ticket sales, handle any complaints or assistance requests, and provide any other service or information you request that is available to the Data Controller. The purpose described involves the processing of common data.
    For the processing of common data concerning third parties that you provide through form submissions, the Data Controller will process these data in compliance with applicable laws, assuming that they relate to you or to third parties who have expressly authorized you to provide them based on a valid legal basis that justifies the processing of the data in question. In such cases, you act as the independent data controller, assuming all legal obligations and responsibilities. In this regard, you provide the Data Controller with the broadest possible indemnity against any claims, demands, damage claims, etc., that may arise from third parties whose personal data has been processed via form submissions (Purpose of “Provision of Service”). The data processed is common data. The Data Controller advises the user not to input sensitive data (related to health conditions, political or religious orientation, etc.), unless strictly necessary for the request for information or ticket purchase.
  • Send Marketing Communications: To send you marketing communications, promotions, and advertisements, including through the email address you provided for the newsletter and/or in the form fields (Purpose of “Marketing“). The data processed is common data.
  • Send Marketing Communications via Email: To send you marketing communications via email related to products and services similar to those you have purchased through the Website (“Soft Spam“). The data processed is common data.
  • Send Commercial Communications Based on Your Preferences: To send you commercial communications tailored to your preferences (“Profiling“). The data processed is common data.
  • Statistical Monitoring of Website Traffic: To statistically monitor aggregated traffic to the website (“Analytics“). The data processed is common data.
  • Compliance with Legal Obligations: To fulfill legal obligations requiring the Data Controller to collect and/or further process certain types of personal data (Purpose of “Compliance“). The data processed is common personal data.
  • Prevent or Detect Abuse and Fraud: To prevent or detect any abuse in the use of the Website, or any fraudulent activities, thus allowing the Data Controller to protect their interests in court (Purpose of “Abuse and Fraud Prevention“). The data processed is common personal data.


6. LEGAL BASIS FOR DATA PROCESSING
The legal basis for the processing of personal data provided by you through navigation is as follows:

  • Provision of the Service: Fulfillment of contractual or pre-contractual obligations pursuant to Article 6(1)(b) of the GDPR. Processing for this purpose is necessary to provide the requested service or respond to your inquiries. Providing the requested personal data is not mandatory, but failure to provide such data will prevent the provision of the requested service.
  • Marketing: The legal basis is consent, as per Article 6(1)(a) of the GDPR. The activity is carried out through the newsletter (if the service is active) with promotional content or via communications by email and SMS. You are not required to give consent for marketing purposes, and you can withdraw it at any time without consequence (other than ceasing to receive marketing communications) by writing to info@palazzogiustiniani.com or by clicking the unsubscribe link at the bottom of any marketing email.
  • Soft Spam: The legitimate interest of the Data Controller, pursuant to Article 6(1)(f) of the GDPR, in sending you similar products to those already purchased, and thus in line with your interests. You can object to this processing at any time by writing to info@palazzogiustiniani.com without any consequence (other than ceasing to receive promotional communications).
  • Profiling: Consent, as per Article 6(1)(a) of the GDPR. The activity is carried out through the use of profiling cookies. The data processed are common data. You can object to this processing at any time by writing to info@palazzogiustiniani.com without any consequence.
  • Analytics: The legitimate interest of the Data Controller, pursuant to Article 6(1)(f) of the GDPR.
  • Compliance: Fulfillment of a legal obligation, as per Article 6(1)(c) of the GDPR. This processing is necessary for the Data Controller to comply with legal obligations, including sector-specific obligations such as tax, fiscal, or other types of obligations.
  • Abuse and Fraud Prevention: The legitimate interest of the Data Controller, pursuant to Article 6(1)(f) of the GDPR. The processing for this purpose is solely aimed at allowing the Data Controller to prevent and/or detect any fraudulent activities committed through the Website and to protect themselves in legal proceedings.

7. DATA RETENTION PERIOD
Data processed to comply with legal obligations will be retained until the fulfillment of such obligations and, in any case, for the period necessary to demonstrate compliance. Data processed for contractual purposes will be retained until the fulfillment of those purposes and, if a contract has been concluded or pre-contractual negotiations have taken place, for ten years from the conclusion of the contract to allow for potential judicial or extrajudicial protection, as well as to demonstrate the proper fulfillment of contractual obligations.

Data processed for marketing and profiling purposes will be retained until the consent is revoked by the data subject.
Regarding soft spam commercial communications by email and the management of analytical cookies, data will be retained until the data subject objects, in the manner indicated below, or until consent is revoked.

Data processed for compliance purposes will be retained for the period specified by the relevant laws.
Data processed for the purposes of preventing abuse and fraud will be retained for the time strictly necessary to allow the Data Controller to defend themselves in legal proceedings.

8. RECIPIENTS OF PERSONAL DATA

The personal data you provide may be accessed by the Data Controller, third parties, data controllers, and/or data processors who may be appointed.

Other categories of recipients who might become aware of your personal data during or after the execution of the contract include:

  • Subjects who process data in compliance with specific legal obligations;
  • External consultants and professionals providing services related to or connected with the above-mentioned purposes (e.g., marketing activities, platforms related to the provision of services, if applicable), who have been specifically identified in writing and given written instructions regarding the processing of personal data;
  • Entities with whom interaction is necessary to provide the requested services (e.g., hosting providers, credit institutions, payment platforms);
  • Individuals authorized by the Data Controller to process personal data necessary to carry out activities strictly related to the provision of services, who have committed to confidentiality or have an adequate legal confidentiality obligation (e.g., employees of the Data Controller);
  • In general, all public and private entities to whom communication is necessary for the proper and complete fulfillment of the stated purposes;
  • Entities or organizations to whom data must be communicated for compliance purposes, prevention of abuse and fraud, or by order of an authority.

9. DISCLOSURE OF DATA

Unless you provide a specific written request or there is an order from the judicial authorities/mandatory legal obligation, the personal data you provide will not be disclosed.

10. TRANSFER OF DATA

To provide certain services, personal data may be transferred to third-party organizations or countries where hosting servers or service providers are located.
In such cases, the Data Controller ensures that the processing of your personal data by these recipients is carried out in compliance with applicable data protection laws, including the European and Italian regulations to which we are subject. If required by European data protection law, the transfer of your data outside the European Union will take place based on adequate safeguards (such as the European Union standard contractual clauses for data transfer between EU and non-EU countries) and/or other legal bases according to EU regulations.
Further information is available from the Data Controller, who can be contacted at the details provided above.

The Website also processes your personal data through cookies. For more information on this, we invite you to read our Cookie Policy, which is an integral part of this Privacy Policy.

USER RIGHTS UNDER REG. EU 2016/679

Chapter III of REG. EU 2016/679 outlines the rights of the user.
The Data Controller therefore wishes to inform you about the existence of specific rights, including the right to obtain confirmation from the Data Controller as to whether or not your personal data exists (i.e., access), their provision in an intelligible form, as well as the right to rectify, delete, or restrict the processing of the data, or to object for legitimate reasons to the processing, and/or to revoke consent to processing at any time (without prejudice to the consequences outlined in point 5 above), or to request the portability of your data with regard to data based on specific consent, or to request an update. As the “data subject,” you also have the right to request the transformation of your data into an anonymous form, the limitation, or the blocking of data processed in violation of the law; you also have the right to lodge a complaint concerning the unauthorized processing of your data with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali), following the procedures published on their website (see http://www.garanteprivacy.it/). You have the right to know the origin of the data, the purposes and methods of processing, the logic applied to the processing, the identifying details of the Data Controller, and the recipients to whom the data may be communicated.

Requests related to the exercise of these rights can be addressed to the Data Controller at the contact details provided above, without formalities, or alternatively, by using the model provided by the Italian Data Protection Authority, available at the following link: Garante Privacy Model.

Likewise, in case of a violation of the regulations, you have the right to file a complaint with the Italian Data Protection Authority, which is the supervisory authority for processing in Italy. The model to file a complaint with the Privacy Guarantor can be found at the following address: Garante Complaint Model.

To exercise one or more of the rights mentioned above, you can contact us at the following email address: info@palazzogiustiniani.com.

For any information regarding cookies, you can access the following link, which directs you to the consent management platform/cookie banner, where you will find all the necessary information.