Privacy Policy for Visitors of the website terredibaccio.com
Terre di Baccio “Country House” informs that, pursuant toart. 13 of the General European Data Protection Regulation EU 2016/679 (“Regulation”), the personal data provided by the CUSTOMER in relation to the service provided will be processed in accordance with the provisions of the Regulation, in compliance with current legislation and the security and confidentiality obligations to which it is required by law.
DATA CONTROLLER
TERRE DI BACCIO SRL – P.Iva : 06978420484
Information and contact details
Terre di Baccio srl
Loc. Case Sparse 10 50022 Greve in Chianti -Firenze-Tel.: +39 055 853481 Pec: terredibaccio@legalmail.it
Privacy Policy relating to the site www.terredibaccio.com
This information, relating to the privacy policy and the protection of your personal data (called privacy policy or privacy policy) will allow you to know how Terre di Baccio “Country House” uses and manages the information you are about to provide, your personal data and any sensitive data that, in order to offer the requested services, will be collected from the site www. terredibaccio. com
Below are the methods proposed by the site through which the user can communicate with Terre di Baccio “Country House” by providing their personal data (hereinafter called “contact methods”). Later in this document the individual contact methods are described in detail.
CONTACT PROCEDURES PROPOSED BY THE WEBSITE WWW. TERREDIBACCIO. COM
OBBLIGATORI: NAME, SURNAME, MAIL, PHONE
OPTIONAL: ADDRESS, OTHER CONTACTS
This information will also explain your faculties and rights relating to the data provided, without which Terre di Baccio “Country House” may not be able, in whole or in part, to offer you its services. Reproduction, even partial, in any form of the content of this document is prohibited.
Disclosure on the processing of personal data ex art. 13 d.lgs. 196/2003 and art. 13 Regulation (EU) 2016/679
We wish to inform you that the d.lgs. n. 196 of 30 June 2003 (“Code regarding the protection of personal data” or “Privacy Code”), as well as Regulation (EU) 2016/679, provide for and guarantee the right to the protection of personal data that are processed by third parties by virtue of the principle that everyone has the right to the protection of personal data concerning him and to the processing of the same in compliance with fundamental rights and freedoms, the dignity of the person concerned, with particular reference to confidentiality and personal identity.
For the purposes of this information of the privacy code and the European regulation, the following definitions apply:
“module” means the interface of a site or application that allows the client user to enter and send to the web server one or more data freely typed by the same; it is also called a form or more frequently a form;
“processing” means any operation or set of operations, performed with or without the aid of automated processes and applied to personal data or set of personal data, such as collection, recording, organization, structuring, storage, adaptation and modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, limitation, cancellation or destruction;
“personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;
“identification data” means personal data that allow the direct identification of the data subject on the basis of the above criteria;
“sensitive data” means personal data capable of revealing racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, political or trade union nature, as well as personal data suitable for revealing the state of health and sex life;
“controller” means the natural person, legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of processing personal data;
‘processor’ means the natural person, legal person, public authority, agency or other body that processes personal data on behalf of the controller;
“appointees” means the natural persons authorized to carry out processing operations by the owner or manager;
“data subject” means the natural person, identified or identifiable, to whom the personal data relate;
“communication” means giving knowledge of personal data to one or more specific subjects other than the interested party, the representative of the owner in the territory of the State, the manager and the persons in charge, in any form, including by making them available or consulting;
“dissemination” means giving knowledge of personal data to indeterminate subjects, in any form, including by making them available or consulting;
“anonymous data” means data that originally, or as a result of processing, cannot be associated with an identified or identifiable data subject;
“blocking” means the storage of personal data with temporary suspension of any other processing operation;
“database” means any organised set of personal data, broken down into one or more units located on one or more sites;
“Guarantor” means the authority referred to in Article 153, established by Law no. 675 of 31 December 1996;
“minimum measures” means all the technical, IT, organizational, logistical and procedural security measures that configure the minimum level of protection required in relation to the risks provided for in Article 31 of the Privacy Code;
In accordance with art. 5 of Regulation 2016/679, the processing that we will carry out of the data that you are going to provide us will be based on the principles of lawfulness, correctness and transparency and will be carried out in compliance with the principle of necessity of data processing, configuring our systems and computer programs so that the use of personal and identification data is reduced to a minimum, so as to exclude the processing when the purposes pursued, in individual cases, they can be obtained through, respectively, anonymous data and appropriate methods that allow you to be identified only in case of need.
DATA CONTROLLER
TERRE DI BACCIO SRL – P. Iva: 06978420484
Loc. Case Sparse 10 50022 Greve in Chianti -Firenze Italy -Tel.: +39 055 853481 PEC: terredibaccio@legalmail.it
INFORMATION COLLECTED BY THE SITE WWW.TERREDIBACCIO.COM
While browsing the site www. terredibaccio.com you will be given the opportunity to contact, even in non-electronic form, the structure.
With regard to the information that may be requested or that will be spontaneously provided, we wish to inform you that the provision of data may be in some cases optional and in others, instead, mandatory and, in such cases, any refusal to provide such data could have, as a consequence, the failure or partial execution of the relationship.
The processing of data could also concern personal data falling, in some countries, in the category of “sensitive data”, as qualified above, with the consequent adoption by Terre di Baccio “Country House ” of all the necessary precautions and prescriptions dictated by the privacy code.
Below we list the contact methods through which the site www. terredibaccio.com may collect your personal information or through which you could contact Terre di Baccio “Country House” by providing your personal data yourself. This information may be acquired directly from the website www. terredibaccio.com through services prepared and managed directly bythe structure or acquired by third-party services. For each contact method, detailed information is provided below in order to indicate who acquires your information, what are the purposes for which it is collected, the legal basis of the data processing and, in the case of transfer to third parties, you will be indicated any categories of third parties to whom they will be transferred.
Contact methods proposed by the site through which the user could provide his personal information:
Name, Surname, Phone, e-mail
The processing of your personal data is carried out by means of the operations indicated in art. 4 n. 2) GDPR and precisely: collection, registration, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, cancellation and destruction of data. Your personal data are subject to both paper and electronic and / or automated processing.
1. SUPPLIER-MANAGER OF THE CONTACT MODE
The service is provided and managed directly by this Application.
2. PURPOSE OF THE ACQUISITION OF PERSONAL DATA
The service acquires personal data for the following purposes:
Yourpersonal data are processed:
A) without yourexpress consent (Article 6 letter b), and (GDPR), for the following Service Purposes:
- conclude contracts for the services of the Data Controller;
- complete and manage bookings;
- customer support;
- fulfill the pre-contractual, contractual and tax obligations deriving from existing relationships with you;
- fulfill the obligations established by law, by a regulation, by community legislation or by an order of the Authority (such as, for example, in the field of anti-money laundering);
- exercise the rights of the Data Controller, for example the right of defense in court;
B) solo subject to specific and distinct consent (art. 7 GDPR), for the following Marketing Purposes:
- sendyou via e-mail, mail and / or sms and / or telephone contacts, newsletters, commercial communications and / or advertising material on products or services offered by the Data Controller and detection of the degree of satisfaction with the quality of services;
- sendyou by e-mail, mail and / or sms and / or telephone contacts commercial and / or promotional communications of third parties. We point out that if you are already our customers, we may sendyou commercial communications relating to services and products of the Data Controller similar to those already used by the Data Controller, unless you disagree.
3. LEGAL BASIS OF DATA PROCESSING
The legal basis of the data processing, pursuant to art. 6 of the Regulation (EU) is represented by the consent to the processing of your personal data, for one or more specific purposes, expressed by you.
4. ACCESS TO DATA
Your data may be made accessible for the purposes referred to in art. 2.A) and 2.B):
- to employees and collaborators of the Data Controller, in their capacity as persons in charge and / or internal managers of the processing and / or system administrators;
- to third-party companies or other subjects (as an indication, hosting and cloud services, professional firms, consultants, suppliers, etc.) that carry out outsourced activities on behalf of the Data Controller, in their capacity as external data processors.
5. COMMUNICATION OF DATA
Without the need for express consent (Article 6 letter b) and c) GDPR), the Data Controller may communicate your data for the purposes referred to in art. 2.A) to Supervisory Bodies, Judicial Authorities, as well as to those subjects to whom the communication is mandatory by law for the fulfillment of the aforementioned purposes. These subjects will process the data in their capacity as independent data controllers.
The data acquired by this service will not be disclosed.
6. DATA TRANSFER
The management and storage of personal data will take place on servers located within the European Union of the Data Controller and / or third-party companies appointed and duly appointed as Data Processors. Currently the servers are located in Italy. The data will not be transferred outside the European Union. In any case, it is understood that the Data Controller, if necessary, will have the right to move the location of the servers in Italy and / or the European Union and / or non-EU countries. In this case, the Data Controller hereby ensures that the transfer of non-EU data will take place in accordance with the applicable legal provisions by stipulating, if necessary, agreements that guarantee an adequate level of protection and / or adopting the standard contractual clauses provided by the European Commission.
7. NATURE OF THE PROVISION OF DATA AND CONSEQUENCES OF REFUSAL TO RESPOND
The provision of data for the purposes referred to in art. 2.A) is mandatory. In their absence, we will not be able to guarantee the Services of art. 2.A). The provision of data for the purposes referred to in art. 2.B) is optional. You can therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not be able to receive newsletters, commercial communications and advertising material relating to the Services offered by the Data Controller. However, you will continue to be entitled to the Services referred to in art. 2.A).
8. RIGHTS OF THE INTERESTED PARTY
In yourcapacity as an interested party, you have the rights referred to in Article 15 of the GDPR, namely the rights to:
I. obtain confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in an intelligible form;
II. obtain the indication: a) of the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in case of processing carried out with the aid of electronic instruments; d) of the identification details of the owner, of the managers and of the designated representative pursuant to art. 3, paragraph 1, GDPR; e) the subjects or categories of subjects to whom the personal data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents;
III. obtain: a) updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those whose retention is not necessary in relation to the purposes for which the data were collected or subsequently processed; c) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also as regards their content, of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves a use of means manifestly disproportionate to the protected right;
IV. object, in whole or in part: a) for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of the collection; b) to the processing of personal data concerning you for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication, through the use of automated call systems without the intervention of an operator by e-mail and / or through traditional marketing methods by telephone and / or paper mail. Please note that the right of opposition of the interested party, set out in point b) above, for direct marketing purposes through automated methods extends to the traditional ones and that in any case the possibility remains for the interested party to exercise the right of opposition even in part. Therefore, the interested party may decide to receive only communications through traditional methods or only automated communications or neither of the two types of communication.
Where applicable, you also have the rights referred to in Articles. 16-21 GDPR (Right to rectification, right to be forgotten, right to limitation of processing, right to data portability, right to object), as well as the right to complain to the Guarantor Authority.
9. HOW TO EXERCISE YOUR RIGHTS
You can exercise your rights at any time by sending:
- a registered letter with return receipt to:
Terre di Baccio s.r.l., with registered office in Loc. Case Sparse 10 – 50022 Greve in Chianti – Florence Italy; - an e-mail to: terredibaccio@legalmail.it
10.PLUGIN AND WIDGETS – THIRD-PARTY SITES AND HYPERLINKS
The website www.terredibaccio.com owned by Terre di Baccio srl may use Plugins provided by third parties.
When you visit a page of our site that contains one or more of these elements, your browser will display content (texts and / or images) and / or sent and / or decided by the owner of the Plugin. These plugins may also install cookies (third-party cookies).
Our site is therefore not responsible for such content and, therefore, please refer to the privacy policy of the owner of the Plugin.
Our site may use social plugins from the following, by way of indication and not limitation, social networks: facebook.com (“Facebook”), plus.google.com (“Google+”), microblogging service twitter.com (“Twitter”) etc.
In the future, other Plugins, other sites and / or Social Networks may be inserted on the pages of our site.
The request addressed to the owner or manager can also be sent by registered letter, fax or e-mail, unless otherwise system that the Guarantor may adopt with reference to new technological solutions. In any case, the exercise of your rights pursuant to art. 7, paragraphs 1 and 2, of the privacy code can also be made by request formulated only orally and in this case will be briefly noted by the interested party or manager.
On our website www.terredibaccio.com there may be hyperlinks and / or advertisements to other sites not owned or controlled by Terre di Baccio “Country House”.
Please note that this Privacy Policy applies only and exclusively to the personal information we collect through our site and we cannot be held responsible in any way for personal information collected, stored and used by third parties through their sites.
Terre di Baccio “Country House”, recommends that you read the privacy policy of each site you visit.
11. MINOR
In the communication of your personal data we assume and guarantee that you are at least 18 years of age. Terre di Baccio “Country House”, does not intend to collect any personal data of individuals under the age of eighteen. Where necessary, we will specifically instruct children not to disclose their data via our sites and/or take reasonable steps to ensure parental/guardian control over such communication.
Parents/guardians should be aware that our privacy policy and policy will govern the use of personal data, but information given voluntarily by minors – or others – in comments or the like may be used by third parties to generate unsolicited correspondence.
We invite all parents / guardians to educate their children to a safe and responsible use of their personal data while browsing the internet, preparing any appropriate control of the case to the extent and in the manner they deem appropriate.
12. IN THE EVENT OF A DATA BREACH
In case of violation of your personal data, Terre di Baccio srl, will take care to notify, pursuant to Article 33 of the Regulation (EU) without undue delay, where possible within 72 hours from the moment it became aware of it, said violation to the Privacy Authority. Such notification will take place in all cases, unless it is unlikely that the personal data breach presents a risk to the rights and freedoms of natural persons. If the violation of personal data is likely to present a high risk for the rights and freedoms of individuals, Terre di Baccio srl, data controller, will take care to notify you of the violation without undue delay.
Changes to our Privacy Policy
Considering that the state of improvement of the automatic control mechanisms does not currently make them free from errors and malfunctions, we reserve the right to make, without prior notice, any changes to this privacy policy that we deem necessary or that will be made mandatory by law or other regulatory source. You should be careful to constantly and periodically check this privacy policy, as it will be assumed that you have accepted changes and updates if you continue to use the site after they have been published.