Privacy Policy

This document describes how to manage the website, with reference to the processing of personal data of users (“User/Users”) who consult it. It is an information provided pursuant to art. 13 of D.Lgs. n. 196/2003, so called Code regarding the protection of personal data (“Privacy Code”) and articles 13 and ss. of EU Regulation 679/2016 (“GDPR”), to all those who visit the Site and/or communicate with CARLUCCI HOUSE IN TUSCANY by filling out the form for the request for information, available at the “Contacts” section of the Site, or by sending e-mail to the e-mail addresses on the Site.

The information is provided only for the Site and not for other websites that may be consulted by the User through links on the Site.

-Data Controller: The data controller is Carlucci House In Tuscany di Roberta Carlucci, with registered office Salone 37- San Gimignano (Si) e-mail address (“Controller”).

2. Types of data processed

2.1 Navigation data: The computer systems and software procedures used to operate the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of internet communication protocols. This information is not collected to be associated with identified subjects, but by its very nature could allow users to be identified. This category of data includes (i) the IP addresses or domain names of computers used by users who connect to the Site, (ii) the URI (Uniform Resource Identifier) notation addresses of the requested resources, (iii) the time of the request, (iv) the method used to submit the request to the server, (v) the size of the file obtained in response, (vi) the numerical code indicating the status of the response given by the server (successful, error) and (vii) other parameters related to the operating system and the user’s IT environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the Site and to check its correct functioning and are deleted immediately after processing.

2.2 Data provided voluntarily by the user: The optional, explicit and voluntary sending of e-mail to the e-mail addresses indicated on the Site and/or requests for information sent through the use of the “Contacts” section of the Site or, again, the communication of own data for the reception of promotional communications and/or informative newsletters, involve the acquisition and processing by the Data Controller of such data and any other information contained in such communications for the purposes indicated in par. 3

3. Purposes and legal basis of the processing: The processing of the User’s personal data by the Data Controller is aimed at: a) pursuing, in accordance with art. 6.1, lit. f) of the GDPR, a legitimate interest, consisting of:

a) pursue, in accordance with art. 6.1, lett. f) of the GDPR, a legitimate interest, consisting in ensuring the security of the Site and the information exchanged on it, that is, the ability of that Site to resist, to a given level of security, unforeseen events or unlawful or malicious acts that compromise the availability, authenticity, integrity and confidentiality of personal data stored or transmitted and the security of the relevant services offered or made accessible; b) with the consent of the User, pursuant to art. 6.1, lett. a) of the GDPR, send by email promotional communications and/or informative newsletters concerning inthezon services; c) allow the User to request information about the services promoted by the Owner on the Site and provide

to the User himself, pursuant to art. 6.1, lett. b) of the GDPR, any feedback and/ or quote required.

4. Consequences of any refusal to reply: Apart from what is specified with reference to the navigation data, which are necessary in order to allow the proper functionality of the Site, cookies, in relation to which we ask to read the cookie policy, and the data contained in requests for information, Users are free to provide their personal data: (i) to receive, by email, promotional communications and/or informative newsletters concerning goods and/or services. Failure to provide such data makes it impossible for the User to stay updated on news and/ or services. The Owner, in any case, informs the Users of the existence of the right to revoke at any time the consent given for the processing of the data referred to in point (i) above, without prejudice to the lawfulness of the processing based on the consent given before the revocation.

5. Processing methods: Personal data shall be processed using manual, computerised and automated systems for the time necessary to achieve the purposes for which they are collected. It should be noted, in particular, that the personal data of the User are subject to processing by persons duly entrusted to perform these tasks, constantly identified and/ or appointed, properly instructed and made aware of the constraints imposed by law, and by the use of safety measures to ensure the protection of your privacy and to avoid the risks of loss or destruction, unauthorized access, processing not permitted or not in compliance with the above purposes.6. Communication and dissemination of data: The personal data collected on the Site will not be communicated, sold or given to third parties, except in the cases provided for by law. It is without prejudice, in any case, to the communication of data to companies expressly entrusted to perform certain services in the context of the activity carried out by the Data Controller and/or, in general, in its favour, which will act as independent data controllers and/or data processors, as well as the communication and/or dissemination of data requested, in accordance with the law, by police forces, by the judicial authority, by information bodies or other public entities for purposes of defence or state security or for the prevention, detection or prosecution of criminal offences.

7. Rights of the interested party: Pursuant to art. 7 of the Privacy Code and art. 15 and ss. of the GDPR, the User has the right to obtain: 1. confirmation of the existence or not of personal data concerning you, even if not yet registered, and their communication in intelligible form; 2. a copy of your personal data; 3. rectification of your personal data which may be inaccurate; 4. erasure of your personal data; 5. restriction of processing of your personal data; 6. in a structured format, of common use and machine-readable personal data that you have provided us or hat you have created – excluding judgments created by the Owner and/ or by the appointees pursuant to art. 4 of the Privacy Code / by persons authorized to process the data in the name and on behalf of the Data Controller pursuant to art. 4 of the GDPR – and to transmit them, directly or through the Data Controller, to another controller; 7. the indication of: a) the origin of personal data; b) the categories of personal data processed; c) the purposes and methods of processing; d) the logic applied in the case of processing carried out with the aid of electronic tools; e) the identification details of the Data Controller and any data processors; f) the retention period of your personal data or the criteria useful for determining this period;

g) of the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of them as designated representative in the territory of the State, as responsible persons or persons in charge pursuant to art. 4 of the Privacy Code / persons authorized to process the data in the name and on behalf of the Data Controller pursuant to art. 4 of the GDPR; h) the update, rectification or, when you are interested, the integration of data; i) the transformation into anonymous form or the blocking of data processed in violation of the law, including those whose storage is not necessary in relation to the purposes for which the data were collected or subsequently processed; j) the attestation that the operations referred to in letters a) and b) have been brought to the attention, also for what also with regard to their content, of those to whom the data have been communicated or disseminated, except where such fulfilment proves impossible or involves the use of means manifestly disproportionate to the right protected. Furthermore, the User has the right to object, in whole or in part: a) for legitimate reasons, to the processing of personal data concerning him, even if pertinent to the purpose of collection; b) the processing of personal data concerning you for the purpose of sending advertising material or direct sales or for carrying out market research or commercial communication. To exercise these rights, Users may send a communication to the email address of the Owner, referred to in art. 1 indicating in object “Privacy – exercise of rights ex art. 7 of Legislative Decree no. 196/2003 and ex art. 15 and ss. of the GDPR”. Finally, we inform you that if you believe that your rights have been violated by the Data Controller and/or by a third party, you have the right to lodge a complaint with the Guarantor for the Protection of Personal Data and/or with another competent supervisory authority pursuant to the GDPR.
8. Duration of processing and storage of personal data: The User’s personal data will be processed by the Data Controller only for the period of time necessary to achieve the purposes of processing referred to in Article 3 above, After that they will be kept only in compliance with the legal obligations in force in the matter, for administrative purposes and/ or to assert or defend a right, in the event of litigation and pre-litigation. The personal data processed for the sending of newsletters, however, will be processed until the Owner receives the withdrawal of consent that the User has provided to him. For the exercise of the above rights, please contact our designated data controller, Mrs Roberta Carlucci to the following addresses: Cell. + 39 3386947287 – Email: – Loc. Il Salone 37, San Gimignano (Si)