Privacy Policy

This Website collects some Personal Data from its Users.

Data Controller

Stefano Maggi

Controller’s email address:

[email protected]

Types of Data Collected

Among the Personal Data collected by this Website, either independently or through third parties, are:

• Identification and contact data: first name, last name, gender, postal address, phone number, email address, language, and country you interact with us from;
• Financial and payment data: your bank details (please note that all payment transactions are encrypted by the receiving bank or accredited storage center, and we do not store any credit card number), information about your bookings, etc…
• The IP address of the device you use;
• The date and time of access;

When we ask you to enter your personal data to access a feature, some fields are mandatory because we need that data to allow access to that feature (e.g., to register your booking, we need your first and last name).

It is important that your personal information is accurate and up to date.

We do not process personal data that may be classified as “sensitive” (information about racial or ethnic origin, political, philosophical or religious beliefs, trade union membership, health, or sexual life) under the data protection regulation.

In this regard, please note that our site is not intended for children and we therefore do not process any data relating to them.

Users who have doubts about which data is mandatory are encouraged to contact the Controller at any time.

The use of Cookies – or other tracking tools – by this Website or by third-party service providers used by this Website is intended to provide the Service requested by the User, as well as the other purposes described in this document and in the Cookie Policy.

The User assumes responsibility for third-party Personal Data obtained, published, or shared through this Website.

Methods and Place of Data Processing

Processing Methods

The Controller adopts appropriate security measures to prevent unauthorized access, disclosure, alteration, or destruction of Personal Data.

The processing is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the stated purposes. In addition to the Controller, in some cases, other parties involved in the organization of this Website (administrative, commercial, marketing, legal staff, system administrators) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communication agencies) may have access to the Data, also appointed as Data Processors by the Controller if necessary. The updated list of these Processors may be requested from the Controller at any time.

Location

The Data is processed at the Controller’s operating offices and in any other locations where the parties involved in the processing are located. For further information, contact the Controller.

The Controller does not intend to transfer Personal Data to entities located in a third country outside the European Union or to an international organization.

Retention Period

Unless otherwise stated in this document, Personal Data is processed and stored for the time required to achieve the purposes for which it was collected and may be retained for a longer period due to legal obligations or based on the User’s consent.

Purposes of Data Processing

Booking Management

The processing of your data is necessary to keep you informed about your booking status, booking summary, to accept payment, etc.

Customer Service Access

We process your personal data as part of our customer service to respond to your requests, particularly through the Contact Form.

Marketing

If you subscribe to our newsletter, we process your data to manage your subscription and send you targeted information by email or SMS based on your preferences. We may also contact you via push notifications if you subscribe to this service.

Processing for marketing purposes requires your consent. You may unsubscribe from our communications at any time.

If you have consented to receive our communications, whether via newsletter or push notifications, we may use the information you provided for the following purposes:

• To share information about our products, services, and offers;
• To recommend products or services that may be of interest to you;
• Customer research to better understand your expectations regarding the products and services offered by our website.

Details on the Processing of Personal Data

Personal Data is collected for the following purposes using the following services:

1. Personal data processed during Website browsing: providing this data is a contractual requirement, without which the website’s services could not function properly.
2. Personal data processed via Contact Form: providing this data is optional and is based on the Controller’s legitimate interest in responding to your requests submitted via the form. Without it, the Controller may not be able to respond.
3. Personal data processed through newsletter subscription to send commercial communications via traditional and digital channels including email, SMS, social networks, instant messaging, mobile apps, banners, mail and phone, for promoting and/or selling products and/or services offered by the Controller: this is optional and based on your consent, without which the newsletter subscription cannot be finalized.

Cookie Policy

This Website uses Tracking Tools. For more details, Users can refer to the Cookie Policy.

Additional Information for Users

Legal Basis of Processing

The Controller may process Personal Data relating to the User if one of the following applies:

• The User has given consent for one or more specific purposes.
• Processing is necessary for the performance of a contract with the User or for pre-contractual measures.
• Processing is necessary to comply with a legal obligation.
• Processing is necessary for public interest or the exercise of official authority.
• Processing is necessary for the Controller’s or a third party’s legitimate interest.

The Controller will gladly clarify the legal basis for each processing activity and whether the provision of data is legally or contractually required or necessary to enter into a contract.

More Information on Retention

Unless otherwise stated in this document, Personal Data is processed and retained for the time required by its purpose and may be stored longer for legal obligations or with User consent.

Therefore:

• Personal Data collected to perform a contract will be retained until the contract is fully executed.
• Personal Data collected for legitimate interests will be retained as long as needed to fulfill those purposes. Users may contact the Controller for details on such interests.

If processing is based on User consent, data may be stored longer until consent is withdrawn. The Controller may also be obliged to retain Personal Data longer to comply with legal obligations or by order of an authority.

Once the retention period ends, Personal Data will be deleted, and rights such as access, erasure, correction, and portability can no longer be exercised.

User Rights Under the General Data Protection Regulation (GDPR)

Users may exercise certain rights regarding their Data processed by the Controller.

In particular, and within the limits provided by law, Users have the following rights:

• Right of access: to obtain confirmation whether personal data concerning them is being processed, and access it as per Article 15 of the GDPR;
• Right to rectification: to have inaccurate data corrected without undue delay, and to complete incomplete data as per Article 16 of the GDPR;
• Right to erasure (right to be forgotten) and to withdraw consent: to have their data erased without undue delay or to withdraw previously given consent, as per Article 17 of the GDPR;
• Right to restriction of processing: to limit processing under certain conditions as per Article 18 of the GDPR;
• Right to data portability: to receive their personal data in a structured, commonly used, machine-readable format and to transmit that data to another controller, as per Article 20 of the GDPR;
• Right to object to commercial communications: to object at any time and free of charge to receiving marketing communications from the Controller;
• Right to lodge a complaint with a Supervisory Authority: to lodge a complaint with the data protection authority under Article 77 of the GDPR.

Users also have the right to obtain information about the legal basis for international transfers of data and the safeguards adopted by the Controller to protect their Data.

Details on the Right to Object

When Personal Data is processed for public interest, official authority, or the legitimate interests of the Controller, Users may object to such processing for reasons related to their particular situation.

If Personal Data is processed for direct marketing purposes, Users may object at any time, free of charge and without justification. Upon objection, the Controller will stop processing the data for such purposes. Users can refer to relevant sections of this document to check whether their data is processed for marketing purposes.

How to Exercise Your Rights

Any requests to exercise User rights may be directed to the Controller using the contact details provided in this document. These requests are free of charge and will be processed as soon as possible, and always within one month. Any correction, deletion, or processing restriction will be communicated to each recipient unless this proves impossible or involves a disproportionate effort. The Controller shall inform the User of such recipients if requested.

Further Information About Processing

Legal Defense

The User’s Personal Data may be used by the Controller in legal proceedings or in the preparatory stages to defend against abuse in the use of this Website or the related Services.

The User acknowledges that the Controller may be required to disclose data upon request of public authorities.

Specific Information

Upon User request, in addition to the information contained in this privacy policy, this Website may provide additional and contextual information about specific Services or the collection and processing of Personal Data.

System Logs and Maintenance

For operation and maintenance purposes, this Website and any third-party services used may collect system logs, which record interactions and may contain Personal Data, such as the User’s IP address.

Information Not Contained in This Policy

Further information regarding the processing of Personal Data may be requested from the Data Controller at any time using the contact information provided.

Changes to This Privacy Policy

The Data Controller reserves the right to make changes to this privacy policy at any time, notifying Users on this page and, if possible, on this Website, or – if technically and legally feasible – by sending a notice via one of the contact details held. Please consult this page regularly, referring to the date of the last update shown at the bottom.

If the changes affect processing activities based on consent, the Controller will collect the User’s consent again, if necessary.

Definitions and Legal References

Personal Data (or Data)

Any information that directly or indirectly, including in connection with other information, identifies or makes identifiable a natural person.

Usage Data

Information collected automatically by this Website (or third-party applications integrated into this Website), including: IP addresses or domain names of the computers used by the Users, URI addresses (Uniform Resource Identifier), time of the request, method used to submit the request to the server, file size received, numerical code indicating the server response status (success, error, etc.), country of origin, browser and operating system characteristics, time details per visit (e.g. time spent on each page), and the path followed within the Website with special reference to the sequence of pages visited, and other parameters about the User’s device and operating system.

User

The individual using this Website who, unless otherwise specified, is the Data Subject.

Data Subject

The natural person to whom the Personal Data refers.

Data Processor

The natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Controller as described in this privacy policy.

Data Controller

The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data and the tools adopted, including security measures related to the operation and use of this Website. Unless otherwise specified, the Controller is the owner of this Website.

This Website (or this Application)

The hardware or software tool by which the User’s Personal Data is collected and processed.

Service

The Service provided by this Website as defined in the relevant terms (if available) on this website/application.

European Union (or EU)

Unless otherwise specified, any reference to the European Union made in this document includes all current member states of the European Union and the European Economic Area.

Cookie

Cookies are Tracking Tools consisting of small sets of data stored in the User’s browser.

Tracking Tool

Tracking Tool means any technology – e.g., Cookies, unique identifiers, web beacons, embedded scripts, e-tags, or fingerprinting – that allows tracking of Users, such as by collecting or saving information on the User’s device.

Legal References

Unless otherwise stated, this privacy policy applies exclusively to this Website.