Our Policies
We, Palazzo Italia B.V. (established in 2021), operating under the trademark Altroverso, located in the Netherlands, attach great importance to the protection and privacy of our website visitors, customers, partners and other relations. The personal data is therefore handled and secured with care. In all cases, we comply with the requirements of the General Data Protection Regulation (GDPR) and the ePrivacy Directive.
This privacy statement informs you about the way in which we handle your personal data in the context of Altroverso. If you have any questions after reading our Privacy Statement, please contact our GDPR contact person:
Contact person: Paolo Maria Pavan
Email: privacy@xtroverso.nl
Phone/other contact details: +31 85 40 12 459
What personal data do we collect and how do we use it?
The type of personal data we collect and use is limited to the information you provide to us. This is the case, among other things, if you:
Contact us in any way;
Fill in the contact form;
Enter into a contract with us or request one of our other services;
Visit our website.
This Privacy Statement only applies to the platforms and parts of the websites we manage, which are owned by us under the trademark Altroverso and all personal data that we process of website visitors, prospects, customers and business relations.
We will never share or sell your personal data to anyone without your knowledge or approval. We will only share authorized information with third parties if they have been hired by us to facilitate the provision of our services to you or if we are required by law to hand over information to a government agency.
Categories of personal data and purpose
Activity | Category of Personal Data | Purpose | Legal basis |
When you visit our website | IP address, actions on our website, information provided in contact forms. | To measure and improve interest on our website; to improve your user experience and tailor it to your behavior and interests; to administer and diagnose our website, to protect our business, to troubleshoot problems, and to prevent potentially prohibited or illegal activities; to respond to your question if you have asked it via the contact form. | Consent (Article 6 (1) (a) GDPR) and Legitimate interest (Article 6 (1) (f) GDPR) |
When you contact us as a customer or business partner | Full name, email address, telephone number, other data you provide. | To carry out the agreed services; to comply with our own laws and regulations, e.g. obligation to keep records. | Necessary for the performance of a contract (Article 6 (1) (b) GDPR), necessary for a legal obligation (Article 6 (1) (c) GDPR) |
When filling in the contact form | Full name, email address, telephone number. | To respond to your request and provide the information or services you requested. | Consent (Article 6 (1) (a) GDPR) and Legitimate interest (Article 6 (1) (f) GDPR) |
When conducting background checks, Know Your Customer (KYC), or Customer Due Diligence (CDD) | Identification data (full name, date of birth, ID/passport details), contact details, financial and professional background, and information from public or professional sources. | To verify identity and assess suitability as a customer, business partner, or contractor; to protect the agency against fraud, reputational damage, and other business risks. | Legitimate interest (Article 6 (1) (f) GDPR) |
Permission
n the event of consent as the basis for the processing of your personal data, you always have the right to withdraw consent at any time. You can do this by sending an email to privacy@altroverso.nl, by calling us at +31 85 40 12 459, or by writing to us at:
Palazzo Italia B.V. | Altroverso
Attn. Paolo Maria Pavan De Stuwdam 33-35 | 3815KM | Amersfoort | NL
Once you have withdrawn your consent for processing, we will no longer process the personal data in question in the relevant processing. As a result, we will delete the personal data, unless there is a legal basis for further processing of the data (e.g. storage requirements or insofar as processing is necessary for the performance of the contract).
Retention periods
We retain your information to enable you to continue using our services for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
Contact form data: retained for up to 12 months after your inquiry has been resolved, unless further retention is required to follow up on your request.
Contract-related data (customers, suppliers, partners): retained for 7 years in accordance with Dutch tax and administrative law, since the termination of the contractual relationship
Website technical data (such as IP address and logs): retained for a maximum of 6 months, unless needed longer for security or fraud-prevention purposes.
Automated decision-making
Sharing of personal data
We use third parties to operate our platforms and services. It is possible that these third parties have access to your personal data. If that is the case, we will take appropriate measures to ensure that your data is adequately secured and only used for its intended purposes.
We may share your data with third-party service providers, to the extent necessary for the purposes described in this Privacy Statement (and to the extent permitted by the GDPR). This may include:
IT service providers;
Hosting, maintenance and support providers;
Cloud providers;
Proton (email and communication tool);
Odoo (CRM and business management system);
Other systems used for file exchange or project management.
In addition, we may share your data with competent regulators, authorities, judicial bodies, or other parties where we are required to do so by law, or if it is necessary in the context of legal proceedings or to establish or exercise our legal rights (for example, to deal with complaints or proceedings).
Of course, only the personal data that is necessary for the performance of the work will be shared.
International transfers of personal data
We may share your data with an organization or entity located outside the European Economic Area (EEA). We will then ensure that your personal data will only be passed on if these parties guarantee that the transfer takes place in accordance with the applicable privacy legislation.
This means, among other things, that the personal data will only be transferred outside the EEA in the event that:
An adequacy decision of the European Commission determines that there is an adequate level of protection for the transfer of the personal data to that country; or
Additional appropriate safeguards have been implemented, such as the Standard Contractual Clauses.
We ensure compliance with all additional requirements and guidance from the European Court of Justice, data protection legislation and supervisory authorities regarding the transfer of personal data.
Protection of personal data
We take the protection of your personal data very seriously. We have put in place appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, accessed, or disclosed in an unauthorized way.
In addition, we limit access to your personal data to strictly necessary employees, contractors, and other third parties. They will only process your personal data on our instructions and are subject to a duty of confidentiality.
Finally, we train our employees on the importance of confidentiality and ensuring the privacy and information security of your personal data.
Rights of the data subject and their implementation
In accordance with applicable law, you have various rights in relation to the processing of your personal data, which are listed below:
Right of access: you can request access to the personal data relating to you;
Right to rectification: you can request to correct inaccurate or incomplete data;
Right to erasure: you can request deletion of your data in certain circumstances;
Right to restriction of processing: you can request limitation of processing in certain circumstances;
Right to data portability: you can receive your data in a structured, commonly used, machine-readable format and transmit it to another controller;
Right to object: you can object to the processing of your personal data at any time;
Right not to be subject to automated decision-making: you can request human oversight if processing could lead to a (legal) consequence;
Right to be informed: you have the right to be informed about corrections, erasures, and restrictions of processing.
If you have any questions or would like to exercise any of the above rights, please contact us at:
Palazzo Italia B.V.
Attn. Paolo Maria Pavan – GDPR Contact Person
Email: [insert Paolo’s GDPR email]
Phone: [insert phone number]
Postal address: [insert address]
Reasonable access to your personal data will be granted free of charge after submission of the request. We will respond within one month of confirming your request. If we are unable to comply within one month, we will inform you of the expected date. We may also require additional information to verify your identity before fulfilling your request.
You also have the right to lodge a complaint with the supervisory authority. In the Netherlands, this is the Dutch Data Protection Authority (Autoriteit Persoonsgegevens): https://autoriteitpersoonsgegevens.nl
Amendments
We reserve the right to amend this Privacy Statement at any time and for any reason. We will publish the amended Privacy Statement on our website. If required by law, you will be notified of important changes to our Privacy Statement.
