Privacy Policy

In accordance to the Legislative Decree 196/2003 and the (EU) Regulation 2016/679 (hereinafter “Regulation”), this page describes the processing methods of the personal data of the users who consult this website which is telematically accessible at the following address: https://www.masseriadellacroce.com.

We inform the user that after consulting this website, the data related to identified or identifiable persons may be processed.

This information does not refer to any other online websites, pages or services which are reachable via hyperlinks that may be on this website.

Identity of the Data Controller

The Data Controller is MA.CRO. Puglia SRL, with registered office in Putignano (BA) – Italy at the address 13, Strada Statale 172 per Alberobello, (email address: info@masseriadellacroce.com, Certified email address: macro@arubapec.it , Phone number: +39 327 63 05 732). (hereinafter “Data Controller”).

Source and type of data collected
  1. Data provided by the User
    The Data Controller collects the personal data provided by the users:
    a) when registering to the newsletter service offered by this Website. The data collected by the Data Controller may include, without limitation: personal details (first name and surname) and contact details (email address).
    b) when sending a message by using the contact channels and/or contact forms on this website. The optional and voluntary sending of messages to the contact addresses, as well as the compilation and submission of forms on this website, involves the acquisition of the contact details of the sender that are necessary to provide feedback, as well as all the personal data included in the communication occured.
  2. Browsing data
    The Data Collector collects the data related to the use of this website by the user. The computer systems and the softwares procedures used to operate this website acquire, as part of their normal operations, some personal data whose transmission is implicit in the use of the Internet communication protocols. This data category includes the IP addresses or the domain names of the computers and terminals used by the users, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of request, the method used to submit the request to the server, the dimension of the file obtained as a reply, the numerical code indicating the status of the reply given by the server and other parameters related to the operating system and the user’s IT environment. These Data, necessary for the use of the web services, are also processed in order to:
    obtain statistical information on the use of the services (most visited pages, number of the visitors per hour or day, geographical areas of origin, etc.);
    • check the correct functioning of the services offered.
    Browsing Data do not last for more than seven days and are immediately cancelled after their aggregation (except in case of detection of crimes by Legal Authorities).
  3. Cookies and tracking systems
    In order to make its own services as easy to use and efficient as possible, this Website uses Cookies. Therefore, when visiting this Website, a minimum amount of information is entered into the User’s device, such as small text files known as “Cookies” and they are saved in the User’s Web browser directory. There are several types of Cookies, but the main aim of a Cookie is basically to make the Website work better and to enable specific features. For further information about the cookies used on this Website, it is possible to look at the Cookie Policy at the following link: https://www.masseriadellacroce.com/en/cookie-policy-en/.
Purpose of the processing

According to the type of processing to put in place, the Data Controller uses the data collected and/or provided by the User for the following purposes:

  1. send newsletters of informative or promotional nature (e.g. invitations to events, communications related to the offer of new services, promotional offers). This processing can occur automatically via email and can be carried out if the interested party has not revoked consent for personal data usage;
  2. suggest features, products and services that can be interesting for yours. We ask for your consent to identify your preferences and customise the commercial offers and promotions according to your interests (profiling);
  3. provide feedbacks to any communication, requests for information and/or services by the users by sending a message using the same addresses and/or contact forms on this website;
  4. Manage and check risks, prevent possible frauds, insolvency or defaults; prevent and manage possible disputes, take legal action if necessary.
Legal basis of the processing

With reference to the purposes indicated in the previous paragraph, the legal basis of the same is, in relation to the point:

  1. The consent expressed by the interested party;
  2. The need to execute a contract of which the interested party is part of or has pre-contractual measures adopted by the request of the same;
  3. The need to pursue the legitimate interest of the Data Controller (in particular with regard to the prevention of fraud and insolvency).
Data recipients

Personal data processed by the Data Controller are not shared, meaning they are not disclosed to indeterminate subjects, in any possible form, even that of making them available or for simple consultation.

On the other hand, they can be communicated to those workers who operate under the authority of the Data Controller. On the basis of the roles and working tasks performed, those workers have been entitled to process personal data, taking into account their respective skills and in compliance with the instructions given to them by the Data Controller. The Data Controller has appointed third-party service providers in relation to the functioning of the website, for example hosting service providers and IT maintenance service providers as well as service providers which allow the integration into the website of other functions that the user can use at his/her own discretion. 

These service providers, designated as Data Processors, are provided only with personal data necessary to provide the corresponding services and are not allowed to use or disclose the personal data of the interested data of the interested parties for other purposes without prior authorisation from the interested party.

Finally, data may be communicated to the subjects entitled to access them by virtue of the provisions of the law, regulations and community regulations.

Data Transfer

In no cases the Data Controller will transfer personal data to third countries or international organisations.

Data Storage

The Data Controller retains and processes personal data for the time necessary to fulfil the purposes indicated. Later, personal data will be stored and no further processed for the established time by current civil and tax legislation.

  • Data provided for commercial promotion purposes for services other than those already acquired by the interested party, for which the User initially gave consent, will be kept for 24 months, unless the consent given is revoked.
  • Data provided to the Data Controller for profiling purposes will be kept for 12 months, unless the consent given is revoked.
  • In case of any dispute, the data collected will be kept for the entire duration of the dispute until all appeal action terms have been exhausted.

It should also be added that, in the event a User provides the Data Controller with personal data which have not been requested or unnecessary for the purpose of executing the enquiry or for the provision of a service closely connected to it, MA.CRO. Puglia Srl cannot be considered the owner of those data and will cancel them as soon as possible.

Rights of the Data Subject

With relation to the data which are objected to the processing referred to in this Policy, the Data Subject is granted, at any time, the right to:

  • Ask the Data Controller to access his/her personal data and the information related to them (Article 15 of GDPR); the adjustment of the inaccurate data or the supplementation of incomplete ones (Article 16 of GDPR); the cancellation of personal data concerning him/herself (upon the occurrence of one of the conditions stated in Article 17, paragraph 1 of GDPR and in compliance with the exceptions provided in paragraph 3 of the same Article); the limitation of the processing of his/her personal data (in the event of one of the hypotheses stated in Article 18, paragraph 1 of GDPR);
  • Ask and obtain from the Data Controller – in cases the legal basis for the processing is in contract or consent and, at the same time, takes place using automated procedures – his/her personal data in a format which can be structured and readable by an automatic device, also for the purpose of communicating such data to another Data Controller (so-called right to data portability – Article 20 of GDPR);
  • oppose , at any time, the processing of his/her personal data in the event of the occurrence of particular situations that concerns him/herself (Article 21 of GDPR);
  • Revoke consent at any time, limited to the cases in which the processing is based on his/her consent for one or more specific purposes.The processing based on consent and carried out prior to the revocation of the same retains, however, its lawfulness (Article 7, paragraph 3 of GDPR);
    The specific request is presented by contacting the Data Controller via Certified email at the address macro@arubapec.it, email at the address info@masseriadellacroce.com or registered letter with return receipt at the address 13, Strada Statale 172 per Alberobello.
    If the Data Subject believes that the processing of his/her data occurs in violation of what stated in the Policy, he/she can lodge a complaint with a supervisory authority (Data Protection Authority – garanteprivacy.it), as required by Article 77 of GDPR, or take the appropriate judicial offices (Article 79 of GDPR).
Refusal to provide the data

In the event that the subject data does not provide his/her personal data as necessary for the purposes of carrying out the requested service, the Data Controller will not be able to proceed with the proceeding related to the management of the aforementioned service, nor with the obligations depending on it .

In the event that tha subject data does not provide consent to the processing of personal data for those services which need it, the said processing will not be carried out for the same purposes and without this having effects on the other activities requested, nor for those for which the subject data has already given consent. In the event that the subject data has given consent and subsequently revokes it or opposes the processing, his/her data will no longer be processed for such activities, without this having prejudicial effects for the subject data and for any other requested services.

Automated decision-making processes

The Data Controller does not carry out processings that consist of automated decision-making processes on personal data about individual people.

Last updated on 21/02/2023