This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data and keep it safe.
We know that there’s a lot of information here, but we want you to be fully informed about your rights, and we use your data.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you are welcome to come back and check it whenever you wish.
Who are we?
We are the Noel family. To make an enquiry contact firstname.lastname@example.org
Explaining the legal basis we rely on
The law on data protection sets out six ways which a company may collect and process your personal data, having analysed our customer database and business model we have assessed that Legitimate Interest is the primary basis. Il Palazzetto uses Legitimate Interest for prospects and customers as the primary legal basis for processing personal data.
If any changes to the business model change to include outbound marketing or asking for consent to collect personal data you will be given the option to decline any marketing when you complete the contact form.
When do we collect your personal data?
Personal data is collected for the following business activities:
- Web contact enquiries
- Email enquiries
- Personal referrals
What sort of personal data do we collect?
The personal data we collect is limited to the level we need to deliver our services and is made up of the following across the group:
- Email address
- Phone number
- Postal address
How and why do we use your personal data?
Your personal data is used to manage enquiries and provide you with requested information and confirmations.
Of course, you are free to opt out at any time.
When you use our website, cookies are used to collect browsing data to interact with your computer. These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information to improve and customize your browsing experience and for analytics and metrics about our visitors both on this website and other media. There is limited personal data being collected.
How we protect your personal data
The other main systems in use by the group include the following:
- Google analytics – https://support.google.com/analytics/answer/6004245?hl=en
- Google Console – https://developers.google.com/actions/policies/privacy-policy-guide
How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
Who do we share your personal data with?
Your personal data is only used to deliver the services described in the section describing how and why we collect your personal data.
What are your rights over your personal data?
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
Where any subject access request is made there is a requirement to prove identity before any information is divulged. This may involve physical presence with accompanying ID.
Where a request to “Be forgotten “is made that can only be complied with if there are no other legal frameworks that overrule GDPR. Examples would be HMRC, FCA, etc.
Links to other websites
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Regulation changes and remedial actions
The GDPR went live on 25th May 2108 and the UK Data Privacy Bill gained Royal Ascent on 23rd May 2108. Therefore, this Notice is based on the regulations as they exist with a review process set up to make any adjustments required to become and stay compliant.
In the event of any changes or processes which need remedial action the review procedure will capture those issues and remedy them.
Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns (opens in a new window; please note we can’t be responsible for the content of external websites)
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.