Privacy Policy


Pursuant to and for the purposes of Italian Legislative Decree no. 196/2003, as amended by Italian Legislative Decree no. 101/2018, as well as pursuant to Articles 13 and 14 of EU Regulation 679/2016, setting forth provisions on the protection of natural persons with regard to the processing of Personal Data, we hereby inform you that this privacy policy applies to the Personal Data that you provide to Alba Residence S.r.l. or which is obtained by the same from the collection through cookies and other website tracking technologies.

Cookies are used in order to provide the services in a suitable manner according to the user’s preferences and to collect anonymous statistics regarding the website navigation performed.


The data controller of the Personal Data is Alba Residence S.r.l. VAT no: 03150390049 in the person of the pro tempore legal representative GIUSEPPINA RABINO, with registered office in VIALE PIERO MASERA 26, 12051 Alba (CN), tel: 3316606022 – email: INFO@ALBARESIDENCE.IT – certified email address (pec): ALBARESIDENCE@PEC.ALBARESIDENCE.IT


Data processing takes place at the data controller’s operational offices and at any other place where the parties concerned are located and is handled only by technical personnel in charge of the processing.

The User’s Personal Data may be transferred to a country other than the country in which the User is located. To obtain further information regarding the place of the processing, the User may request information from the Data Controller by contacting it at the contact details given above.

If necessary, Personal Data relating to the website services may be processed by the personnel of the company that is responsible for maintaining the technical aspects of the website, and in such a case, they will be appointed as data processors.


The Data Controller processes the Personal Data relating to the User if one of the following conditions is met:

  • the User has given his/her consent for one or more specified purposes, unless the law of the country does not authorize the processing without the User’s consent or until the User objects (“opt-out”), which is not permitted by the relevant European Union regulations;
  • processing is necessary in order to perform a contract with the User and/or to perform pre-contractual measures;
  • processing is necessary to fulfill a legal obligation to which the Data Controller is subject;
  • processing is necessary for reasons of performing a public interest duty or exercising of public authority vested in the Data Controller;
  • processing is necessary for the pursuit of the legitimate interest of the Data Controller or of third parties;
  • however, it is always possible to request the Data Controller to clarify the actual legitimate basis for each processing operation and in particular to specify whether the processing is based on compliance with the law, required by a contract or is necessary in order to conclude a contract.


Information that will be provided by sending an email and/or by completing registration forms shall be used only to enable the Data Controller to provide the requested Services, to answer questions or to fulfill the User’s requests.

Data relating to IP addresses or domain names of the computers used by Users connecting to the website, URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the User’s operating system and computer system setting will also be processed.

This Data shall be used for the sole purpose of obtaining anonymous statistical information on the use of the website to verifying its correct functioning and will be erased immediately after processing.

The aforementioned Data could be used to ascertain liability in the event that any computer crimes are committed against the website.

Only with your express consent, Alba Residence … may use your Personal Data for different purposes, such as sending promotional and marketing information, or make it available to our business partners in order to transmit relevant information or send promotional material that may be of interest to you.

Personal Data is collected for the following purposes and using the following services:

  • Personal Data such as email, telephone or any other contact details necessary to communicate with the User. These services may also enable the collection of Data related to the date and time of the User’s viewing of messages, as well as the User’s interaction with them;
  • interaction with social networks and external platforms directly from the pages of this Application. The interactions and information acquired by this Application are in any event subject to the User’s privacy settings relating to each social network. In the event that an interaction service with social networks is installed, it is possible that, even if Users do not use the service, it may collect Traffic Data related to the web pages on which it is installed.

The User assumes responsibility for the Personal Data of third parties obtained, published or shared through This Website and warrants that he/she has the right to communicate or disclose it, thereby exempting the Data Controller from any liability towards third parties.


Personal Data processing may be carried out with or without the aid of computerized and/or electronic means, with organizational methods and logics strictly related to the indicated purposes.

The computer systems and software procedures used to operate this website acquire, in the course of their normal operation, certain Personal Data whose transmission entails the use of Internet communication protocols.

This is information that is not collected in order to be associated with identified data subjects, but by its very nature could, through processing and association with Data held by third parties, allow users to be identified.

In any event, the processing shall be carried out in compliance with all precautionary measures to ensure its lawfulness, security and confidentiality, in order to prevent unauthorized access, disclosure or destruction of Personal Data.


The Personal Data may be disclosed to those in charge (collaborators, suppliers, secretarial staff, etc.) or to the data processors who may be appointed.

The same may be communicated to public and private entities, which may access the Data by virtue of a legal provision, regulation or EU regulations, within the limits provided for by the aforementioned provisions (such as, for example, social security and welfare institutions and entities, local authority associations, public administrations and bodies, associations, foundations, associative and/or insurance bodies or organizations) to persons that need access to the Data for ancillary purposes in connection with the relationship between the parties, to the extent strictly necessary in order to carry out the aforesaid ancillary duties (by way of example, these include banks and credit institutions, service delivery companies, carriers and shipping companies), to our consultants, to the extent necessary to enable them to carry out their duties in our organization, subject to their appointment as Data processors.

In addition to the Data Controller, in some cases, other persons involved in the organization of this Website (administrative, sales, marketing, legal, system administrators) or external persons (such as third party technical service providers, postal couriers, hosting providers, IT companies, media agencies) that are also appointed, if necessary, as Data Processors on behalf of the Data Controller, may have access to the Data. The updated list of Data Processors may be requested at any time from the Data Controller.

The User’s Data shall not be disclosed, understood as making it known to unspecified persons in any way whatsoever, including by making such Data available or available for consultation, unless the User gives his/her specific, free and informed consent for each type of processing operation.


Without prejudice to the personal autonomy of the data subject, the optional, explicit and voluntary sending of emails to the addresses indicated on this Website entails the subsequent acquisition of the sender’s address, which is necessary to respond to requests, as well as any other Personal Data included in the message.


Personal Data shall be used only for the period of time necessary to fulfill the purposes for which it was collected (Personal Data collected for purposes related to the performance of a contract between the data controller and the user shall be retained until the performance of the contract is completed; Personal Data collected for purposes pertaining to the legitimate interest of the data controller shall be retained until such interest is met), i.e. until such time as the User declares his/her her objection to Alba Residence’s use of such Data or until such time as consent is withdrawn.

Where Alba Residence is required by law to retain Personal Data for a longer period of time, or where it needs the Personal Data in order to bring or defend itself against legal claims, it will retain the User’s Personal Data until the end of the relevant mandatory retention period or until the claims in question are settled.

In any event, such Data Personal Data shall not be retained for a period longer than 10 years.

At the end of the retention period, the Personal Data shall be erased. Therefore, at the expiration of this period the right of access, erasure, rectification and the right to Data portability can no longer be exercised.


This website may share some of the Data collected with services located outside the European Union area.

Specifically with Google, Facebook, Instagram and Microsoft (Linkedin), via social plug-ins and the Google Analytics service. The transfer is automated.

In the event that the transfer of such User’s Data takes place outside the European Union, please note that the User has the right to obtain information regarding the legal basis for the transfer of the aforementioned data, as well as in relation to the security measures taken by the data controller to protect the Data, by contacting the latter at the contact details indicated in the introduction to this privacy policy.


The User may at any time request information from Alba Residence regarding which Personal Data it processes as well as the rectification or erasure of such Personal Data.

In particular, the User has the right to:

  • withdraw his/her consent at any time;
  • object to the processing of his/her Data when it is performed on a legal basis other than consent;
  • access his/her Data and obtain information about the Data processed by the Data Controller, about certain aspects of the processing and to receive a copy of the processed Data;
  • verify the accuracy of his/her Data and request that it be updated or rectified;
  • obtain restriction of processing if certain conditions are met; in this case, the Data Controller shall not process the Data for any purpose other than its retention;
  • obtain the erasure or removal of his/her Personal Data under certain conditions. In any event, Alba Residence may only erase the Personal Data if there is no legal obligation or overriding right of Alba Residence relating to its retention;
  • receive its Data in a structured, commonly used and machine-readable format and, where technically feasible, to obtain its unimpeded transfer to another data controller. This provision shall apply when the Data is processed by automated means and the processing is based on the User’s consent, a contract to which the User is a party or contractual measures related thereto;
  • lodge a complaint with the relevant Data Protection Supervisory Authority or take legal action.

The above requests may be addressed to the following email address: … specifying the information or processing activity to which the request refers, the format in which the User would like the information to be provided, and whether the Personal Data should be sent to the User or to another recipient.

AlbaResidence will carefully consider the request and agree with the User on how best to fulfill it.

In any event, Alba Residence shall erase the Data or restrict its processing, unless there are legal grounds that authorize such retention and processing, or that such Data is to be used by the Data Controller in court or in the preparatory stages of such proceedings in order to defend itself against misuse of this website or the related services by the User.

The User declares that he/she is aware that the Data Controller may be obliged to disclose the Data by order of Public Authorities.


Pursuant to the provisions of Article 24 of EU Regulation 679/2016, concerning “general obligations” for the data controller and the processor, the User is informed that, taking into account the nature, scope, context and purposes of the processing, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the Data Controller shall implement appropriate technical and organizational measures to ensure, and be able to demonstrate, that the processing is carried out in accordance with this regulation. Such measures may be reviewed and updated when necessary.


The Data is retained and controlled through the adoption of technical and organizational security measures suitable for ensuring a level of security adequate to the risk and aimed at minimizing the risk of loss and/or destruction, unauthorized access, unauthorized processing and/or different from the purposes for which the processing is carried out.

The Data Processor or anyone acting under its authority or that of the Data Controller who has access to Personal Data may not process such Data unless instructed to do so by the Data Controller, unless it is required to do so by EU or Member State law. Taking into account the state of the art and the costs of implementation, as well as the nature, scope, context and purposes of the processing, as well as the risk of varying likelihood and severity to the rights and freedoms of natural persons, the Data Controller and the Data Processor shall implement appropriate technical and organizational measures in order to ensure a level of security appropriate to the risk, which shall include, among others, as appropriate:

  • (a) pseudonymization and encryption of the Personal Data;
  • (b) the ability to ensure on a permanent basis the confidentiality, integrity, availability and resilience of processing systems and services;
  • (c) the ability to promptly restore the availability and access to Personal Data in the event of a physical or technical incident;
  • (d) a procedure to regularly test, verify and evaluate the effectiveness of technical and organizational measures for the purposes of ensuring the security of the processing.

In assessing the appropriate level of security, special consideration shall be given to the risks presented by the processing that arise in particular from the destruction, loss, alteration, unauthorized disclosure of or access, whether accidental or unlawful, to Personal Data transmitted, stored or otherwise processed.

The Data Controller and the Data Processor shall ensure that any person acting under their authority who has access to Personal Data shall not process such Data unless it is instructed to do so by the Data Controller, or unless it is required to do so by EU or Member State law.


The Data Controller reserves the right to make changes to this privacy policy at any time, by notifying Users on this webpage and if possible also on the Application, as well as when technically and legally feasible, by sending a notification to Users through one of the contact means available.

Users are therefore invited to periodically consult this webpage, referring to the date when it was last amended indicated at the bottom; should the amendments made affect processing whose legal basis is the User’s consent, the Data Controller shall collect the aforementioned consent again, where necessary.

The Data Controller reserves the right to make changes to this privacy policy at any time by informing Users on this webpage and, if possible, on this Website as well as, when technically and legally feasible, by sending a notification to Users through one of the contact details which has been made available to the Data Controller. Therefore, Users are invited to consult this webpage regularly, referring to the date when it was last amended indicated at the bottom. In the event that the changes affect processing whose legal basis is consent, the Data Controller shall collect the User’s consent again, where necessary.

Definitions and legal references:

Personal Data (or Data)

Personal data is any information that, directly or indirectly, including in connection with any other information, including a personal identification number, renders a natural person identified or identifiable.

Usage Data

This is the information collected automatically through This Website (including by third party applications integrated into This Website), including: the IP addresses or domain names of the computers used by the User who connects with This Website, the URI (Uniform Resource Identifier) addresses, the time of the request, the method used in forwarding the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response from the server (successful, error, etc..) the country of origin, the characteristics of the browser and operating system used by the visitor, the various time features of the visit (e.g. the time spent on each page) and the details of the route followed within the Application, with particular reference to the sequence of the web pages consulted, the parameters relating to the User’s operating system and computer system setting.


The individual using This Website who, except where otherwise specified, is the same person as the Data Subject.

Data Subject

The natural person to whom the Personal Data refers.

Data Processor (or Processor)

The natural person, legal entity, public administration and any other entity that processes Personal Data on behalf of the Data Controller, as set forth in this privacy policy.

Data Controller (or Controller)

The natural or legal person, public authority, service or other body that, alone or jointly with others, determines the purposes and means of the processing of Personal Data and the means adopted, including the security measures relating to the operation and use of This Website. The Data Controller, unless otherwise specified, is the owner of This Website.

This Website

The hardware or software tool by which Users’ Personal Data is collected and processed.


The Service provided by This Website as defined in the relevant terms (if any) on this website/application.

European Union (or EU)

Unless otherwise specified, any reference to the European Union in this document is understood to extend to all current member states of the European Union and the European Economic Area.


Small text files that can be used by websites to make the experience more efficient for the user.