Privacy Policy of Il Mistero del Castello
For ilmisterodelcastello.it (hereinafter the Site) the privacy of its users is of primary importance. This section contains information on how ilmisterodelcastello.it handles the processing of Il Mistero del Castello users’ data.
This information is also valid for the purposes of Article 13 of Legislative Decree no. 196/2003, Code for the Protection of Personal Data, and for the purposes of Article 13 of EU Regulation no. 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, for persons interacting with ilmisterodelcastello.it
This information is provided only for ilmisterodelcastello.it and not for other websites that may be consulted by the user through links contained therein.
The purpose of this document is to provide information on the methods, times and nature of the information that data controllers must provide to users when they connect to the web pages of ilmisterodelcastello.it regardless of the purposes of the connection itself, in accordance with Italian and European legislation.
The information may be subject to change due to the introduction of new regulations in this regard, so the user is invited to check this page periodically.
If the user is under 16 years of age, according to art.8, c.1 EU regulation 2016/679, he/she will have to legitimise his/her consent through the authorisation of his/her parents or guardian.
This site collects certain personal data of its users.
Data controller
If you have any questions regarding this privacy policy, you can contact us using the information below.
Castelpiovera Cultural Association
Via Balbi, 2
15040 Piovera (AL)
C.F./ P. VAT 02429780063
Email: info@ilmisterodelcastello.it
Tel: +39 339 794 9165
Our users can send requests regarding the protection of personal data protection, privacy and security to Enrico Nai at info@ilmisterodelcastello.it.
Data processor
The data controller is the natural or legal person, public authority, service or other body that processes personal data on behalf of the data controller.
Pursuant to Article 28 of EU Regulation No. 2016/679, the data controller of the ilmisterodelcastello.it website is:
Castelpiovera Cultural Association
Via Balbi, 2
15040 Piovera (AL)
C.F./ P. VAT 02429780063
Types of data collected
You can visit our site anonymously. Among the personal data collected by ilmisterodelcastello.it, either independently or through third parties, are Cookies, Usage Data, Email and Name, Telephone Number and various types of Data. Full details on each type of Data collected are provided in the dedicated sections of this privacy policy or by means of specific information texts displayed prior to the collection of such Data. Personal Data may be freely provided by the User or, in the case of User Data, automatically collected during use of the site. In cases where the site ilmisterodelcastello.it indicates some Data as optional, Users are free to refrain from communicating such Data, without this having any consequences on the availability of the Service or its operation. Users in doubt as to which Data are mandatory are encouraged to contact the Data Controller. Any use of Cookies – or of other tracking tools – by ilmisterodelcastello.it or by the owners of third party services used by ilmisterodelcastello.it, unless otherwise specified, is for the purpose of providing the Service requested by the User, in addition to the further purposes described in this document and in the Cookie Policy, if available. The User assumes responsibility for the Personal Data of third parties obtained, published or shared through ilmisterodelcastello.it and guarantees that he/she has the right to communicate or disseminate them, releasing the Owner from any liability towards third parties.
Legal basis of data processing
The Controller processes personal data relating to the user if one of the following conditions exists: the user has given consent for one or more specific purposes; Note: in some jurisdictions, the Controller may be authorised to process Personal Data without the user’s consent or another of the legal bases specified below, as long as the user does not object (“opt-out”) to such processing. However, this does not apply if the processing of personal data is regulated by European data protection legislation.
The processing is necessary for the performance of a contract with the user and/or the execution of pre-contractual measures;
Processing is necessary for the performance of a legal obligation to which the controller is subject;
Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
Processing is necessary for the pursuit of the legitimate interests of the data controller or of third parties.
However, it is always possible to ask the data controller to clarify the concrete legal basis of each processing operation and in particular to specify whether the processing is based on law, required by a contract or necessary to conclude a contract.
Modalities and location of the processing of collected Data
Method of processing
The Data Controller processes Users’ Personal Data by adopting appropriate security measures aimed at preventing unauthorised access, disclosure, modification or destruction of Personal Data. Processing is carried out by means of computer and/or telematic tools, with organisational methods and logics strictly related to the purposes indicated. In addition to the Data Controller, in some cases, categories of people involved in the organisation of the site (administrative, sales, marketing, legal, system administrators) or external parties (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Data Controller, may have access to the Data. The updated list of Data Processors can always be requested from the Data Controller.
Location
The Data are processed at the Data Controller’s premises and at any other place where the parties involved in the processing are located. For further information, please contact the Data Controller. The User’s Personal Data may be transferred to a country other than the one where the User is located (see users purchasing games from foreign countries). To obtain further information on the processing location the User may refer to the section on Personal Data processing details. The User is entitled to obtain information about the legal basis for the transfer of Data outside the European Union or to an international organisation under public international law or consisting of two or more countries, such as the UN, as well as about the security measures taken by the Controller to protect the Data. Should one of the transfers just described take place, the User may refer to the respective sections of this document or request information from the Controller by contacting him at the contact details given at the beginning.
Storage period
The Data are processed and stored for the time required by the purposes for which they were collected. Therefore:
Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User will be retained until the performance of such contract is completed.
Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until such interest is satisfied. The User may obtain further information regarding the legitimate interest pursued by the Controller in the relevant sections of this document or by contacting the Controller.
When the processing is based on the User’s consent, the Data Controller may keep the Personal Data longer until such consent is revoked. Moreover, the Controller may be obliged to keep the Personal Data for a longer period in compliance with a legal obligation or by order of an authority. At the end of the retention period the Personal Data will be deleted. Therefore, at the expiration of this period, the right of access, cancellation, rectification and the right to Data portability can no longer be exercised.
Purposes of the Data collected
The User’s Data are collected to allow the Owner to provide its Services, as well as for the following purposes: Statistics, Address management, Interaction with social networks and external platforms, Contacting the User, Management of User databases, Sending of emails related to the service provided by the site: Escape Room games booking: automatically generated technical emails and emails related to troubleshooting of any problems with bookings/billing/refunds
To obtain further detailed information on the purposes of the processing and the Personal Data concretely relevant for each purpose, the User may refer to the relevant sections of this document.
Personal Data Processing Details
Personal Data is collected for the following purposes and using the following services:
Platform and hosting services
WordPress.com
Privacy Policy: WordPress.com is a platform provided by Automattic Inc. that enables the Owner to develop, operate and host this Application.
Provider: Automattic Inc.
Personal data collected: Various types of data as specified by the privacy policy of the service
Social Network Interaction Services
Purpose: Access to Facebook accounts on third-party services
Personal data collected: ‘about me’ friends
Privacy Policy:This service allows this Application to connect with the User’s account on the social network Facebook, provided by Facebook, Inc.
For more information on the following permissions, please refer to Facebook’s permissions documentation and privacy policy.
Purpose: Access to Facebook accounts on third-party services
Personal data collected: ‘about me’ friends
Privacy Policy:This service allows this Application to connect with the User’s account on the social network Facebook, provided by Instagram, Inc.
Contacting the User
Contact form (This Site)
Personal data collected: Email, First Name and Last Name.
Privacy Policy: The User, by filling out the contact form with their Data, consents to their use to respond to requests for information, quotes, or any other nature indicated by the header of the form.
Access Account Third Party Services
These services allow this Site to take Data from your accounts on third-party services and perform actions with them.
These services are not activated automatically, but require the express authorisation of the User.
Facebook account access (Facebook, Inc.)
This service enables this Site to connect with the User’s account of the User on the social network Facebook, provided by Facebook, Inc.
Required permissions: Sharing, Insight and Likes.
Personal data collected: various types of data as specified by the privacy policy of the service.
Place of processing: USA – Privacy Policy
Accessing your Instagram account (Instagram, Inc.)
This service allows this Website to connect with your account on the social network Instagram, provided by Instagram, Inc.
Required permissions: Sharing, Insight and Likes.
Personal data collected: various types of data as specified by the privacy policy of the service.
Place of processing: USA – Privacy Policy.
Interaction with social networks and external platforms
This site also incorporates plugins and/or buttons for social networks or other external platforms, in order to allow easy sharing of content on your favourite social networks. These plugins are programmed so as not to set any cookies when you access the page, in order to safeguard your privacy. Cookies are only set, if so provided by the social networks, when the user makes actual and voluntary use of the plugin. Please bear in mind that if the user navigates while logged into the social network then he has already consented to the use of cookies conveyed through this site at the time of subscribing to the social network.
Interactions and information acquired by this website are in any case subject to the user’s privacy settings relating to each social network, to which please refer.
In the event that a service is installed for interaction with social networks, it is possible that, even if the Users do not use the service, the same collects traffic data related to the pages where it is installed.
Statistics
The services contained in this section allow the Data Controller to monitor and analyse traffic data and serve to keep track of the User’s behaviour.
Google Analytics (Google Inc.)
Google Analytics and Google tag Manager are web analysis services provided by Google Inc.
(“Google”). Google uses the Personal Data collected for the purpose of track and examine the use of this website, compile reports and share them with other services developed by Google.
Google may use the Personal Data to contextualise and customise the advertisements of its advertising network.
A browser add-on for deactivating Google Analytics is also available from Google at the following link https://tools.google.com/dlpage/gaoptout?hl=it
Personal Data collected: Cookies and Usage Data.
Place of processing : USA – Privacy Policy – Opt Out
Content on external platforms
These services allow content hosted on external platforms to be displayed directly from the pages of this Site and to interact with them. If a service of this type is installed, it is possible that, even if Users do not use the service, it may collect traffic data relating to the pages where it is installed.
Google Fonts (Google Inc.)
Google Fonts is a font style display service operated by Google Inc. that allows this Site to integrate such content into its pages.
Personal data collected: Cookies and usage data
Place of processing: USA Privacy Policy
FontAwsome is a font display service operated by Google Inc. that allows this Site to integrate such content into its pages.
Personal data collected: Cookies and Usage Data
Place of processing: USA Privacy Policy
Maps (Google Inc.)
Google Maps is a map display service operated by Google Inc. which allows this Site to integrate such content into its pages.
Personal data collected: Cookies and usage data
Place of processing: USA Privacy Policy
Use of YouTube
Features of the YouTube service are integrated into this website. These features are offered by YouTube, LLC 901 Cherry Ave. San Bruno, CA 94066 USA. Further information on this can be found in YouTube’s data protection policy. YouTube uses cookies, among other things, to capture reliable video statistics, to prevent fraud and to improve user-friendliness. The user can find further details regarding YouTube’s use of cookies in YouTube’s data protection policy available at: https://www.google.it/intl/it/policies/privacy/
Hosting and backend infrastructure
These types of services are intended to host data and files that allow this Website to function, enable its distribution and provide a ready-to-use infrastructure to deliver specific functionality of this Website.
Some of these services operate through servers located geographically in different locations, making it difficult to determine the exact location where Personal Data is stored.
Payment handling
Payment processing services allow this Website to process payments by credit card, bank transfer or other means. The data used for payment are acquired directly from the operator of the payment service requested without being processed in any way by this Site.
Some of these services may also allow for the scheduled sending of messages to the User, such as emails containing invoices or payment notifications.
PayPal
PayPal is a payment service provided by PayPal Inc., which allows the User to make online payments using their PayPal credentials.
We accept payments via PayPal. During payment processing, certain data is transferred to PayPal, including information necessary to process or support the payment, such as total purchases and billing information.
Personal Data collected: Various types of Data as specified by the privacy policy of the service. PayPal Privacy Policy
Stripe
Stripe is a payment service provided by Stripe, which allows Users to make online payments using their own credentials and payment details.
Personal Data collected: Various types of Data as specified by the privacy policy of the service. Privacy Policy of Stripe
DNS Services
CloudFlare is a traffic optimisation and distribution service provided by CloudFlare Inc.
The way CloudFlare is integrated means that it filters all traffic on this Site, i.e. communication between this Site and the User’s browser, and also allows the collection of statistical data about it.
Personal data collected: Various types of Data as specified in the privacy policy of the service.
Place of processing: USA – Privacy Policy
CloudFlare Cookie _cfduid : learn more>>
E-mail security
You consent to electronic communication when you personally establish electronic contact with The Mystery of the Castle. The user is informed that e-mails may be read or changed in an unauthorised and unnoticed manner during transmission. The Castle Mystery uses software to filter junk mail (spam filter). E-mails can be rejected by the spam filter if they are wrongly identified as spam through certain characteristics.
Data transfer – SSL encryption
A 128-bit SSL encryption technology (AES 128) is used on this website. User data is transmitted exclusively in encrypted form. A 256-bit SSL encryption technology (AES 256) is used for the portal. User data is transferred in encrypted form only.
Data provided by the user
1.The optional, explicit and voluntary sending of electronic mail to the address indicated on this site entails the subsequent acquisition of the sender’s address, which is necessary in order to reply to requests, as well as any other personal data included in the message.
1.The optional, explicit and voluntary sending of user data (name, email, optionally telephone number) via the contact forms on this site are used exclusively for the provision of services to the user, i.e.: supplying, via email or telephone, of information expressly requested at the time of sending the data about the company, products and services, and quotations.
2.Specific summary information will be progressively reported or displayed on the pages of the site set up for particular services on request.
COOKIE POLICY
Go to the corresponding section
Further information on treatment
Defence in court
The user’s personal data may be used by the Data Controller in legal proceedings or in the preparatory phases of any legal proceedings for the defence against abuses in the use of this website or related Services by the user. The user declares that he/she is aware that the Data Controller may be obliged to disclose the data by order of public authorities.
Specific disclosures
At the user’s request, in addition to the information contained in this privacy policy, this website may provide the user with additional and contextual information regarding specific services, or the collection and processing of personal data.
System logs and maintenance
For operation and maintenance purposes, this website and any third-party services used by it may collect system logs, i.e. files that record interactions and which may also contain personal data, such as the user’s IP address.
Information not contained in this policy
Further information in relation to the processing of personal data may be requested at any time from the Data Controller using the contact details.
User Rights
Users may exercise certain rights in relation to the Data processed by the Data Controller.
In particular, the User has the right to:
Revoke consent at any time. The User may revoke the consent to the processing of its Personal Data previously expressed.
Object to the processing of their Data. The User may object to the processing of its Data when it is done on a legal basis other than consent. Further details on the right to object are set out in the section below.
Access to their own Data. The User has the right to obtain information on the Data processed by the Controller, on certain aspects of the processing and to receive a copy of the Data processed.
verify and request rectification. The User may verify the correctness of its Data and request that it be updated or corrected.
Obtain the restriction of the processing. When certain conditions are met, the User may request the restriction of the processing of its Data. In this case, the Data Controller will not process the Data for any purpose other than its preservation.
Obtain the deletion or removal of their Personal Data. When certain conditions are met, the User may request the deletion of its Data by the Data Controller.
Receive their Data or have them transferred to another Data Controller. The User has the right to receive its Data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transferred without hindrance to another data controller. This provision is applicable when the Data are processed by automated means and the processing is based on the User’s consent, on a contract to which the User is party or on contractual measures related thereto.
Proposing a complaint. The User may lodge a complaint with the competent data protection supervisory authority or take legal action.
Details of the right to object
When Personal Data are processed in the public interest, in the exercise of public authority vested in the Controller or in pursuit of a legitimate interest of the Controller, Users have the right to object to the processing for reasons related to their particular situation.
Users are reminded that if their Data are processed for direct marketing purposes, they may object to the processing without giving any reason. To find out whether the Controller processes Data for direct marketing purposes, Users may refer to the respective sections of this document.
How to exercise rights
To exercise their rights, Users may address a request to the contact details of the Controller indicated in this document. Requests are filed free of charge and processed by the Controller as soon as possible, in any case within one month.
Further information on treatment
Legal defence
The User’s Personal Data may be used for the Owner’s defence in legal proceedings or in the preparatory stages to its possible establishment, against abuses in the use of the same or related services by the User.
The User declares that he/she is aware that the Data Controller may be required to disclose the Data at the request of public authorities.
Specific disclosures
At the User’s request, in addition to the information contained in this privacy policy, this Site may provide the User with additional and contextual information regarding specific services, or the collection and processing of Personal Data.
System logs and maintenance
For operation and maintenance purposes, this Site and any third-party services used by it may collect System Logs, i.e. files that record interactions and which may also contain Personal Data, such as the User’s IP address.
Information not contained in this policy
Further information in relation to the processing of Personal Data may be requested at any time from the Data Controller using the contact information.
Responding to “Do Not Track” requests
This Site does not support “Do Not Track” requests. To find out whether any third party services used support them, please consult their privacy policies.
Changes to this privacy policy
The Data Controller reserves the right to make changes to this privacy policy at any time by informing Users on this page and, if possible, on ilmisterodelcastello.it
as well as, if technically and legally feasible, by notifying Users through one of the contact details held by the Data Controller. Therefore, please consult this page regularly, referring to the date of last modification indicated at the bottom.
If the changes affect processing whose legal basis is consent, the Controller will collect
the User’s consent again, if necessary.
Definitions and legal references
Personal Data (or Data)
Personal data is any information which, directly or indirectly, including in conjunction with any other information, including a personal identification number, makes a natural person identified or identifiable.
Usage Data
This is information collected automatically through ilmisterodelcastello.it (including by third-party applications integrated into ilmisterodelcastello.it), including: IP addresses or domain names of computers used by the User who connects with ilmisterodelcastello.it, the URI (Uniform Resource Identifier) notation addresses, the time of the request, the method used to forward the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc.) the country of origin, the characteristics of the browser and operating system used by the visitor, the various time connotations of the visit
(e.g. the time spent on each page) and the details of the itinerary followed within the Application, with particular reference to the sequence of pages consulted, the parameters relating to the User’s operating system and computer environment.
User
The individual who uses the Site which, unless otherwise specified, coincides with the Data Subject.
Data Subject
The natural person to whom the Personal Data refer.
Data Controller (or Processor)
The natural person, legal entity, public administration and any other entity that processes Personal Data on behalf of the Controller, as set out in this privacy policy.
Data Controller (or Owner)
The natural or legal person, public authority, service or other body which, individually or jointly with others, determines the purposes and means of the processing of personal data and the instruments adopted, including the security measures relating to the operation and use of ilmisterodelcastello.it. The Data Controller, unless otherwise specified, is the owner of ilmisterodelcastello.it.
This Site
The hardware or software tool through which Users’ Personal Data are collected.
Service
The Service provided by ilmisterodelcastello.it as defined in the relevant terms (if any) on this Site.
European Union (or EU)
Unless otherwise specified, any reference to the European Union in this document shall be deemed to include all current member states of the European Union and the European Economic Area.
Cookie
A small piece of data stored within the User’s device.
Legal references
This Privacy Policy is drafted on the basis of multiple legal frameworks, including Articles 13 and 14 of Regulation (EU) 2016/679.
Unless otherwise specified, this privacy policy relates exclusively to ilmisterodelcastello.it
Last modified: 20 March 2020
Il Mistero del Castello 2020 – All rights reserved.
Legal info, Cookie Policy and Privacy Policy