In compliance with EU Regulation 2016/679, known as the GDPR (General Data Protection Regulation), we hereby inform you that we will process the personal data concerning you, which you have provided or will provide to us. The processing of personal data will be carried out in accordance with current regulations and under the following conditions.

1. Data Controller

Cremona Welcome s.a.s.
P.IVA 01584630196
info@ostellocremona.com

We ensure full compliance with the regulations on personal data protection by providing the following information regarding the processing of data communicated or otherwise collected during navigation on this website.

2. Data Processed, Purposes, and Legal Basis for Processing

Data Generated by Accessing the Website

The IT systems and software procedures responsible for the functioning of this website acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols.

These data (such as domain names, IP addresses, operating systems used, type of device or browser used for the connection) are not accompanied by any additional personal information and are used to:

i) obtain anonymous statistical information on the use of the website;
ii) manage technical needs related to the operation of the site;
iii) determine responsibility in case of hypothetical computer crimes.

The legal basis for processing such data is the need to ensure the website’s functionality following user access.

Data Provided Voluntarily by the User

Personal data provided by users through forms are collected and processed for the following purposes:

• to manage customer relations based on contractual agreements;
• for administrative purposes and to comply with legal obligations (e.g., accounting, tax obligations, or requests from judicial authorities);
• with specific consent, to periodically send newsletters, advertising materials, promotional or marketing content via email;
• with specific consent, to receive updates on our activities and for the use of data for personalized advertising purposes.

The legal basis for processing is the execution of a contract to which the data subject is a party, or the execution of pre-contractual measures requested by the data subject. Where indicated, the legal basis is the freely given consent of the data subject.

3. Nature of Data Provision

Except as specified for browsing data and data collected automatically, providing personal data:

• for purposes under points a) and b) is optional, but refusal will make it impossible to fulfill contractual obligations;
• for purposes under points c) and d) is also optional and subject to explicit consent. Refusal will prevent the sending of newsletters, advertising materials, commercial promotions, or invitations to events.

4. Methods of Processing and Data Retention

Collected data will be processed using electronic, automated, IT, or telematic tools, or through manual processing with logics strictly related to the purposes for which the data were collected, always ensuring data security.

Data are stored for the time strictly necessary to manage the purposes for which they were collected, in compliance with current laws. They will be kept in our archives for a maximum of 10 years. The data collected will not be disclosed to third parties or transferred abroad.

The Data Controller applies rules preventing indefinite storage of personal data and limits retention time in accordance with the principle of data minimization.

5. Rights of the Data Subject

At any time and without formalities, the data subject may exercise the rights granted by current personal data protection regulations:

• Right of access: the data subject may request confirmation of whether their data is being processed and receive such data (within reasonable limits);
• Right to rectification: to request correction or updating of inaccurate or incomplete data;
• Right to erasure: to request deletion of their data when they are no longer necessary, in cases of consent withdrawal, objection to processing, unlawful processing, or legal requirements;
• Right to restriction of processing: to obtain temporary suspension of data processing under the conditions of Art. 18 GDPR;
• Right to object: preventing further processing based on legitimate interest, unless there are overriding legitimate grounds (e.g., legal defense);
• Right to data portability: to receive or have data transmitted to another controller in a structured, commonly used, machine-readable format.

The data subject may exercise their rights by contacting the Data Controller at the email address provided above.

In accordance with applicable regulations, the data subject also has the right to file a complaint with the competent supervisory authority, available at www.garanteprivacy.it.

6. Data Protection Officer (DPO)

The Data Controller has appointed a Data Protection Officer (DPO), who can be contacted by email at the address indicated above.