Privacy Policy

Dear Interested, Chateau d’Ax spa has great respect for the privacy of Users. The data that will eventually be communicated

by the User through the Site will be treated with the utmost care and with all the tools to guarantee its security, in full compliance

with the current legislation protecting the confidentiality of data. We wish to inform you that the “European Regulation 2016/679

concerning the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data”

(from now on “GDPR”) provides for the protection of individuals with regard to processing of personal data as a fundamental right.

Pursuant to article 13 of the GDPR, therefore, we inform you that:

A. DATA CATEGORIES: the object of the processing may be your personal data such as:

a. Data collected automatically. The computer systems and applications dedicated to the operation of this website detect,

during their normal operation, some data (the transmission of which is implicit in the use of Internet communication protocols)

potentially associated with identifiable users.

The collected data includes the IP addresses and domain names of the computers used by users who

connect to the site, the addresses in the Uniform Resource Identifier (URI) notation of the requested resources, the method used

to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response

given by the server (successful, error, etc.) and other parameters concerning the operating system, the browser and the

IT environment used by the user, name of the internet service provider (ISP), date and time of visit, web page of origin

of the visitor (referral) and exit.

b. Data provided voluntarily by the user. The voluntary and explicit sending of e-mails to the addresses indicated in the different

access channels of this site does not involve a request for consent and involves the acquisition of the sender’s address and data,

necessary to respond to requests, as well as any other data personal data included in the message. These data are voluntarily

provided by the user at the time of the request to provide the service. By inserting a comment or other information, the user

expressly accepts the privacy policy, and in particular agrees that the contents inserted are freely disseminated to third parties.

On the contrary, specific summary information will be reported or displayed on the pages of the site prepared for particular

services on request (form). The user must therefore explicitly consent to the use of the data shown in these forms in order to send

the request.

c. Cookies. The site uses cookies. The data collected thanks to cookies can be used to access parts of the site or for statistical purposes

or to make the browsing experience more enjoyable and more efficient in the future, trying to evaluate user behavior and modify

the offer proposal of content according to their behavior. For more information, a specific cookie policy is available.

d. Plug-in. The site also incorporates plugins and / or buttons for social networks, in order to allow easy sharing of content on

your favorite social networks. These plug-ins are programmed so as not to set any cookies when accessing the page, to safeguard

user privacy. Eventually cookies are set, if so provided by social networks, only when the user makes effective and voluntary

use of the plug-in. Please note that if the user browses being logged into the social network then he has already consented to the

use of cookies conveyed through this site at the time of registration to the social network. The collection and use of the information

obtained through the plug-in are governed by the respective privacy policies of the social networks, to which please refer.

B. DATA CONTROLLER: the data controller is 

CHATEAU D’AX SPA Via Nazionale dei Giovi, 159 – 20823 LENTATE SUL SEVESO (MB) – VAT number IT00682600960,

who can be contacted by phone at 0362 5301 or at the email address

C. SOURCE OF PERSONAL DATA: The personal data held by the Data Controller are collected directly from the interested party.

D. PURPOSE OF DATA PROCESSING AND LEGAL BASIS: the processing of your data has as its purpose and legal basis:
1. For data collected automatically, the legal basis is the legitimate interest of the owner and the purpose is to ensure and improve

the web browsing experience.
2. For data provided voluntarily by the user, the legal basis is consent and, for sending emails to our addresses, the purpose is

to be able to send responses to specific requests made by the user; for the forms the purpose is indicated in the specific information.
3. For cookies and plug-ins: compare the specific cookies policy.

E. DATA RECIPIENTS: within the limits relevant to the processing purposes indicated, your data may be disclosed to partners,

consultancy companies, private companies, third party technical service providers, hosting providers, IT companies,

communication agencies, …

F. TRANSFER OF DATA TO THIRD COUNTRIES: This site may share some of the data collected with services

located outside the European Union area, in particular through social plug-ins. The transfer is authorized and strictly regulated

by article 45, paragraph 1 of EU Regulation 2016/679, therefore it does not require specific authorizations.

G. PERIOD OF STORAGE: based on the conservation limitation principle (Article 5, GDPR), a check on the obsolescence of

the data stored in relation to the purposes for which they were collected is carried out periodically. In particular:
a) the data collected automatically are processed, for the time strictly necessary, for the sole purpose of obtaining statistical

information on the use of the site and to check its regular functioning, also for security purposes or according to the deadlines

set by law .
b) The data provided voluntarily by the user will be kept for a period of time not exceeding the achievement of the purposes

for which they are processed or according to the deadlines set by law.

H. RIGHTS OF THE INTERESTED PARTY: the interested party always has the right to request the Data Controller to access

your data, correct or delete them, limit the processing or the possibility of opposing the processing, to request data portability ,

to revoke the consent to the processing by asserting these and the other rights provided by the GDPR by simply communicating

to the Data Controller. The interested party can also lodge a complaint with a supervisory authority.

I. OBLIGATORY OR LESS OF THE PROVISION: the provision of your data is mandatory while browsing

our website with regard to points D.1 and D.2 of the aforementioned purposes, to allow the correct provision of the service.

II. The provision of the consent of your data for point D.3 is optional and will not compromise in any way the provision

of the service.

J. DATA PROCESSING METHOD: the personal data you provide will be the subject of processing operations in compliance

with the aforementioned legislation and the confidentiality obligations which inspire the activity of the Data Controller.

The data will be processed both with IT tools and on paper and on any other type of suitable support (eg cloud systems,

archiving systems and digital replacement storage, …), in compliance with adequate technical and organizational security

measures provided for by GDPR.

K. FINAL NOTES AND UPDATE METHODS: the information is provided only for this website and not for other websites

that may be consulted by the user through links contained in this website. The information may undergo changes due to the

introduction of new regulations in this regard, therefore the user is invited to periodically check this page to be always updated

on the latest legislative news. The withdrawing versions of this information can always be requested from the Data Controller.