Website Privacy Policy - La Sil Luxury Planner

1. Introduction and Data Controller
LA SIL LUXURY PLANNER by Lopolito Silvia, with its registered office at Viale Brenta 31 Milan 20139 Italy, VAT and Tax Code 13778330962, as the Data Controller of personal data pursuant to EU Regulation 679/2016, is required to provide this information on the processing of personal data. Data will be processed in the manner and for the purposes outlined in this document. It is understood that, for the processing of personal data for purposes other than those indicated below, the relevant information on data processing for each specific service will apply.
For any questions regarding this Privacy Policy or our use of your personal data, cookies, and similar technologies, you can contact us via email at info@la-sil.com.

2. Collection of Personal Data and Territorial Scope of Processing
The data held by the Data Controller is collected directly from the data subjects. In the event that personal data of the data subject is not collected from the same, the Data Controller, pursuant to Article 14, letter (g) of the Regulation, informs that no automated decision-making processes, including profiling as per Article 22 paragraphs 1 and 4, are implemented.

Personal data will be processed within the European Union and stored on servers located within the European Union. The same data may be processed in countries outside the European Union/European Economic Area provided that an adequate level of protection is guaranteed, recognized by an appropriate adequacy decision of the European Commission. Any transfer of personal data to non-EU/EEA countries without an adequacy decision from the European Commission will only be possible if adequate safeguards are applied.

3. Categories of Personal Data Collected
"Personal data" refers to any information related to an identified or identifiable natural person (hereinafter "Data Subject"). The personal data collected and processed are:

• Personal information: Data provided when filling out the contact form by the user, including first and last names;

• Contact details: Email address provided to receive a response to the requests submitted via the contact form;

• Browsing data: Data implicitly collected during the use of the website (e.g., IP address);

• Data voluntarily and directly provided by the data subject, including comments, images, videos, and audio.

4. Purposes and Legal Bases of the Processing
Personal data is processed by the Data Controller solely for the purposes related to this website. Specifically, personal data is processed for the following purposes:

• To respond to user requests submitted through the contact form or via email (Art. 6 para. 1 letter (B) – performance of a contract);

• To protect our systems, prevent fraud, and help us secure the system (e.g., by verifying your identity) (Art. 6 para. 1 letter (F) – legitimate interest);

• To comply with our legal obligations, including requests from public authorities (Art. 6 para. 1 letter (C) – legal obligation);

• To establish, exercise, or defend our rights and those of our employees and to carry out business transactions or operations, such as in the event of bankruptcy, mergers, acquisitions, reorganizations, sales of assets, assignments, due diligence, etc. (Art. 6 para. 1 letter (F) – legitimate interest).

The provision of your personal data for the above purposes is optional. However, failure to provide your personal data will make it impossible to interact with the Data Controller.

5. Methods of Processing
In relation to the above purposes, personal data is processed electronically and in paper form through operations of collection, recording, updating, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, deletion, and destruction of personal data. Personal data is protected to minimize the risk of destruction, loss (including accidental loss), unauthorized access/use, or use incompatible with the initial purpose of collection. This is achieved through the technical and organizational security measures implemented by the Data Controller.

6. Retention Period of Personal Data
The Data Controller processes personal data for the time necessary to fulfill its purposes and, in any case, not beyond the periods indicated below. It is understood that at the end of these periods, the Data Controller may still retain personal data in whole or in part for certain purposes expressly required by law or to assert or defend a right in court within the ten-year limitation period provided by Article 2946 of the Civil Code (e.g., in case of disputes raised by the user).

For example, personal data in the case of a contractual relationship will be processed and retained for the entire duration of the relationship and subsequently for 10 years (ordinary limitation period). Personal data processed to fulfill your requests will be retained for the time necessary to handle such requests and will then be deleted.

7. Disclosure to Third Parties and Accessibility of Personal Data
Personal data may be accessed by authorized individuals (employees and/or collaborators) entrusted with specific and/or multiple processing activities as defined by Art. 4 point 10 of the GDPR. Personal data may also be disclosed to third parties expressly appointed as Data Processors pursuant to Article 28 of the GDPR for purposes strictly related to the execution of the contract or legal obligations. Personal data will not be disseminated.

8. Rights of Data Subjects (Articles 15 to 22 of the Regulation)
Finally, we inform you that Articles 15 to 22 of the Regulation grant data subjects specific rights. In particular, data subjects may obtain from the Data Controller, in relation to their personal data: access (Art. 15); rectification (Art. 16); erasure – right to be forgotten (Art. 17); restriction of processing (Art. 18); notification of rectification, erasure, or restriction (Art. 19); data portability (Art. 20); the right to object (Art. 21); and the right not to be subject to automated decision-making, including profiling (Art. 22). Data subjects have the right to lodge a complaint with the Supervisory Authority.

You may exercise your rights at any time by:
• sending a registered letter to the address of the Data Controller;
• sending an email to info@la-sil.com.