• Tedesco
  • Inglese
  • Francese
  • Italia

Get inspired

Activities

Borromeo Experience

Terre Borromeo

About Us

Historical archive

News

Transparecy

Work with us

Contacts

Tickets

Apartments

Food

Eshop

Tickets

Information Pursuant to Articles 13 - 14 of GDPR 2016/679 (General Data Protection Regulation)

According to the regulation indicated above, the processing of data will be characterised by the principles of correctness, lawfulness, transparency and the safeguarding of your privacy and your rights.

SAG Srl, with registered office at Via Borromei 1/A - 20123 Milan, in its capacity as Data Controller pursuant to articles 13 and 14 of GDPR 2016/679, hereby informs you that your data will be processed using the following methods and for the following purposes:

 

1)     Data subject to processing

The Data Controller processes personal data, identification data and non-sensitive data (in particular, name, surname, tax code, VAT code, email, landline number, mobile phone number – referred to as “personal data” or also “data”) communicated to them.

SAG S.R.L. hereby reminds you that, in the case of participation in events, the company will process photos and videos on its own social media channels and will use the materials to promote the activities of the companies of the group, such as Isole Borromee, Rocca di Angera, Parco Pallavicino, Parco del Mottarone.

 

2)     Purposes of the processing

The processing of data has your consent as its legal basis and is conducted for the following purposes:

(a) to fulfil the pre-contractual, contractual and tax (tax register, VAT, etc.) obligations deriving from relationships existing within all the companies represented by or affiliated to SAG. S.R.L.;

(b) to manage all bureaucratic, administrative and accounting activities (such as, but not limited to: salary, accounting, risk assessment document;

(c) to fulfil the obligations provided for by the law, by a regulation, by the community regulations or by an order from the Authority;

(d) to exercise the Data Controller’s rights, such as the right to legal defence;

(e) to allow the sending of newsletters, for various communications, concerning events and any further Services requested.

 

3)     Processing methods

The personal data is processed by means of the operations indicated in art. 4 of GDPR 2016/679 and art. 4, no. 2) of the GDPR, specifically: the collection, recording, organization, storage, consultation, development, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Personal data is therefore subject to processing both on paper and in electronic and/or automated form.

 

4)     Access to data

The data may be made accessible, for the purposes stated in point 2 above, to the Data Controller’s employees and consultants, in their capacity as staff responsible for processing and/or system administrators.

 

5)     Communication of data

Your data will not be subject to communication to third parties without your explicit consent.

However, the Data Controller may communicate the data for the purposes stated in art. 2.A) to Supervisory Bodies, Judicial Authorities, as well as to all other parties to whom its communication is obligatory under the law for accomplishing these purposes.

 

6)     Data transfer

The personal data will be managed and stored on servers controlled by the Data Controller. The data will not be subject to transfer outside the European Union. In any event, it remains understood that the Data Controller will have the faculty to move the location of the server if this is necessary. In such an event, the Data Controller guarantees as of now that the data will be transferred in accordance with the provisions of the law.

 

7)     Nature of the provision of data and consequences of refusal to respond

You are hereby informed that, taking account of the purposes of the processing as illustrated above, the provision of data is obligatory and failure to provide or the partial or inaccurate provision of same may result in the inability to complete registration, signing up for activities, the communication of updates and the fulfilment of contractual obligations as provided for in the contract entered into.

  

8)     Interested party's rights

The Regulation grants specific rights to the parties whose personal data is processed, including:

9)     (a) obtaining confirmation that the processing of personal data concerning them is under way or not, and gaining access to same (art. 15 of the Regulation);

10)   (b) obtaining the rectification of inaccurate personal data (art. 16 of the Regulation);

11)   (c) obtaining the cancellation of any personal data item concerning them, in compliance with the right to be forgotten (art. 17 of the Regulation);

12)   (d) obtaining limitation on processing by the Data Controller (art. 18 of the Regulation);

13)   (e) obtaining their own personal data in a structured, legible and comprehensible way, as well as ensuring that this data is transmitted to another Data Controller without impediments (art. 20 of the Regulation);

14)   (f) objecting to the processing of their own personal data (art. 21 of the Regulation).

15)   You may withdraw the consent given to the Data Controller at any time, without this withdrawal influencing the processing conducted until that moment by the Data Controller.

 

16)  Methods of exercising rights

The interested party may exercise their rights with a written request to the Data Controller sent by registered letter with advice of receipt to SAG SRL at Via Borromei 1/A - 20123 Milan or to the email address privacy@isoleborromee.it

 

17)  Duration of the processing

We hereby announce to you that, respecting the principles of lawfulness, limitation of purpose and minimization of data, pursuant to art. 5 of the Regulation, prior to your free and explicit consent to the processing of your personal data for the purposes stated in point 2 above, your personal data will be stored for a period of time no greater than that for achieving the purposes for which it is processed (“principle of limitation of storage”, art. 5, GDPR). Verification of the obsolescence of the data stored in relation to the purposes for which they are gathered is conducted periodically.

 

18)  Data Controllers, supervisors and processors

The Data Controller is SAG SRL.

The updated list of data supervisors and processors is held at the Data Controller’s registered office.