For information about your personal data collection, the purposes, and the subjects whom the data is shared with, contact the Data Controller.
Gallori Turchi, via Maggio 12r – 14r / 18r – 20r 50142 Firenze FI
email add: [email protected]
Types of data collected
The Owner does not provide a list of collected Personal Data types.
The User may freely provide Personal Data or, in the case of Usage Data, they are automatically collected when using this Application.
Unless otherwise specified, all Data requested by this Application are mandatory. If the User refuses to communicate them, it may be impossible for this Application to provide the Service. Whether this Application indicates some Data as optional, Users are free to refrain from communicating such Data; this will have no consequence on the availability of the Service or its functioning. Users who doubt which Data is mandatory, are encouraged to contact the Owner.
The User takes responsibility for the Personal Data of third parties obtained, published, or shared through this Application and guarantees that he has the right to communicate or disseminate them, releasing the Owner from any liability towards third parties.
Method and place of the collected Data processing
Method and place of processing
The Data Controller takes the appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data.
The processing is carried out using IT and/or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In some cases, in addition to the Data Controller, other subjects may be involved in the organization of this Application (administrative, commercial, marketing, legal, and system administrators) or external subjects (such as third-party technical service providers, postal carriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Data Controller. The Data Controller may always request an updated list of Managers.
Legal basis of the processing
The Data Controller processes Personal Data related to the User if one of the following conditions exists:
- The User has given consent for one or more specific purposes. Note: in some jurisdictions, the Data Controller may be authorized to process Personal Data without the User’s consent or another of the legal bases specified below, as long as the User does not object (“opt-out”) to such procesing. However, this is not applicable if the processing of Personal Data is ruled by European legislation on the protection of Personal Data;
- The processing is necessary for the running of a contract with the User and/or for the running of pre-contractual measures;
- The processing is necessary to fulfill a legal obligation to which the Data Controller is subject to;
- The processing is necessary to perform a task in the public interest or the exercise of public powers vested in the Data Controller;
- The processing is necessary to pursue the legitimate interest of the Data Controller or third- parties.
However, it is always possible to ask the Data Controller to clarify the concrete legal basis of each processing and in particular to specify whether the processing is based on the law, provided for by a contract, or necessary to conclude a contract.
Data are processed at the Data Owner’s operating offices and whenever the parties involved in the processing are located. For more information, contact the Owner.The User’s Personal Data might be moved to a country other than the one in which the User is located. To gather further information on the place of processing, the User can refer to the section relating to the details on the processing of Personal Data.
The User has the right to get information regarding the legal basis to move Data outside the European Union or to an international organization ruled by public international law or made up of two or more countries, such as the UN, as well as regarding the security measures adopted by the Data Controller to protect the Data.
The User may verify whether one of the transfers described above takes place, by reviewing the section of this document related to the details on how Personal Data is processed or getting information from the Data Controller by contacting him as shown above.
The Data are processed and stored for a time period required by the purposes which they were collected for.
- Personal Data collected for purposes related to the running of a contract between the Owner and the User will be retained until the contract is completed.
- Personal Data collected for the legitimate interest of the Data Owner’s aims are retained until such interest is satisfied. The User can get further information regarding the legitimate interest pursued by the Data Owner in the relevant sections of this document or by contacting the Data Owner himself.
When the processing is based on the User’s consent, the Owner can keep the Personal Data for a longer time, until that consent is revoked. Furthermore, the Data Owner may be obliged to keep Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, the Personal Data will be deleted. Therefore, upon the expiry of this term, the right to access, cancel, rectify, and the right to data portability can no longer be exercised.
Users can exercise certain rights concerning the Data processed by the Owner.
In particular, the User has the right to:
- revoke consent at any time. The User can revoke the previously expressed consent to the processing of his Personal Data.
- oppose the processing of the Data. The User can object to the processing of his Data when it occurs on a legal basis other than his consent. Further details on the right to object are set out in the section below.
- Access his Data. The User has the right to get information on the Data processed by the Data Controller, on certain aspects of the processing, and to receive a copy of the Data processed.
- Check and ask for rectification. The User can verify the correctness of his Data and request its update or correction.
- Get a limitation of the processing. In case of certain conditions, the User can request the limitation of the processing of his Data. In this case, the Data Controller will not process the Data for any other purpose than their retaining.
- Get the cancellation or removal of his Personal Data. In case of certain conditions, the User can request the cancellation of his Data by the Owner.
- Acquisition of data or have them transferred to another owner. The User has the right to receive his Data in a structured format, commonly used and readable by an automatic device and, where technically feasible, to transfer data with no impediment to another owner. This arrangement is applicable when the Data are processed with automated tools and the processing is based on the User’s consent, on a contract to which the User is a party, or on contractual measures connected to it.
- Lodge a complaint. The User can complain to the competent personal data protection supervisory authority or take legal action.
Details on the right to object
When Personal Data is processed in the public interest, in the exercise of public powers vested in the Data Owner or to pursue a legitimate interest of the Data Owner, Users have the right to object to the processing due to reasons connected with their particular situation.
Users are reminded that, should their Data be processed for direct marketing purposes, they may object to the processing without providing any reason. To find out if the Data Owner processes data for direct marketing purposes, Users can refer to the respective sections of this document.
How to exercise User’s rights
To exercise the User’s rights, Users can direct a request to the contact details of the Owner reported in this document. Requests are filed free of charge and processed by the Data Owner as soon as possible, in any case within a month.
Learn more about the processing
Defense in court
The User’s Personal Data may be used by the Owner in court or the preparatory stages for a possible establishment for the defense against abuse, in using this Application or related Services by the User.
The User declares to be aware that the Owner may be obliged to disclose the Data following an order of the public authorities.
System and maintenance logs
Concerning needs related to operation and maintenance, this Application and any third-party services used by it may collect system logs, i.e. files that record the interactions and which might also have Personal Data, such as the User’s IP address.
Information not contained in this policy
Further information concerning the processing of Personal Data may be requested at any time from the Data Owner using the contact details.
Response to “Do Not Track” requests
This Application does not support “Do Not Track” requests.
To find out if any third-party services in use support them, the User is invited to consult the respective privacy policies.
If the changes concern processing whose legal basis is consent, the Data Owner will collect the User’s consent again, if necessary.