Privacy Policy

pursuant to Art. 13 General Data Protection Regulation – EU Reg. 2016/679 (“Privacy Policy”)

This information is provided pursuant to art. 13 of the European Regulation 2016/679 (“Regulation“), which sets out rules relating to the protection of individuals with regard to the processing of personal data, in addition to rules relating to the free movement of such data.

This information relates exclusively to the website (the “Website“) and does not concern other websites, although they may be reached through links present on the Website.

  1. Data processed

Personal and identification data

Personal data means any information relating to a natural person, identified or identifiable, even indirectly, by reference to any other information. In particular, these personal data may be collected through the Website:

Through the contact form: name, surname, e-mail address, data that each user/data subject freely chooses to include in the message.

Navigation data

During their normal operation, the computer systems and software procedures used to operate the Website acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by their very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes, by way of example, the IP addresses or domain names of the computers used by users who connect to the Website, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the computer environment of the user/data subject.

  1. Purpose of the Processing and its Lawfulness

The processing of personal data is based on principles of correctness, lawfulness and transparency, protecting the confidentiality and rights of users and in accordance with the company’s privacy policy. The purposes for which personal data collected through the Website is used include:

I.To respond to user/data subject requests sent via methods of interaction on the Website, or to the e-mail addresses provided on the Website.Processing permitted as necessary for the performance of a contract to which the data subject is party or the execution of pre-contractual measures taken at the request of the same – art. 6.1.(b) of the Regulations.
II.To allow navigation on the Website by the user/data subject.
III.Improving the operation of the Website.Processing permitted as necessary for the pursuit of a legitimate interest of the data controller – art. 6.1.(b) of the Regulations. The legitimate interest of the data controller is identified as the optimization of the functionality and performance of the Website.
  1. Necessity or Optionality of Processing

Each user/data subject remains free to provide personal data on contact forms, booking requests or through other interactions with the Website itself, however, if personal data is not provided, the Data Controller may not be able to respond to user/data subject requests and to carry out processing for the purposes set out in art. 2.1(I) and (II).

  1. Processing methods

Personal data is processed using paper and computer tools in accordance with the provisions regarding the protection of personal data and, in particular, the appropriate technical and organizational measures referred to in art. 32.1 of the Regulations, and with the observance of every precautionary measure that guarantees its integrity, confidentiality and availability.

  1. Recipient categories

Personal data may be communicated, strictly in relation to the purposes indicated above, to the following parties or categories of parties:

  • parties in relation to which the current legislation provides for the obligation to communicate;
  • professionals and third party companies with which the Data Controller collaborates, where necessary for the operation of the Website and/or to follow up on the requests of the user/data subject and/or for the management of any disputes relating to the use of the Website and the request submitted by the user/data subject;
  • natural persons authorised in writing by the Data Controller to process the data pursuant to art. 29 of the Regulations in order to perform their work duties (e.g. employees etc.).

With regard to paragraph b), we undertake to exclusively work with individuals who provide adequate data protection guarantees, appointing them – where possible – as Data Processors pursuant to art. 28 of the Regulations.

Personal data will not be transferred outside the European Economic Area or to international organisations.

  1. Retention period

Personal data are stored in the Data Controller’s archives and are kept for a period of 10 (ten) years from the date of the last interaction with the user/data subject, in consideration of the limitation period for any claims arising from the relationship between the Data Controller and the user/concerned party, as provided for by law.

In the event that a dispute arises between the Data Controller and the user/data subject, the retention period will be extended for the entire duration of said dispute and for 10 years following its final resolution (e.g. settlement agreement or final judgment).

  1. Data subject’s rights

At any time each user/data subject party may assert the rights provided for by articles 15 to 22 of the Regulations with the Data Controller, i.e. the right to request:

  • access to personal data, i.e. to know their personal data stored by the Controller, the purposes for which they are processed, their origin and other information provided for by art. 15 of the Regulations;
  • the rectification of personal data in the event of inaccuracy;
  • the erasure of personal data (so-called ‘right to be forgotten’);
  • the limitation of the processing of personal data, or the right to obtain the suspension of the processing of personal data for the period required to verify the request, or in the other cases provided for by art. 18 of the Regulations.

In addition, the following apply to each user/data subject:

  • the right to data portability, i.e. the right to receive personal data in a structured, commonly used and machine-readable format – also by requesting their direct transfer to another data controller;
  • the right to lodge a complaint with the Privacy Guarantor, or with the Control Authority of the place where they reside, work or where the violation has occurred, if they believe that the processing of personal data has taken place in violation of the Regulation;
  • the right to object to the processing of data as provided for by art. 21 of the Regulation, in cases where such processing is based on Art. 6.1. e) or f) – or in the case of processing required for the performance of a task carried out in the public interest, or for the pursuit of a legitimate interest of the data controller.

  1. Amendments to the Privacy Policy

The Data Controller reserves the right to change, update, add or remove portions of this privacy policy at its discretion and at any time. In order to facilitate verification of any changes/updates, the notice will contain an indication of the date of the update.

  1. Data Controller identity and contact details

The Data Controller is LAMBDA SPA, C.F./P. VAT no. 02558810244, with registered office in Via dell’Impresa, 1 – 36040 Brendola (VI). Requests for clarification of this Policy and requests to exercise the rights prescribed by law and/or described herein may be submitted to these contacts:
Tel. +39 0444 349165

  1. Data Protection Officer contact details

The Data Controller has appointed a Data Protection Officer who can be contacted at the following e-mail address:

Date of update: 22.04.2021