Extended Privacy Policy of Toscoidea.it

INFORMATION ON THE PROCESSING OF PERSONAL DATA
of users who consult the website Toscoidea.it for the protection of personal data

pursuant to Article 13 of Regulation (EU) 2016/679

For Toscoidea.it the privacy of its users is of primary importance. This Privacy Policy defines what data is collected and how it is used, disclosed, transferred and/or stored by the Site.

This Site collects certain personal data from its Users. Users may be subject to different levels of protection. Therefore, some users are afforded greater protection. Further information regarding the protection criteria can be found in the applicability section.

Data Controller

If you have any questions regarding this privacy policy you can contact us using the information below.

TOSCOIDEA SRLS

Via Emilio Sereni 16 – 16/A

51018 – Pieve a Nievole (PT)

Vat number 01990160473

Tel: 0572/950706

e-mail: info@toscoidea.it

Our users can send requests regarding the protection of personal data, privacy and security to, Toscoidea.it, at info@toscoidea.it

Types of data collected

It is possible to visit our site anonymously.

Among the personal data collected by Toscoidea.it, either independently or through third parties, are: Cookies, Usage Data, Email and Name and various types of Data.

Full details on each type of data collected are provided in the dedicated sections of this privacy policy or by means of specific informative texts displayed before the data is collected.
Personal Data can be freely provided by the User or, in the case of Usage Data, automatically collected during use of the site.
In cases where the Toscoidea.it site indicates some Data as optional, Users are free to refrain from communicating such Data, without this having any consequence on the availability of the Service or its operativeness.
Users who may have doubts as to which Data is mandatory are encouraged to contact the Data Controller. Any use of Cookies – or other tracing instruments – by the Toscoidea.it site or by the owners of third party services used by Toscoidea.it, unless otherwise specified, has the purpose of providing the Service requested by the User, in addition to the further purposes described in this document and in the Cookie Policy, if available.

The User assumes responsibility for the Personal Data of third parties obtained, published or shared through Toscoidea.it and guarantees to have the right to communicate or disseminate them, freeing the Owner from any liability to third parties.

Method and place of treatment of collected Data

Treatment modalities

The Owner treats Users’ Personal Data adopting appropriate security measures aimed at preventing unauthorized access, disclosure, modification or destruction of Personal Data.

The treatment is carried out by means of computer and/or telematic instruments, with organizational methods and logics strictly related to the indicated purposes.

In addition to the Data Controller, in some cases, categories of people in charge of the organization of the site (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, as Data Processors by the Data Controller, may have access to the Data. The updated list of Data Processors can always be requested from the Data Controller.

Legal basis of the treatment

The Data Controller processes Personal Data relating to the User if one of the following conditions exists:

the User has given consent for one or more specific purposes; Note: in some jurisdictions, the Controller may be authorized to process Personal Data without the need for the User’s consent or another of the legal bases specified below, until the User objects (“opts-out”) to such processing. However, this does not apply if the processing of Personal Data is governed by European legislation on the protection of Personal Data;
the processing is necessary for the performance of a contract with the User and/or the execution of pre-contractual measures;
the processing is necessary for the performance of a legal obligation to which the Data Controller is subject;
the processing is necessary for the performance of a task of public interest or for the exercise of public powers vested in the Data Controller;
the processing is necessary for the pursuit of the legitimate interest of the Data Controller or of third parties.
However, it is always possible to ask the Data Controller to clarify the concrete legal basis of each processing and in particular to specify whether the processing is based on law, provided for by a contract or necessary to conclude a contract.

Place

The Data are processed at the operational headquarters of the Data Controller and in any other place where the parties involved in the processing are located. For more information, please contact the Data Controller.
Your Personal Data may be transferred to a country other than the one in which you are located. You may refer to the section on details of the processing of Personal Data to obtain further information on the location of the processing.

The User has the right to obtain information on the legal basis for the transfer of Data outside the European Union or to an international organization under public international law or formed by two or more countries, such as the UN, as well as on the security measures adopted by the Data Controller to protect the Data.

Should one of the transfers just described take place, the User may refer to the respective sections of this document or request information from the Data Controller by contacting it at the contact details given at the beginning.

Period of conservation

The Data are processed and stored for the time required by the purposes for which they were collected.

Therefore:

Personal Data collected for purposes related to the performance of a contract between the Data Controller and the User will be retained until the performance of such contract is completed.
Personal Data collected for purposes related to the legitimate interest of the Data Controller will be retained until such interest is satisfied. You may obtain further information regarding the legitimate interest pursued by the Controller in the relevant sections of this document or by contacting the Controller.
When the processing is based on the User’s consent, the Controller may keep the Personal Data longer until such consent is revoked. In addition, the Controller may be obliged to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.

At the end of the retention period the Personal Data will be deleted. Therefore, at the end of this period the right of access, cancellation, rectification and the right to Data portability can no longer be exercised.

Purposes of Data collection

The User’s Data are collected to allow the Data Controller to provide its Services, as well as for the following purposes: Statistics, Address management and sending email messages, Payment management, Interaction with social networks and external platforms, Contacting the User, Protection from SPAM, Commercial affiliation, Management of landing pages and invitation pages, Performance testing of contents and functionalities (A/B testing), Management of Users’ databases, Session registration, Interaction with online survey platforms.

To obtain further detailed information on the purposes of the processing and on the Personal Data concretely relevant for each purpose, the User may refer to the relevant sections of this document.

Details on the processing of Personal Data

Personal Data is collected for the following purposes and using the following services:

Contact Form (This Site).

The User, by filling out the contact form with his/her Data, consents to their use to respond to requests for information, quotes, or any other nature indicated in the header of the form.

Personal data collected: Email and Name.

SPAM Protection

These services analyze the traffic of this Site, potentially containing Personal Data of the Users, in order to filter it from parts of traffic, messages and contents recognized as SPAM.

Akismet (Automattic Inc.)

Akismet is a SPAM protection service provided by Automattic Inc.

Personal Data collected: Various types of Data as specified in the privacy policy of the service.

Place of processing: USA – Privacy Policy

Wordfence Security – Firewall & Malware Scan

Cerber is a SPAM protection and malware scan service provided by Cerber Tech Inc.

Personal Data collected: Various types of Data as specified by the privacy policy of the service.

Place of processing : USA – Privacy Policy

Google Fonts (Google Inc.)

Google Fonts is a service for displaying font styles managed by Google Inc. that allows this Site to integrate such content within its pages.

Personal data collected: Cookies and usage data

Place of processing: USA Privacy Policy

Google Maps (Google Inc.)

Google Maps is a map display service operated by Google Inc. that allows this Site to integrate such content into its pages.

Personal data collected: Cookies and usage data

Place of processing: USA Privacy Policy

Management RSS feeds

These services allow the management of RSS feeds and the distribution of their contents. Depending on the characteristics of the service used, these services may also be used to place advertisements within the content and to collect statistical data on the same.

Google Analytics (Google Inc.)

Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses the Personal Data collected in order to track and examine the use of this Site, compile reports and share them with other services developed by Google.
Google may use the Personal Data to contextualize and personalize the ads in its advertising network.

At the following link https://tools.google.com/dlpage/gaoptout?hl=it is also made available by Google the browser add-on for the deactivation of Google Analytics

Personal Data collected: Cookies and Usage Data.

Place of processing : USA – Privacy Policy – Opt Out

User Rights

Users may exercise certain rights with reference to the Data processed by the Data Controller.

In particular, the User has the right to:

• revoke consent at any time. The User may revoke the consent to the processing of its Personal Data previously expressed;
• oppose the processing of their Data. The User may object to the processing of their Data when it is done on a legal basis other than consent. Further details on the right to object are provided in the section below;
• access to your Data. The User has the right to obtain information about the Data processed by the Data Controller, certain aspects of the processing and to receive a copy of the Data processed;
• verify and request rectification. The User may verify the correctness of its own Data and request updating or correction;
• obtain the limitation of the treatment. When certain conditions are met, the User may request the limitation of the processing of its Data. In this case, the Owner will not treat the Data for any other purpose than their preservation;
• obtain the cancellation or removal of their Personal Data. When certain conditions are met, the User may request the deletion of their Data by the Data Controller;
• receive their Data or have it transferred to another owner. The User has the right to receive his or her Data in a structured, commonly used and machine-readable format and, where technically feasible, to have it transferred without hindrance to another data controller. This provision is applicable when the Data is processed by automated means and the processing is based on the User’s consent, a contract to which the User is a party or contractual measures related thereto;
• propose a complaint. The User may lodge a complaint with the competent data protection supervisory authority or take legal action.

Details of the right to object

When Personal Data are processed in the public interest, in the exercise of public powers vested in the Data Controller or to pursue a legitimate interest of the Data Controller, Users have the right to object to the processing for reasons related to their particular situation.

Users should note that if their Data were processed for direct marketing purposes, they may object to the processing without providing any reasons. To find out whether the Data Controller processes data for direct marketing purposes, Users may refer to the respective sections of this document.

How to exercise rights

In order to exercise the User’s rights, Users may address a request to the contact details of the Controller set out in this document. Requests are filed free of charge and processed by the Controller as soon as possible, in any event within one month.

Applicability of the higher level of protection

While most of the provisions of this document apply to all Users, some are expressly subject to the applicability of a higher level of protection to the processing of Personal Data.

This higher level of protection is always guaranteed when the processing

• is performed by a Data Controller based in the EU; or
• concerns Personal Data of Users located in the EU and is functional to the offer of goods or services to such Users for free or for a fee; or
• concerns Personal Data of Users located in the EU and allows the Controller to monitor the behavior of such Users to the extent that such behavior takes place within the EU.