Castiglion del bosco S.r.l. undertakes to respect the privacy of website users according to the terms and conditions set out by the regulations applicable to the protection of personal data and in particular the Regulation (EU) 2016/679 (hereinafter “Regulation”).
1. Data Controller
Castiglion del bosco S.r.l. with legal headquarters in in Lungarno Guicciardini 1, 50125 Firenze.
2. What data we process
The following may be subject to processing:
The processing of personal data of users who solely visit the Website (that is, without sending communications or using reserved areas) is limited to navigation data, namely data whereby transmission to the Website is necessary for the operation of computer systems in charge of Website management and Internet communication protocols. For instance, IP addresses fall into this category, as does the computer domain used to visit the Website and other parameters related to the operating system used by the user to connect to the Website. The Company collects these and other data (such as the number of visits and the time spent on the Website) purely for statistical purposes and anonymously to check the operation of the Website and to improve functionality. These are data that is not collected to be associated with other user information or to identify users. Nevertheless, these data, due to their nature, may allow the users to be identified through processing and associations with data held by third parties.
The legal basis of said processing is the legitimate interest of the Data Controller in the technical management related to the functionality and security of the Website.
Cookies are small text files that the website inserts inside devices in use, regardless of whether they are computers or mobile devices, saved in the directories used by the user’s web browser. There are various types of cookies: some are used to make website use more effective, others to enable certain functionalities.
The Website uses “technical” cookies, such as navigation or session cookies, namely, tools aimed at making the Website’s navigation and use functional and optimized.
In order to respect the privacy of our users, the service is used in “_anonymizeip” mode, which enables the masking of the IP addresses of the users who visit the Website.
No profiling cookies are used.
The User can choose whether to enable or disable the cookies by using the settings in his/her browser according to the instructions made available by the providers at the following links:
Cookie settings in Internet Explorer
Cookie settings in Firefox
Cookie settings in Chrome
Cookie settings in Safari and iOS
The legal basis of said processing for the purposes of technical management and statistical analysis is the legitimate interest of the Data Controller.
Additional cookies may be present, which are intrinsic to the services and applications used by the Website (e.g. for map management). Further information on the use of said cookies can be found at https://policies.google.com/privacy?gl=it
- DATA VOLUNTARILY PROVIDED BY THE USER
Optional, explicit and voluntary sending of messages via forms and email to the addresses stated on this Website leads to the acquisition of the sender’s address, required for replying to requests, as well as any other personal data requested by the form or inserted by the user in the message. The legal basis of said processing, required to fulfil specific requests made by the user, is the execution of an agreement of which you are a party or the execution of precontractual measures adopted on your request;
The email address voluntarily provided by the user is required to supply the newsletter service and will not be used for other purposes or communicated to third parties. The legal basis for the processing is the consent of the party concerned.
3. Required and optional processing
The forms filled out on this Website requires data strictly necessary to manage communications and user requests, marked by the symbol [*], whose failed indication does not enable these requests to be fulfilled, in addition to data provided optionally that are not strictly necessary to fulfil requests by the parties concerned. No consequences arise from the failure to provide optional data.
4. How we store data and for how long
In accordance with the Regulation, the computer systems and programmes used by the Co-Data Controllers are configured to minimize the use of personal and ID data. The data is stored for the amount of time strictly required to fulfil the purposes for which they are collected and, in any case, the criterion used to determine the storage period is marked by observing the limits allowed by the applicable laws and the principle of minimizing processing, limiting storage and the rational management of the archives.
Navigation data are stored for any technical analysis pertaining to the functionality and security of the Website for a period of 90 days and are then deleted. They may be stored for longer and made available to the judicial authority to ascertain and identify the perpetrators of computer crimes that damage the Website or have used the Website to cause damage.
The data collected by the analytical cookies are anonymized and do not lead to the identity of the user.
The data provided voluntarily by users (through forms or email) will be stored for the period of time strictly required to fulfil the purpose for which requests were made. If a request is made for an appointment, the data will be stored until the appointment is over. Data pertaining to complaints will be stored for a maximum of 5 years from the end of the complaints procedure. Data pertaining to commercial or administrative communications will be stored for a maximum of 10 years.
5. How we guarantee security and quality of personal data
The Company undertakes to protect the security of personal data of users and observes provisions regarding security set out in the applicable legislation to avoid the loss of data, illegal or unlawful use of data and unauthorized access to said data.
6. Recepients of personal data
Your personal data may be shared, when strictly required for the aforestated purposes with:
a) appropriately trained persons tasked by the Company to process the personal data required to fulfil activities strictly linked with the supply of Services and who are obliged to respect privacy;
b) third parties who provide instrumental services to the Company, who typically act as data processing managers such as communication service, email, mail handling, website management technical services, computer service providers or, according to the nature of the requests, suggestions or complaints, providers of products or services regarding the nature of the complaint or suggestion.
c) entities, associations or authorities to whom your personal data must be communicated due to legal provisions or on the orders of authorities.
Said entities will receive only the data required for their functions and they will undertake to use the data purely for the aforestated purposes and to process them in respect of the applicable privacy legislation. The updated list of data processing managers is available by sending a written request to the Data Controller.
7. User rights
The users may exercise at any time the rights stated in Paragraph III of the aforestated Regulation. In particular, they have the right to request access to their data from the Co-Data Controllers, to request corrections and deletion of their data, to add to incomplete data, to limit data processing; to receive the data in a structured format, for shared and legible use on an automatic device; to revoke the consent given for the data processing and to object to the use of said data in part or in its entirety; in addition to exercising other rights recognized by the applicable discipline. Said rights may be exercised by email to the following email address: firstname.lastname@example.org.
In accordance with Article 77 of the Regulation, the user has the right to complain to the Authority for Data Protection should he/she retain that the data processing violates the aforesaid Regulation.