Privacy Policy
Protecting your privacy
Introduction
This privacy notice describes how Casa Nova SRL (“We”) collect and use the personal information of our customers and prospective customers in accordance with the General Data Protection Regulation (GDPR) and other relevant legislation.
To market and provide our services we need to gather data. We want to be transparent about why we need the personal details we request when you engage with us and how we will use them.
We will protect the privacy and security of your personal information and will always take commercially reasonable and appropriate security measures within our power to keep your information safe.
Please read this policy carefully, along with our Terms and Conditions and any other documents referred to within this notice to understand how we collect, why we use, and how we store your personal information.
By providing us with your personal information, you consent to the collection and use of any information you provide in accordance with this privacy policy.
We comply with the principles of data protection law. This says that the personal information we hold about you must be:
1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
3. Relevant to the purposes we have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told you about.
6. Kept securely.
For the purpose of the General Data Protection Regulations (GDPR) the data controller is Casa Nova SRL, whose registered address is Via A. Panerai, 55, 52037 Sansepolcro (AR), Italia. As we use online services (such as, for example, Facebook, Twitter, Google Mail, Google Apps and various holiday rental websites), the providers of those services may process data on our behalf in order to enable us to communicate with you or fulfil your orders or rental bookings.
What personal data we may collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are "special categories" of more sensitive personal data which require a higher level of protection.
We collect information every time you interact with us. The information we may collect from these interactions may include, but is not limited to:
Legal basis we rely on to collect information
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
1.To fulfil a service: We use your information to execute contracts or services that you have entered into. This includes communications relating to your order, deliveries and payments via phone, email and SMS (for example to let you know if a delivery is delayed or payment has failed). In order to process and fulfil your order, we may need to share your information with others (eg supplying delivery address to couriers and supplying payment information to payment processors in order to collect payment).
2.When you consent: We may use your personal information and order history to tell you about relevant products, events, competitions and news. For example, when you sign up to a newsletter or tell us you want to hear from us by completing your preferences. You can ask us to stop sending you marketing messages by contacting us at any time. If you change your mind you can update your choices at any time by contacting us.
3.If we have legitimate interest: The GDPR defines legitimate interest as a reasonable business or commercial interest for processing your personal information. For example, sending a direct mail if there is a change of booking such that a rental period you enquired about becomes available or when a plant you expressed an interest in becomes available.
How we use your information
If you wish to change how we use your data, you’ll find details in the “What are my rights?” section below. Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.
Note that if you purchase a gift for someone from us, we will need their personal details (for example name and address) in order to process the order and delivery. However, we will never contact them for any other purpose other than to process your gift.
Who we share your information with
Sometimes we may share your data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so. We do so on one of the legal bases defined above (service, legitimate interest and consent). We only provide third parties with the information they need to perform the exact services we receive from them and we do not sell your data to third parties. Where the third party is providing a service to us, we check their policies to ensure that your privacy is respected and protected at all times. If at any time we stop using third party services, any information held by them will either be deleted or rendered anonymous.
An additional basis of “legal compliance” applies here. For example, we may come under a duty to pass on information to law enforcement agencies, if we become aware of people involved in fraud, non-payment or other criminal activity.
We may also be legally bound to share your data in the future with a third party if Casa Nova SRL is subject to sale or asset transfer.
Where we keep your information
We take reasonable steps necessary to ensure that your data is treated securely and in accordance with this privacy policy. We take commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach if we are legally required to do so.
The data that we collect from you is stored either within the European Economic Area ("EEA") or on servers that we rent from Rackspace US Inc, who have mechanisms in place for compliance with the GDPR pursuant to the EU-U.S. Privacy Shield (https://www.rackspace.com/gdpr). Where we share your data with third parties, as described above, that information may be held by the third party outside of the EU. You should refer to the privacy policy of the relevant third parties for more information as to the safeguards they provide (for example by following the links in this document).
All information you provide to us is stored on secure servers, except payment card information. To maintain the highest level of security, we never store or have visibility of your card details.
Where we have given you (or where you have chosen) a password which enables you to access your account with us, you are responsible for keeping this password confidential. Do not share your password with anyone and change it regularly. We recommend changing your password at least every three months.
From time to time, our website may contain links to third party websites. If you follow a link to any of these websites, please note that they will have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
How long we store your data for
We will hold your personal information on our systems for as long as is necessary for the processing of our contractual obligations with you or as long as you give us consent to do so.
Since customers book or order with us at varied intervals, sometimes returning after a number of years, it is in our legitimate interest to store your data for a period of no longer than 5 years after your last booking or order or communication from you to us. During this time, we will continue communicating with you as outlined by this policy unless you actively close your account or change your preferences. At 5 years after your last order, we may email you to check if you’d like to leave your account open and continue hearing from us and we will otherwise close your account, remove you from our mailing list, any personal identifiable information held by us will be deleted, and your purchase history rendered anonymous.
Your rights
Changes to this policy
This policy applies with effect from 25 May 2018.
Any changes we may make to our privacy policy in the future will be posted on this page. Please check back if you wish to see any subsequent updates or changes to our privacy policy.
Questions or complaints
If you have any questions that haven’t been covered, please contact us (person responsible for data compliance: Patricia Robertson):
Email info@casanovaumbria.eu
Call 0039-3389974107
Casa Nova SRL, via A Panerai, 55, 52037 Sansepolcro (AR), Italia
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) (IDPA): http://www.garanteprivacy.it