Pursuant to and for the purposes of Article 13 of Regulation (EU) 2016/679 on the Protection of Personal Data (henceforth “GDPR”), this text indicates how we protect the privacy of visitors to the corporate website www.cbcommercial.it (“Site”) and the various sites managed by Realty Advisory S.p.A. (“Project Sites”), describing how we collect, process and protect personal information, the rights granted to data subjects and the means to contact us.
Personal data is information about an identified or identifiable natural person defined as “data subject” (hereinafter also “User”), such as personal data, contact data (telephone, e-mail), and navigation data.
Data controller is, the person who determines the purposes and means of the processing of personal data to which you can turn to exercise the rights recognized by the GDPR, is
Realty Advisory S.p.A., with registered office in via Camperio 10 – 20123, Milan (MI), Italy, registered Commercial Register of MILANO-MONZA-BRIANZA-LODI, Fiscal Code, VAT Number 08117460967, REA MI-2003864, Section of Real Estate Agents Province of MILAN (“Realty Advisory” or “Data Controller”).
The Data Controller may be contacted by sending an e-mail to firstname.lastname@example.org or by sending a communication by traditional mail to the address of the Data Controller, taking care to specify the reason for the request.
Sources and categories of processed data, nature of data provision and processing methods
The personal data subject to processing are collected mainly by the User, when the latter navigates the Site or the Project Sites or makes use of the services provided. This information analyzes the personal data processed in the different sections of the Site or on the Project Sites and regulates exclusively the personal data processing activities carried out.
Area Contacts for real estate brokerage and consulting services
Realty Advisory collects through the Site and the various Project Sites, the personal information that Users provide freely by filling in the appropriate contact request form relating to real estate brokerage and consulting services, to property initiatives or individual properties promoted on the Site or on the Project Sites.
This section collects the following types of data:
(i) name and surname;
(ii) e-mail address and telephone number;
(iii) additional fields to describe the User’s request.
Realty Advisory cannot carry out any kind of preventive check in relation to the information entered in the fields freely filled in by the User.
The provision of data in this area is optional. If the User decides not to provide such data, the same cannot forward contact requests to Realty Advisory, which will therefore be unable to give appropriate feedback.
Purpose of processing
The personal data provided are processed to respond to contact requests made to Realty Advisory by Users through the form, and in particular:
- satisfy the specific contact request submitted by the User;
- comply with contractual obligations and/or arising from Community laws, regulations and legislation, provisions issued by competent authorities and supervisory bodies;
- subject to the consent of the interested party, send newsletters, advertising communications relating to real estate or other real estate initiatives (including the related events or other promotional initiatives), market research activities and commercial communications through automatic and traditional means of contact;
- send offers on products or services similar to those purchased and requested by the User to Realty Advisory by e-mail even in the absence of a specific consent (c.d. soft opt-in), unless the User expressly refuses to receive such communications, that you can express at any time (through the unsubscribe mechanism present in the footer of the e-mail received), writing to mailto:email@example.com or expressly denying consent for the promotional purposes referred to in point 3.
The processing of personal data with regard to the purposes referred to in points 1 and 2 shall be based on the principle expressed in Article 6, paragraph 1, letter b) of the GDPR according to which the processing is lawful when necessary for the execution of pre-contractual measures at the request of the data subject.
The processing of personal data with reference to the purposes referred to in point 3 is based, pursuant to Article 6, paragraph 1, letter a) of the GDPR, on the specific consent possibly granted by the User. This consent can be revoked at any time, without prejudice to the lawfulness of the processing carried out before the revocation, following the instructions given in the section “Rights of the data subject”.
The processing of personal data with reference to the purposes referred to in point 4 is based on art. 130, paragraph 4, of the Privacy Code (Legislative Decree n. 196/2003), provided that it is communications on products or services similar to those that have been the subject of a purchase or request of the User who, properly informed, has not opposed or is not opposed to such communications in the future.
Period of data retentioning
For the purposes referred to in points 1 and 2, personal data will be kept only for the time necessary to contact the User who has requested it and for a period not exceeding 12 months after the User’s request has been received, in order to properly handle any subsequent requests from the same User or additional information related to the same or similar issues.
For the purposes referred to in point 3, personal data will be stored until the withdrawal of the express consent by the User.
For the purposes referred to in point 4, until the User objects. The User may object to the processing of his personal data for this purpose both at the time of request of the products and services available on the site (expressly denying consent to the processing for the promotional purposes referred to in point 3)On the occasion of subsequent commercial communications of the Data Controller, by writing to firstname.lastname@example.org or through the unsubscribe mechanism present in the footer of the e-mail received.
In addition to the data provided directly and intentionally by the User, computer systems and software procedures responsible for the operation of the Site acquire, in the course of their basic operation, certain browsing data whose transmission is implied in the use of Internet communication protocols.
Those are infos not collected to be associated with identified data subjects, but by their character could, through processing and association with data held by third parties, allow to identify users. This category of data includes the IP addresses or domain names of the computers used by Users connecting to the site, the addresses in URI notation (Uniform Resource Identifier) of the resources requested, the time of the requests, the method used to submit the requests to the server, the size of the files obtained in response, numeric codes indicating the status of the answers given by the server (good end, error, etc.) and other parameters related to the operating system and the IT environment of the Users. This data is used only for the purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning. They could be used to ascertain responsibility in case of crimes.
The processing of navigation data is based on the principle expressed in article Art. 6 (1) (f) GDPR – Legitimate interest of the data controller to keep the Site secure and that the Site is not used in a manner that violate the rights of others or as a channel for the commission of wrongdoing or possible fraud (cf. recital 47 of the GDPR).
Methods of Treatment and Safety
Processing of personal data means any operation or set of operations performed on personal data or on sets of personal data, with or without the aid of automated means, such as collection, registration, organization, structuring, the storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction.
With regard to security, we inform you that access to personal data is allowed only to personnel formally authorized by the Data Controller, as well as the related operations described above, and that the processing of your data will take place with suitable methods and tools to ensure confidentiality and can be carried out by electronic or automated means and not (paper archives), both equipped with adequate security measures, as required by the GDPR, in order to prevent data loss, unlawful or incorrect use and unauthorised access.
Data Communications to “Third Parties”
Subject to any communications to comply with legal obligations, the Data Controller will communicate the personal data provided by users with attention only to third parties selected for the support of the requested service, or for the fulfilment of the purposes listed above, appropriately designated data processors, such as: external companies for the management of the information system, website or databases and telecommunications networks;
Finally, users’ data may be transmitted, in compliance with the law, to the police forces and to the judicial and administrative authority, for the detection and prosecution of crimes, the prevention and protection against threats to public security, to enable the Joint Data Controllers to establish, exercise or defend a right in court, as well as for other reasons related to the protection of the rights and freedoms of others.
In accordance with the GDPR, the User has the right: to ask the Data Controller for access to personal data (art. 15), rectification (art. 16), cancellation (art. 17), limitation of the processing of personal data concerning him (art. 18)the right to data portability (Art. 20) or to object to their processing (Art. 21), in addition to the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects on the person or which affects him in a significant way (Art. 22).
If the processing of personal data is based on the consent expressed by the User, pursuant to art. 7 paragraph 3 of the Regulation, it is recognized the possibility of revoking the consent given for the sending of communications and updates for promotional and commercial purposes.
There is also the right to lodge a complaint with the competent supervisory authority (art. 77 of the Regulation) if users believe that the processing carried out by the Data Controller does not comply with the provisions of the legislation on the protection of personal data. In Italy, the complaint can be submitted to the local Data Protection Authority. More information on how to submit complaints can be found on the website of the Guarantor, at www.garanteprivacy.it.
Requests can be sent to the Data Controller in the following ways:
- writing to the following e-mail address: email@example.com
- by registered mail to: via Camperio 10 – 20123, Milano (MI), Italia
Changes to the policy
Last updated: June 2022