INFORMATION NOTICE TO DATA SUBJECTS ON THE PROCESSING OF THEIR PERSONAL DATA

provided pursuant to Legislative Decree 196/03 and subsequent amendments, and Articles 13–14 of the “European Regulation on the protection and processing of personal data” – EU REG. 2016/679 (GDPR)

Pursuant to Legislative Decree 196/03 and subsequent amendments and to EU Regulation no. 2016/679 (hereinafter “GDPR 2016/679”), containing provisions for the protection of individuals and other subjects with regard to the processing of personal data, we hereby inform you that the personal data you provide will be processed in compliance with the aforementioned legislation and the confidentiality obligations to which Nuova Nabila Srl is bound.

This privacy notice concerns exclusively the data collected by Nuova Nabila Srl in the management of the Villa Manfredini facility.

Data Controller, Data Processors, and Data Protection Officer (DPO)

The Data Controller is Nuova Nabila Srl, represented by the acting Chair of the Board of Directors, with registered office in Reggiolo (RE), Via G. Marconi 4, e-mail: info@villamanfredini.it.
The list of individuals designated as Data Processors may be requested by sending an e-mail to: info@villamanfredini.it.
The Data Protection Officer (DPO) appointed by the Controller pursuant to Articles 37 et seq. of the GDPR can be contacted at the following e-mail address: ….

Data processed, purpose of processing, and nature of data provision

The Controller collects and processes the following data:

1. Browsing data via the website: the IT systems and software procedures used to operate the Villa’s website acquire certain personal data whose transmission is implicit in the use of Internet communication protocols. This category includes: IP addresses, browser type used, operating system, domain names and website addresses from which access is made, information about the pages visited within the site, access time, time spent on each page, internal navigation paths, and other parameters relating to the user’s operating system and IT environment. Users are invited to read the Cookie Policy available on the Villa’s website, which governs the processing of these types of data.

2. Data voluntarily provided by the user online via direct WhatsApp link, web form, telephone contact, e-mail, or in person at Hotel Villa Nabila Srl: the personal data voluntarily provided by the user—via the direct WhatsApp link on the website, by telephone, e-mail, or in person—are only those strictly necessary to provide the requested service related to the use of Villa Manfredini, specifically: name, surname, tax code, telephone number, and e-mail address.
   Such data will be processed exclusively for the performance of the requested service.
   Providing this data is optional; however, failure to provide it, or incomplete or inaccurate provision, makes it impossible to deliver the requested services.

3. Additional purposes: promotional, commercial, and marketing activities: only with the user’s express consent, the personal data indicated above may be used by the Controller, via electronic means (e.g., SMS, WhatsApp, e-mail) or traditional means (e.g., mail, telephone, fax), for the following purposes:
   a) sending newsletters concerning events or activities related to Villa Manfredini, or commercial promotions or offers;
   b) disseminating, in any form, the user’s images or videos taken during the provision of services or during events organized by the Controller, through the website, social networks (particularly Facebook, Instagram, Twitter, LinkedIn, TripAdvisor, etc.), printed materials, and/or any other means of distribution.
   Consent for the processing of data for the purposes listed under point 3) is optional, and any refusal or withdrawal of consent will not affect the provision of the requested services. Personal data collected will not be sold to third parties or the public in any form.

Payment data

Payment services are carried out exclusively at the facility or by bank transfer at the time of signing the contract, and not through online platforms.

Methods of processing

The data you provide will be processed in compliance with the principles of fairness, lawfulness, and transparency.
Processing will be carried out using automated and/or manual methods, in accordance with Article 32 of GDPR 2016/679, by authorized personnel and in compliance with Article 29 of GDPR 2016/679.

Legal basis for processing and data retention period

Except for browsing data (1), the legal basis for processing for purposes 2) and 3) is the consent optionally given by the user.
In compliance with the principles of lawfulness, purpose limitation, and data minimization under Article 5 of GDPR 2016/679, data will be retained for the time necessary to fulfill legal obligations and to achieve the purposes for which they were collected and processed, in accordance with applicable regulations.

Scope of communication and disclosure

Your data will not be disclosed to unspecified parties. They may, however, be communicated to public or private entities, bodies, and institutions for the purposes specified above and in cases required by law or regulations.
By way of example, the Controller may/must communicate your data to:
• institutional entities, pursuant to legal obligations;
• qualified parties providing services instrumental to the purposes mentioned above;
• qualified parties such as suppliers offering services related to booking management, organization of events and promotional activities, and dispatch of commercial communications;
• consultants assisting the company in accordance with legal provisions.

Transfer of personal data

Data will not be transferred to third countries outside the European Union.

Rights of the data subject

Pursuant to Articles 15–22 of EU Regulation 2016/679, regarding the processing of your personal data, you may at any time request:
• access: confirmation as to whether data concerning you is being processed, further information about this Privacy Notice, and a copy of the data within reasonable limits;
• rectification: correction or completion of inaccurate or incomplete data;
• erasure: deletion of your data when no longer necessary for our purposes, in the absence of disputes, upon withdrawal of consent or objection to processing, in cases of unlawful processing, or when required by law;
• restriction: limitation of processing under the conditions of Article 18 GDPR; in this case, data will only be processed (except for storage) with your consent, except as provided in paragraph 2 of the same Article;
• objection: objection at any time to processing based on our legitimate interest, unless we have overriding legitimate grounds (e.g., for legal defense); objection to processing for marketing purposes always prevails;
• portability: receipt of your data, or transmission of the same to another controller designated by you, in a structured, commonly used, machine-readable format.

Under Article 7(3) GDPR, you may withdraw your consent at any time, without affecting the lawfulness of processing based on consent given before withdrawal.
You also have the right to lodge a complaint with the Supervisory Authority, which in Italy is the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).

To exercise these rights, report issues, or request clarification regarding the processing of your personal data, you may send an e-mail to info@villamanfredini.it.
Requests may also be submitted by post to the Data Controller at the address indicated above, specifying the subject of the request.

Privacy Notice updated on 21/11/2025