Privacy Policy

The Privacy Policy applies whenever a User navigates through the pages of the Website (https://www.lanfipepalace.com) and for all online activities carried out through it.

The processing of the Personal Data of the Website users will be carried out in Italy and conducted in compliance with:

• General Data Protection Regulation EU/2016/679 (GDPR)
• Legislative Decree No. 196 of June 30, 2003, containing the Personal Data Protection Code
• Recommendation No. 2/2001 adopted by European authorities for personal data protection to identify minimum requirements for online personal data collection.

The Italian supervisory authority is the “Garante per la protezione dei dati personali,” located at Piazza di Monte Citorio n. 121, 00186 – Rome ([https://www.garanteprivacy.it/](https://www.garanteprivacy.it/)).

Data Controller and Data Processor

Following consultation of this Website, data relating to identified or identifiable persons may be processed. The Data Controller for such data is:

Policy

Every person has the right to the protection of their personal data, and in respect of this right, this Privacy Policy provides all useful information to understand how information identifying Website users is collected and used.

The Controller undertakes to respect a principle of strict necessity in the processing of data that can identify the User, even indirectly.
The Controller does not collect or process “sensitive data” in any way according to the definition of EU Reg. 679/2016.
Users’ Personal Data will be processed by the Controller by adopting appropriate security measures aimed at preventing unauthorized access, disclosure, modification, or destruction of Personal Data.

The Website has been configured so that the use of personal data is reduced to the necessary minimum, and it makes use of anonymous data whenever it is possible to pursue the same purposes.

Purposes

Unless otherwise specified, the Data Controller and the providers of third-party services used by it collect User Data for purposes strictly related to the provision of its Services.

The purposes are:
contacting and responding to requests sent by the User, collecting statistical data on Website usage, fulfilling contracts entered into with the User regarding the purchase or booking of products and services, and showing content relating to its business from and through other platforms.

In addition, there are purposes aimed at providing a better experience for the User:
commenting on content, interacting with social networks, and integration with external platforms.

With the explicit consent of the User, the following purposes are carried out:
sending commercial information via email, customer satisfaction surveys, market research, general promotional activities, profiling activities, and analysis of the browsing experience for marketing and promotional purposes.

Data collected by this Website

The types of Personal Data collected and used for each purpose are indicated in the specific sections of this document.

Personal Data collected by this Website may be freely provided by the User or, in the case of Usage Data, collected automatically during the consultation of the pages of this Website.

Other Personal Data that might be collected are indicated in other sections of this privacy policy or through informative texts displayed at the time of the Data collection itself.

Data collected by third-party services

This Website makes use of third-party services for the purposes indicated in the respective section of this Website. The information acquired is in any case subject to the User’s privacy settings for said services.

It is possible that, even if Users do not use the service, it may collect traffic data relating to the pages where it is installed.

Cookies

Cookies are installed within the browser while navigating a Website and can contain various information, some of which may allow for the identification of User preferences.

This Website and its domain [https://www.lanfipepalace.com](https://www.lanfipepalace.com) do not save Personal Data in cookies.
The saved data is for the sole purpose of storing preferences requested by the User, or information necessary to enable the functionality of this Website and its safe and efficient exploration.

The cookies used by this site are:

• session cookies (which vanish when the browser is closed)
• persistent cookies (expire at a predetermined date)

The use of Cookies – or other tracking tools – by this Website or by third-party services used by it, unless otherwise specified, has the purpose of identifying the User and recording the relative preferences for the purposes requested or for statistical purposes.

For instructions on how to deactivate cookies or for other information regarding cookies and privacy, please consult the Cookie Policy.

Data processing, sharing, and methods

The Controller, in compliance with regulations, processes the Personal Data of Users by adopting appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data.

Processing is carried out using IT and/or telematic tools, automated tools, and with organizational methods and logic strictly related to the stated purposes.

It is guaranteed by law that the processing of personal data takes place in respect of fundamental rights as well as the dignity of the data subject, with particular regard to confidentiality, personal identity, and the right to their protection.

Personal Data will be processed exclusively by persons in charge of processing who are specifically authorized and supervised by the Controller:

• internal personnel within the company organization:
  administrative, commercial, marketing, legal personnel, and system administrators.
• external parties:
  such as third-party technical service providers, mail carriers, hosting providers, IT companies, and communication agencies.
• competent authorities:
  – law enforcement or other government authorities in cases provided for by law or if strictly necessary to prevent, detect, or prosecute any criminal acts and fraud;
  – to Entities and in general to every public and private subject, related, subsidiary, or parent companies to which there is an obligation for us to communicate, also for the purpose of the most correct fulfillment of any respective obligation (including instrumental ones) connected to or referable to present and future relationships established with you, imposed by laws and/or regulations or for the achievement of the purposes expressed above.

External parties may also be appointed, if necessary, as Data Processors by the Controller.

In addition to companies acting as data processors, Personal Data is also made available to third parties, autonomous data controllers, for accessory purposes related to the provision of the requested services.

The updated list of Processors can be requested at any time from the Controller’s email address.

Location and communication of data

Data is processed at the Controller’s operating offices and in any other place where the parties involved in the processing are located. For further information, contact the Controller.

The User’s Personal Data could be transferred to a country other than the one where the User is located; in any case, it will never be transferred outside countries belonging to the European Union, unless safeguard clauses or equal levels of Personal Data protection are guaranteed.

Transfer will be carried out only to pursue Commercial Purposes agreed upon with the explicit request of the User.

Retention period

Data is processed and stored for the time required by the purposes for which it was collected.

Specifically:

• Personal Data collected for purposes related to the execution of a contract between the Controller and the User will be retained until the execution of such contract is completed.
• Personal Data collected for purposes related to the legitimate interest of the Controller will be retained until such interest is satisfied.

When processing is based on User consent, the Controller may keep Personal Data longer until said consent is revoked. Furthermore, the Controller might be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority. At the end of the retention period, the Personal Data will be deleted.

Rights

Users can learn about their rights, request further information, and stay updated on the legislation concerning the protection of individuals with respect to the processing of Personal Data by consulting the website of the Garante for the protection of Personal Data at www.garanteprivacy.it .

The User has the right to:

• Withdraw a previously expressed consent to the processing of their Personal Data.
• Object to the processing of their Data if it takes place on a legal basis other than consent.
• Access their Data and obtain all information on the Data processed by the Controller.
  The data will be provided via a copy of the Data in a commonly used format, readable by an automatic device.
• Verify and request the rectification of their Data.
• Obtain the restriction of processing, if certain conditions apply. In this case, the Controller will not process the Data for any purpose other than its storage.
• Request the deletion or removal (right to be forgotten) of their Personal Data.
• Transfer their data to another Controller, where technically feasible, by obtaining or asking to forward their Data in a structured, commonly used, and machine-readable format. This provision is applicable when Data is processed by automated tools and processing is based on the User’s consent, on a contract to which the User is a party, or on contractual measures connected to it.
• Lodge a complaint with the competent personal data protection supervisory authority or take legal action.

The User may exercise their rights at any time by sending a request to the Controller’s contact details.

Legal defense

The User’s Personal Data may be used for defense by the Controller in court or in the stages leading to its eventual establishment, against abuses in the use of the same or related services by the User.

The User is aware that the Controller may be required to reveal Data at the request of public authorities.

Legal requirements

The Controller reserves the right to access, preserve, and share information with regulators, law enforcement, or other subjects in the following cases:

• In response to a legal request, in terms of good faith and within the terms imposed by law.
• In all cases where it is necessary to detect, prevent, and resolve unauthorized use of the Services or Products provided or sold by this Website, in order to detect violations of our contractual conditions or regulations.
• In order to detect harmful or illegal activities, to protect the activity carried out, against the Controller of the Activity, the User, and/or Third Parties.

The Data collected can be consulted and kept for a prolonged period of time when they are the subject of a proceeding or a legal obligation, a government investigation, or investigations regarding possible violations of our conditions or regulations, or to avoid damage.

We may also retain Data for at least one year in order to prevent the recurrence of misuse or other violations of the conditions.

Applicable law

This Privacy Policy is governed by the aforementioned GDPR and by current Italian law, which regulate the processing of personal data – even held abroad – carried out by anyone who is resident or based in a country of the European Community.

The GDPR guarantees that the processing of personal data takes place in respect of fundamental rights and freedoms, as well as the dignity of the data subject, with particular reference to confidentiality, personal identity, and the right to personal data protection.

Changes and updates

The Controller reserves the right to modify, in whole or in part, this Privacy Policy, also in consideration of regulatory updates that protect User rights.

Changes and updates to the Privacy Policy will be binding as soon as they are published in this section. We therefore ask you to access this section regularly to check for the publication of the most recent and updated version of the Privacy Policy.

Legal notice

All documentation available for download from this Website has been created and checked with the utmost care, but the user is always required to check its accuracy and is responsible for its use.
In case of defects, no liability is assumed for direct or indirect damage suffered by the User or third parties depending on the use or non-use of the information taken.
Although the contents of these pages are subject to continuous updating and verification, errors and/or omissions may still occur.

By accessing this Website, the User implicitly declares that they have read, understood, and accepted the information reported in the Legal Notice and Privacy sections and declares to observe all laws and regulations applicable to it.

If the User does not accept these conditions, they may not use this Website.

Last modified: 06 February 2026