Policy Privacy

Pursuant to Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (hereinafter “GDPR”), the company FONDAZIONE SORRENTO hereby informs you of the following:

A) Purposes of Data Processing and Legal Basis

A1) Acquisition and processing of personal data to respond to any requests or to manage and fulfill orders and the informational flow requested by the user in the “contacts” section of the website www.fondazionesorrento.com;

A2) Collection of your personal data in order to potentially receive commercial–marketing communications relating to the promotion of local cultural activities consistent with the nature of events and exhibitions organized by the Data Controller;

A3) Compliance with obligations provided for by law, regulation, EU legislation, or by order of an Authority (such as, for instance, anti-money laundering regulations);

A4) Exercise of the Data Controller’s rights, e.g., the right of defense in court.

B) Nature of the Provision of Data

Your personal data subject to processing are collected directly by the Data Controller or by an expressly authorized party acting on its behalf.

The legal basis for the processing of data for the purposes referred to in A1) is established in Article 6(1)(f) of the GDPR – legitimate interest – and Article 6(1)(b) of the GDPR (processing necessary for the performance of a contract or pre-contractual measures), as the processing is necessary to carry out activities agreed upon on a contractual basis. Providing Personal Data for these purposes is optional; however, failure to provide them would make it impossible to initiate and/or proceed with the contractual/pre-contractual relationship.

The legal basis for the processing of data for the purposes referred to in A2) is Article 6(1)(a) of the GDPR, meaning your data can lawfully be processed only with your specific, separate, express, documented, prior, and entirely optional consent. With regard to these processing purposes for which your consent is requested, please note that denial of consent will not affect any assumed obligations and that consent can be withdrawn at any time.

The legal basis for processing your data for the purposes referred to in A3) and A4) is legitimate interest pursuant to Article 6(1)(c) of the GDPR (processing necessary for compliance with a legal obligation to which the Data Controller is subject) and does not require your consent.

C) Methods of Data Processing

Your data are processed lawfully and fairly, in compliance with Articles 5 and 6 of the GDPR, for the above-mentioned purposes and in accordance with the fundamental principles established by applicable legislation. The processing of personal data may take place through manual, computer, and telematic tools, always with the implementation of appropriate technical and organizational measures to ensure data security and confidentiality, especially in order to minimize the risk of destruction or loss (even accidental) of data, unauthorized access, or processing not permitted or not in line with the purposes of collection.

D) Categories of Data and Their Origin

The data processed are your email address, collected through your request to receive a newsletter in the relevant section of the website www.fondazionesorrento.com.

E) Scope of Communication

Within the limits of the processing purposes described, only duly authorized collaborators, who are part of the organizational structure of the Data Controller, may learn of the personal data in question.

Please note that your data may be disclosed to the following recipients:

  • Authorized internal staff who process the data to provide the service;

  • Suppliers and/or partners for the processing of all or part of the personal data, strictly to the extent necessary for carrying out their services.

F) Retention Period

In accordance with the “storage limitation” principle set forth in Article 5 of Regulation (EU) 679/2016 (GDPR), the personal data collected and processed for the purposes indicated above will be stored in accordance with deadlines set forth by law and, subsequently, for the time in which the Company is subject to retention obligations for purposes provided by laws or regulations. Periodic checks are carried out to assess the obsolescence of the stored data in relation to the purposes for which they were collected.

In any event, data will be stored for a maximum period of:

  • Marketing: 2 years

G) Profiling and Dissemination of Data

No, there is no profiling activity.

H) Rights of the Data Subject

As a data subject, you have the rights set out in Article 15 of the GDPR, specifically the following:

  1. To obtain confirmation as to whether or not personal data concerning you exist, even if not yet recorded, and their communication in intelligible form;

  2. To obtain information on:
    a) the origin of the personal data;
    b) the purposes and methods of the processing;
    c) the logic applied in the event of processing carried out with the aid of electronic tools;
    d) the identifying details of the Joint Controllers, the Data Processors, and the designated representative pursuant to Article 3(1) of the GDPR;
    e) the entities or categories of entities to whom the personal data may be communicated or who may learn about them as designated representatives in the State’s territory, processors, or persons authorized to process them;

  3. To obtain:
    a) the updating, rectification, or, where you have an interest, completion of the data;
    b) the erasure, anonymization, or blocking of data that are processed unlawfully, including those data which do not need to be retained in relation to the purposes for which they were collected or subsequently processed;
    c) a statement that the operations in points (a) and (b) have been brought to the attention of those to whom the data were communicated or disseminated, except where such compliance proves impossible or would involve a disproportionate effort compared with the right being protected;

  4. To object, in whole or in part:
    a) on legitimate grounds, to the processing of personal data that concerns you, even if it is relevant to the purpose of collection;
    b) to the processing of personal data concerning you for purposes of sending advertising or direct sales material or for carrying out market research or commercial communications, through the use of automated calling systems without an operator by email and/or traditional marketing methods via telephone and/or paper mail. It is noted that the data subject’s right to object, outlined above, extends to automated methods as well as traditional ones; the data subject nonetheless retains the possibility of exercising the right to object only in part. Therefore, the data subject may choose to receive communications by only traditional methods or only automated methods, or neither of the two types of communication.

  5. Right to rectification of your personal data, in the event they have changed and do not match those previously collected or communicated (Article 16).

  6. Right to erasure of data (“right to be forgotten” pursuant to Article 17). If one of the following conditions is met, FONDAZIONE SORRENTO will erase the data from every database or archive in which such data are stored:
    a) the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed;
    b) the data subject withdraws consent and where there is no other legal basis for the processing;
    c) the data subject objects to the processing pursuant to Article 21(1), and there is no overriding legitimate ground for the processing, or objects to the processing pursuant to Article 21(2);
    d) the personal data have been processed unlawfully;
    e) the personal data must be erased to comply with a legal obligation laid down by the law of the Union or Member State to which the Joint Controllers are subject;
    f) the personal data were collected in relation to the offer of information society services referred to in Article 8(1).

  7. Right to restriction of processing (Article 18). The data subject has the right to obtain from the Joint Controllers restriction of processing where one of the following applies:
    a) the data subject contests the accuracy of the personal data, for the period necessary for the Joint Controllers to verify the accuracy of such personal data;
    b) the processing is unlawful, and the data subject objects to the erasure of personal data and requests instead that its use be restricted;
    c) although the Joint Controllers no longer need the personal data for the purposes of the processing, they are required by the data subject for the establishment, exercise, or defense of legal claims;
    d) the data subject has objected to processing pursuant to Article 21(1), pending verification as to whether the legitimate grounds of the controller override those of the data subject.

  8. Right to object (Articles 21–22): The data subject has the right to object at any time, for reasons related to their particular situation, to the processing of personal data that concerns them pursuant to Article 6(1)(e) or (f), including profiling based on those provisions. FONDAZIONE SORRENTO does not subject data to decisions based solely on automated processing.

In addition, you have the right to lodge a complaint with a supervisory authority (the Data Protection Authority, headquartered in Rome, Piazza Venezia 11 – www.garanteprivacy.it).

I) Data Controller

The Data Controller is FONDAZIONE SORRENTO, with its registered office at Palazzo di Villa Fiorentino, Corso Italia, 80067 Sorrento (NA), VAT No. 05574541214. You may contact the Controller at the following email address: infopoint@fondazionesorrento.com.

Weddings at Villa Fiorentino:
a fairy-tale yes on the Sorrento Coast

The perfect venue for those who have always dreamed of a civil wedding in Sorrento, surrounded by a unique and unforgettable atmosphere.

Find out more >>>