Last updated: November 23, 2022.
Your privacy is of the utmost importance to Monteverdi Residence Club LLC and MONTEVERDI S.R.L. In order to protect it to the best of our ability, we hereby provide the following policy regarding our use of the personal data you provide. Below, you will find details on the type of information collected during browsing on this website, and your options for intervening in the collection and use of this information are listed.
This policy is disclosed pursuant to articles 13 and 14 of Regulation (EU) 679/2016, known for short as the GDPR, and subsequent updates. This policy is also based on Recommendation No. 2/2001, which the European personal data protection authorities — in the working party established pursuant to Article 29 of Directive No. 95/46/EC — adopted on 17 May 2001 with the aim of identifying some minimum requirements for the online collection of personal data, in particular the methods, times, and nature of the information that data controllers must provide to users who connect to websites, regardless of the purposes of such connections.
TO ARTICLES 12 ET SEQ. OF REGULATION (EU) 2016/679 (GDPR)
1. Subject Policy regarding the processing of personal data for Monteverdi S.R.L., pursuant to articles 12 et seq. of Regulation (EU) 2016/679.
2. Preamble Regulation (EU) 2016/679 (the “General Data Protection Regulation”, or GDPR) concerns the protection of the personal data of natural persons with regard to processing. According to this legislation, the processing of personal data concerning an individual, defined specifically as the “data subject”, must take place in accordance with the principles of lawfulness, fairness and transparency, as well as protecting the data s privacy and rights to know about the processing carried out on his/her personal data. The purpose of this disclosure is to inform you, in accordance with the aforementioned legislation, that our organization is in possession of certain data concerning you which were acquired as part of your customer relationship with our facility. These data may also have been acquired orally, either directly or through third parties who carry out data-processing operations, or through third parties to whom we provide this information in order to satisfy a request from you.
Pursuant to the GDPR, these data concerning you are classified as “personal data” and therefore enjoy the protection provided by the provisions contained therein. In accordance with article 12 et seq. of the GDPR our facility, in its capacity as Data Controller, shall process the personal data provided by you in compliance with this legislation, with the greatest of care, while implementing actions and organizational principles adequate to guarantee protection during the processing of your personal data. To this end, those responsible for processing undertake to protect the information provided, using specific procedures suggested by the law for the protection of the data collected, in order to: 1) Prevent unauthorized access or disclosure; 2) Ensure the accuracy of the data being processed; 3) Guarantee that the use of the data is limited to the specific purposes described.
3. Definitions 1) personal data: any information concerning a natural person, legal person, body or association, whether identified or identifiable, including indirectly, by reference to any other piece of information, including a personal identification number, a name, location data or an online identifier, or to one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity; 2) processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; 3) data subject: the natural person who is the subject of the personal data; 4) data controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; 5) data processor: the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller; 6) third party: the natural or legal person, public authority, agency or body other than the Data Subject, Data Controller, Data Processor and persons who, under the direct authority of the Data Controller or Processor, are authorized to process personal data; 7) consent of the Data Subject: any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her; 8) supervisory authority: the independent public authority which is established by a Member State pursuant to Article 51;
In view of the foregoing preamble, the following information is hereby provided:
4. Personal data collected The Data Controller uses your personal data to ensure the efficient provision of its services. You may be required to provide the following data, or they may be collected, potentially only in part:
- a) identifying data, VAT number, tax code, company name, registered offices, residence, domicile, and telephone or email contact details;
- b) data regarding the contractual relationship, describing the type of contract for the use of tourism booking services as well as information related to its execution which is necessary for the fulfillment of the contract itself;
- c) financial data regarding the economic relationship, the amounts owed and any payments, their periodic trends, and a summary of the financial status of the relationship;
- d) data to make the relationship with our facility more defined, and our collaboration and operations more efficient;
- e) personal data and “special” categories of personal data (concerning health), pursuant to art. 4 and 9 of the Regulation, which are necessary to provide the Wellness
Spa Center treatment services in accordance with the law;
- f) data collected by the video-surveillance system, exclusively in appropriately signposted areas and solely for the purposes permitted by law.
- Data storage periods The data collected shall be stored for the duration of the relationship with our organization, and for 10 years following the date on which it ends.
In cases where, because of a contractual relationship, data are processed which are not relevant to the administrative and tax-related obligations associated with that relationship, those data shall be stored exclusively for the time necessary to achieve the purposes for which they were collected, before being erased. You will be informed of the storage periods for such data when you are asked for your consent. With regard to the processing of data for video-surveillance purposes, the images captured shall be recorded and stored for 7 days, with exceptions in the case of national holidays, office closures or specific requests from the judicial authorities or the police, in accordance with the provision of 8 April 2010. At the end of this storage period, the images recorded shall be deleted from their respective electronic, IT or magnetic devices.
- Obligatory or optional provision of data It is obligatory to provide the Data Controller with the data which are essential for the provision of services and the data which are necessary to comply with obligations imposed by laws, regulations and European Community legislation, including the orders issued by Authorities legally authorized to do so and by supervisory and control bodies. Your provision of data which are non-essential for the performance of the service - if such are required by the Data Controller - is optional. You may choose to provide them by means of a suitable disclosure with a request for consent issued by us. However, if you decline to provide such data, this may make our facility less efficient in its provision of our services or make it completely or partially impossible to provide them.
- Processing methods Pursuant to article 12 et seq. of the GDPR, we wish to inform you that the personal data provided by you shall be recorded, processed and stored in our paper-based and electronic archives, as well as by the third parties with whom we collaborate, in accordance with the technical and organizational measures suggested by the GDPR. The processing of your personal data may consist of any operation or set of operations indicated in art. 4, para. 1, point 2 of the GDPR, specifically: collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. This processing shall take place using tools and procedures which are suitable to guarantee the security and confidentiality of the data, and may be carried out, either directly and/or through delegated third parties, both manually — on paper — and with the support of IT or electronic tools. For the purposes of the proper management of the relationship and the fulfillment of legal obligations, the data may be included in the Data Controller’s own internal documentation and, if necessary, in the records and registers required under the law.
- Purposes of processing The main purpose for the processing of your personal data is to allow the correct establishment and/or development of the relationship described in the preamble, as well as the proper management thereof. Specifically, the purposes of processing shall be the following:
- a) Administrative and tax-related purposes, particularly:
- Compliance with tax and accounting obligations;
- The legal obligations to which the data controller is subject: for compliance with laws and/or the rulings of public bodies which require MONTEVERDI S.R.L. to collect and/or further process certain types of personal data
- Client management (client administration; administration of contracts, orders, shipments and invoices; solvency and reliability checks);
- Dispute management (breaches of contract; warning notices; transactions; credit recovery; arbitration; litigation);
- Internal control services (of safety, productivity, service quality, integrity of assets);
- b) The management of commercial Marketing activities (market analysis and surveys), subject to acquisition of the user’s consent, such as:
- Promotional activities via emails, banners, SMS, phone calls, instant messaging or through social media;
- Checking customer satisfaction levels;
- c) Purposes related to availing of treatments from the Wellness Centre SPA, subject to acquisition of the user’s specific consent for the processing of “special” personal data connected to the provision of the services themselves.
The personal data shall be processed to fulfill legal obligations, to comply with administrative, insurance-related and tax-related obligations imposed by the applicable legislation, and also to satisfy accounting and commercial purposes, as well as to enable proper compliance with the legal and contractual obligations arising out of the legal relationship with the Data Subject. We remind you that, in any case, the Data Subject is free to deny consent for processing for commercial purposes, as well as to indicate the channels through which he/she wishes to be contacted or receive the aforementioned processing.
- Existence of automated decision-making MONTEVERDI S.R.L. does not carry out automated processing on personal data (profiling).
- Legal basis for processing Pursuant to art. 6 of the aforementioned regulation, the processing of personal data is lawful on the grounds that the Data Subject has
expressed consent for the processing of his/her personal data for one or more specific purposes. It is specified that the processing of personal data shall also be lawful, even in the absence of the Data Subject’s consent, when it is necessary for:
- a) the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract;
- b) compliance with a legal obligation to which the Data Controller is subject;
- c) protecting the vital interests of the Data Subject or of another natural person;
- d) the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller;
- e) the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of personal data, in particular where the data subject is a minor;
Moreover, the express consent of the Data Subject is not necessary in the event that processing is carried out on data obtained from public records, lists, deeds or documents that anybody can access, without prejudice to the limits and methods permitted by the applicable laws.
- Activities which may be outsourced to third parties The Data Controller, in the performance of its activities aimed at the provision of Wellness Centre SPA services.
Under these circumstances, the third-party operators delegated by the Data Controller may carry out their activities using the data provided by the Data Controller itself.
The categories of recipients to whom these data may be provided are:
- Public Administrations, for the performance of their institutional responsibilities, within the limits set out by the laws or regulations;
- Third Parties and service providers (all of whom shall be located within the European Union or in Italy) to whom such disclosure is necessary for the performance of the services in question. The categories (in terms of activities performed, sector, industry) of the third parties who may be recipients of the data are as follows (the Data Controller has chosen to list the categories instead of the individual names of suppliers and sub-suppliers, as the latter approach would make the sheer quantity of information excessive):
- Natural and/or legal persons acting as collaborators and/or consultants to carry out the work linked with the activity;
- Persons, companies or professional agencies which provide assistance, consultancy or collaboration to the Data Controller in accounting, administrative, legal, tax-related and financial matters related to the Contract;
- Suppliers in the ICT services field for installation, assistance with and maintenance of IT and computerized systems and equipment, and all functionally connected services which are necessary to provide the services covered by the Contract;
- Third parties external to the Company, when such disclosure is obligatory under the law or in order for the Data Controller to properly fulfill contractual, pre-contractual or post-contractual provisions (e.g. credit institutions for matters regarding the compliance of receipts and payments).
- Suppliers of security, monitoring and video-surveillance services, for the purposes of protecting the safety and integrity of assets;
- Suppliers of dedicated services for the Wellness Centre SPA;
- Suppliers of dedicated services for marketing and commercial communication purposes;
- The Company’s parent, subsidiary or affiliated companies, pursuant to article 2359 of the Italian Civil Code, or companies subject to common control.
The third parties described above shall be provided exclusively with the information necessary to provide the services for which they have been commissioned, and they shall be subject to a confidentiality obligation forbidding the use of the data provided for any purpose other than that agreed upon.
The third-party operators shall be Data Processors of the personal data in their own right (pursuant to art. 28 of the GDPR) and shall process the data within the limits strictly necessary for that purpose, independently ensuring that their employees have signed a confidentiality agreement. To request data which do not fall within the processing described above, these parties must in turn provide you with a specific disclosure regarding the processing of personal data which they carry out, along with request for consent.
- Dissemination The Data Controller shall not widely disseminate your data, i.e. it shall not allow unknown parties to have knowledge of them by consultation or otherwise making them available.
- Transfer of personal data overseas The data provided by you shall be processed in Italy. If, over the course of a contractual relationship, it is necessary for your data to be processed in a State which does not belong to the EU, they shall exclusively be transferred to States considered by the European Commission to be adequate for the transmission of personal data (art. 45 of the GDPR). In such cases, as set out by the aforementioned regulation, the transfer shall not require any specific authorization. Currently, the non-EU States considered adequate on the basis of decisions by the European Commission are: Andorra, Argentina, Australia, Canada, the Faroe Islands, Guernsey, the Isle of Man, Israel, Jersey, New Zealand, Switzerland, Uruguay, and the USA. Additional countries which may come to be considered adequate can be checked at the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en). Transfer is also permitted in the event that the Data Controller has entered into Standard Contractual Clauses (SCC) with the overseas recipients for the transfer of personal data to non-EU countries, entitling the Data Controller to impose upon the recipient, by means of the contract, the obligation to process the data in compliance with the contents of Regulation EU 697/2016 (GDPR).
- Circulation of your data The following categories of subjects, who have been nominated as data processors or processing officers by the Data Controller, may process your data:
- a) Employees or collaborators, generally engaged in: - Secretarial/office duties; - Maintenance and assistance for the services and/or products provided to you; - Accounting and billing; - Marketing of services and/or products; - The marketing office;
- b) Directors and administrators; The personal data may also be processed by subjects who have a contractual relationship with the Data Controller, as indicated in the paragraph “Activities which may be outsourced to third parties”. The Data Controller may delegate to such parties the fulfillment of certain compliance requirements or the performance of certain activities required to carry out the relationship with the Data Subject.
- Data Subjects’ Rights According to art. 15 of the GDPR, you have the right to confirmation of whether or not personal data about you are being processed, even if not yet recorded. These rights may be exercised subject to the ascertainment of the identity of the Data Subject by displaying an identity document, which will not be retained by the Data Controller but merely checked in order to verify the legitimacy of the request.
- a) The Data Subject has the right to access his/her personal data and to the following information (art. 15): - the purposes of the processing; - the categories of personal data concerned; - the third-party recipients or categories of third-party recipient to whom the personal data have been or will be disclosed, specifying if these are recipients in foreign countries; - where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; - where the personal data have not been collected from the data subject, any available information as to their source; - the existence or otherwise of automated decision-making, including profiling; - where data are transferred to a third country or to an international organization, the data subject shall have the right to be informed of the appropriate safeguards pursuant to article 46 of the GDPR;
You also have the right to request that the Data Controller carry out the following operations on your personal data:
- b) The erasure, or partial erasure, of the data (art.17);
- c) The restriction of processing, rectification of data and objection to processing (art.18);
- d) Data portability, including the right to transmit your data to another controller without hindrance (art. 20);
- e) The communication of the erasure, restriction or rectification of your personal data to all recipients to whom they have been disclosed, unless this proves impossible or involves disproportionate effort (art.19);
- f) Lodgement of a complaint with the competent “Data Protection Authority”.
- Identity of the Data Controller and, if designated, of its Representative in State territory and of the Data Protection Officer.
- Data Controller The Data Controller is: MONTEVERDI S.R.L., with registered offices in Piazzetta Maurilio Bossi, 4, 20121, Milan (MI), Italy; Tel: 0578-268146; email address: firstname.lastname@example.org.
- Data Processors The role of Data Processors is performed by the external companies with which contractual relationships exist, and who need to receive your personal data in order to fulfil those agreements. To be informed of the Data Processors, if appointed, and to know of the persons who shall be appointed to that role in future, the Data Subject may request this information by sending an email to the Data Controller at the address given above. It should be understood that the Data Processors indicated above do not handle Data Subjects’ requests to exercise their rights pursuant to art. 15 et seq. of the GDPR. That activity is carried out exclusively by the undersigned, in its capacity as the Data Controller.
This policy refers to the website www.monteverdituscany.com, owned by Monteverdi Residence Club LLC, and does not concern any other websites visited by the user via links.
As part of their normal operation, the IT systems and software procedures which ensure the functioning of this website acquire certain personal data, whose transmission is implicit in the use of Internet communication protocols.
This information is not collected in order to be associated with identified data subjects. However, by its very nature, it could permit users to be identified through processing and association with data in the possession of third parties.
This category of data includes the IP addresses or domain names of computers used by users who connect to the website, addresses of the resources requested in URI (Uniform Resource Identifier) notation, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numeric code indicating the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment.
These data are used for the exclusive purpose of deriving anonymous statistical information about the use of the website and to check that it is operating correctly.
The data could be used to determine responsibility in the event that the website were damaged by a hypothetical computer crime, solely at the request of the relevant supervisory bodies.
Specific, brief notices shall be shown or displayed on a case-by-case basis on the pages of the website which are set up for special on-request services, such as subscription to the newsletter or the submission of job applications, for example.
- When you visit or stay at our facility as a guest, or through other offline interactions with us if you are seeking information on a visit or stay at our facility.
Information voluntarily provided by the user
When you interact with us through the Services, we may collect personal information from you as described below.
a. Information collected
We collect the personal information which you knowingly choose to send in order to take advantage of certain functions of the online Services, or to participate in certain activities, such as the information which you knowingly provide when you contact us by using the "Contact Us" page of the Website. For example, if you are seeking information about a reservation on the Website, you may provide us with such information as your name, address, telephone number and email address. We collect the information which you knowingly provide if you respond to a survey, a competition, or a promotional offer. If you make a reservation by telephone, or communicate with us via email, fax or online chat services, we shall collect the personal information which you knowingly provide.
b. If you stay at our facility
If you are a guest at our facility, we shall collect information when you purchase goods and services there, for example if you eat in a restaurant or take advantage of childcare or Spa services. We may collect images and video and audio data through security cameras located in public areas, such as the halls. If you take part in an event, we may collect information regarding your participation in the event.
The Data Controller for the personal data is Monteverdi Residence Club LLC and the affiliated company Monteverdi s.r.l. Any other companies which may view the data have been nominated as Data Processors, as described in the Privacy document. The video-surveillance system has been installed for reasons of workplace safety and the protection of company assets. The images are stored for a maximum period of 24 hours, unless requested by the Judicial Authority. Data Subjects can request their data or the cancellation of the same at any time by writing to our Data Protection Officer (DPO) at the email address email@example.com
c. Information and choices collected passively
Moreover, while you are browsing the Website or using the social media pages, some personal information may be collected passively, i.e. it is collected without your having actively provided it. The types of information which are collected passively, as well as the techniques used to collect them and how we may use these types of information, are set out below.
- IP addresses: an IP address is a unique identifier which some electronic devices use for identification and communication on the Internet. When you visit our Website, we can see the IP address of the device you are using to connect to the Internet. We use this information to determine the general physical location of the device and to learn which geographic regions visitors to our website are coming from. We may also use this information to improve our website.
- Through your browser: some information is collected by most browsers, such as your Media Access Control (MAC) address, the type of computer and type of operating system, the screen resolution of that version, and the type and version of your Internet browser. Just like IP addresses, we can use this information to improve our website and the user experience.
- Use of monitoring tools: the Website may use pixel tags, web beacons, clear GIFs, Flash shared objects, HTML5 local storage, HTML5 mini databases and other similar technologies, both in certain aspects of the Website and in emails in HTML format sent to you. These monitoring tools are used, among other purposes, to generate statistics on the use of the Website and track the activities of Website users and of email recipients.
- Interaction with social media pages: if you interact with our social media pages, we may collect your social media ID, your profile photo and other publicly available data.
Processing methods and duration
Pursuant to article 12 et seq. of the GDPR, we wish to inform you that the personal data provided by you shall be recorded, processed and stored in our electronic archives, as well as by the third parties with whom we collaborate, using tools and procedures which are suitable to guarantee the security and confidentiality of the data.
Purposes of processing the personal information collected through this website
Monteverdi Residence Club LLC and the affiliated company Monteverdi s.r.l., as the controllers of the personal data related to this website, respect the principles of lawfulness, fairness and transparency, as well as the protection of confidentiality.
In general, we use the information that you provide to us for the purpose for which it was provided. For example, if you subscribe to receive email notifications regarding our resort, we will contact you via email. If you provide us with information to seek details about a reservation, we will use that information in order to process your reservation. Moreover, we may use the personal information from or concerning you:
- To facilitate reservations and payments; to send administrative information, confirmations or messages prior to your arrival; to assist you with events and to provide you with information regarding the property;
- To complete the reservation and the stay, including taking payment, facilitating your preferences, providing you with the services and conveniences requested, and supporting you with customer service;
- To manage our contractual relationship with you, including by sending you a receipt via email when you make a reservation and after your stay;
- To send you offers tailored to your preferences, send you marketing communications and periodic customer satisfaction, market research or quality assurance surveys, and to personalise your experience on the Website by sending commercial communications and/or advertising material regarding products or services offered by the Controller via email, mail and/or SMS and/or telephone calls and newsletters. Exclusively in the case that you grant your specific consent by electronic means — either by filling out the Newsletter form on this website, or by agreeing to receive occasional marketing communications when booking your stay at our facility. If you are already a client of ours, we may send you marketing communications regarding products and services offered by the Controller similar to those you have already purchased, unless you expressly inform the Controller of your objection to this type of processing.
- To send you important information on our relationship with you or on the Services, any changes to our terms, conditions and policies, and other administrative information; and
- For our corporate purposes, such as data analysis, audits, record-keeping, the development of new products or services, strengthening and improving our Services, identifying trends in the use of our Website, and exercising and defending our legal rights, as well as other purposes required by applicable legislation.
We may use any information which does not personally identify you, your computer or your device for any purpose.
Communication and disclosure of data
The Data Controller shall not widely disseminate your data, i.e. it shall not allow unknown parties to have knowledge of them by consultation or otherwise making them available.
In the event that it may become necessary to communicate your personal data to third parties (to offer you an additional service, or to fulfil tax obligations or comply with a legal obligation), the company shall ensure that the third parties in question also act in accordance with the GDPR Regulation in handling the processing of your data.
You can receive the up-to-date list of external Data Processors by contacting us through the channels listed at the bottom of this policy.
- Personal information may be shared by Monteverdi Residence Club LLC with its affiliate company which manages the resort in Italy, Monteverdi s.r.l., for the purposes described in this policy;
- With the companies or people that we employ to provide us with services, such as the processing of reservations for us and website hosting services;
- With a third party in the event of the reorganisation, merger, sale, joint venture, divestiture, transfer, or any other disposal of our business, our assets or our shares, in whole or in part (including in relation to a state of bankruptcy or similar proceedings).
Moreover, we use and disclose the Personal Information collected through the Website as we deem it necessary or appropriate: (i) based on applicable law, including laws outside of your country of residence; (ii) to comply with legal proceedings; (iii) to respond to requests from public and government authorities, including public and government authorities outside of your country of residence; (iv) to enforce our terms and conditions; (v) to protect our operations or those of any of our affiliate companies; (vi) to protect our rights, privacy, security or property and/or those of our affiliates, of users or of other parties; and (vii) to allow us to pursue the available remedies or limit the damages that we may incur.
Obligatory or optional provision of consent
It is only obligatory to provide those data which are necessary for the proper functioning of this website. In relation to the other purposes, the user has the power to deny consent. However, we must inform you that failure to grant consent may impair your browsing experience, making it impossible for us to provide certain services.
If you encounter any problems of a technical nature related to the provision of consent, we invite you to contact us through the special channels set out on this website in order to allow us to assist you.
- Track how you use the Website, how you arrived at the Website, and what you do after leaving the Website; and
- Show you advertisements pertinent to your interests, taking into account your use of the Website and of the other websites and online services that you use. Remember that these advertisements may be displayed to the user on the Website and on third-party applications and websites. This is called "interest-based advertising" or "online behavioral advertising". To learn more about interest-based advertising, you can visit:
If you wish to opt out of interest-based advertising, you can use some or all of the following methods:
- Visit http://www.aboutads.info/choices (for advertising on the web) and http://www.aboutads.info/appchoices (for mobile advertising); and
- For advertising on mobile devices, disable using the settings in your telephone’s operating system (for instructions on how to "Limit Ad Tracking" on iOS, visit this Apple support document; for instructions on how to disable interest-based ads on Android, please check these instructions).
The simplest way to interrupt the collection of your personal data is to stop using the website.
Connecting to third-party websites
Where the information is processed
Monteverdi Residence Club LLC has its offices in the United States, and our affiliate, Monteverdi s.r.l., has its offices in Italy. Regardless of where you are located, you consent to the processing and transfer of your personal data in the United States and in Italy. The laws which govern the protection of data in the United States may not be as complete or offer as much protection as the laws in the country where you live. The data are processed mainly at the offices of the Data Controller, and occasionally at the premises of the third parties with which it collaborates.
Monteverdi Residence Club LLC shall ensure that, in the cases where the need to provide certain services means that processing must be shared with third parties, the processing is carried out in accordance with European Regulation 679/2016 (GDPR). You can receive the up-to-date list of our external collaborators by contacting us through the channels listed at the bottom of this policy.
Monteverdi shall adopt reasonable measures to protect the information collected and provided through the Services from loss, improper use, and unauthorised access, disclosure, alteration or destruction. However, you should bear in mind that no transmission over the Internet is ever completely secure. Moreover, Monteverdi makes all reasonable efforts to ensure that the Services are generally available. Nonetheless, there may be times when access to the Services is interrupted or unavailable. Monteverdi shall make every reasonable effort to reduce such interruptions to a minimum, where this is within its reasonable control. You hereby accept that Monteverdi shall have no responsibility towards you for any change, suspension or interruption to the Services.
Legal basis for the processing of personal information and the rights of data subjects
The laws of certain countries require us to give you information on the legal reasons on the basis of which we collect, use, disclose and otherwise process your personal information. To the extent that these laws apply, our legal bases for the processing of personal information are:
- To enter into and carry out a contract with you: we may process personal information in order to comply with our contractual obligations towards you, or to take steps in anticipation of entering into a contract. For example, we process your personal information in order to handle any reservations made using the Services.
- To fulfill a legal obligation: we need to use and disclose the personal information in certain ways in order to fulfill our legal obligations.
- For our legitimate interests, provided that your fundamental rights and freedoms do not override these interests: in many cases, we manage the personal information in order to advance our legitimate business. This includes:
- Providing a safe user experience on our online Services;
- Providing the requested Services;
- Customer service;
- Personalising the Services based on your preferences;
- Sending you communications with the information that you have told us is important to you;
- Protecting the users, our workers, and our property;
- Analyzing and improving our operations (e.g. optimizing the design and functioning of our online Services); and
- Managing legal issues.
- With your consent: where permitted by law, we process personal information on the basis of your implicit or express consent.
You, as the user browsing on this website, have the power to exercise the rights granted to you by articles 15 et seq. of the GDPR at any time. These rights may be exercised subject to the ascertainment of the identity of the Data Subject by displaying a copy of an identity document, which will not be retained by the Data Controller but merely checked in order to verify the legitimacy of the request.
- The Data Subject has the right to access his/her personal data (art. 15);
- The Data Subject has the right to the erasure of the data, even partially (art.17);
- The Data Subject has the right to the restriction of processing, to the rectification of data, and to object to processing (art.18);
- The Data Subject has the right to data portability, i.e. the right to transmit his/her data to another controller without hindrance (art. 20);
- The Data Subject has the right to have the erasure, restriction or rectification of his/her personal data communicated to all recipients to whom they have been disclosed, unless this proves impossible or involves disproportionate effort (art.19);
- The Data Subject has the right to lodge a complaint with the competent “Data Protection Authority”.
To exercise the rights listed above, you can contact our Data Protection Officer (DPO) at firstname.lastname@example.org , you will receive a response within 30 days of receiving a formal request.
Special statement on minors
No person below the age of 18 years may send information to this Website without the prior consent of his/her parents or guardians; nor may they make any purchases or enter into legal deeds on this website without the aforementioned consent, unless this is permitted by the legislation in force.
Data Controller and Privacy Contact Person
Any updates shall always be published on this page.
Address: 201 East Fifth Street, 1730 PNC Center, Cincinnati, OH 45202
Address: Via di Mezzo, Castiglioncello del Trinoro, 53047 Sarteano (SI)
Telephone: +39 0578268146
Email address: email@example.com