Subject: Information regarding the processing of personal data pursuant to current national legislation and the European Regulation (GDPR 679/2016).

 

DESIGN CLUB REAL ESTATE SRL VAT 03662051204, with registered office at Via Castiglione n. 6, Bologna (Bo) 40124, email: info@designclubcollection.com, informs you that it is the Data Controller of the data qualified as personal by the Privacy Code and EU Regulation 679/2016, and subsequent adaptation rules that the company holds for the establishment and execution of contractual relationships, present or future, with you and/or your organization.

Therefore, in full compliance with the principles of fairness, lawfulness, and transparency, the Data Controller provides the following information.

 

1. Type of data processed

DESIGN CLUB REAL ESTATE SRL VAT 03662051204, with registered office at Via Castiglione n. 6, Bologna (Bo) 40124, email: info@designclubcollection.com processes your personal identification data (including name, surname, company name, address, phone number, email address, banking details).

The Data Controller does not possess any specific data of yours (or belonging to specific categories of data according to art. 9 of EU Regulation 679/2016), nor does it possess any biometric, genetic, or judicial data.

In some cases, DESIGN CLUB REAL ESTATE SRL may also obtain certain specific data (such as information about your health if provided during booking).

In this case, in compliance with the minimization principle, the Data Controller undertakes not to retain any communicated specific data or request further information other than what is strictly necessary to ensure the protection of your health.

The data will be processed in accordance with the principles of purpose limitation, data minimization, accuracy, storage limitation, relevance, non-excessiveness, and confidentiality.

In case of access to the Wi-Fi Hot Spot network provided by DESIGN CLUB REAL ESTATE in the areas adjacent to its headquarters, activating the service allows access to the Internet via WI-FI in specifically enabled areas.

In the event of access, the processed data will be the following Common Data: (Login data (1 among the following): Third-party platform profile used; Voucher code; Email or phone number; Browsing data (such as: IP address, URI/URL addresses, access time and duration, etc.) Special data: none.

 

2. Purposes of processing

Your data will be processed for the following purposes:

a) For the conclusion of a contract and for subsequent fulfillment of legal, tax, and accounting obligations. The legal basis for processing is the execution of a contract and/or pre-contractual measures.
b) To enable effective management of service, financial, and commercial relationships or for administrative needs related to orders and invoices. The legal basis for processing is compliance with legal obligations.
c) To allow access to specific and additional services, for commercial communications, and for sending advertising and/or promotional material (e.g., via email, SMS, WhatsApp, and through the online booking form). The legal basis for processing is consent.
d) For any verification, exercise, or defense of a right in judicial or extrajudicial proceedings. The legal basis for processing is the Data Controller’s legitimate interest.

Your data is not subject to automated processing.

Access to the hotspot service.

The Controller has activated Wi-Fi hotspot areas adjacent to its headquarters. Activation of the service allows access to the Internet via WI-FI in specifically enabled areas. The Controller collects personal information from interested parties using the service. The number and type of data collected are strictly necessary for this phase of the relationship. To access the WiFi service, online registration is required; the access password will be sent to the mobile phone number or email address provided during registration. The data subject has consented to the processing of their personal data for the aforementioned purpose.

Customer satisfaction survey (related to the Wi-fi hotspot service).

Subject to express consent, the provided data will be processed to follow up on communications aimed at measuring customer satisfaction.

Please note that you will always have the opportunity to revoke your consent by sending a communication to the above contacts.

The number and type of data collected are strictly necessary for this phase of the relationship.

Legal basis: the data subject has given consent to the processing of their personal data for the aforementioned purpose.

 

3. Processing methods

The processing of personal data is carried out using the operations indicated in art. 4 of the Privacy Code and art. 4 no. 2) of EU Regulation 679/2016, namely: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, limitation, communication, deletion, and destruction of data.

The data are subject to both paper-based and electronic processing.

 

4. Retention period

The Controller will process the data for the time necessary to execute the contractual relationship and also subsequently for compliance with legal obligations or for administrative and accounting purposes.

Data stored on paper support are deleted after 3 months, while they remain stored in the system. Subsequently, solely for archival purposes, the data will be processed for a period of 10 years from the date of termination of the relationship, for any reason.

Data relating to banking details are stored for 3 days, while identity documents are retained for 1 week and then deleted.

The Controller will process the collected data for purpose d) of point 2) (allowing access to specific and additional services, such as receiving newsletters for promotional offers) for 2 years from collection for marketing purposes and 1 year for profiling purposes, while allowing the User to modify and/or revoke their consent at any time.

Access to the hotspot service.

Contact details (platform user, email, SMS) are kept for 12 months from the last connection.

 

5. Obligation to provide data

Providing data is mandatory to achieve the purposes described in point 2 (letters a, b, d): your failure to provide it will result in the inability to establish or continue any pre-contractual or contractual relationship.

Providing data for the purposes of commercial communications (point 2 letter c) for sending advertising material and for receiving newsletters is entirely optional.

 

6. Revocation of consent to the processing of personal data.

The personal data processed by the Controller are necessary to achieve the purposes described in point 2. It is your right to revoke consent at any time without affecting the lawfulness of processing based on the consent given.

 

7. Recipients

Your data may be made available for the purposes of art. 2 to the following categories of subjects:

√ Employees and collaborators of the Controller, in their capacity as authorized persons appointed by the Controller;

√ Third-party companies or other subjects (for example, credit institutions, professional firms, consultants, insurance companies for the provision of insurance services, companies dealing with accounting and financial statements processing) performing outsourcing activities on behalf of the Controller, as external data processors;

Furthermore, your data may be communicated to:

√ Supervisory bodies (such as IVASS),

√ Judicial authorities,

√ Public authorities,

√ all subjects to whom communication is mandatory by law for the fulfillment of the purposes indicated in point 2. These subjects will process the data as autonomous data controllers.

Your data will not be disclosed.

 

8. Video surveillance activities pursuant to art. 13 of GDPR Regulation (EU) 2016/679

DESIGN CLUB REAL ESTATE S.R.L., as the Data Controller, wishes to inform you that, pursuant to articles 12 and following of Regulation (EU) 2016/679 and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018, for prevention purposes, organizational security, protection of corporate assets, the perimeter and common areas of the Company’s registered office duly marked by signage requested by the Guarantor for the Protection of Personal Data – are covered by a video surveillance system.

Images, like names and personal data, are personal data subject to the protections provided by Regulation (EU) 2016/679 of the European Parliament and of the Council concerning the protection of individuals. Therefore, these particular personal data are acquired and stored by the Controller for the time strictly necessary to prevent the commission of illegal activities, ensure the security of the sites, enable the protection of corporate assets, all in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council and the prescriptions imposed by the Office of the Guarantor for the Protection of Personal Data. The adopted system does not link, match, or compare the collected images with other personal data or any identification codes.

The images resulting from the surveillance activity will be kept for the period provided by law and, in any case, for a period not exceeding that necessary to achieve the purposes for which the data are processed (maximum 72 hours). The reasons related to requests from the Judicial Authority or other authorized bodies are always respected. In any case, the systems are programmed to automatically delete all information at the end of the specified term, even through overwriting, in a way that makes the deleted data not reusable. The existing systems and equipment will not capture areas exclusively reserved for employees nor will they ever be used to remotely monitor work activity.

The processed data will not be disclosed to third parties. However, the data may come to the attention of: subjects who may access the data by virtue of provisions of Law provided for by the European Union law or that of the Member State to which the Data Controller is subject; our employees, as long as they are previously designated as subjects acting under the authority of the Data Controller, in accordance with Article 29 of the European Regulation; subjects (guardianship and surveillance companies) who operate, within the European Union borders, as data processors, providing ancillary purposes to the above-mentioned activities and services.

Regarding the processing of your personal data, as an interested party, you can assert the rights described in point 10 below, by directly contacting the data controller at the contact details provided. You cannot, concretely, exercise the right to update, rectify, and integrate data due to the intrinsic nature of the real-time images collected concerning an objective fact. The processing of personal data will respect the rights and fundamental freedoms of citizens and the dignity of individuals, with particular reference to privacy, identity, and personal data protection.

The processing of personal data will respect the rights and fundamental freedoms of citizens and the dignity of individuals, with particular reference to privacy, identity, and personal data protection.

 

9. Storage and data transfer

Your personal data are stored on local servers and paper archives located at the company’s headquarters in Bologna (BO) Via Castiglione n. 6, and therefore, within the European Union.

 

10. Exercise of rights by the data subject

At any time, the data subject can exercise their rights against the Data Controllers. According to art. 7 of Legislative Decree 196/2003 and articles 15 ff. of EU Regulation 2016/679, the data subject has the right to: a) obtain confirmation of the existence or not of personal data concerning them, even if not yet recorded, and their communication in an intelligible form; b) obtain information on the origin of personal data, the purposes and methods of processing, the logic applied in case of processing carried out with electronic tools, the identification details of the Data Controller and the processors, the subjects or categories of subjects to whom personal data may be communicated as designated processors; c) obtain the update, rectification, or, when interested, integration of data; d) obtain the erasure of data in cases provided for by Article 17 of Regulation EU 2016/679, transformation into anonymous form, or blocking of data processed in violation of the law, including data that does not require storage for the purposes for which the data was collected or subsequently processed; e) obtain the limitation of processing in cases provided for by Article 18 of Regulation EU 2016/679; f) receive in a structured, commonly used, and machine-readable format, the personal data concerning them and the right to transmit them to another Controller; g) object, in whole or in part, for legitimate reasons, to the processing of personal data concerning them, even if pertinent to the purpose of the collection; h) object to the processing of personal data concerning them for direct marketing purposes, sending advertising material, or direct sales or for carrying out market research or commercial communication; i) lodge a complaint with the Guarantor for the Protection of Personal Data.

The exercise of these rights is not subject to any formal constraint and is free of charge.

For reference, you can consult in full Article 7 of the Privacy Code and articles from 15 to 23 of EU Regulation 679/2016 at this link: www.garanteprivacy.it

 

11. How to exercise rights

To exercise your rights, you can directly contact the Data Controller by sending:
– a registered letter with return receipt to DESIGN CLUB REAL ESTATE SRL VAT 03662051204, with registered office at Via Castiglione n. 6, Bologna (Bo) 40124;
– an email to info@designclubcollection.com.