1. Premessa
Ai sensi del Regolamento (UE) 2016/679 (di seguito "GDPR") e del D.Lgs. 196/2003 come modificato dal D.Lgs. 101/2018 (Codice in materia di protezione dei dati personali), il Titolare del trattamento desidera fornire all'utente (di seguito "Interessato") le seguenti informazioni in merito al trattamento dei propri dati personali raccolti tramite il presente portale e i suoi servizi correlati.
2. Titolare del trattamento
The Data Controller is:
- Company name: [TO BE COMPLETED]
- Registered office: [TO BE COMPLETED]
- VAT number / Fiscal Code: [TO BE COMPLETED]
- Email for privacy requests: [TO BE FILLED IN - e.g. privacy@nomeagenzia.it]
- PEC: [TO BE COMPLETED]
Any Data Protection Officer (DPO): [TO BE COMPLETED if appointed]
3. Tipologie di dati trattati
Tramite il portale possono essere raccolte le seguenti categorie di dati personali:
- Identification data: name, surname, tax code (if necessary for the stipulation of contracts).
- Contact data: email address, telephone number, residence or domicile address.
- Data relating to the property: in the event of a request for evaluation or sale, data relating to the property (address, characteristics, any cadastral and energy documentation).
- Preference data: type of property searched for, geographical area, budget, specific needs.
- Browsing data: IP address, session data, access log (see also section 9 - Cookies).
- Consent data: tracking of consents given to the processing (IP, date and time, content of consent) for audit purposes pursuant to art. 7 GDPR.
4. Purpose of processing and legal bases
The data is processed for the following purposes, each based on the relevant legal basis:
- Provision of the requested service (e.g. property evaluation, request for information on an advertisement, user area registration): execution of a contract or pre-contractual measures (art. 6.1.b GDPR).
- Compliance with legal obligations (tax, anti-money laundering, document retention): legal obligation (art. 6.1.c GDPR).
- Portal security and prevention of abuse (log analysis, protection from attacks): legitimate interest of the Data Controller (art. 6.1.f GDPR).
- Sending commercial and promotional communications (newsletter, new property alerts in line with saved searches): explicit consent (art. 6.1.a GDPR), revocable at any time.
- Aggregate statistical analysis of the use of the portal to improve its functionality: legitimate interest (art. 6.1.f GDPR), with prevalent use of anonymized data.
The provision of data is optional, but necessary for the purposes referred to in points 1, 2 and 3. Failure to provide it may make it impossible to provide the requested service. The data referred to in points 4 and 5 are optional and revocable at any time.
5. Treatment methods
The data processing takes place with IT and telematic tools, with logic strictly related to the purposes indicated, and with the adoption of adequate technical and organizational measures to guarantee the security, confidentiality and integrity of the data (art. 32 GDPR), including:
- cifratura in transito (HTTPS) per tutte le comunicazioni tra il browser dell'utente e il server;
- session cookies protected with
Secure,HttpOnlyandSameSite=Laxflags; - controllo degli accessi basato su ruoli (autenticazione, separazione dei compartimenti agenzia);
- backup periodici della base dati e dei file caricati;
- access log and change tracking for audit purposes.
6. Destinatari dei dati
I dati personali sono trattati dal personale interno del Titolare (agenti, amministratori, personale tecnico) opportunamente istruito. Possono inoltre essere comunicati ai seguenti soggetti, nominati Responsabili del trattamento ai sensi dell'art. 28 GDPR ove ricorra:
- fornitore del servizio di hosting e cloud (server VPS);
- fornitore del servizio di invio email transazionali;
- fornitori di servizi di monitoraggio errori applicativi (es. Sentry), nel rispetto dei criteri di anonimizzazione PII;
- portali immobiliari di pubblicazione annunci (es. Immobiliare.it, Idealista) limitatamente ai dati strettamente necessari alla pubblicazione;
- professionisti e consulenti (commercialisti, legali) per il rispetto degli obblighi di legge;
- judicial authorities and public administrations, where required by law.
No data is transferred outside the EU without the adoption of adequate guarantees provided for in Chapter V of the GDPR.
7. Conservazione dei dati
Personal data are stored for the time strictly necessary to pursue the purposes indicated, and in particular:
- data relating to concluded contracts: 10 years from the termination of the relationship, to fulfill civil and tax obligations;
- data relating to information requests not resulting in a contract: 24 months from the date of the last interaction;
- consent data and marketing logs: for the entire duration of the consent given and for a further 24 months following the revocation, for testing purposes pursuant to art. 7.1 GDPR;
- navigation data and application logs: 12 months, unless longer storage is needed for IT security purposes.
Al termine dei periodi indicati, i dati saranno cancellati o anonimizzati in modo irreversibile.
8. Diritti dell'interessato
In accordance with articles 15-22 of the GDPR, the interested party has the right to:
- Access to your data and obtain a copy (art. 15);
- Rectification of inaccurate or incomplete data (art. 16);
- Deletion of data in the cases provided for by the art. 17 ("right to be forgotten");
- Limitation of processing in the cases provided for by art. 18;
- Portability of data in a structured and machine-readable format (art. 20);
- Objection to processing for marketing purposes at any time (art. 21), or to processing based on legitimate interest;
- Revocation of consent at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation (art. 7.3);
- Complaint to the Guarantor for the protection of personal data (www.garanteprivacy.it) or other competent supervisory authority.
To exercise these rights, the interested party can write to the email address indicated in point 2. The response will be provided within the terms established by art. 12 GDPR (within one month, extendable by two months in complex cases).
9. Cookie
The portal uses technical cookies strictly necessary for the functioning of the service. For details of the cookies used, their purposes and management methods, please refer to the cookie information.
10. Modifiche all'informativa
The Owner reserves the right to update this information to reflect regulatory, organizational or technological changes. The interested party is invited to periodically consult this page; in case of substantial changes, adequate information will be given.