Privacy Policy

Last updated on 05/15/2024

This Privacy Policy relates to thewebsite https://www.torinoloft.com/ (hereinafter, the “Site“) and does not cover other websites that may be accessed through links to external sites/pages. It is intended as a disclosure made pursuant to the European Data Protection Regulation (hereinafter “GDPR“) and Italian industry regulations (hereafter, collectively, one and the other, the “Applicable Legislation”) to those who interact with the Site (hereinafter “Users” or even just in the singular “User“), consulting the relevant pages.

Regarding cookies, please refer to the Cookie Policy, to be understood as an integral part of this Privacy Policy.

  1. DATA CONTROLLER AND CONTACT DETAILS

The Data Controller is Immobiliare*Real Piemonte S.r.l. with registered office at Corso Vittorio Emanuele II, no. 52 – 10123 Turin (TO), C.F./P.IVA 00506410018, REA No. TO-454161, hereinafter also “Data Controller” or just “DataController“.

For any clarification, information, exercise of the rights listed in this Privacy Policy, you can contact the Data Controller at the following numbers: +39 3517517527, e-mail: info@torinoloft.com, PEC: 00506410018.torino@pec.ance.it .

  1. PERSONAL DATA BEING PROCESSED

The personal data processed through the Site are as follows.

  1. Navigation data

The computer systems responsible for the operation of the Site acquire, in the course of their normal operation, some personal data in aggregate and not immediately identifiable form, the transmission of which is implicit in the use of Internet communication protocols. This is information that is not collected in order to be associated with identified data subjects, but by its very nature could allow Users to be identified through processing and association with data held by third parties. This technical/informational data is used solely for the purpose of obtaining statistical information in an anonymous or aggregate form on the use of the Site, monitoring the proper functioning of the services offered through the Site, and identifying anomalies and/or abuses. Such information is deleted immediately after being processed.

  1. Data voluntarily provided by the user

Through the Site, the User may voluntarily provide personal data such as:

  • personal data provided by the User (for example: first name, last name, e-mail address and any additional data entered within the message) by filling out the form in the “Contact” section of the Site;

The Data Controller will process the User’s data in compliance with the Applicable Regulations, assuming that they relate to the User himself or to third parties who have expressly authorized him to confer them or whose personal data the User was otherwise entitled to confer. With respect to such assumptions, the User agrees to indemnify and hold the Data Controller harmless from any dispute, claim, or demand for damages from the processing of personal data that may be received from such third parties.

  1. Cookies and other tracking tools

Regarding the types of cookies loaded on the Site, please refer to the Cookie Policy.

  1. PURPOSE AND LEGAL BASIS OF PROCESSING

The data acquired will be processed for the purposes and on the basis of the following legal bases.

PURPOSE

LEGAL BASIS.

a.

Provide feedback to any requests for information/clarifications submitted using the form available on the Site.

Processing is necessary for the performance of pre-contractual measures taken at the request of the User and/or a contract to which the data subject is a party [Art. 6(1)(b) of the GDPR].

b.

To fulfill the legal obligations to which the Controller is bound, including responding to any requests to exercise the User’s rights as a data subject under the Applicable Legislation.

The processing is necessary to comply with a legal obligation to which the Data Controller is subject [Art. 6(1)(c) of the GDPR].

e.

Check for fraudulent or illegal uses of the Site and ensure its security and functionality in the interests of Users and the Owner.

The legitimate interest of the Owner and the Users themselves in preventing or detecting any fraudulent or otherwise unlawful use of the Site [Art. 6(1)(f) of the GDPR].

f.

Perform statistical research/analysis on aggregate or anonymous data, without, therefore, being able to identify the User and measure traffic and evaluate the use of the Site and the interest shown by Users.

The legitimate interest of the Owner to verify the usability and desirability of the Site [Art. 6(1)(f) of the GDPR].

g.

Ascertain, exercise or defend legal claims in court or whenever judicial authorities act in that capacity.

Legitimate interest in establishing, exercising or defending a right in court or whenever judicial authorities exercise their functions [Art. 6(1)(f) GDPR].

  1. NATURE OF PROVIDING PERSONAL DATA

The provision of data by the User is optional. Nevertheless, failure to provide them, in whole or in part, may result in the impossibility of providing the requested service and/or responding to any requests for information/clarification or requests to exercise the User’s rights as a data subject.

  1. MODALITIES OF PERSONAL DATA PROCESSING

Data are processed by manual and/or computerized means, in each case in a manner suitable to ensure their security and confidentiality. To this end, the Data Controller has adopted and implements security measures, both technical and organizational, appropriate to the level of risk related to the processing performed.

Specifically, Site functionality is delivered over an HTTPS encrypted connection, and personal data is collected, stored and maintained on secure, firewall-protected servers physically located within the European Union.

  1. RECIPIENTS OF PERSONAL DATA

The processing is carried out by the Owner’s staff specifically authorized by reason of their respective duties, as well as by the Data Processors specifically identified in writing, within the scope of their respective functions and in accordance with the instructions given by the Owner, ensuring the use of suitable measures for the security of the data processed and guaranteeing their confidentiality, for example, companies, consultants or professionals who may be in charge of the installation, maintenance, updating of the Site and, more generally, of the management of the Data Controller’s hardware and software, includinghosting provider and cloud computing service providers. The full list of Data Processors is available upon request.

In addition, the Data may be disclosed to the following categories of recipients:

  • subjects, entities or Public Authorities to which, as autonomous data controllers, it is obligatory to communicate your personal data by virtue of legal provisions or orders of the authorities or to prevent and/or ascertain any fraudulent activities or abuse in the use of the Site and the services offered by the Data Controller;
  • companies among lawyers, associated firms, consultants or professionals (e.g., legal, administrative and/or tax consultancy firms) that may be appointed to support the Data Controller in the proper fulfillment of legal obligations to which he is bound and/or in the establishment, exercise or defense of a right in judicial or extrajudicial proceedings or whenever judicial or administrative authorities exercise their functions.
  1. TRANSFERS TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS

The Owner’shosting provider ‘s servers are located within the European Economic Area (so-called S.E.E.). Therefore, the User’s personal data will not be transferred to third countries or international organizations.

  1. PERIOD OF RETENTION OF PERSONAL DATA

Personal data of the User or provided by the User will be retained for a period not exceeding that necessary for the pursuit of the purposes stated above and for which they are processed.

Specifically:

  • data processed for the purpose of responding to requests for information/clarifications will be retained up to a maximum period of six months from the receipt of the last request for information/clarification received by the Owner and referable to the same User. In the event that, as a result of the requests for information/clarifications, a contract is entered into, the data retention period will be ten years from the conclusion of the contract so as to enable the Data Controller to demonstrate the proper fulfillment of the contractual obligations;
  • the data processed to fulfill legal obligations will be retained for the period of time necessary for compliance and compliance with the minimum retention periods provided for by the law in force from time to time or, in the absence of legislative provision, for the period of time necessary to demonstrate compliance;
  • processed data necessary for the pursuit of a legitimate interest of the Data Controller and/or third parties will be retained until the satisfaction of that interest and, in any case, at most, for the time stipulated by law for the exhaustion of the time limits for the admissibility of appeals or for the additional time necessary to give or receive execution of the orders of the judicial or administrative authorities and/or arbitration awards and/or decisions made/agreements reached out of court.
  1. RIGHTS OF THE DATA SUBJECT

The User and/or the third party on whose behalf the User has provided the data has the right to:

  • To obtain confirmation as to whether or not personal data concerning him or her are being processed and, if so, to obtain access to them and to a range of relevant information, including but not limited to: (a) to the purposes of processing; (b) to the categories of personal data covered by it; (c) to the individuals or categories of individuals to whom the personal data have been or will be disclosed; (d) the data retention period or, if this is not possible, the criteria used to determine this period; (e) to the origin of personal data, if they have not been provided by the User himself;
  • request and obtain the updating of data, the correction of inaccurate data or, when interested, the supplementation of incomplete data;
  • Request and obtain the deletion of data if: (a) the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) if the User objects to the processing carried out on the basis of a legitimate interest of the Data Controller and there is no overriding legitimate reason to continue the processing; (c) the data have been processed unlawfully; (e) the data must be deleted by the Data Controller in fulfillment of a legal obligation;
  • Request and obtain restriction of processing in the case of: (a) challenge the accuracy of the data for as long as it takes the Controller to make the required verifications; b) unlawful processing of data by the Data Controller, if the User objects to the deletion of the data and instead requests the restriction of its use; (c) establishment, exercise, or defense of a User’s right in court, although the Controller no longer needs it for the purpose of processing; (d) awaiting the outcome of the verification as to whether the legitimate motives of the Data Controller prevail over those of the data subject;
  • in cases where the processing is based on a contract and is carried out by automated means, to request and receive in a structured, commonly used and machine-readable format the data concerning him or her and, if technically feasible, to obtain direct transmission by the Controller to another controller;
  • oppose, in whole or in part, for legitimate reasons related to the User’s particular situation, the processing of data concerning him/her, even if relevant to the purpose of collection;
  • where processing is based on the User’s consent, revoke consent at any time without prejudice to the lawfulness of processing based on consent prior to revocation;
  • Propose a complaint to the Data Protection Authority pursuant to Art. 77 of the GDPR and articles 140-bis et seq. of the Italian Privacy Code, if it believes that its rights under the Applicable Regulations have been violated.

The Controller will notify each of the recipients to whom the personal data have been transmitted of any rectification or deletion or restriction of processing carried out, except where this proves impossible or involves disproportionate effort.

  1. WAYS OF EXERCISING THE RIGHTS OF THE DATA SUBJECT

As a data subject, the User may exercise the above rights at any time by contacting the Data Controller at the above contact details.

To file a complaint with the Data Protection Authority, one may use the forms made available on the relevant website.

  1. PRIVACY POLICY UPDATE

This Privacy Policy may be amended and/or supplemented and/or updated, including as a consequence of updates to Applicable Law. In this case, the Data Controller will inform the User of any changes and/or additions and/or updates that have affected this Privacy Policy by means of publication on the Site.