PRIVACY POLICY
1. Who We Are and How to Contact Us
I am Roberto Razzi, Owner of Il Borgo di Razzi Roberto & C. sas, located at San Donato, 50137 San Gimignano (Siena), VAT number 01083570521, Data Controller of your personal data (hereinafter also referred to as Controller). This information is provided in compliance with EU Regulation 679/2016 (GDPR). For any doubts or needs, you can reach me at: info (@) antica-dimora.it.
2. What Types of Data We Collect
2.1. The data required for subscription to our Email lists are your name and your Email address.
2.2. Where it is possible to send us a message through the website, the information and personal data you provide are freely given by you. For initial contact, I recommend not providing so-called sensitive personal data, but only doing so in the context of subsequent contact. In any case, such data will also be subject to protection and confidentiality as described in this information, based on the GDPR.
2.3. Regarding browsing data, please refer to the specific extended Cookie notice and the related banner.
2.4 Data on user’s behaviour through Hotjar platform (see paragraph 7).
3. Why We Ask for These Personal Data (Purpose) and on What Legal Basis
3.1. Your personal data are necessary to process your requests, to subscribe you to the Newsletter, to respond to your inquiries and to improve our website after better understanding how users navigate it. You can unsubscribe from the Newsletter at any time. With the Newsletter, you will be informed about updates.
3.2. Through the email address you provided, we may send you News or commercial communications related to products or services similar to those you have already used, while respecting your right to revoke or limit consent for such communications at any time, by clicking the link at the bottom of each of our emails or by contacting us directly.
3.3. The legal basis for processing lies in the consent given through the selection of the appropriate box in the contact form.
4. How We Use the Collected Data
4.1. Processing is carried out through: collection, recording, organization, storage, consultation, processing, modification, selection, extraction, comparison, use, interconnection, blocking, communication, deletion, and destruction of data.
4.2. Data sent through the contact form are managed directly by the Controller or the Processor.
5. Mandatory Provision of Data
5.1. It is essential that you provide your name and email address to process the request for Newsletter subscription or to send your message. Otherwise, it is impossible to fulfill your request. Under no circumstances will I use your personal data for purposes other than those indicated in this information. However, there is no obligation to provide data, and failure to do so will only prevent the processing of the request. For security reasons, you cannot send us any data without your consent. Therefore, all forms are designed not to allow submission without your consent.
5.2. The provision of data is optional in the case of:
- Marketing and Promotions.
You can therefore decide not to provide any data or to subsequently deny the possibility of processing data already provided: in this case, you will not receive newsletters, commercial communications, and advertising material relating to the services offered by the Controller. However, you will continue to have the right to services related to contractual performance, based on the specific information related to such services.
By selecting the appropriate box, you declare to have read this information and consent to the processing of your personal data. Therefore, with this action, you provide your consent to the processing of personal data, within the limits and for the purposes indicated in this information.
6. Recipients of Data
Your personal data may be communicated to my collaborators who assist me in managing requests and organizing the back office. My collaborators are Data Processors and are bound by my specific instructions and policies, as well as confidentiality and secrecy obligations. Upon request, the list of our collaborators responsible for data processing is available.
Data processing is carried out partially automated, but decision-making processes always involve human intervention.
7. Data Transfer Abroad
7.1. Your data is primarily managed within the EU; it may be transferred to countries outside the EU, including the USA.
In particular, we use the following external platforms:
Website hosting: The site is hosted on a platform with headquarters and servers in the EU.
Google Analytics: for tracking user behavior on the site – privacy policy.
Google Fonts: for content fonts. By using Google Fonts, Google collects (1) the IP address used by the respective user to access the Internet, (2) the requested URL on the Google server, and (3) HTTP headers, including the user agent describing the Internet browser of website visitors and versions of the operating system, as well as the referrer (the web page on which the Google font should be displayed). When end users visit a website that incorporates Google Fonts via the Google Fonts web API, Google servers receive users’ IP addresses as part of the network connection between Google and the user. Google does not record or store IP addresses and deletes them immediately after transmitting the font to the requesting user. More information here.
Hotjar platform: we use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device’s IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf. For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.
8. What are Your Rights and How Can You Obtain Information About, Modify, Delete, or Obtain a Copy of Your Data
According to the European Regulation, you have the right to request:
- access to your personal data (to know which personal data we possess),
- rectification of inaccurate data or integration of incomplete ones (in case any of your data has changed, such as if you have a new email address),
- erasure of personal data (upon the occurrence of one of the conditions indicated in Art. 17, para. 1 of the GDPR and respecting the exceptions provided for in paragraph 3 of the same article),
- limitation of the processing of your personal data (for example, you may ask us not to be subscribed to our Newsletter while wanting to maintain access credentials to use the courses you have purchased), upon the occurrence of one of the hypotheses indicated in Art. 18, para. 1 of the GDPR,
- object to processing (for example, if you notice that your data is being processed in a manner not in accordance with this information) and data portability,
- request and obtain your personal data in a structured, commonly used, and machine-readable format, also in order to communicate such data to another data controller (right to portability),
- revoke consent at any time, limited to cases where processing is based on consent for one or more specific purposes and concerns common personal data (for example, date and place of birth or residence), or special categories of data (for example, data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, health status, or sex life). Processing based on consent and carried out prior to the revocation of the same remains lawful.
The above rights, related to personal data concerning deceased persons, may be exercised by those with their own interest, or acting to protect the data subject, as their representative, or for family reasons worthy of protection, unless the data subject has expressly prohibited it with a written declaration submitted to the data controller or communicated to the latter.
Submit a complaint to a supervisory authority (Italian Data Protection Authority – www.garanteprivacy.it).
For any issues or needs, write to info (@) antica-dimora.it.
9. Storage time
We only retain your personal data for as long as is necessary for the purposes for which it was collected or for any other legitimate related purposes.
We restrict access to your personal data only to those who need to use it for relevant purposes.
Your personal data that is no longer needed, or for which there is no longer a legal basis for its storage, will be irreversibly anonymised (and thus can be retained) or securely destroyed.
Below are the retention times in relation to the different purposes listed above:
Fulfilment of contractual and legal obligations: data processed to fulfil any contractual obligation may be retained for the duration of the contract and in any case for no longer than the next 10 years, in order to verify any outstanding debts including accounting documents (e.g. invoices).In the event of litigation: in the event that we are defending or acting or even making claims against you or third parties, we may retain personal data that we deem reasonably necessary to process for such purposes, for as long as such claim may be pursued.
Operational management and strictly related purposes for accessing the website: data processed for this purpose may be retained for the duration of the contract and in any case no longer than 10 years thereafter.
Marketing purposes: personal data processed for marketing purposes may be retained for 24 months from the date on which we obtained your last consent for this purpose (with the exception of your objection to receiving further communications)
Contacts from mailing lists or newsletters: may be retained for 24 months from the date you subscribe to the service or from the date we last obtained evidence of your use of the service.
10. Security guarantees for your data
No computer system can be said to be 100% secure. However, we take all appropriate measures to safeguard security and prevent the risk of Data Breach.
11. Further information
Il Borgo di Razzi Roberto & C. sas accepts no responsibility for data provided by the person concerned that is inaccurate or does not correspond to reality.
This Privacy Policy may be subject to subsequent amendments and/or additions. Therefore we invite you to consult it periodically according to your needs.