Privacy Policy

Chora S.r.l. (hereinafter the “Company”) recognizes the importance for its users to maintain the confidentiality, integrity and security of their personal data (collectively, “Personal Data”).

The Personal Data you provide from or through the Website (hereinafter the “Website”) will be processed in compliance with the applicable legislation on the protection of personal data (Regulation EU 2016/679, hereinafter “GDPR”).


  1. Type and source of data

Browsing data

During their normal operation, the computer systems and software procedures used to operate our Website collect certain personal data (log files). The transmission of such data is inherent to the use of internet communication protocols. This information is not collected in order to be associated to specific data subjects. However, due to its nature, this information can allow data subjects to be identified by means of their processing and integration with data held by third parties. Such information includes the IP addresses or domain names of the computers you use to visit our Website, URIs (Uniform Resource Identifiers) of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical status code of the server reply (successful, error, etc.) and other parameters concerning the data subject’s operating system and computer environment. This data is used with the sole purpose of obtaining anonymous statistical information on the use of our Website and to guarantee its correct operation.



To ensure the correct functioning of the Website and to improve the service offered, cookies are used in the Website. Cookies are small text files that the websites visited by the data subject send to their terminal (usually to the browser), where they are stored before being re-transmitted to the same websites at the next visit by the same data subject.

For more information on cookies, on the types of cookies used on our Website, on how to disable them, see our Cookies Policy.


Personal Data voluntarily provided by the data subject

To use and / or access certain activities, functions and services which are available on the Website, you may be required to provide – voluntarily and in an informed manner – certain Personal Data.


In particular, from or through the Website it is possible to:

  • send a booking request;
  • subscribe to the newsletter, indicating your e-mail address in the registration form, in order to receive information on Palazzo delle Pietre services and initiatives.

The Personal Data processed include personal data (title, name and surname, nationality, date of birth), contact details (postal address, email, telephone number, billing address), payment .

Furthermore, the optional, explicit and voluntary sending of e-mail messages through the Website and / or to the addresses indicated on the Website entails the subsequent acquisition of the data subject address, necessary to respond to requests, and any other personal data included in the message sent.


Personal data of minors

It is mandatory that you are 16 years old or older to provide us with your Personal Data and at least 18 years to perform any kind of transaction.

If the Company becomes aware of the fact that inadvertently a minor has provided its Personal Data, without the prior consent of a parent or legal guardian, such data will be deleted or made anonymous.


  1. Purpose and legal basis of the processing

The Personal Data you provide may be used for the following purposes:


  • to respond and satisfy any of your request;
  • to process your booking request online and therefore to carry out all the booking management activities (including the administrative management of the contract, the management of payments, the management of credits and of any disputes and the management of fraud prevention), as well as to fulfill all the obligations imposed by the laws and regulations in force;
  • to send periodical newsletters following your possible subscription to such service;
  • to contact you and / or send you (by post, telephone, email and other forms of electronic or digital media communication including: social network platforms and other instant messaging applications) information and promotional communications (including communication of commercial nature), advertising material, catalogs and invitations to events, related to the services and initiatives of Palazzo delle Pietre and / or the Company;


The processing of Personal Data referred to in letters (a) and (c) is necessary to perform the service requested by the interested party. The processing of Personal Data referred to in letter (b) is necessary for the execution of the contract signed by and between the Company and the interested party and the execution of the related pre-contractual measures and to fulfill the related legal obligations of administrative, fiscal and security nature. For the marketing purposes referred to in previous letter (d), the processing of Personal Data is based on the prior consent of the interested party.


  1. Nature of the data processing

The processing of Personal Data is optional.

However, to book a reservation at the Palazzo delle Pietre, subscribe the newsletter service or register on the Website it is necessary to fill all the fields indicated as mandatory in the relative forms.

The processing of Personal Data for the marketing purposes referred to the previous letter (d), is based on the prior explicit consent. Any refusal to give such consent entail exclusively the impossibility for the Company to inform you about initiatives that could interest you and / or to send you any other information of commercial nature on the services, initiatives and events of Palazzo delle Pietre and / or the Company.


At any time the Data subject may modify or revoke the consent to the processing of the data provided to the Company, by writing to:


  1. Processing Methods

Your Personal Data will be processed by suitable electronic or automated means and computerized tools, or manually and on hard copy, exclusively for the purposes for which they have been processed and guaranteeing the security and confidentiality of any processed information and, in any case, in such a way as to guarantee the security and confidentiality of the Personal Data through the adoption of appropriate measures to prevent the alteration, cancellation, destruction, unauthorized access or processing not allowed or not in accordance with the purposes of their collection.

Your Personal Data will be processed by internal staff of the Company (employees and contractors) duly authorized to do so under their respective job duties, and possibly by external parties as necessary and / or instrumental for the execution of the purposes for the which Personal Data were processed.

Any use of credit card data for purposes other than: verifying the existence of means of payment, the charging and managing of payments, as well as the management of any complaints and/or contentious proceedings remains expressly excluded. To this aim, the aforementioned data will also be processed by banks and / or other providers of services connected with the management of the online payments, as well as by the institution that issued the credit card.


  1. Transfer and disclosure of data

The Personal Data, as far as necessary and / or instrumental for the execution of the aforementioned purposes, may be communicated and processed by the Company and / or by suppliers and consultants who provide assistance and / or advice, or who carry out, on behalf of the Company, services connected and instrumental to the purposes for which the data were processed and which will operate as data processors or independent data controllers:


  • D- Edge S.A.S. with registered office in Paris, which provides the Company with booking management services;
  • Internet service providers; technicians who maintain IT services;
  • Banks and payment service providers;
  • Authorities and supervisory and control bodies, authorized by law.


The Personal Data will not be used for promotional purposes of third parties or related to services or initiatives not coming from the Company and will in no case be disclosed to undetermined subjects.


  1. Retention period

Your Personal Data will be processed and stored for as long as required for the purposes for which they were collected, and in accordance with the storage periods provided for by the applicable laws, or until you revoke your consent to the processing, if applicable.  After such period, your Personal Data will be automatically and permanently erased or made anonymous.



  1. Data Controller

The Data Controller is:


Chora S.r.l.

Via Boschetti,6

20121 Milano, Italia



Any request relating to your Personal Data referred to this information and for the exercise of your rights may contact the Data Controller at the addresses indicated above.


  1. Rights of the data subject

We remind you that at any time you can exercise the rights pursuant to articles 15 to 21 of the GDPR and, in particular, request information on the existence and characteristics of the processing of personal data concerning you, obtain the rectification and cancellation of your Personal Data, or the limitation of processing, oppose the processing for legitimate reasons and / or request the transmission of your Personal Data to another owner.

You will also have the right to withdraw your consent at any time, without prejudice to the lawfulness of the processing based on the consent given before the revocation.

Pursuant to articles 77 and 79 of the GDPR, in the event that it deems that its data are processed in violation of the GDPR, it also has the right to propose a complaint to the competent control authority, including the Italian Data Protection Authority ( or to appeal to the appropriate judicial or extra-judicial law court.