This is a data protection information for the use of the website https://www.casavo.co/ (“Website”)
1. General Information
We process your personal data provided by you when using or registering to the Website or mobile apps (if applicable), in particular, we process
- identification personal data pursuant to the Italian Data Protection Code and the GDPR (e.g. e-mail address, first name, last name, title, address, email address, postal address, telephone number “Data” or “Personal Data”) provided by you in case of registration to the Website (e.g. for contact requests);
- usage personal data transmitted by your Internet browser every time the Website is accessed and it saves usage personal data in protocol files known as server log files. This data include: IP address (Internet protocol address) of the accessing computer; name of the page accessed; date and time of access; referred URL, from which you access the page; amount of transferred data; status message for successfully accesses; session ID number.
2. Purposes of the Processing
In principle, we only process your Personal Data without your prior consent, pursuant to the Italian Data Protection Code and the GDPR, to the extent this is necessary to fulfil the following purposes:
A) Service Purposes
- to fulfil your requests (e.g. management of requests of contact);
- to allow your registration to the Website;
- to provide you with our services such as on-line evaluations of your real estate and prepare the sale of your real estate;
- to allow the Website technical management and its operational functions (including logistics), solving any technical problems, statistical analysis, tests and research;
- to prevent or uncover fraudulent activities or misuses that is damaging to the Website;
- to comply with the requirements of the laws in force, to protect the safety of an individual, the rights and the property of the Data Controller and to hinder deceptions or security or technical problems.
Only by your prior and specific consent for the following:
B) Marketing Purposes
To send our newsletter to you with information and news about our services and new offerings and such other information set out in the registration.
To this extent we inform you pursuant to the Italian Privacy Code that if you are already our client we may send to you, save your denial, promotional communications and commercial offers for services similar to the ones you have already availed of.
3. Nature of the provision of data and consequences of your refusal to provide them
The provision of your Data for the purposes under 2.A above is mandatory. Lacking your Data, we may not guarantee your registration to the Website nor the services under 2.A. The provision of your Data for the purposes under 2.B is instead discretionary for you. You can therefore decide not to confer any Data or to later deny to us the possibility of processing the Data you have already provided. In such case, you will not receive our newsletter anymore, whereas you will continue to receive our services and be entitled to register to the Website as to 2.A.
4. Processing modalities
The processing of your Personal Data is made only if necessary and is carried out electronically by means of operations indicated in the Italian Data Protection Code and in the GDPR and namely: collection, registration, organization, storage, consulting, processing, modification, selection, extraction, comparison, use, interconnection, access and communication, blocking, erasure and destruction of the data. Said processing operations shall be carried out through electronic and not-electronic means.
5. Access to Data
Your Personal Data will be processed by our staff deputed to the processing of personal data (including, but not limited to):
- employees and consultants authorized to manage the Website and supply the related services (e.g. customer services, IT department, etc.) in their quality of persons in charge of the processing and/or internal data processors and/or system administrators;
- employees and consultants in the legal, marketing, finance, administration, and accounting and our other relevant departments, in their quality of persons in charge of the processing and/or internal data processors;
- third party companies (e.g. IT services providers, hosting providers, etc.) to which us, as the Data Controller, outsource some services involving processing operations in their quality of external data processors.
6. Communication of Data
We may communicate your Personal Data to third parties in their quality of autonomous data controllers and/or external data processors for the following reasons:
- to allow other companies within our group of companies (“Casavo Group Companies”) to provide you with our services depending on the location of your real estate (e.g., if your real estate is located in Germany, your personal information, as necessary, will be forwarded to our German parent company that will then process your request, and, if applicable, prepare all necessary steps for the sale of your real estate – further information on the Casavo Group Companies at the location of your real estate can be found here. The sales process and its preparation are described in more detail in our Terms and Conditions
- to fulfill the obligation provided by the law, regulations, protocols and national and EU legislation;
- to implement laws required by public Authorities;
- to allow the defense in court, for example, in case of violations by the web-users.
7. Data transfer outside the EU/EEA
Information that you submit via our Website site may be transferred to countries outside the European Union (“EU”) and/or the European Economic Area (“EEA”) such as USA. By way of example, this may happen if we use a technical service provider located in a country outside the EU/EEA. If we transfer Personal Data outside the EU/EEA in this way, we will take steps to ensure that your privacy rights continue to be protected. This in particular means that we will only transfer Personal Data to such so called third countries when we are allowed to do so, for example on the basis of an adequacy decision of the European Commission, or on the basis of appropriate safeguards provided by standard data protection clauses adopted by the European Commission.
8. Storage and deletion of Data
We as Data Controller store your Personal Data for the time necessary to achieve the purposes for which data are collected and further processed, including any retention period required under the applicable legislation (e.g. retention of accounting documentation) and, in any case, for a maximum period of 10 years from the termination of our relationship for Services Purposes and for a maximum period of 2 years for Marketing Purposes.
When you use our Website, cookies will be stored on your computer. Cookies consist of small text files which are saved on your computer and thereby provide us with certain information (“Cookies”). They are widely used in order to make websites work, or work more efficiently to improve the user experience, as well as to provide certain information to the owners of the site. Our Website sets Cookies which remain on your computer for differing times. Some expire at the end of each session and some remain for longer so that when you return to our Website, you will have a better user experience.
Web browsers allow you to exercise some control of Cookies through the browser settings. Most browsers enable you to block cookies or to block cookies from particular sites. Browsers can also help you to delete Cookies when you close your browser. You should note however, that this may mean that any opt-outs or preferences you set on the site will be lost. Please consult the technical information relevant to your browser for instructions. If you choose to disable your Cookies setting or refuse to accept a cookie, some parts of the service may not function properly or may be considerably slower.
Cookies can be technical, analytics and profiling.
Our Website makes use of technical or “session” and persistent proprietary Cookies. The list of technical Cookies is available at the following address: [link].
Our Website uses also Analytical Cookies set by third-party providers, for example, by Google.
Further information can be found under https://www.google.com/analytics/terms/de.html (Google Analytics Terms of Service & Privacy).
The Website does not use profiling Cookies.
10. Social Plug-Ins
Our Website uses so called social media plugins (“Plugins“) of the social networks Facebook and LinkedIn, and the services Twitter und Instagram. These services are offered by the companies Facebook Inc., LinkedIn, Twitter Inc. and Instagram LLC. (“Providers“).
In order to improve the protection of your Personal Data in using our website, these plugins are only embedded via a html link in accordance with the “Shariff” solution of c‘t. This ensures that when accessing our Website, which contains Plugins, you are not automatically connected to the servers of the Providers of the respective networks/services. If you click a respective button you will only be connected after you active confirmation. Further information can be found here: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html.
Facebook is provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). An overview of Facebook Plugins and what they look like can be found here: https://developers.facebook.com/docs/plugins.
LinkedIn is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA (”Linkedin“). An overview of LinkedIn Plugins and what they look like can be found here: https://developer.linkedin.com/plugins.
Twitter is provided by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter“). An overview of Twitter buttons and what they look like can be found here: https://dev.twitter.com/web/overview.
Instagram is provided by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram“). An overview of Twitter buttons and what they look like can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.
If you access our Website which contains such Plugin, your browser will create a direct connection to the servers of Facebook, LinkedIn, Twitter or Instagram. The content of the Plugin will be transmitted from the respective Provider directly to your browser and embedded in the respective website. By embedding the Plugin, the Providers will receive the information, that your browser has accessed the respective website of our service, even if you have no profile or are not logged in. This information (including your IP-address) is transmitted by your browser directly to a server of the respective Provider in the USA and stored there.
If you are logged into one of the services, the providers can link your visit of our Website directly to your profile on Facebook, LinkedIn, Twitter or Instagram. If you interact with the Plugins, e.g. by using the ”Like“-, ”Twitter“- or the ”Instagram“-button, this information is also transmitted directly to a server of the Provider and stored there. In addition, this information is shown in the social network, published on your Twitter or Instagram account and shown to your contacts.
To find out more about the purpose and scope of the collection, processing and use of data by these Providers as well as your respective rights and settings to protect your privacy, please consult the respective privacy information of the providers:
- Privacy notices by Facebook: http://www.facebook.com/policy.php
- Privacy notices by LinkedIn: https://www.linkedin.com/legal/privacy-policy
- Privacy notices by Twitter: https://twitter.com/privacy
- Privacy notices by Instagram: https://help.instagram.com/155833707900388/
If you do not want Facebook, LinkedIn, Twitter or Instagram to connect the data relating to your visit of our Website directly to your profile in the respective service, you need to log out from such service before you visit our Website.
Your Rights as a User/Data Subject
In accordance with the relevant conditions provided by the Italian Data protection Code and the GDPR, you have the following data protection rights as user (“Data Subject”) of our service:
- Information: The right to request from us information about your personal data processed by us, as well
as access to and/or a copy of these data. This shall include information about the purposes of the
processing, the categories of personal data concerned, the recipients or categories of recipients and,
where possible, the envisaged period for which the personal data will be stored, or if not possible, the
criteria used to determine that period;
- Right to rectification, erasure or restriction of processing: The right to demand rectification, erasure
of personal data or restriction of processing;
- Right to object and revoke consent: The right to object consent or the right to withdraw consent given
at any time (without affecting the lawfulness of processing based on consent before its withdrawal);
- Data portability: the right to receive the personal data concerning you which you have provided to us,
in a structured, commonly used and machine-readable format and the right to transmit those data to
another controller without hindrance from us; this includes, where technically feasible, the right to
have the personal data transmitted directly from us to another controller;
- Right to object processing: For reasons relating to your specific situation, to object processing;
- Automated decisions: The right not to be subject to a decision based solely on automated processing,
including profiling, which produces legal effects concerning you, or similarly significantly affects
you. If such automated decision takes place according to applicable law, the right to receive meaningful
information about the logic involved, as well as the significance and the envisaged consequences of such
processing for you;
- Right to lodge a complaint: The right to communicate with, and, if applicable, to lodge a complaint, with a data protection supervisory authority.
In order to exercise the rights above and to request information, you may write to the following e-mail address: [email protected] or at the postal address Casavo Management S.r.l., with registered office in 20139 – Milan, Via Arcivescovo Calabiana 6.
In the same way, you can revoke, correct and delete Data at any time.
- Information: The right to request from us information about your personal data processed by us, as well
12. Data Controller and Data Processor
The Data Controller of the processing of your Data is Casavo Management S.r.l., with registered office in 20139 – Milan, Via Arcivescovo Calabiana 6. The internal Data Processor/Data Protection Officer is Giorgio Tinaci.
The updated list of the data processors and of the persons in charge of the processing is kept at the premises of the Data Controller.
Version 2; Date: January 2018