Privacy Policy of www.ilfienile.it
This Website collects some Personal Data from its Users.
On this page the management methods of the Website www.ilfienile.it are described, with reference to the processing of the Personal Data of the Users who visit it.
Legal References
This Privacy Policy is drawn up on the basis of multiple legislative systems, including articles 13 and 14 of Regulation (EU) 2016/679.
This Privacy Policy refers exclusively to this Website, unless otherwise specified.
Data Controller
Agriturismo IL FIENILE Via di Casa Rossa,2 – 53045 Montepulciano (SI) Italia
Telefono: +39 0578 707180
Email: info@ilfienile.it
Types of Data collected
Among the Data that this Website may collect there are: First Name, Last Name, Phone Number, Email, various types of Data, Cookie, Browsing, usage Data Credit card details associated with the reservation.
Other Personal Data collected may be highlighted by other sections of this Privacy Policy or by dedicated explanation text, in the moment when the Data collection happens.
The Personal Data may be freely inserted by the User or the Data Subject, or collected automatically when using the Website.
Any use of Cookies by the Application or the owners of third party services used by the Application, unless stated otherwise, serves to identify the User and remember his/her preferences for the sole purpose of providing the service required by the User.
Unless otherwise specified, all the Data requested by this Site are mandatory.
Failure to provide certain Personal Data, in particular Navigation Data, by deactivating the Application’s Cookies may make it impossible to surf or for the Website to provide its services.
The possible use of Cookies – or other tracking tools – by this Website or third party service providers used by this Website, unless otherwise specified, is used to identify the User and record the related preferences for purposes strictly linked to the provision of the service requested by the User.The User assumes responsibility for the Personal Data of third parties published or shared through the Website and declares that (s)he has the right to communicate or broadcast them, thus relieving the Owner of all responsibility towards third parties.
Mode and place of processing the Data obtained
Method of Processing
The Data Controller processes the Data of the Interested Parties and Users in a lawful and proper manner and shall take appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of the Data.
Processing is carried out using computers and / or telematic means, with organizational methods and logics strictly related to the stated purposes. In addition to the owner, in some cases, access to the Data may be available to external parties (such as third party technical service providers, mail carriers, hosting providers, IT companies, communications agencies, postal couriers). The updated list of Managers may be requested from the Owner at any time.
The use of the collected Data
The Data Controller processes the User’s Personal Data for the following purposes:
- the User has given his consent for one or more specific purposes (contact form, comment form, newsletter subscription form, etc.);
- the processing is due for the execution of a contract with the User and / or the execution of pre-contractual measures;
- the treatment is due to satisfy a legal obligation to which the Data Controller is subject;
- the treatment is due to satisfy a legal obligation to which the Data Controller is subject;
- the processing is due for the pursuit of a legitimate interest of the owner or third parties.
However, the User can always ask the Data Controller to explain the precise legal basis for any necessary treatment and above all to explain in detail what is the request for treatment (by law, expected or essential to conclude a contract).
Place
The Data are processed at the headquarters of the Data Controller, unless stated otherwise in the rest of this document. For further information, please contact the Data Controller.
The User can request information by contacting the Data Controller, on the legal basis of the transfer of Data outside the European Union or to an international organization; the User can also request information on the security measures implemented by the Data Controller to protect the Data.
Conservation Time
The Data are kept for the time necessary to perform the service requested by the User, and the User can always ask for their suspension or removal.
At the end of the aforementioned conservation time the Personal Data will be deleted.
Web Hosting OVH
Infrastructure security
OVH undertakes to guarantee the maximum security of its infrastructures, in particular by implementing an information systems security policy and responding to the requirements of numerous laws and certifications (PCI-DSS, ISO / IEC 27001 and certificates of SOC 1 type II and SOC 2 type II, etc. …).
All OVH certifications and their perimeter can be consulted in the Certifications section of the OVH Website.
Website: https://www.ovh.it
Web Hosting Aruba
Supervision and control
Anti-intrusion sensors, video surveillance, mantrap with double authentication mechanisms and anti-tailgating technology systems.
H24 / 365 monitoring
Network Operation Center (NOC) on-site, redundant and manned 24 hours a day, 365 days a year and entrusted exclusively to our staff.
Data security
The management and protection of data in high security infrastructures are ISO 27001 certified.
Redundant installations
Power centers and cooling systems totally redundant and equipped with the most modern equipment.
Energy backup
Efficient backup areas, completely redundant, ensure maximum reliability of power and cooling.
Fire prevention
The separation of all systems and environments and the self-extinguishing detection systems ensure maximum safety against the risk of fire.
Website: https://www.datacenter.it/sicurezza-data-center-aruba.aspx
Purposes of the processing of collected data
The User Data is collected to allow the Website to provide its Services, as well as for the following purposes: contact the User, allow the User to access accounts on third-party services, allow the User to interact with social networks and with platforms outside the Website, allow statistical analysis of visits to the Website.
Detailed information on the processing of Personal Data
Personal Data collected for the following purposes and using the following services:
Access to accounts provided by third parties
This type of service allows this Website to collect data from the user’s accounts on third-party services and perform actions with them. These services are not activated automatically, but require the express permission of the User.
Facebook permissions required by this site
This Website may request some Facebook permissions which allow it to perform actions with the User’s Facebook account and to collect information, including Personal Data, from it. This service allows this site to connect with the user’s account on the social network Facebook, provided by Facebook Inc.
For more information on the following permissions, refer to the Facebook permissions documentation and to the Facebook privacy policy.
The required permissions are:
- Basic information: the basic information of the User registered on Facebook which normally include the following Data: id, name, image, gender and language of localization and, in some cases, the “Friends” of Facebook. If the User has publicly made additional Data available, the same will be available;
- Sharing: sharing in place of the User;
- Insight: provides access to Insight data for pages, applications and domains that the user owns;
- Like: provides access to the list of all pages that the user has marked with the Like;
- Post: provides access to posts contained in the User timeline;
- Facebook Comments: Allows the User to leave their comments and share them within the Facebook platform.
Access to the Twitter account
This Website may request to connect with the User’s account on the Twitter social network, provided by Twitter Inc.
Personal Data collected: various types.
For more information, the user can refer to the Privacy Policy of Twitter.
Access to the LinkedIn account
This Website may request to connect with the User’s account on the LinkedIn social network.
Personal Data collected: various types.
For more information, the user can refer to the Privacy Policy of LinkedIn.
Interaction with social networks and external platforms
This Website can allow interaction with social networks, or other external platforms, directly from its pages.
The interactions and information acquired during the interactions with social networks from this Site are subject to the User’s privacy settings related to each social network.
+1 button and Google+ social widgets
The +1 button and Google+ widgets are services for interacting with the Google+ social network, provided by Google Inc.
Personal Data collected: Cookies and Usage Data.
For further information, the User can refer to the Privacy Policy of Google.
Like button and Facebook social widgets
The “Like” button and Facebook widgets are services of interaction with the social network Facebook, provided by Facebook, Inc.
Personal Data collected: Cookies and Usage Data.
For further information, the User can refer to Facebook Privacy Policy.
Tweet button and Twitter social widgets
The Tweet button and Twitter widgets are services of interaction with the Twitter social network, provided by Twitter, Inc.
Personal Data collected: Cookies and Usage Data.
For more information, the User can refer to the Privacy Policy of Twitter.
Instagram widgets
Instagram widgets are services of interaction with the Instagram social network run by Instagram, Inc.
Personal Data collected: Cookies and Usage Data.
For further information, the User can refer to the Privacy Policy of Instagram.
YouTube social button and widgets
The button and the YouTube widgets are services of interaction with the YouTube social network, provided by Google Inc.
Personal Data collected: Usage data.
For further information, the User can refer to the Privacy Policy of Google.
Online Transactions Management
Online transactions are processed through gateway providers.
Management at all levels of access to credit cards is managed according to the PCI-DSS guidelines.
Interaction with payment processing services
This type of service allows interactions with payment processing services, or with other external platforms, directly from the pages of this site.
PayPal
The PayPal button is an interaction service with the external PayPal platform, provided by PayPal Inc.
Personal Data collected: Usage data.
For more information, the user can refer to PayPal’s Privacy Policy.
Security
To protect personal information, we take reasonable precautions and we follow best practices to ensure that we do not misuse, illegally use, read, disclose, modify or destroy any personal data.
If you provide us with your credit card information, the information will be encrypted using secure socket layer (SSL) technology and stored with AES-256 encryption. Our system follows all PCI-DSS requirements and implements additional industry standards generally used and accepted.
Payment gateway located in the United States
For example, if you are in Italy and the transaction is processed by a payment gateway located in the United States, your personal data may be subject to disclosure under US law, including the Patriot Act.
Once you leave the website of our store and / or when you are redirected to a website or a third-party application, you are no longer subject to our privacy policy or terms of service on our site.
Displaying content from external platforms
This site can allow you to view content hosted on external platforms and interact with them.
YouTube Video Widgets
This site can display YouTube video content on its pages, a service provided by Google Inc.
Personal Data collected: Cookies and Usage Data.
For more information, the user can refer to Google Privacy Policy.
Remarketing e Behavioral Targeting
These services allow this Website and its partners to communicate, optimize and serve advertisements based on the past use of this Website by the User. This activity is carried out by tracking Usage Data and the use of Cookies, information that is transferred to the partners to whom the activity of remarketing and behavioral targeting is connected.
Contact the User
Contact form (this Website)
By filling out the contact form with their Data, the User gives consent to their use to allow this Website to respond to requests made by the User regarding information, estimates, or any other purpose indicated in the form.
Personal Data collected: first name, last name, email address, phone number and various types of Data.
Manage contacts and send messages
This type of service allows managing a database of e-mail contacts, telephone contacts or any other type of contact indicated in the form; the aforementioned data will be used to maintain communications with the User.
MailChimp
MailChimp is a platform for managing email addresses and sending newsletters provided by The Rocket Science Group, LLC. Personal Data collected: e-mail address, first name, last name, place of birth, year of birth, profession.
For further information, the user can refer to the Privacy Policy of MailChimp.
Statistics
The statistical analysis services relating the visits to a website and its pages allow the Data Controller to monitor and analyze traffic data; the aforementioned services also allow the tracking of the User’s behavior.
Google Analytics
and reports website traffic.
Google uses the Personal Data collected for the purposes of tracking and analyzing the use of this Site by the User, to draw up reports and share them with other services developed by Google.
Google may use the Personal Data to contextualise and personalize the advertisements of its advertising network.
Personal Data collected: Cookies and Usage Data.
For further information, the User can refer to the Privacy Policy and to the Opt Out of Google.
User Rights
Users may exercise certain rights with reference to the Data processed by the Data Controller.
In particular, the User can::
- withdraw consent to the processing of their Personal Data previously expressed;
- oppose the processing of personal data when it occurs on a legal basis other than that relating to the express consent;
- obtain information on the Data processed by the Data Controller, obtain information on certain aspects of the processing, receive a copy of the Data processed;
- check the correctness of the data, request the update, ask for the correction;
- request the limitation of the processing of its data, if certain conditions occur;
- request cancellation of its Data by the Data Controller, if certain conditions occur;
- receive their data and, when technically feasible, have them transferred to another holder (applicable only in cases where the data are processed with automated tools with the consent of the User);
- propose a complaint to the competent Personal Data Protection Authority or act in court.
Opposition right
Users have the right to oppose the processing of Personal Data for reasons related to their particular situation, in case they are treated in the public interest, in the exercise of public authority of which the Owner is invested or to pursue a legitimate interest of the Owner.
If the Personal Data are processed for direct marketing purposes, the Users can oppose their processing without providing the Holder with any reasons.
Exercise of rights
To exercise their rights, Users can make a request to the Owner, referring to the contacts indicated in this document. Requests will be processed by the Data Controller as soon as possible, always within one month of the request made by the User.
Additional information about data processing
Defense in court
The User’s Personal Data may be used for legal purposes by the Owner of the Website in court or in the stages leading to possible legal action arising from its improper use or that of related services by the User.
The User declares to be aware that the Data Controller may be obliged to disclose the Data by order of the public authorities.
Additional Information
Specific information may be shown on the pages of the Website concerning particular services or the processing of Data provided by the User or by the Data Subject.
Maintenance
PThe User’s Personal Data may be further used in ways and for purposes required for Application maintenance.
System Logs
For operation and maintenance purposes, this Application and any third party services it uses may collect system logs, i.e., files that record interaction – including navigation. They may also contain personal data, such as IP addresses.
Information not contained in this policy
More information on processing Personal Information may be requested from the Owner at any time.
Definitions
Personal Data (or Data)
Any information relating to an identified or identifiable real person. An identifiable real person is defined as any real person who can be directly or indirectly identified.
Usage Data
Information collected automatically from the Website, including the IP addresses or domain names of the computers utilized by the users who connect to the site, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the visitor, the various time details per visit (e.g., the time spent on each page) and the details about the path followed within the site with special reference to the sequence of pages visited, and other parameters about the operating system and the User’s IT environment.
User
Means the individual user of the Website’s services or products.
Data Subject
The legal or natural person to whom the Personal Data refer.
Data Processor
The natural person, legal person, public administration or any other organization, association or organization designated by the Data Controller for the Personal Data processing system.
Data Controller (or Owner)
The natural person, legal person, public administration or any other body, association or organization with the right, also jointly with another Data Controller, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of this Website.
Website
The Website corresponds to the instrument, hardware or software, through which the Personal Data of Users are collected and processed.
Service
The Service provided by this Website.
European Union (or UE)
Any reference to the European Union contained in this Privacy Policy is extended to all current member states of the European Union and the European Economic Area, unless otherwise specified.
Cookie
A Cookie is a small piece of text that Websites send to the browser and is stored on the User’s terminal.
Changes to this Privacy Policy
The Data Controller reserves the right to make changes to this Privacy Policy at any time by giving notice to its Users on this page, and by ensuring analogous protection of the Personal Information in all cases. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.
Date of the last modification
23 may 2018
