Privacy Policy

Privacy Policy for the use of the website https://www.casavo.com/ (“Site”)

  1. General information

(“Casavo”, “we”), as data controller (hereinafter, “Data Controller”), takes care of the protection of your (“customer”, “you”) personal data and respects the applicable Data Protection legislation (Legislative Decree no. 196/2003, as amended by Legislative Decree no. 101/2018 – “Italian Data Protection Code” – European Regulation on the Protection of Personal Data 2016/679, “GDPR”). We process the following personal data you provide to us when using the Site or mobile apps (if applicable), in particular:

    • the personal identification data (e.g. email address, first name, last name, title, address, postal address, telephone number “Data” or “Personal Data”) that you provide to us in the event of a contact request and while using our Site;
    • page accesses; amount of data transferred; status message once accesses take place; session ID numbers.

If we offer services via mobile app we will provide you with a specific information, particularly if different from this Privacy Policy, concise, transparent, intelligible and easily accessible regarding the collection and processing of Personal Data involved.

  1. Purpose and legal basis of the processing

We process your Personal Data without your prior consent – in accordance with the Italian Privacy Code and the GDPR – for the following purposes and legal bases:

A) Service purposes

– relating to the performance of contractual/pre-contractual obligations:

      • to satisfy your requests (i.e. contact request management);
      • to allow you to use the Site;
      • to provide you with our services (such as online estimates of your real estate and the preparation for the sale of such properties);
      • to enable the technical management of the Site and its operational functions (including logistics), including the resolution of all technical problems, statistical analysis, testing and research;

– in pursuit of a legitimate interest of the Data Controller:

      • to prevent or uncover fraudulent activities or abuses that damage the Site;

– in relation to the fulfillment of legal obligations of the Data Controller:

      • to comply with the requirements of applicable laws, to safeguard the individual safety, rights and property of the Data Controller and to counter fraud.

Only on the basis of your prior and specific consent we process your data for the following purposes:

B) Marketing purposes

      • To send you information and news about our services and new offers by email, text message, letter, newsletter or Whatsapp.
      • To communicate your Data to third party partners, belonging to our same product market, who will process them for marketing purposes (i.e. partners might then send you commercial information on their account by email)

In this regard, we inform you in accordance with the applicable privacy legislation that, if you are already our customer, we may send you, except for your dissent, promotional communications and commercial offers for services similar to those you have already used.

3. Nature of the provision of Data and consequences of your refusal to provide them

The provision of your Data for the purposes described in paragraph 2.A) is mandatory. In the absence of the provision we can not guarantee the use of the Site, nor the provision of services listed in paragraph 2.A). The provision of data for the purposes described in paragraph 2.B) is optional. You can therefore decide not to provide any Data for such purposes or revoke the possibility for us to process Data previously provided. In this case, you will no longer receive our newsletters, while you will continue to receive our services and will retain the right to use the Site as provided in paragraph 2.A).

4. Modalities of Data Processing

The processing of your Data is carried out, both via hardcopy (paper) and electronic modalities, by means of the operations provided for by the GDPR, namely, data collection, registration, organization, storage, consultation, elaboration, amendment, selection, mining, confrontation, usage, interconnection, blockage, communication, cancellation and destruction.

5. Access to Data

Your Data may be processed for the purposes mentioned above by:

    • employees and consultants in charge of the management the Site and of the provision of the related services (i.e. customer services, IT department, etc.) in light of their role of persons in charge of the processing and/or internal Data Processors and/or system administrators;
    • employees and consultants of the legal, marketing, finance, administration and accounting departments and our other departments, in their role of persons in charge of the processing and/or internal data controllers;
    • third companies (e.g. IT service suppliers, hosting providers, etc.) carrying out outsourcing activities on our behalf and processing Data as external data processors.
    • 6. Data communication

We may disclose your Personal Data to third parties acting as independent data controllers and/or external data controllers for the following reasons:

    • to allow other companies within our group (“Casavo Group Companies”) to provide you with our services based on the location of your property (for example, if your property is located in Germany, your personal information will, if necessary, be forwarded to our German parent company who will process your request and, if applicable, prepare all necessary steps for the sale of your property – further information on Casavo Group companies located in the area of your property is available here. The sales process and its preparation are described in more detail in our Terms and Conditions);
    • to comply with the obligations laid down by law, regulations, protocols and national and European legislation;
    • to implement the measures of the Authorities;
    • to allow for judicial defense, for example, in case of violations by web users.
    • 7. Data transfer

Your Data shall not be disseminated nor transferred in extra-EU countries

8. Storage of Data

We, as Data Controller, shall process the Personal Data for a duration that is necessary to fulfill the above purposes and anyway for no longer than 5 years after the collection for Contractual Purposes and for no longer than 2 years after the collection for Marketing Purposes.

  1. Cookies

When you use our Site, cookies are stored on your computer. Cookies consist of small text files which are stored on your PC and provide us with certain information (“Cookies”). They are widely used in order to make websites work or to make websites work more efficiently to improve the user experience, as well as to provide certain information to the owners of the site. Our Site uses Cookies that remain on your computer for different times. Some expire at the end of each session and some stay longer so that when you return to our Site, you can benefit from a better user experience.

Web browsers allow you to exercise some control over Cookies through your browser settings. Most browsers allow you to block Cookies or block Cookies from certain sites. Browsers can also help you delete Cookies when you close your browser. However, you should keep in mind that this may mean that any opt-outs or preferences you have set on the site will be lost. Please refer to your browser’s technical information for instructions. If you choose to disable the Cookies setting or refuse to accept a Cookie, some parts of the service may not work properly or may be significantly slower.

Cookies can be technical, analytical and profiling. Our Site uses technical or “session” Cookies and persistent proprietary Cookies. The list of technical cookies is available at the following address: [Links].

Our website also uses analytical cookies set by third-party providers, for example, Google.

More precisely:

Google Analytics

This Site uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”), which uses cookies in order to analyze how users use the Site. The information generated by the Cookie about your use of the website is generally transmitted to and stored by Google on servers in the United States. At the request of the website owner, Google will use this information for the purpose of measuring your activity on that website, compiling statistical reports on website activity for the website owner and providing other services relating to website activity and internet usage. Google will not associate your IP address with any other data held by Google. You may refuse the use of Cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of the website. You can also prevent the collection of data generated by the Cookie by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout. The website owner has activated IP anonymisation; as a result, Google will truncate/anonymise the last eight digits of the IP address for the Member States of the European Union as well as for the States party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent and abbreviated by Google’s servers in the United States.

Further information can be found at https://www.google.com/analytics/terms/de.html (Google Analytics Terms of Service & Privacy).

The Site uses third-party profiling cookies:

Google Adwords

The site can use the Google Adwords program for Remarketing purposes. For this reason, both technical and profiling cookies are released. Both cookies are managed by Google Inc.

Users can disable Google cookies in their Internet browser settings.

How to disable cookies

https://support.google.com/adwords/answer/32050

To learn about Google’s privacy policy: https://www.google.es/intl/it/policies/privacy/.

Facebook

The website may use Cookies from Facebook Inc. to monitor the progress of Facebook Ads campaigns and the development of Remarketing activities. Click here for more information about Facebook’s use of Cookies: https://www.facebook.com/help/cookies/

10. Social Plug-Ins

Our website uses so-called social media plug-ins (“Plugins”) from the social networks Facebook and LinkedIn, the services of Twitter and Instagram. These services are offered by Facebook Inc., LinkedIn, Twitter Inc. and Instagram LLC. (“Provider”).

In order to improve the protection of your Personal Data when using our Site, these Plug-ins are only integrated via an html link in accordance with c’t’s “Shariff” solution. This ensures that when you access our Site, which contains Plugins, you are not automatically connected to the servers of the respective network/service providers. If you click on a corresponding button, you will be connected only after your express and active selection. More information can be found here: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html.

Facebook is provided by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). An overview of the Facebook plugins and how they appear can be found here: https://developers.facebook.com/docs/plugins.

LinkedIn is provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA (“Linkedin”). An overview of the LinkedIn plugins and how they appear can be found here: https://developer.linkedin.com/plugins.

Twitter is provided by Twitter Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). An overview of the Twitter buttons and how they appear to be found here: https://dev.twitter.com/web/overview.

Instagram is provided by Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). An overview of the Instagram buttons and how they appear can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges.

If you access our Site containing these Plugins, your browser will create a direct connection to the servers of Facebook, LinkedIn, Twitter or Instagram. The content of the Plugins will be transmitted by the respective Provider directly to your browser and incorporated into the relevant site. By incorporating the Plugin, the Provider will be notified that your browser has accessed our service website, even if you do not have a profile or are not logged in. The information (which includes your IP address) is transmitted from your browser directly to a server of the Provider in the United States and stored there.

If you are connected to one of the services, the Provider can connect your visit to our Site directly to your profile on Facebook, LinkedIn, Twitter or Instagram. If you interact with the Plugins, e.g. by using the “Like”, “Twitter” or “Instagram” button, this information is also transmitted directly to a server of the Provider and stored there. In addition, this information is displayed on the social network, published on your Twitter or Instagram account and shown to your contacts.

To learn more about the purpose and scope of the collection, processing and use of data by these Providers as well as the rights and settings to protect your privacy, please consult the respective privacy policies of the Providers:

If you do not want Facebook, LinkedIn, Twitter or Instagram to link your visit to our Site directly to your respective profile on such providers, you must log out of the related service before visiting our Site.

11. Your rights as data subject

We inform you that you, as Data Subject, if allowed by the law, have the right to:

  • – obtain confirmation over the existence or inexistence of Personal Data relating to you, even if not yet registered, and their communication in a comprehensible way;
  • – obtain the indication and, if necessary, the copy of the: a) source and category of the Personal Data; b) logic applied in case the processing is performed by means of electronic instruments; c) purposes and modalities of the processing; d) identification references of the Data Controller and the Data Processors; e) subjects or categories of subjects to whom Personal Data may be communicated or who may come to know, in particular if recipients are extra-EU countries or international organizations; e) period for which the Personal Data will be stored, or if that is not possible, the criteria used to determine that period; f) existence of an automated decision-making process and, in this case, information about the logic involved, the significance and consequences for the data subject; g) existence of adequate safeguards in case of transfer of Personal Data to an extra-EU country or international organization;
  • – exercise the right to withdraw consent at any time, easily, without impediment, by using, if possible, the same channels required to provide consent;
  • – obtain, without undue delay, the update and the rectification or, whether you are interested, the integration of incomplete Data;
  • – obtain the erasure, the transformation into anonymous form or blocking of the Data: a) processed in breach of the law; b) no longer necessary in relation to the purposes for which the Data have been collected or subsequently processed; c) if you withdraw consent on which the processing is based and  there is no other legal ground for the processing; d) if you object to the processing and there are no overriding legitimate grounds for the processing; e) in compliance with a legal obligation; f) referred to children. The Data Controller may refuse to erase them when the processing is necessary: a) to exercise the right of freedom of expression and information; b) in compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority; c) for reasons of public interest; d) to achieve purposes in the public interest, scientific or historical research purposes or statistical purposes; e) for making legal claims;
  • – obtain the restriction of processing when: a) the accuracy of the Personal Data is contested; b) the processing is unlawful and the data subject opposes the erasure of the Personal Data; c) Data are required by you for your exercising of legal claims; d) pending verification whether the legitimate grounds of the controller override those of the data subject;
  • receive the Personal Data concerning you in a structured, commonly used and machine-readable format and transmit those data to another controller without hindrance from the controller to which the personal data have been provided, if the processing is carried out by automated means;
  • oppose, in whole or in part: a) for lawful grounds to the processing of Personal Data regarding you, even if pertaining the purpose of Data collection; b) to the processing of Personal Data that relates to you for the purpose of sending advertising material or of direct sale or for market researches or commercial communication, by means of automated call systems without the intervention of an operator, e-mail and/or traditional marketing methods by telephone and/or paper mail.
  • – submit a data protection complaint to the competent supervisory authority.

You shall be able to exercise your rights and request information anytime, by sending an email to: [email protected] or sending a letter to Casavo Management S.r.l., with registered office in Milano, Via Giuseppe Ripamonti 44, 20141.

Likewise, you can revoke, correct and delete the Data at any time.

12. Data Controller and Data Processor

The Data Controller is Casavo Management S.r.l., with registered office in Milan, Via Giuseppe Ripamonti 44, 20141. The internal data processor is Giorgio Tinacci. The updated list of Data Processors and persons in charge of the data processing is kept at the office of the Data Controller.

13. Changes in this Policy

We reserve ourselves the right to modify and amend this Policy in accordance with applicable Data Protection laws.