Privacy policy

This page describes the methods used to manage the website in connection with the processing of personal data of the users who visit it.

Pursuant to of the "Code on the protection of personal data".

Data Controller, Data Supervisor and place of the processing

The data controller and supervisor is IL PALAZZO S.R.L. with head office in Via Gracco del Secco 14, 53034 Colle di Val d'Elsa (SI) - P.I. 01343600522 - C.F. 01343600522 - Email: , which ensures compliance with regulations on the subject of personal data protection.

Purposes of the data processing

The personal data voluntarily provided by the users who visit the website shall be processed for the following purposes:

Details of processed data

Navigation data / utilisation

The IT systems and software procedures that control the functioning of this website acquire, during the course of their standard operation, some personal data the transmission of which is implicit in the use of Internet communication protocols.

This information is not collected for the purpose of being associated with identified subjects, but due to its own nature, it may make it possible to identify users through processing and associations with data held by third parties.

This category of data includes IP addresses or domain names of the computers used by the users who connect to the website, URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the answer given by the server (success, failure, etc.) and other parameters pertaining to the user's operating system and IT environment.

This data is used for the sole purpose of obtaining anonymous statistical information on the use of the website and to verify its proper functioning. The data could be used to ascertain responsibility in case of alleged IT crimes to the detriment of the website.

Data voluntarily provided by the data subject

The optional, explicit and voluntary sending of e-mail messages to the addresses specified on this website entails the subsequent acquisition of the sender's address, which is necessary to reply to the inquiries, as well as any other personal information that may be included in the message.


See .

Personal data processed for access to the website services

Data processing methods

Data shall be processed either manually or with the use of IT and telematic means, by way of regular or electronic mail. The data shall be stored in paper files or on electronic media for the time that is strictly necessary for the purpose of achieving the aims for which it was collected.

Specific safety measures are adopted to prevent data loss, illegal or incorrect data use or unauthorised access.

Aside from what specified for navigation data, the data subject is free to provide the personal data requested by the various services available on the website. Failure to provide said data may make it impossible for the data subject to obtain that which was requested.

The data subject is entitled, at any time, to object to the processing or to request the cancellation, modification or update of all personal information in our possession, by sending an e-mail to the following address:

Changes to this Privacy Policy

The Data Controller reserves itself the right to make changes to this privacy policy at any time, notifying the users accordingly on this page. Hence, users are kindly invited to periodically visit this page, taking as reference the date of the last revision indicated at the bottom. Should you not wish to accept any changes that may be made to this privacy policy, you may request the Data Controller to delete your personal data. Unless specified otherwise, the previous privacy policy shall continue to apply to the personal data collected up to that point.

Rights of data subjects

Italian Legislative Decree no. 196 dated 30th June 2003 - Title II: Data subject's rights

1. The data subject is entitled to obtain confirmation as to whether or not personal data relating to them is held, even if it has yet to be recorded, and notification of the same data in an intelligible form.

2. The data subject is entitled to obtain information about:

  1. the origin of the personal data;
  2. the processing purposes and methods;
  3. the logic applied in case the processing is carried out using electronic tools;
  4. the identification details of the Data Controller, of the Supervisors and of the designated representative pursuant to article 5, paragraph 2;
  5. the subjects or categories of subjects to whom the personal data may be disclosed or who may become privy to it in their capacity as designated representative in the territory of the country, as data supervisors or people in charge of the processing.

3. The data subject is entitled to obtain:

  1. the updating, correction or, when it is in their interest, the addition of data;
  2. the deletion, the transformation into anonymous form or the freezing of data handled in breach of the law, including data which are not required to be stored in connection with the purposes for which it was collected or subsequently processed;
  3. the confirmation that the operations referred to in letters a) and b) have been brought to the knowledge, including as regards their content, of those to whom the data has been communicated or disclosed, unless such fulfilment proves to be impossible or entails resources that are clearly disproportionate to the right being protected.

4. The data subject is entitled to object, in full or in part:

  1. to the processing of personal data that concerns them, even if consistent with the purpose of the collection, for legitimate reasons;
  2. to the processing of personal data that concerns them for the transmission of advertising or direct sales materials or for the conduction of market research or sales communications.

Art. 8. Exercise of rights

1. The rights referred to in Article 7 can be exercised by submitting an informal request to the Data Controller or Supervisor, including through an appointed person, which is given an adequate response without delay.

2. The rights referred to in Article 7 may not be exercised through a request to the Data Controller or Supervisor or through an appeal under Article 145, if the processing of personal data is carried out:

  1. pursuant to provisions of Italian Law Decree no. 143 dated 3rd May 1991, converted, with amendments, by Italian Law no. 197 dated July 1991, as subsequently amended, concerning money laundering;
  2. under the provisions of Italian Law Decree no. 419 dated 31st December 1991, converted, with amendments, by Italian Law no. 172 dated 18th February 1992, as subsequently amended, concerning support for victims of extortion;
  3. by parliamentary Inquiry Committees set up under Article 82 of the Italian Constitution;
  4. by a public entity, other than economic public corporations, under an express provision of law, exclusively for purposes related to monetary and currency policy, payment system, control of brokers and of credit and financial markets, as well as for the protection of their stability;
  5. under Article 24, paragraph 1, letter f), for the period during which it may be actually and tangibly prejudicial to performance of the investigations by a defence counsel or to the exercise of the right in a court of law;
  6. by providers of publicly available electronic communication services about incoming phone calls, unless this may be actually and tangibly prejudicial to performance of the investigations by defence counsel as per Italian Law no. 397 dated 7th December 2000;
  7. for reasons of justice, at judicial authorities at all levels or at the Council of the Judiciary or at other self-regulatory bodies or at the Italian Ministry of Justice;
  8. pursuant to article 53, without prejudice to the provisions of Italian Law No. 121 dated 1st April 1981.

3. The Italian Data Protection Authority, including as a result of a report by the data subject, in the cases referred to in paragraph 2, letters a), b), d), e) and f), shall take action according to the methods provided for in Articles 157, 158 and 159 and, in the cases referred to in c), g) and h) of the same paragraph, shall take action according to the manner provided for in Article 160.

4. The exercise of rights under Article 7, when not pertaining to objective data, can take place unless it concerns rectifications of or additions to personal evaluation data, relating to judgments, opinions or other assessments of a subjective type, as well as the indication of the type of conduct to be held or of decision-making activities by the Data Controller.

Art. 9. Methods for exercising the rights

1. The request may be sent to the Data Controller or Supervisor by way of registered letter, fax or e-mail. The Italian Data Protection Authority may specify other suitable methods with regard to new technological solutions. When it concerns the exercise of rights referred to in Article 7, paragraphs 1 and 2, the request may also be made verbally and, in that case, briefly noted down by the person in charge or data supervisor.

2. When exercising the rights referred to in Article 7, the data subject may grant, in writing, power of attorney or proxy to individuals, institutions, associations or organizations. The data subject may also be assisted by a person of trust.

3. The rights referred to in Article 7 relating to personal data of deceased persons may be exercised by those who have an interest, or act to protect the data subject or for family reasons deserving protection.

4. The data subject's identity shall be verified on the basis of suitable evaluation elements, including by means of available records or documents or by producing or attaching a copy of an identification card. The person who acts on behalf of the data subject exhibits or attaches a copy of the power of attorney or of the proxy, signed in the presence of an appointed person or signed and submitted with a photocopy of an identity document of the data subject. If the latter is a legal person, entity or association, the request is filed by a natural person authorised by their respective statutes or regulations.

5. The request referred to in Article 7, paragraphs 1 and 2, is made freely and without obligation, and may be renewed, unless there are justifiable reasons, at least every ninety days.

Art. 10. Reply to the data subject

1. To ensure the effective exercise of the rights referred to in Article 7, the Data Controller is required to take appropriate measures aimed, in particular, at:

  1. facilitating access to personal data by the data subject, including through the use of ad hoc computer programs that allow accurate selection of data concerning single identified or identifiable data subjects;
  2. simplifying the methods and reducing the reply time to inquiries, including within offices or services responsible for public relations.

2. The data is extracted by the Data Supervisor or persons in charge, and can be verbally communicated to the data subject, or displayed by electronic means, provided that in such cases the data is easily understandable, also considering the quality and quantity of information. If so requested, the data is transferred on paper or entered in a computer system, or else transmitted via telematic means.

3. Unless the request is related to a particular processing or to specific personal data or categories of personal data, the reply sent to the data subject shall include all the personal data concerning the latter in any event processed by the Data Controller. If the request is made to an operator of the health profession or a medical body, the provision set forth in Article 84, paragraph 1 is complied with.

4. Should the data extraction be particularly difficult, the reply to the request of the data subject may also consist in producing or delivering copies of records and documents containing the requested personal data.

5. The right to obtain data communication in intelligible form does not apply to personal data pertaining to third parties, unless the breaking down of the processed data or the failure to obtain certain elements make the personal data relating to the data subject incomprehensible.

6. Data shall be communicated in intelligible form also by using legible handwriting. In case of communication of codes or abbreviations, the criteria needed for understanding their meaning are also made available, including through the persons in charge.

7. Where, following a request under Article 7, paragraphs 1 and 2, letters a), b) and c), the existence of data regarding the data subject cannot be confirmed, a fee may be charged which shall not exceed the cost actually incurred for the research done in the specific case.

8. In any event, the fee referred to in paragraph 7 may not exceed the amount determined by the Italian Data Protection Authority through a measure of a general nature, which may determine it to be a lump sum in connection with the case where the data is processed using electronic means and the reply is provided verbally. Through the same measure, the Italian Data Protection Authority may provide for the fee to be charged if the personal information is contained on special media the reproduction of which is specifically requested, or when, at one or more Data Controllers, considerable effort would be required in relation to the complexity or size of the requests and the existence of data that concerns the data subject is confirmed.

9. The fee referred to in paragraphs 7 and 8 may also be paid by postal or bank transfer, or by debit or credit card, if possible upon receiving the relevant reply and, in any event, within fifteen days of said reply.