Privacy Policy
(art. 12, 13 and 14 of the GDPR of Regulation 2016/679/EU on the protection of personal data)
The company ISOLA Srl (hereinafter “Data Controller”) with registered office in Viale Lombardia 32 Milan and operational headquarters in Via Fabio Filzi 33 Milan, is committed to respecting and protecting your privacy and wants you to feel safe while browsing the site. Through this information, the Data Controller intends to provide some information on the processing of personal data relating to users who visit or consult the company’s website, accessible electronically through the site https://old.milanretreats.com/ .
The information is provided only for the website by the Data Controller, and excludes other websites that may be consulted by the user via links (for which reference is made to the respective privacy policies).
The reproduction or use of pages, materials and information contained within the Site, by any means and on any medium, is not permitted without the prior written consent of the company ISOLA Srl Copying and/or printing is permitted for exclusively personal and non-commercial use; other uses of the contents, services and information on this site are not permitted. With regard to the contents offered and the information provided, the Data Controller will ensure that the contents of the Site are reasonably updated and revised, without offering any guarantee on the adequacy, accuracy or completeness of the information provided, explicitly declining any liability for any errors of omission in the information provided on the Site.
ORIGIN – NAVIGATION DATA
The Data Controller informs that the personal data provided by you and acquired at the same time as the request for information and/or contact via smartphone or any other tool used to access the Internet, as well as the data necessary for the provision of such services, including navigation data and data used for the possible purchase of products and services offered by the Data Controller, will be processed in compliance with applicable legislation .
The computer systems and software procedures used for the operation of this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the Internet. This information is not collected to be associated with identified interested parties, but by its very nature could, through processing and association with data held by third parties, allow the identification of browsing users. This category of data includes:
- the “IP addresses” or domain names of the computers used by users who connect to the site;
- the URI (Uniform Resource Identifier) addresses of the requested resources;
- the time of the request;
- the method used in submitting the request to the web server;
- the size of the file obtained in response;
- the numeric code indicating the status of the response given by the web server (successful, error, etc.);
- other parameters relating to the user’s operating system and computing environment.
These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check the correct functioning of the website of the Data Controller. It is highlighted that the aforementioned data could be used to ascertain responsibility in the event of computer crimes against the site of the Data Controller or other sites connected or linked to it: except for this eventuality, at present the data on web contacts do not persist for more than a few days.
ORIGIN – DATA PROVIDED BY THE USER
The Data Controller collects, stores and processes your personal data for the purpose of providing the products and services offered on the Site, or for legal obligations. In relation to some specific Services, Products, Promotions, etc., the Data Controller may also process your data for commercial purposes. In such cases, specific, separate, optional and always revocable consent will be requested with the methods and contact details indicated below. The optional, explicit and voluntary sending of e-mails to the addresses indicated in the appropriate section of the Website, as well as the completion of questionnaires (e.g. forms), communication via chat, push notification via APP, social networks, call centers, etc., involves the subsequent acquisition of some of your personal data, including those collected through the use of the Apps and related services, necessary to respond to requests. We also inform you that when using the mobile connection to access digital content and services offered directly by the Data Controller or by our Partners, it may be necessary to transfer your personal data to such third parties.
The provision of data for the purposes referred to in points a), b) and c), connected to a pre-contractual and/or contractual phase or functional to a user request or required by a specific regulatory provision, is mandatory and, in its absence, it will not be possible to receive the information and access the services requested. For this reason, consent to the processing of data pursuant to art. 6 of European Regulation 2016/679 is not required, given that the processing of personal data occurs on the basis of the provisions of art. 6 c. 1 b) of European Regulation 2016/679, in particular it is necessary for the success of a pre-contractual phase in which the interested party is a party.
With regard to point d) of this Notice, the consent to the processing of data by the user/customer is instead free and optional and can always be revoked without consequences on the usability of the products and services except for the impossibility for the Data Controller to keep users/customers updated on new initiatives or on particular promotions or advantages that may be available.
The Data Controller may send commercial communications relating to products and/or services similar to those already provided, pursuant to Directive 2002/58/EU, using the email address, or paper address, indicated by you on such occasions to which you may object using the methods and contact details indicated below.
METHODS, TREATMENT LOGIC, STORAGE TIMES AND SECURITY MEASURES
The data processing is also carried out with the aid of electronic or automated means and is carried out by the Data Controller and/or third parties that may be used to store, manage and transmit the data.
The data processing will be carried out with the logic of organization and processing of your personal data, also relating to the logs originating from the access and use of the services made available via the web, of the products and services used, related to the purposes indicated above and, in any case, in a way to guarantee the security and confidentiality of the data. The personal data processed will be stored for the times established by the applicable legislation, in particular for a period not exceeding 24 months from the collection.
Always with regard to data security, in the sections of the website set up for particular services, where personal data are requested from the user, the data is encrypted using a security technology called Secure Sockets Layer, abbreviated to SSL. SSL technology encodes information before it is exchanged via the Internet between the user’s computer and the central systems of the Data Controller, making it incomprehensible to unauthorized persons and thus guaranteeing the confidentiality of the information transmitted.
With reference to the aspects of personal data protection, the user is invited, pursuant to art. 33 of European Regulation 2016/679, to report to the Data Controller any circumstances or events from which a potential “personal data breach” may arise, in order to allow an immediate evaluation and the adoption of any actions aimed at countering such an event.
Such notification may be made by sending a communication to ISOLA Srl at the email address info@milanretreats.com
The measures adopted by the Data Controller do not exempt the Customer from paying the necessary attention to the use, where required, of passwords/PINs of adequate complexity, which he/she must update periodically, especially if he/she fears that they have been violated/known by third parties, as well as carefully guarding and making inaccessible to third parties, in order to avoid improper and unauthorized use.
COOKIES
A cookie is a short string of text that is sent to your browser and, if necessary, saved on your computer (alternatively on your smartphone/tablet or any other device used to access the Internet); this sending generally occurs every time you visit a website.
The Data Controller uses cookies for various purposes, in order to offer a fast and safe digital experience, for example, allowing you to keep the connection to the protected area active while browsing through the pages of the site.
The cookies stored on your terminal cannot be used to recall any data from your hard disk, transmit computer viruses or identify and use your email address. Each cookie is unique in relation to the browser and device you use to access the Website https://old.milanretreats.com/
The Data Controller’s website uses session cookies, the use of which is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to allow safe and efficient exploration of the site. These cookies do not allow the acquisition of personal data identifying the user and are processed in computer mode.
Support in configuring your browser
1. The user can also manage cookies through the settings of his browser. However, deleting cookies from the browser could remove
the preferences that he has set for the site.
2. For further information and support you can also visit the specific help page of the web browser that you are using:
- Internet Explorer: http://windows.microsoft.com/en-us/windows-vista/block-or-allow-cookies
- Firefox: https://support.mozilla.org/en-us/kb/enable-and-disable-cookies-website-preferences
- Safari: http://www.apple.com/legal/privacy/it/
- Chrome: https://support.google.com/accounts/answer/61416?hl=it
- Opera: http://www.opera.com/help/tutorials/security/cookies/
AREAS OF COMMUNICATION AND DATA TRANSFER
In order to pursue the purposes indicated above, the Data Controller may communicate and have processed, in Italy (the transfer will not be made outside the European Economic Area), the personal data of users/customers to third parties with whom the Data Controller has relationships, where these third parties provide services upon request.
The Data Controller will undertake to provide these third parties only with the information necessary to perform the requested services, taking all measures to protect your personal data.
Personal data may be communicated to the competent public bodies and authorities for compliance with regulatory obligations or to ascertain responsibility in the event of computer crimes against the site, as well as communicated to, or allocated to, third parties (as managers or, in the case of electronic communication service providers, as independent owners), who provide IT
and telematic services (e.g. hosting services, management and development of websites) and which the Data Controller uses to carry out tasks and activities of a technical and organizational nature that are instrumental to the functioning of the website. The parties belonging to the categories listed above operate as external Data Processors, formally appointed by the Data Controller.
Your personal data may also be known by the employees/consultants of the Data Controller who are specifically trained and appointed as “Persons authorized to process data under the direct responsibility of the Data Controller”.
The categories of recipients to whom the data may be communicated are available by contacting the Data Controller company at the addresses indicated below.
RIGHTS OF INTERESTED PARTIES
In accordance with, within the limits and under the conditions set forth by the legislation on the protection of personal data regarding the exercise of the rights of the Interested Parties (Chapter III of the European Regulation 2016/679) with regard to the processing covered by this Notice, as an Interested Party you have the right:
- to access your personal data, obtaining evidence of the purposes pursued by the Data Controller, the categories of data involved, the recipients to whom they may be communicated, the applicable retention period, the existence of automated decision-making processes;
- to obtain without delay the rectification of inaccurate personal data concerning you;
- to obtain, in the cases provided for, the deletion of your data;
- to obtain the limitation of the processing or to oppose it, when possible;
- to request the portability of the data that you have provided to the Data Controller, that is, to receive them in a structured, commonly used and machine-readable format, also to transmit such data to another Data Controller, within the limits and with the constraints set forth in art. 20 of European Regulation 2016/679;
- lodge a complaint with the Personal Data Protection Authority pursuant to art. 77 of European Regulation 2016/679.
For the treatments referred to in point d) of the purposes of the treatment, the Customer may always revoke the consent and exercise the right to object to direct marketing (in “traditional” and “automated” form). The opposition, in the absence of an indication to the contrary, will refer to both traditional and automated communications.
The Interested Party may exercise their rights in terms of privacy and protection of personal data by downloading and completing the appropriate form from the company website https://old.milanretreats.com/ – privacy section and sending the form by email to welcome@milanretreats.com
The use of the Website, including those intended for tablets and/or smartphones, by the Customer and/or the User implies full knowledge and acceptance of the content and any indications included in this version of the information published by the Data Controller when the site is accessed. The Data Controller informs that this information may be modified without notice and therefore recommends periodic reading of it.