Privacy - Agriturismo Le Casacce

Privacy & Cookies Policy

This policy describes the information we process to provide our services or to ensure maximum service to our customers

PREMISE

As required by the European Union Regulation no. 679/2016 (“GDPR”) below is provided to the user (“User”) the information required by the law regarding the processing of your personal data

1. WHO WE ARE

The Data Holder and the Data Processing Manager

The Data Holder and the Data processing manager is Agriturismo Le Casacce | P.I. IT03505400543,
E-mail: info@casacce.it
Telephone: +39 335 5431319; +39 335 8310968

Who can see the data

Third parties delegated by us to manage some of our activities may have access and see the data on the website. These subjects are people inside agencies and companies that have the task of carrying out some activities on our behalf (eg web agency or free lance or ecommerce managers)

These subjects can not, however, process this data except in the presence of a precise written mandate from us

2. WHAT DATA WE TRACK

Personal data

Name, surname, physical address, nationality, province and municipality of residence, landline and / or mobile phone, social security number, address / s e-mail, contacts social networks

Data of companies, associations, public bodies, freelancers

Company Name, VAT Number, Fiscal Code, administrative office, name and surname of the contact persons, address (s), contact details, telephone number (s), social network

Trackable traffic data

Log, IP address of origin, generic statistical data, social network connection data

The Data Holder does not require the subject to provide sensible data, that is, according to the provisions of the GDPR (Article 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical convictions, or union membership, as well as genetic data, data biometrics designed to uniquely identify a natural person, data relating to a person’s health or sexual life or sexual orientation.

3. WHY WE NEED YOUR DATA

Follow the request for registration and the contract for the provision of the selected service and / or the purchased product

The processing of personal data of the User serves us, in this case, to register on our list of customers and to comply with the legal obligations to which we must abide.

These data will also be used for sending invoices or other documents necessary for the proper performance of our task of service providers or products.

These data will be included in our management database and will be used only and exclusively to follow up on our relationship with the interested party

Manage and execute contact requests forwarded by the interested party and provide assistance

The processing of such data takes place on your explicit request and consent to answer your questions. These are data that are processed only as a result of solicitation of the User

The legal basis of these treatments is the fulfillment of the services inherent to the request for registration, information and contact and / or sending of informative material and compliance with legal obligations.

Provide suggestions on further activities regarding the services / products similar or complementary to those purchased by the Interested Party (art.47 GDPR)

The Data Holder, even without the explicit consent of the User, may use the contact data communicated only for services / products similar to those of the sale, unless the User’s explicitly objects.

Provide suggestions on activities that are different from the services / products purchased

In this case the data will be processed only and exclusively if the user has provided the consent.

Processing can be done through automatic systems for sending emails, text messages or telephone contact

The data provided by the user will not be disclosed to third parties

Identification data not provided (Art. 13 GDPR)

If the user does not provide the identification data required to process the requests received or following the completed form, the Data Holder will not be able to process the processing of the requested services and / or the contract and the services / products connected to it, nor to the obligations that depend on them.

Consent denied for other uses than those related to the management of the contractual relationship

If the interested party does not give his consent to the use of data in order to receive information or specifications on promotional activities, the consent remains for the performance of those activities necessary for the management of the contractual relationship

4. HOW WE COLLECT THE DATA

Through automatic data collection systems we track information on the navigation of our Internet site in an aggregate way.

We need this to make statistics and analysis on all those who is interested in our services. This information can also be collected through software or plugins external to our website
(so-called “Cookies” –> See point 9. of this text)

Through the forms that the user of the site can freely decide to complete to be contacted or informed

Through the necessary forms of our ecommerce in order to best accomplish our online sales activity

Through one-to-one meetings in fairs, events, initiatives or contacts

In all these modalities, explicit consent is requested. In the case of offline data retrieval, the consent will be countersigned; in case of online data retrieval, the consent occurs when the “Send” button is clicked.

5. WHERE DATA ARE STORED

The data objects of the treatment are stored in two ways:

The data collected through our website will be included in a database on the Internet site and on servers provided by Aruba Business srl (read the privacy policy of Aruba Business here https://business.aruba.it/informativa_arubabusiness.pdf )

The data collected offline will be kept in special folders kept in the legal or operational headquarters of our company

6. HOW DATA ARE PROTECTED

Data collected from the website

The data collected by us on the Internet site are protected by access with passwords of the administrators of the website.

The website has two systems of protection.

The first is an encryption system of the Internet site through the https protocol. The certificate of protection is provided by Let’s Encript, provided by the company Aruba Business Spa.

The second is a system of protection of the Internet site inserted in it, which:

Prevents entry to any unauthorized person
Block access when using “banned” passwords because they are considered “hacked”

The data are all stored on the servers of Aruba Business Spa

Data collected offline

The data collected offline are all located within special folders located within the company headquarters.

The company is always manned during special working hours, while during closing hours it remains closed and accessible only through an access key. The folder in which the data is stored is anonymized

7. HOW MUCH TIME WE STORE THE DATA

In general, the personal data of the User will be kept until they are necessary with respect to the legitimate purposes for which they were collected, unless legitimate and specific requests for cancellation.

In particular, they will be stored for 20 years in the case of personal data collected for the purpose of carrying out activities linked or similar to services or products sold

Instead, in the case of data provided to the Data Holder for the purposes of commercial promotion for services other than those already acquired by the User, for which he initially consented, these will be retained for 48 months, always subject to revocation of the consent given.

Regardless of the determination of the interested party to their removal, the personal data will in any case be kept according to the terms established by current legislation and / or national regulations.

Furthermore, personal data will in any case be kept for the fulfillment of obligations (eg tax and accounting) that remain even after the termination of the contract (Article 2220 of the Civil Code); for these purposes the Data Controller will retain only the data necessary for the relative prosecution.

Except in cases where the rights deriving from the contract and / or registration, in which case the personal data of the User, exclusively those necessary for such purposes, will be processed for the time necessary to their pursuit.

8. THE RIGHTS OF THE USER

The User has the right to obtain from the Data Holder, if requested, the data available of the User (so-called “data portability” right)

In addition, the User may request to be deleted from any database or other place of data storage, or any correction of some of these data, at any time and without having to provide any justification for such request.

For any information or need, however, the User can directly contact the Data Holder at the addresses referred to in paragraph 1. of this document.

The maximum times established by law so that the holder can fulfill the requests in this direction are 1 month

The User can also lodge a complaint with the competent supervisory authority in Italy (the Personal Data Protection Authority) or the one carrying out its duties and exercising its powers in the Member State where the violation took place. of the GDPR.

9. COOKIES AND SERVICES PROVIDED BY THIRD PARTIES

Cookies are data that are sent from the website and stored by the Internet browser on the computer or other device (for example, tablet or mobile phone) of the user. The User can manage and disable the management of cookies directly from the browser he uses.

Below you can see how cookies are managed by the most popular web browsers:

Internet Explorer: http://windows.microsoft.com/it-IT/internet-explorer/delete-manage-cookies
Google Chrome: https://support.google.com/chrome/answer/95647
Mozilla Firefox: http://support.mozilla.org/it/kb/Gestione%20dei%20cookie
Opera: http://help.opera.com/Windows/10.00/it/cookies.html
Safari: https://support.apple.com/kb/PH19255

Technical cookies and third-party cookies may be installed on our website or by sub-domains.

In any case, the user can manage a general request of deactivation or cancellation of cookies, modifying the settings of his internet browser. This deactivation, however, may slow down or prevent access to some parts of the site.

Three types of cookies

Technical Cookies

Third-party cookies

Profiling cookies

Technical Cookies

It is all those cookies that allow the safe and efficient use of our site.

Technical cookies, in fact, are essential for the proper functioning of our website and are used to allow users normal browsing and the opportunity to take advantage of the advanced services available on our website.

The technical cookies used are distinguished in session cookies, which are stored exclusively for the duration of navigation until the browser is closed, and persistent cookies that are saved in the user’s device memory until their expiration or cancellation by the user same.

Third-party cookies

Some of the services listed below collect statistics in aggregate form and may not require the consent of the User or could be managed directly by the Data Holder – depending on what is described – without the help of third parties.

If among the tools indicated below there were services managed by third parties, these could – in addition to what is specified and also without the knowledge of the owner – perform tracking activities of the User. For detailed information, it is advisable to consult the privacy policy of the services listed.

Button +1 e social widgets of Google+ (Google Inc.)

The +1 button and Google+ social widgets are services for interacting with the Google+ social network, provided by Google Inc.