This site uses cookies, including third parties, to improve navigation through the content. We do not store personal data it stores information for advertising purposes. By closing this banner you consent to the use of cookies.



Please be informed that, in accordance with Article 13 of the EU Regulation no. 2016/679 (hereinafter “GDPR”), Congregazione Provincia Umbro Picena del Terzo Ordine Regolare di San Francesco, with registered office in Via San Paolo 2 Assisi, Perugia – Fiscal Code and VAT number 00226220432 (hereinafter the "Data Controller"), your personal data will be processed in the following manner and for the following purposes:

1. Subject matter of the treatment of personal data

The Data Controller processes the personal information (such as first and last name, company name, address, telephone number, e-mail, bank and payment details) – hereinafter the "personal data" or even "data" – which you have communicated upon entering into agreements for the services supplied by the Data Controller.

2. Purposes of processing personal data

Your personal data is processed:

a) without your express consent (Article 6 letters b) and e) of the GDPR), for the following Supply of Services Purposes:

- Connected and instrumental to the management of the relationship with Guests;

- Administrative and/or accounting purposes;

- fulfillment of the obligations established by laws, regulations, community legislations or by an order of the judicial Authority (for example for anti-money laundering purposes);

- exercise the rights of the Data Controller, for example the right to judicial defense;

b) subject to your specific and distinguishable consent (Article 7 of the GDPR), for the following Marketing Purposes:

- send (by e-mail, regular mail and/or text message and/or telephone calls) newsletters, marketing communications and/or advertising material on products or services offered by the Data Controller and for ascertaining the level of customer satisfaction on the quality of services;


3. Processing methods


The processing of your personal data is carried out in the manner contemplated for by Article 4 no. 2) of the GDPR and, more precisely: collection, recording, organization, storage, consultation, processing, modification, selection, retrieval, comparison, use, interconnection, blocking, communication, erasure and destruction of data. Your personal data is subjected to both paper and electronic and/or automated processing.


The Data Controller will process the personal data for the time required to fulfill the aforementioned purposes and in any event for no longer than 10 years from the termination of the Supply of Services relationship and no later than 2 years from the collection of data for Marketing Purposes.


4. Access to personal data


Your data may be made accessible for the purposes referred to in Article 2.A) and 2.B):


- to employees and collaborators of the Data Controller or of companies acting in their capacity as data supervisors and/or data processors and/or system administrators;


- to third-party companies or other entities (for example banks, professional firms, consultants, insurance companies for the provision of insurance services, etc.) which carry out outsourcing activities on behalf of the Data Controller, in their capacity as external data supervisors.


The processing of personal data will be based on principles of accuracy, lawfulness and transparency, protecting your privacy and your rights.


5. Transmission of data


The Data Controller may, without the express consent of the data subject (Article 6, letters b) and c) of the GDPR), transmit data for the purposes referred to in Article 2.A) to surveillance Authorities (such as IVASS), judicial Authorities, insurance companies for the supply of insurance services, as well as to those entities to whom transmission is mandatory by law for the accomplishment of said purposes. These entities will process the data in their capacity as independent data controllers.


Your information will not be divulged.


6. Transfer of collected data


Personal data is stored on servers located in Milan (Italy), within the European Union. In any event, it is understood that the Data Controller, if required, will have the right to move the servers outside of the EU. In this case, the Data Controller hereby guarantees that the transfer of data outside of the European Union will take place in accordance with applicable laws and subject to the stipulation of standard contractual clauses provided for by the European Commission.


7. Nature of the provision of data and consequences of refusal to reply


The provision of data for the purposes referred to in Article 2.A) is mandatory.


Lacking thereof, we cannot guarantee the services contemplated by Article 2.A).


The provision of data for the purposes referred to in Article 2.B) is optional. You can therefore decide not to provide any information or to subsequently prohibit the processing of data already provided: in this case you will not be able to receive newsletters, commercial communications and advertising material regarding the Services offered by the Data Controller.


You will however continue to be entitled to the Services referred to in Article 2.A).


8. Rights of the data subject


In your capacity as data subject, you have the rights referred to in Article 15 of the GDPR and, more precisely:


i. obtain confirmation of the existence or non-existence of your personal information, even if not yet registered, and their communication in a comprehensible form;


ii. obtain information on: a) the origin of personal data; b) the purposes and methods of processing; c) the logic applied in case of treatment carried out with the aid of electronic devices; d) the identity of the controller, data supervisors and designated representative pursuant to Article 3, paragraph 1, of the GDPR; e) the entities or categories of entities to whom the personal data may be transmitted or who may become aware of the same in their capacity as designated representatives, data supervisors or data processors in Italy;


iii. obtain: a) the updating, rectification or the addition of information; b) the deletion, transformation into anonymous form or blocking of data processed in violation of laws, including data no longer required for the pursuit of the purposes for which it was collected or subsequently processed; c) proof that the actions referred to in letters a) and b) above have been brought to the attention, also with regard to their content, to the individuals to whom the data has been transmitted or divulged, except in the event where such fulfillment is impossible or involves a use of means manifestly disproportionate to the protected right;


iv. to object, in whole or in part: a) for legitimate reasons, to the processing of your personal data, even if pertinent to the purposes of the collection of said data; b) to the processing of your personal data for the purposes of sending advertising or direct sales material or for carrying out market research or commercial communications by automated call systems without the intervention of an operator, by e-mail and/or through traditional marketing methods by telephone and/or regular mail. Please note that the right of opposition set out in point b) above, for direct marketing purposes through automated methods, extends to traditional ones and that in any case the possibility remains for the data subject to exercise the right to object even only partially. Therefore, the data subject may decide to receive only communications using traditional methods or only automated communications or none of the two types of communication. Where applicable, the data subject also has the rights contemplated by Articles 16-21 of the GDPR (Right of rectification, Right of erasure, Right to restriction of processing, Right to data portability, Right to object), as well as the right to lodge a complaint to the Supervisory Authority.


9. Exercise of rights


The data subject may at any time exercise the rights contemplated by Articles 15 to 22 of the 2016/679 European Regulation by sending:


- a registered letter with acknowledgement of receipt to PROVINCIA UMBRO PICENA DEL TOR – c/o OASI SAN FRANCESCO – Via Arzaga, 23 – 20146 Milan


10. Data Controller, data supervisor and appointed individuals


The Data Controller is Congregazione Provincia Umbro Picena del TOR with registered office in Via San Paolo 2, Assisi (Perugia), Italy.


The up-to-date list of data supervisors and data processors is kept at the registered office of the Data Controller.


May 22, 2018



free joomla templatesfibre optique
Copyright © Oasi San Francesco 2013. Via Arzaga, 23 20146 Milano. Tel 02.416318 - 02.416319 - 02.416904 Fax 02.4158653.