Reg. UE 2016/679
(General Data Protection Regulation)

1. Introduction

This privacy policy (“Privacy Policy”) describes the personal data processing activities carried out by Ilaria Ceccanti (the “Data Controller”) through this website.

The Data Controller may process users’ personal data when they visit this website and use its services and features. A specific privacy policy is published in the sections of the webiste where the users’ personal data is collected, pursuant to art. 13 of EU Regulation 2016/679.

Where required by EU Regulation 2016/679, the users’ consent will be requested before processing their personal data. If the user provides personal data of third parties, they must ensure that the communication of the data to the Data Controller and the subsequent processing for the purposes specified in the applicable privacy notice complies with EU Regulation 2016/679 and applicable law.

2. Data Controller

The Data Controller is Ilaria Ceccanti, Fiscal code  CCCLRI93A50G702U, VAT number 07396320488, with registered office at Piaggione 13, 50124 Firenze (FI) Italy, certified email address: ilaria.ceccanti@pec.it

3. Type of data processed

Visiting and browsing this website generally does not involve the collection and processing of the users’ personal data, except for browsing data and cookies, as specified below. In addition to browsing data (see below), personal data provided spontaneously by the user may be processed when using the services and tools offered on the website.

4. Cookies and browsing data 

This website uses “cookies.” By using the website, you agree to the use of cookies in accordance with this Privacy Policy. Cookies are small files stored on the hard disk of your computer. There are two main categories of cookies: technical cookies and profiling cookies.

Technical cookies are necessary for the proper functioning of a website and to enable user navigation; without them, the user may not be able to correctly view pages or use certain services.

Profiling cookies create user profiles in order to send advertising messages in line with the preferences expressed by the user while browsing.

Cookies can also be classified as:

• “session” cookies, which are deleted immediately when the browser is closed; “persistent” cookies, which remain in the browser for a specified period of time. They are used, for example, to recognize the device connecting to a site, facilitating user authentication;
• “First-party” cookies, generated and managed directly by the operator of the website the user is browsing;
• “Third-party” cookies, generated and managed by third parties different from the Data Holder.

5. Cookies used on the Site

This website uses the following types of cookies:

a) First-party, session, and persistent cookies, necessary to enable navigation on the website, for internal security and system administration purposes;

b) Third-party, session, and persistent cookies, necessary to allow the user to use multimedia elements on the Site, such as images and videos;

c) Third-party, persistent cookies, used by the website to send statistical information to the Google Analytics system, through which the Data Controller can perform statistical analyses of accesses/visits to the website. These cookies are used exclusively for statistical purposes and collect information in aggregate form. Through a pair of cookies, one persistent and the other session (expiring when the browser is closed), Google Analytics also saves a log of the times of the start and end of visits to the Site. You can prevent Google from collecting data via cookies and from processing this data by downloading and installing the browser plug-in available at the following address: http://tools.google.com/dlpage/gaoptout?hl=en.

For more information on the cookies activated on this website, please refer to the Cookie Privacy Policy.

This website may contain links to other web pages (so-called third-party websites). In such cases, the Data Controller will not be responsible for the processing of personal data by the owners of such websites.

6. Retention of personal data

Personal data is stored and processed using IT systems owned by the Data Controller and may be managed by third-party technical service providers. The data is processed exclusively by specifically authorized personnel, including personnel assigned to carry out extraordinary maintenance operations.

In accordance with EU Regulation 2016/679, the data is retained for the time necessary to achieve the purposes for which it is processed.

7. Purposes and methods of data processing

The Data Controller may process users’ common personal data for the following purposes: use of services and features on the website and management of user requests and queries.

Furthermore, with the users’ additional and optional consent, the Data Controller may process personal data for marketing purposes, i.e., to send the user promotional materials and/or commercial communications relating to the Company’s services, to the contact details provided by the user.

Personal data is processed in electronic form.

The processing does not take place through automated decision-making processes.

8. Security and quality of personal data

The Data Controller is committed to protect the security of the users’ personal data and complies with the security provisions of applicable legislation to prevent data loss, illegitimate or unlawful use of data, and unauthorized access. Furthermore, the information systems and software used by the Data Controller are configured to minimize the use of personal and identifying data; such data is processed only to achieve the specific purposes pursued from time to time.

9. Scope of communication and data access

The users’ personal data may be disclosed to: i) all parties who may have access to such data pursuant to regulatory provisions; ii) any employees or partner, as part of their respective duties; iii) third parties who need to come into contact with the personal data in order to carry out the activities for which they have been appointed by the Data Controller.

10. Nature of provision of personal data

The provision of certain personal data by the user is mandatory to allow the Data Controller to manage communications and requests received from the user, or to contact the user to follow up on their request. For this type of data, provision is mandatory to allow the Data Controller to follow up on the request, which, without it, cannot be fulfilled. Conversely, the collection of other data is optional: failure to provide it will not entail any consequences for the user.

The provision of personal data by the user for marketing purposes, as specified in the “Purposes and Methods of Processing” section, is optional, and refusal to provide it will have no consequences. Consent granted for marketing purposes is understood to extend to the sending of communications via both automated and traditional methods and/or means of contact, as exemplified above.

11. Rights of the Data Subject

Pursuant to Articles 15 et seq. of the GDPR, the data subject has the right to obtain from the data controller, with reference to each specific processing operation, confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and information relating to the processing, as well as rectification of that information.

Furthermore, the data subject has the right to obtain from the data controller: i) the erasure of personal data concerning him or her; ii) restriction of processing where one of the conditions set forth in the aforementioned legislation applies; iii) the personal data undergoing processing in a structured, commonly used, and machine-readable format (portability).

Finally, the data subject has the right to withdraw consent to the processing of his or her personal data, where consent is the sole legal basis for the processing, by sending a certified email to ilaria.ceccanti@pec.it, attaching a copy of his or her identity document.

The same channels may be used by the interested party to request further information on the processing of their personal data or to exercise their rights.

Before proceeding with the processing of the request received, it may be necessary to verify the identity of the interested party and answer some questions.