LUX REALITY

PRIVACY POLICY

Definitions

– “Lux Reality S.r.l.,” “we,” and “our” refer to Lux Reality S.r.l., a limited liability company governed by Italian law, with its registered office at Via Domenico Morelli no. 7 – 80121 Naples (NA), VAT No. IT09909111214.

– “User,” “you,” “your,” and similar terms refer to you as the user and/or operator of our website and applications.

– “Website,” “Site,” “Platform,” or similar terms refer to the following web address: [https://luxreality.it/](https://luxreality.it/).

– “Application,” “App” refers to the Inside Italy app.

Art. 1. – Introduction

1.1. Your privacy is important to us. You trust us by using our website and our Inside Italy application, and we greatly appreciate it. We are committed to protecting and safeguarding any personal data you provide to us.

1.2. This document describes how we use and process the personal data of users of our website and applications, including Inside Italy. We also explain what rights you can exercise and how you can contact us.

1.3. This is an information notice provided under Article 13 of Regulation EU 2016/679 – General Data Protection Regulation (hereinafter “Regulation”).

Art. 2. – Data Controller of Personal Data

2.1. The data controller of the personal data we process is Lux Reality S.r.l.

2.2. You can contact our data protection officer by writing an email to amministrazione@luxreality.it.

Art. 3. – Your Rights

3.1. As a data subject, you have the rights outlined in Article 15 of the GDPR, specifically:

   – a) to obtain confirmation of the existence or non-existence of personal data concerning you, even if not yet registered, and their communication in an intelligible form;

   – b) to obtain information on:

     – the origin of the personal data;

     – the purposes and methods of the processing;

     – the logic applied in case of processing carried out with the aid of electronic instruments;

     – the identification details of the data controller, the processors, and the designated representative under Article 3, paragraph 1, GDPR;

     – the entities or categories of entities to whom the personal data may be communicated or who may become aware of it as designated representatives in the State’s territory, processors, or appointees;

   – c) to obtain:

     – the updating, rectification, or, when interested, integration of the data;

     – the deletion, anonymization, or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed;

     – certification that the operations as per point 3.1, letters a) and b), have been brought to the attention, also as regards their content, of those to whom the data were communicated or disseminated, except where this proves impossible or involves a disproportionate effort compared to the right protected;

   – d) to oppose, in whole or in part:

     – for legitimate reasons, the processing of personal data concerning you, even if pertinent to the purpose of collection;

     – the processing of personal data concerning you for the purpose of sending advertising materials or direct selling or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator via email and/or traditional marketing methods via phone and/or paper mail. It is noted that the data subject’s right to object, set out in the previous point 3.1, letter c), for direct marketing purposes through automated methods extends to traditional methods, and it is still possible for the data subject to exercise the right to object even in part. Therefore, the data subject may decide to receive only communications through traditional methods or only automated communications, or neither type of communication.

3.2. Where applicable, you also have the rights set forth in Articles 16-21 GDPR (Right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Supervisory Authority.

Art. 4. – Processing of Personal Data when Using Our Services

4.1. We process your personal data based on legitimate interests, except in specific circumstances where you provide your consent.

4.2. We adopt appropriate safeguards to protect your privacy and process your personal data for the following purposes:

   – Providing, ensuring, maintaining, and improving our Services and website.

   – Developing new products and features related to finding services and products most suitable for you.

   – Understanding how users use our website and applications to improve performance and services.

   – Offering direct marketing features to our users regarding our Services and applications, including Inside Italy.

   – Promoting advertising conducted by us and third parties on our website and third-party websites.

   – Complying with legal obligations, preventing fraud, and resolving disputes.

   – Supporting judicial authorities in investigations and resolving crimes.

Art. 4.3 – Data Collected for “Palazzo Saluzzo di Paesana, Turin, Italy 1722”

By using our application “Palazzo Saluzzo di Paesana Torino Italy 1722”, you consent to the processing of the following personal data:

• Personally Identifiable Information: Name, addresses, phone numbers, or email addresses.
• Personal details: Age, gender, or date of birth.
• Electronic identification data: IP addresses, cookies, device IDs, mobile advertising identifiers, etc.
• Electronic Location Data: GPS data and other location data.
• Financial identification data: Credit or debit card numbers.
• Data relating to your interaction with our website and applications: userId, user profile and avatar.
• Security Details: Passwords related to our website and applications.

Meta Quest App Specific Information: Palazzo Saluzzo di Paesana Torino Italy 1722

This section describes how we collect, use, and protect personal data from users of the Meta Quest app: “Palazzo Saluzzo di Paesana Torino Italy 1722”.

Types of Data Collected:

• Microphone Audio: Collected only when using voice chat in multiplayer mode.
• Meta Avatar: Information about the user’s avatar in the app.

Methods and Purposes of Data Processing:

• Microphone Audio: Used to enable voice communication between users during the virtual visit.
• Meta Avatar: Used to personalize the user’s experience within the app.

Permissions Required:

• android.permission.RECORD_AUDIO: Required for voice chat functionality in multiplayer mode.
• android.permission.READ_EXTERNAL_STORAGE: Required to access and upload personalized content by users.
• android.permission.ACCESS_MEDIA_LOCATION: Used to provide contextual information and enhance realism

Data Storage and Sharing:

LuxReality does not store or share data with third parties. Data is used only during the active session.

Users’ Rights:

You have the right to access, rectify, delete your data and object to processing. Contact us to exercise these rights.

Data Security:

We take security measures to protect your personal data.

Minor:

We do not collect data from children under the age of 13. If you are a parent and have discovered that your child has provided us with personal data, please contact us.

Changes to the Privacy Policy:

This Statement of Privacy was last updated on 28.08.2024. We’ll notify you of any changes via in-app notifications.

Consensus:

By using our app, you agree to our privacy policy and the processing of your personal data as described above.

4.4. When you use our website and Inside Italy application, we may share your personal data with the following categories of recipients:

   – Third-party service providers: For processing data on our behalf, including hosting and storage providers, customer support, communication, security and fraud prevention, payment services and credit card services, analytics and marketing services. These providers are contractually obligated not to share your personal data with third parties and not to use it for other purposes.

   – Employees and collaborators: Who need the data to perform their duties and provide our services.

   – Law enforcement authorities: To prevent, detect, and prosecute illegal activities, threats to public or state security, and prevent threats to people’s lives, only where required by law.

Art. 5. – Retention Period of Personal Data

5.1. The collected data will be retained for no longer than necessary to achieve the purposes for which they are processed (“data retention limitation principle,” Art. 5, GDPR) or according to the deadlines provided by law.

5.2. The Data Controller will thus process your personal data for the time necessary to fulfill the purposes mentioned above, subject to the five or ten-year retention terms of civil, accounting, and tax documents and related data as provided by the laws in force for the purposes referred to in point 3 letter a) and for no longer than 5 years from the termination of the service/product supply relationship, pursuant to Article 24 of European Law 167/2017 (Data Retention) unless you request deletion.

5.3. Periodic checks on the obsolescence of stored data concerning the purposes for which they were collected are conducted.

Art. 6. – Transfer of Data Abroad

6.1. The personal data collected is stored on servers located within the European Union.

6.2. The collected data will not be transferred to non-EU countries.

Art. 7. – Processing Methods and Security

7.1. We have adopted extensive technical and operational security precautions to protect your data from the risk of unauthorized persons tampering with, losing, destroying, or accessing it, accidentally or intentionally. Our security measures are periodically reviewed and updated to keep them up to date with technological advancements.

7.2. The personal data you provide will be processed in compliance with the above legislation and the confidentiality obligations that inspire the Data Controller’s activity. Data will be processed both with IT tools and paper supports.

7.3. In this regard, we inform you that the Data Controller takes all reasonable measures to protect your personal data from loss, misuse, or unauthorized access, disclosure, alteration, or destruction. Please note that no Internet transmission is ever completely secure or error-free.

Art. 8. – Contact via Email, Contact Form

8.1. When you contact us via email or through a contact form, we will store the data you provide (your email address, possibly your name, and phone number) to answer your questions. Where we use the contact form to request information that is not necessary, we always mark such data as optional. This information serves to provide context and improve the handling of your request. Your message may be linked to different uses of our website. Providing such information is expressly voluntary and with your consent under Article 6(1)(a) of the GDPR. If such information concerns communication channels (e.g., your email address or phone number), you also agree that, where appropriate, we may contact you via these channels to respond to your request. Of course, you can revoke this consent at any time.

8.2. We periodically delete the data collected in this context when their retention is no longer necessary or limit their processing where there are legal retention obligations.

Art. 9 – Newsletter

9.1. With your consent, as provided by Article 6(1)(a) of the GDPR, you can subscribe to our newsletter, through which you will stay updated about our news and services.

Specific Information for the Meta
Quest App: Palazzo Saluzzo di Paesana

This section describes how we
collect, use, and protect personal data from users of the Meta Quest: Palazzo
Saluzzo di Paesana app.

Types of Data Collected:

                •             Microphone Audio: Collected only
when using voice chat in multiplayer mode.

                •             Meta Avatar: Information about the
user’s avatar in the app.

Methods and Purposes of Data
Processing:

                •             Microphone Audio: Used to enable
voice communication between users during the virtual visit.

                •             Meta Avatar: Used to personalize
the user’s experience within the app.

Permissions Required:

                •             android.permission.RECORD_AUDIO:
Required for voice chat functionality in multiplayer mode.

                •             android.permission.READ_EXTERNAL_STORAGE:
Required to access and upload personalized content by users.

                •             android.permission.ACCESS_MEDIA_LOCATION:
Used to provide contextual information and enhance the realism of the virtual
tour (we do not currently collect geolocation data associated with media
files).

Data Storage and Sharing:

LuxReality does not store or share
personal data with third parties. Audio and avatar data are only used during
the active session and are not stored.

Users’ Rights:

You have the right to access,
rectify, delete your data, object to processing and request data portability.
To exercise these rights, please contact us at the email address provided.

Data Security:

We take appropriate security
measures to protect your personal data.

Minor:

We do not knowingly collect data
from children under the age of 13. If you are a parent and have discovered that
your child has provided us with personal data, please contact us.

Changes to the Privacy Policy:

This privacy policy was last
updated on August 20, 2024; We will notify you of any changes via notifications
in the app.

Consensus:

By using our app, you agree to our
privacy policy and the processing of your personal data as described above.