Privacy

Privacy Policy

Protecting your privacy

Introduction

This privacy notice describes how Casa Nova SRL (“We”) collect and use the personal information of our customers and prospective customers in accordance with the General Data Protection Regulation (GDPR) and other relevant legislation.

To market and provide our services we need to gather data. We want to be transparent about why we need the personal details we request when you engage with us and how we will use them.

We will protect the privacy and security of your personal information and will always take commercially reasonable and appropriate security measures within our power to keep your information safe.

Please read this policy carefully, along with our Terms and Conditions and any other documents referred to within this notice to understand how we collect, why we use, and how we store your personal information.

By providing us with your personal information, you consent to the collection and use of any information you provide in accordance with this privacy policy.

We comply with the principles of data protection law. This says that the personal information we hold about you must be:

1. Used lawfully, fairly and in a transparent way.

2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

3. Relevant to the purposes we have told you about and limited only to those purposes.

4. Accurate and kept up to date.

5. Kept only as long as necessary for the purposes we have told you about.

6. Kept securely.

For the purpose of the General Data Protection Regulations (GDPR) the data controller is Casa Nova SRL, whose registered address is Via A. Panerai, 55, 52037 Sansepolcro (AR), Italia. As we use online services (such as, for example, Facebook, Twitter, Google Mail, Google Apps and various holiday rental websites), the providers of those services may process data on our behalf in order to enable us to communicate with you or fulfil your orders or rental bookings.

What personal data we may collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). There are "special categories" of more sensitive personal data which require a higher level of protection.

We collect information every time you interact with us. The information we may collect from these interactions may include, but is not limited to:

How we collect information	Your possible interactions	Information we may collect
Information you give to us	By filling in forms on any of our websites By filling in forms at shows, events or when visiting our garden or staying at our rental properties By corresponding with us by phone, email, in person or otherwise By subscribing to our email list By placing orders on any of our websites By booking any of our rental properties By entering competitions, promotions or surveys By responding to one of our mailings By interacting with us on social media	Your name Your address Your email address Your telephone number Your payment information Details of products or services you have received from us or inquired about Details about our contact or correspondence with you Information about any inquiries or complaints you make to us Your login information, purchases and wishlist(iris website customers) Your passport number and date of birth (required for compliance with Italian law requiring notification of those staying in our rental properties)
Information we collect when you interact with our websites or social media feeds	We are not technological adepts ourselves, but we use a number of services provided by those who are (as, for example, Google Analytics, Wordpress and Ecwid). These may involve collecting data: When you visit any of our websites, social media sites or our blog When you search for products or services When you participate in social media functions (eg comment, share or review stories, products or blogs) When you report a problem with our site or app	Your Internet Protocol (IP) address Your browser type and version Your time zone setting Your browser plug-in types and version Your operating system and platform The pages you visit, for how long and the actions you perform Page response times Your browser cookies (these are used to collect information about how visitors use our website and WordPress blog. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited. Google’s own privacy policy can be reviewed here.)
Information we receive from other sources	ÂIf you consent to hear from us on other sites If we require information to execute a contract When you visit one of our properties we may collect CCTV footage which will be used for security purposes only Other publicly available information, such as directory listings	Your name Your address Your email address Your telephone number Your payment information Your login information (customers) CCTV footage

Legal basis we rely on to collect information

The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:

1.To fulfil a service: We use your information to execute contracts or services that you have entered into. This includes communications relating to your order, deliveries and payments via phone, email and SMS (for example to let you know if a delivery is delayed or payment has failed). In order to process and fulfil your order, we may need to share your information with others (eg supplying delivery address to couriers and supplying payment information to payment processors in order to collect payment).

2.When you consent: We may use your personal information and order history to tell you about relevant products, events, competitions and news. For example, when you sign up to a newsletter or tell us you want to hear from us by completing your preferences. You can ask us to stop sending you marketing messages by contacting us at any time. If you change your mind you can update your choices at any time by contacting us.

3.If we have legitimate interest: The GDPR defines legitimate interest as a reasonable business or commercial interest for processing your personal information. For example, sending a direct mail if there is a change of booking such that a rental period you enquired about becomes available or when a plant you expressed an interest in becomes available.

How we use your information

If you wish to change how we use your data, you’ll find details in the “What are my rights?” section below. Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.

What we use your data for	Legal basis
To process your orders and services requested from us	Service
To process your rental bookings	Service
To respond to your queries, complaints or refund requests	Service
To remind you of relevant deadlines (such as for rental payments that are due, or time by which the property needs to be vacated) or pass on information relevant to rental bookings (such as directions to the property)	Service
To let you know when you have an unconfirmed order in your basket.	Service
To let you know about changes to your order, availability or deliveries	Service
To let you know about changes to our service (eg delisting products)	Service
To keep a record of your relationship with us and your information up to date	Service
To process payments	Service
To comply with mandatory legal requirements (as for example registering the presence of rental guests with the Carabinieri)	Service
To tell you about our news, events, offers, new products or services, changes in availability or other information about our services we believe may interest you	Consent
To keep you informed about the work you are supporting by doing business with us	Consent
To exclude you from online advertising and avoid unnecessary spend on marketing	Legitimate interest
To develop and improve our systems (eg pages you visit, to investigate any problems you encounter with our site)	Legitimate interest
To send you requests for feedback via surveys to help improve our service	Legitimate interest
To build a picture of who our current customers are and what they like, to inform our business decisions (eg to identify popular products, or help us locate potential new customers)	Legitimate interest
To protect our website and our customers (eg to investigate phishing or fraudulent activity)	Legitimate interest
To ensure the content on our site or app is presented effectively for your device and is secure	Legitimate interest
To measure and understand advertising effectiveness through research and analysis	Legitimate interest
To automatically customise the contents of our website, emails or other channels based on the data we hold about you	Legitimate interest

Note that if you purchase a gift for someone from us, we will need their personal details (for example name and address) in order to process the order and delivery. However, we will never contact them for any other purpose other than to process your gift.

Who we share your information with

Sometimes we may share your data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so. We do so on one of the legal bases defined above (service, legitimate interest and consent). We only provide third parties with the information they need to perform the exact services we receive from them and we do not sell your data to third parties. Where the third party is providing a service to us, we check their policies to ensure that your privacy is respected and protected at all times. If at any time we stop using third party services, any information held by them will either be deleted or rendered anonymous.

An additional basis of “legal compliance” applies here. For example, we may come under a duty to pass on information to law enforcement agencies, if we become aware of people involved in fraud, non-payment or other criminal activity.

We may also be legally bound to share your data in the future with a third party if Casa Nova SRL is subject to sale or asset transfer.

Who we share your data with	How we protect your data	Your rights
We use external email platforms (such as Google Apps and Google Mail) to fulfil our service and marketing communication needs	Google’s privacy policy provides the protections required by the GDPR when processing data for customers operating within the EU.	Use of a third party email provider is necessary and legitimate for us to execute the service you sign up for with us. Google’s own privacy policy can be reviewed here
Online advertisers and platforms such as (Google, Twitter, LinkedIn, Wordpress and Facebook) to show you relevant information about our products	The processing is completed using pseudonymised (subjected to a technical process which replaces your data with codes, so it is unidentifiable to anyone without additional information) email addresses to protect your privacy. This transfer is a bulk process so neither we, nor the third party, has sight of any individual’s data.	As a customer you can consent or opt out from online marketing by updating your communication preferences in your account (this may take up to 30 days to process). Read more about how ads are displayed on each platform and how to control your data: Facebook; Google; LinkedIn; Twitter; Wordpress
Online advertisers and platforms to exclude current customers from seeing advertising (to save money)	The processing is completed using pseudonymised (subjected to a technical process which replaces your data with codes, so it is unidentifiable to anyone without additional information) email addresses to protect your privacy. This transfer is a bulk process so neither we, nor the third party, has sight of any individual’s data.	It is our legitimate interest to take all reasonable steps to avoid unnecessary cost.
We use Facebook’s services to identify people similar to our current customers. This is the most cost-effective way for us to show Facebook users matching that profile messages about us and gain new customers.	The processing is completed using pseudonymised (subjected to a technical process which replaces your data with codes, so it is unidentifiable to anyone without additional information) email addresses to protect your privacy. This transfer is a bulk process so neither we, nor the third party, has sight of any individual’s data.	It is our legitimate interest to take all reasonable steps to acquire new customers whilst avoiding unnecessary cost.

Where we keep your information

We take reasonable steps necessary to ensure that your data is treated securely and in accordance with this privacy policy. We take commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach if we are legally required to do so.

The data that we collect from you is stored either within the European Economic Area ("EEA") or on servers that we rent from Rackspace US Inc, who have mechanisms in place for compliance with the GDPR pursuant to the EU-U.S. Privacy Shield (https://www.rackspace.com/gdpr). Where we share your data with third parties, as described above, that information may be held by the third party outside of the EU. You should refer to the privacy policy of the relevant third parties for more information as to the safeguards they provide (for example by following the links in this document).

All information you provide to us is stored on secure servers, except payment card information. To maintain the highest level of security, we never store or have visibility of your card details.

Where we have given you (or where you have chosen) a password which enables you to access your account with us, you are responsible for keeping this password confidential. Do not share your password with anyone and change it regularly. We recommend changing your password at least every three months.

From time to time, our website may contain links to third party websites. If you follow a link to any of these websites, please note that they will have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

How long we store your data for

We will hold your personal information on our systems for as long as is necessary for the processing of our contractual obligations with you or as long as you give us consent to do so.

Since customers book or order with us at varied intervals, sometimes returning after a number of years, it is in our legitimate interest to store your data for a period of no longer than 5 years after your last booking or order or communication from you to us. During this time, we will continue communicating with you as outlined by this policy unless you actively close your account or change your preferences. At 5 years after your last order, we may email you to check if you’d like to leave your account open and continue hearing from us and we will otherwise close your account, remove you from our mailing list, any personal identifiable information held by us will be deleted, and your purchase history rendered anonymous.

Your rights

Your rights	How to activate your rights
To ask us not to process your data for marketing purposes	Email info@casanovaumbria.eu Or call 0039-3389974107 and send a confirmatory letter to Casa Nova SRL, Via A.Panerai, 55, 52037 Sansepolcro (AR), Italia
To ask us to erase all of the personal information we hold about you (Right to Erasure also known as the right to be forgotten)	Email info@casanovaumbria.eu Or call 0039-3389974107 and send a confirmatory letter to Casa Nova SRL, Via A.Panerai, 55, 52037 Sansepolcro (AR), Italia
To request access to all of the information we hold about you	EEmail info@casanovaumbria.eu Or call 0039-3389974107 and send a confirmatory letter to Casa Nova SRL, Via A.Panerai, 55, 52037 Sansepolcro (AR), Italia
To ask us not to process your data for the purpose of our legitimate interest. We will action your request unless we believe the legitimate interest overrides your circumstances	Email info@casanovaumbria.eu Or call 0039-3389974107 and send a confirmatory letter to Casa Nova SRL, Via A.Panerai, 55, 52037 Sansepolcro (AR), Italia

Changes to this policy

This policy applies with effect from 25 May 2018.

Any changes we may make to our privacy policy in the future will be posted on this page. Please check back if you wish to see any subsequent updates or changes to our privacy policy.

Questions or complaints

If you have any questions that haven’t been covered, please contact us (person responsible for data compliance: Patricia Robertson):

Email info@casanovaumbria.eu

Call 0039-3389974107

Casa Nova SRL, via A Panerai, 55, 52037 Sansepolcro (AR), Italia

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) (IDPA): http://www.garanteprivacy.it