Privacy Policy

WEB SITE PRIVACY NOTICE

Ignazio Messina & C. S.p.A. , with registered office at Via G. D’Annunzio 91, 16121 (hereinafter, the “Controller”), provides this notice to users of its website (collectively, the “Data Subjects”), in compliance with Article 13 of Regulation (EU) 2016/679 (“GDPR”).

Data subjects and categories of personal data

In the context of using the website, the processing activities concern Users, i.e., individuals browsing the Ignazio Messina & C. S.p.A. website.

The personal data processed are as follows:

Identification and contact data: name, surname, e-mail address, as well as any information entered in the forms available on the website, through which the Data Subject sends a message to the Company, registers for the reserved area or books a visit to the Company’s premises.
Browsing data, such as IP address and cookies.

Please note that the Controller uses only technical cookies to ensure the proper functioning of the website, as well as analytical cookies equivalent to technical cookies. These analytical cookies are third-party cookies, as they are not installed by the Controller but by the website provider. No profiling or analysis activities are carried out that would identify or make the User identifiable.

Purpose and legal basis of the processing

Data referred to in point A.1 are processed to respond to contact requests sent by the User to the Company, such as requests for information or for credentials to access a reserved area of the website. The processing is lawful as it is based on Article 6(1)(b) GDPR, since it is necessary for the performance of pre-contractual measures at the request of the Data Subject.
Additionally, processing is carried out to pursue the legitimate interest of the Controller in responding to the User who contacted it or in defending itself in legal proceedings, pursuant to Article 6(1)(f) GDPR.
Data referred to in point A.2 are processed to ensure the proper functioning of the website and allow the User to browse; analytical cookies equivalent to technical cookies are collected anonymously and in aggregate form to analyze website traffic and improve usability. Therefore, processing is based on the legitimate interest of the Controller or third parties under Article 6(1)(f) GDPR.

Such data may also be processed where necessary to comply with legal obligations (Article 6(1)(c) GDPR).

Categories of recipients and scope of disclosure

Within the limits strictly related to the obligations, tasks, or purposes indicated above, personal data may be disclosed to public authorities for legal compliance and to companies performing auxiliary activities on behalf of the Controller, such as travel agencies, hotels, legal, tax, or IT consultants, logistics providers, rental services, training providers, banking services, which, where applicable, are appointed as data processors pursuant to Article 28 GDPR.


Apart from the above, personal data will be processed exclusively by employees and/or collaborators of the Company, formally authorized under Article 29 GDPR, in compliance with applicable law and security measures to protect and safeguard data.

Extra-EU data transfer

User data will not be transferred outside the European Union; however, should such transfer become necessary, the Controller undertakes to comply with the conditions set forth in Chapter V GDPR.

Data retention period

If no contractual relationship with the Controller is established, personal data will be deleted. Otherwise, data referred to in point A.1 will be retained for the purposes indicated in section 2 for no longer than necessary to fulfill legal, regulatory, or contractual obligations, taking into account applicable limitation periods.
Personal data processed for the purpose of legal defense will be retained until such purpose has been fulfilled (e.g., until the judgment becomes final).

Data subject rights

Data Subjects are informed that, under the GDPR and in the cases provided therein, they may exercise the following rights by writing to: legal@messinaline.it:

– Right of access to their personal data (Article 15 GDPR).
– Right to update outdated data, rectify inaccurate data (Article 16 GDPR), erase data in the cases provided (Article 17 GDPR), restrict processing (Article 18 GDPR), or object to processing (Article 21 GDPR).
– Right to receive their personal data in a structured, commonly used, machine-readable format and transmit them to another controller without hindrance (data portability, Article 20 GDPR).
– Right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) according to the law (for more information, please visit www.garanteprivacy.it).