Privacy

The Data Controller, as better defined below, considers the privacy of its Users of fundamental importance and guarantees that the Processing of Personal Data is carried out in compliance with the privacy legislation in force, and in particular with the European Regulation nr. 2016/679 and the national legislation on the protection of personal data, D. Lgs. 196/2003 as far as it is still in force and the relevant national adaptation legislation D. Lgs. 101/2018 regarding the protection of personal data.

To this end, the Data Controller has adopted the following Privacy Policy in order to regulate and make Users of the Website aware of the methods and purposes of the Processing of Personal Data of such Users.
The User is kindly requested to read this document each time he/she connects to the Website, as it may be subject to revisions, additions and/or modifications, occasioned by regulatory requirements and/or changes and/or additions to the functionality of the Website itself.

Personal Data Controller:
San Lorenzo Vacanze SRL, via Ragazzi del '99, 7 - Pescara (PE) 65123
- PIVA:01732150683
E-mail address of the Data Controller: info@aguaresort.it

TYPES OF DATA COLLECTED
Among the Personal Data collected by the current website, as well as by all the landing pages linked and/or related to it (hereinafter for brevity the "Site"), either independently or through third parties, to whose privacy policy please refer anyway, there are: e-mail, personal data of different nature as better specified below and usage data.

Full details on each type of data collected are provided in the dedicated sections of this privacy policy, or through specific informational texts displayed prior to the collection of such data.

Personal Data may be freely provided by the User or, in the case of Usage Data, automatically collected during the use of the Site.
Unless otherwise specified, all Data requested by the Site are mandatory. If the User refuses to provide them, it may be impossible to provide the Service.
In cases where some Data are indicated as optional, Users are free to refrain from communicating such Data, without this having any consequence on the availability of the Service or its operation.

Users who may have doubts about which Data is mandatory are invited to contact the Data Controller.

The User assumes responsibility for the Personal Data of third parties obtained, published or shared through the Site and warrants that he/she has the right to communicate or disseminate it, releasing the Data Controller from any liability to him/herself and to third parties.

METHOD AND PLACE OF PROCESSING OF COLLECTED DATA
The Data Controller takes appropriate security measures to prevent unauthorized access, disclosure, modification or destruction of Personal Data. The Processing is carried out by means of computer and/or telematic tools, with organizational methods and logics strictly related to the indicated purposes. In addition to the Data Controller, in some cases, other subjects involved in the organization of the Data Controller and/or in the management of the Site (by way of example but not limited to: administrative, sales, marketing, legal, system administrators, etc.) may have access to the Data. ) or external subjects (by way of example and not limited to: accountants, external lawyers, third party technical service providers, postal couriers, hosting providers, IT companies, communication agencies and/or , providers of the address management and e-mailing service, etc.) also appointed, if necessary, Data Processors by the Data Controller. The updated list of Data Processors can always be requested from the Data Controller.

LEGAL BASIS OF THE PROCESSING
The Data Controller lawfully processes Personal Data related to the User if one of the following conditions exists:
the Data Subject has given consent to the processing of his/her Personal Data for one or more specific purposes, pursuant to GDPR, Art. 6(1)(a). Note: In some jurisdictions, the Data Controller may be allowed to process Personal Data without the User's consent or without another of the legal bases specified below, until the User objects ("opts-out") to such Processing. However, this does not apply if the Processing of Personal Data is governed by European data protection legislation;
- the Processing is necessary for the performance of a contract with the User and/or for the performance of pre-contractual measures, pursuant to Art. 6(1)(b) of the so-called. GDPR 2016/679;
- the Processing of Personal Data is necessary to fulfill a legal obligation to which the Data Controller is subject, pursuant to GDPR Art. 6(1)(c);
- the Processing is necessary to safeguard the vital interests of the data subject or another natural person, pursuant to GDPR, Art. 6(1)(d);
- the Processing is necessary for the performance of a task of public interest or the exercise of public authority vested in the Data Controller, pursuant to GDPR Art. 6(1)(e);
- the Processing of Personal Data is necessary for the pursuit of the legitimate interests of the Data Controller or of third parties, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject requiring the protection of personal data, particularly where the Data Subject is a child, all in accordance with GDPR Art. 6(1)(f).

Pursuant to Article 6 of the GDPR, Personal Data acquired through the Site without the consent of the Data Subject will be processed by the Data Controller for the operation and maintenance of the Site, to enable the use of the Services, to fulfill Users' requests, to enable effective communication with customers, to comply with obligations under the law, regulations, EU legislation or orders of the Authorities or otherwise for purposes related to the activities and functions of the Data Controller or finally to prevent or detect fraudulent activities or abuse to the detriment of the Data Controller through the Site.

However, it is always possible to ask the Data Controller to clarify the concrete legal basis of each Processing and, in particular, to specify whether the Processing is based on law, required by a contract, or necessary to conclude a contract.

PLACE OF PROCESSING OF PERSONAL DATA
The Data are processed at the registered and/or operational headquarters of the Data Controller and/or at any other place where the parties involved in the Processing are located and/or at the Offices of the Data Controller and/or at other parties or computer systems/servers of other parties specifically designated as (external) Data Processors

For further information, the User is invited to contact the Data Controller.
The User's Personal Data may be transferred to a country other than the country where the User is located. To obtain further information about the location of the Processing, the User may consult the relevant section of this Policy.
The User has the right to obtain information regarding the legal basis for the transfer of Data outside the European Union or to an international organization under public international law or consisting of two or more countries (such as the UN), as well as regarding the security measures taken by the Data Controller to protect the Data. Should any of the transfers just described take place, the User may refer to the respective sections of this document or request information from the Data Controller (as specified in the "CONTACT INFORMATION" section).

RETENTION PERIOD
The Data are processed and stored for the time required by the purposes for which they were collected.
The User may obtain further information regarding the retention period of individual Personal Data processed by contacting the Data Controller (as specified in the "CONTACT INFORMATION" section).
At the end of the retention period, the Personal Data will be deleted. Therefore, at the expiration of this period, the right of access, deletion, rectification and the right to data portability, opposition, restriction of data processing can no longer be exercised.

PURPOSE OF THE PROCESSING OF THE DATA COLLECTED

User Data is collected to enable the Data Controller to provide its Services, as well as for the following purposes:
● Contacting the User
● Statistics
● Displaying content from external / third party platforms
● Contact management and sending messages and/or newsletters
● Interaction with external data collection platforms and other third parties
● Behavioral targeting and remarketing
● Interaction with online quiz platforms
● Registration and authentication
● Platform services
To obtain further detailed information on the purposes of the Processing and the Personal Data concretely relevant for each purpose, the User may refer to the following section of this document.

PERSONAL DATA PROCESSING DETAILS
To ascertain how Personal Data is processed according to the purposes pursued, the User may refer to the appropriate section below.

Contacting the User:
In order to contact the User, the Data Controller may use Personal Data collected through the following tools:
- Contact Form; Mailing list or sending newsletters (if the User has subscribed to the relevant service).
Personal Data: first name; last name; e-mail address; telephone number; gender; date of birth; Data concerning skin; Data about the products purchased/for which the User is interested; Usage Data and other types of Data.
For the contact form, the Google invisible reCaptcha service is active (see the specific section below).

Statistics
The services contained in this section allow the Data Controller to monitor and analyze traffic data and serve to track User behavior.
These purposes are pursued by means of the following tools:
- Google Analytics with anonymized IP;
Google Analytics is a web analytics service provided by Google for statistical purposes to understand how visitors interact with the Site, compile reports and share them with other services developed by Google.
The User's IP address is anonymized. Anonymization works by shortening within the borders of member states of the European Union or other countries that are party to the Agreement on the European Economic Area the IP address of Users. Only in exceptional cases, the IP address will be sent to Google's servers and abbreviated within the United States.

However, it is noted that data may also be processed outside the EEA.
Users are also advised that as of July 16, 2020, Google no longer bases its Processing of Users' Personal Data on the EU-U.S. Privacy Shield (EU-U.S. Privacy Shield) to transfer data from the European Economic Area and the United Kingdom to the U.S.; as of September 30, 2020, more precisely, Google has updated its regulations on the Processing of Personal Data and uses the standard contractual clauses approved by the European Commission and based on the European Commission's own adequacy decisions regarding certain countries, as applicable, for data transfers from the EEA to the U.S. and other countries.

Google Tag Manager
This Site uses Google Tag Manager. Google Tag Manager is a solution operated by Google LLC that allows you to manage tags on managed websites using a dedicated interface.
Google Tag Manager is a tag management system for managing JavaScript and HTML tags used for tracking and analytics on websites. Tags are small code elements that, among other things, are used to measure traffic and visitor behavior, to understand the effect of online advertising and social channels, to set up remarketing and target group targeting, and to test and optimize websites.
The Tag Manager tool itself (which implements tags) is a cookie-free domain and does not record Personal Data. This tool allows the activation of other tags that may, on their part, record Data under certain circumstances.
For more information about Google Tag Manager's privacy policy please see the following link https://policies.google.com/privacy?hl=en, while for terms of use https://www.google.com/analytics/tag-manager/use -policy/ and for Google Tag Manager's privacy answers https://support.google.com/tagmanager/answer/7207086.

Personal Data:
Usage Data; other type of Data.
Displaying content from external / third-party platforms
This type of service allows you to view content hosted on external platforms directly from the pages of the Site and interact with them.
In the event that a service of this type is installed, it is possible that, even if it is not actually used, it collects traffic data related to the pages where it is installed.
These purposes are pursued by means of:

Facebook, Facebook Widget;
There are redirect or share buttons on the Site to the social platform Facebook, and to individual social network pages that can be traced back to the Data Controller.
Facebook shares information globally, both internally with Facebook companies and externally with its partners and people with whom the User connects and shares content around the world. Information controlled by Facebook may be transferred or transmitted to or stored and processed in the United States or other countries outside the EEA.
As stated in the relevant policy, Facebook may use cookies to show advertisements and present suggestions for businesses and other organizations to people who may be interested in their products, services, or promoted causes, to measure the performance of advertising campaigns of businesses using Facebook products, to show and measure ads in different browsers and devices used by the same person, to provide statistical data about people using Facebook products, people interacting with ads, advertisers' websites and apps, and companies using Facebook products, and to enable functionality that allows Facebook to deliver its products.
In addition, visiting the Site may install the Facebook Pixel cookie that allows the Data Controller to track conversions that occur on the Site as a result of the ads it is running on Facebook.
The information tracked by cookies may be shared with organizations outside of Facebook, such as advertisers and/or advertiser networks for the purpose of running ads and measuring the effectiveness of ad campaigns.
Users are also advised that as of July 16, 2020, Facebook no longer bases its Processing of Users' Personal Data on the EU-U.S. Privacy Shield for transferring data from the European Economic Area and the United Kingdom to the United States; but uses standard contractual clauses approved by the European Commission and based on the European Commission's adequacy decisions regarding certain countries, as applicable, for data transfers from the EEA to the United States and other countries.
In relation to the Privacy Shield, the User is referred to read the relevant paragraph in the cookie policy.
In this case, the following Personal Data is processed: Cookies; Usage Data; other types of Data.
For more information on the installation and use of cookies by Facebook, please refer the User to carefully read the relevant cookie policy. Finally, please carefully read the service's privacy policy to obtain detailed information about the collection and transfer of Personal Data, the User's rights, and how to configure privacy settings satisfactorily.

Instagram, Instagram Widgets
There are redirect or share buttons on the Site to the social platform Instagram, owned by Facebook, and to individual pages of the social network that can be traced back to the Data Controller.
Facebook/Instagram shares information globally, both internally with Facebook/Instagram companies and externally with partners and people with whom the User connects.
Based on the relevant policies, Instagram uses cookies, pixels, local storage technologies, and other similar technologies to display relevant content to the User to deliver the service and for reasons related to the User's own enjoyment of the service, as well as to collect information related to the User's use of Instagram. Instagram may also use said technologies to remember choices made by the User (e.g., User name, language, or geographic area where the User is located) and customize the Service to offer better features and content. Instagram and its advertising partners may use these technologies to show relevant ads to the User with respect to the User's interests. These technologies store the User's device visits and may also be able to track the User's device browsing activities on sites and services other than Instagram. This information may be shared with organizations outside of Instagram, such as advertisers and/or networks of advertisers for the purpose of running ads and measuring the effectiveness of ad campaigns.

Information controlled by Facebook/Instagram may be transferred and/or transmitted and/or stored and/or processed in the United States or other countries outside of the User's country of residence or otherwise outside of the EEA for the purposes described by the regulations in the following links: Facebook Terms; Instagram Terms.
Users are also advised that as of July 16, 2020, Facebook/Instagram no longer bases its Processing of Users' Personal Data on the EU-U.S. Privacy Shield for transferring data from the European Economic Area and the United Kingdom to the United States; but uses standard contractual clauses approved by the European Commission and based on the European Commission's adequacy decisions regarding certain countries, as applicable, for data transfers from the EEA to the United States and other countries.
In relation to the Privacy Shield, the User is referred to read the relevant paragraph in the Cookie Policy.
In this case, the following Personal Data is processed: Cookies; Usage Data; other types of Data.
With regard to the management of cookies installed by Instagram and how to deactivate them, the User is invited to carefully consult not only the relevant privacy policy of the service, but also the cookie policy, for detailed information on the collection and transfer of Personal Data, the User's rights and how to configure the privacy settings satisfactorily.
Finally, with regard to the terms of use of the Instagram service, the User is invited to consult those terms.

Google Maps
Google Maps is a map display service operated by Google LLC or Google Ireland Limited, depending on where the Site is displayed, which allows the Site to integrate such content within its pages.
Personal Data: Cookies; Usage Data; other types of Data.
In relation to how personal data is processed and where it is processed, the User is invited to carefully consult the relevant Privacy Policy.
Data may be processed outside the EEA.
Users are also advised that as of July 16, 2020, Google no longer bases its Processing of Users' Personal Data on the EU-U.S. Privacy Shield (EU-U.S. Privacy Shield) to transfer data from the European Economic Area and the United Kingdom to the U.S.; as of September 30, 2020, more precisely, Google has updated its regulations on the Processing of Personal Data and uses the standard contractual clauses approved by the European Commission and based on the European Commission's own adequacy decisions regarding certain countries, as applicable, for data transfers from the EEA to the U.S. and other countries.
As for the use of cookies by Google Analytics, we invite the User, in any case, to carefully consult the relevant privacy policy and cookie policy, as well as the section of this Cookie Policy "How can I give or revoke consent to the installation of Cookies?" through the browser settings and the Privacy Shield section of this Policy.

Managing contacts and sending messages and/or newsletters
These types of services allow for the management of a database of e-mail contacts, telephone contacts, or contacts of any other type used to communicate with the User.
These services may also allow the collection of data related to the date and time of the User's viewing of messages, as well as the User's interaction with them (e.g., the detection of the use of links included in the messages).
This purpose is pursued by means of the following tool:

MailChimp
For the purpose of sending the newsletter, this Website uses the third-party service MailChimp, which analyzes and classifies requests via the contact form on the Website (see: https://mailchimp.com/legal/data-processing-addendum/) Mailchimp is a software company based in the United States that specifically provides tools for social media marketing, content management, web data analysis, landing pages, customer support and search engine optimization.
Therefore, by filling out the relevant form and giving the relevant consents, the User's e-mail address is automatically included in a contact list (managed through Mailchimp) to which e-mail messages containing a periodic newsletter about the Owner's initiatives and activities may be sent, including, but not limited to, any awareness and/or fundraising and/or marketing campaigns and/or any extraordinary newsletters for general or urgent information, including of a commercial and promotional nature.
By agreeing to this Privacy Policy, the User expressly gives consent for the Data Controller to communicate and/or transfer such data to the Mail Address Management Service.
If the User does not want MailChimp to process his/her Data, we advise the User to contact us in another way (e.g., by email) instead of using the contact form.
OPT-OUT: If the User does not want . to collect his/her Data, the User can prevent the storage of Cookies at any time by using his/her browser settings.
In addition to this section of the Privacy Policy, please refer to MailChimp's privacy and cookie policy and these links: https://mailchimp.com/legal/.
The User is informed that the Data thus collected may also be used by the Data Controller for profiling purposes (direct marketing) in order to suggest to the User the products that best suit his/her interests.
Personal Data: first and last name, email address, telephone number, gender, date of birth, Skin Data, Data about the products purchased/to which the User is interested, Cookies; Usage Data; other types of Data.
Interaction with data collection platforms and other third parties
This type of services allows Users to interact with data collection platforms or other services directly from the pages of the Site for the purpose of saving and reusing Data.
In case one of these services is installed, it is possible that, even if Users do not use the service, it will collect Usage Data related to the pages where it is installed.

Tools:
Google invisible reCaptcha
reCAPTCHA is a free captcha service from Google that protects websites from spam software and misuse by non-human visitors. This service is used more when filling out contact forms to ensure that specific actions on the Internet are performed by humans and not bots. Classic captcha works with small tasks that are easy for humans to solve, but provide significant difficulties for machines. With reCAPTCHA, the User no longer has to actively solve puzzles. The tool uses modern risk techniques to distinguish people from bots. The only thing the User has to do is to check the "I am not a bot" text field. However, with Invisible reCAPTCHA even this is no longer necessary. reCAPTCHA, integrates a JavaScript element into the source text, after which the tool runs in the background and analyzes the User's behavior. The software calculates a so-called captcha score from the User's actions. Google uses this score to calculate the probability that the User is a human, before entering the captcha. reCAPTCHA and Captcha in general are used whenever bots might manipulate or abuse certain actions (such as registrations, surveys, etc.).

By using reCAPTCHA, data is transmitted to Google to determine whether the User is truly human. reCAPTCHA thus ensures the security of our Web site and, as a result, of the User himself.
IP addresses and other data needed by Google for its reCAPTCHA service may be sent to Google, whose servers may be located in the USA.
First, the reCAPTCHA algorithm checks whether Google cookies from other Google services (YouTube, Gmail, etc.) have already been placed in the User's browser. Then reCAPTCHA sets an additional cookie in the User's browser and takes a snapshot of that browser window.
The IP address that the User's browser transmits to Google is generally not merged with other Google data from other company services.
However, the data will be merged if you are logged into your Google account while using the reCAPTCHA plug-in.
If you wish to prevent your data and behavior from being transmitted to Google, you must completely log out of Google and delete all Google cookies before visiting our website or using the reCAPTCHA software. Generally, data is automatically sent to Google as soon as you visit our website. To delete this data, you must contact Google Support at https://support.google.com/?hl=en-GB&tid=111401120.
If you use our website, you agree that Google LLC and its representatives will automatically collect, modify, and use data.
You can find more information about reCAPTCHA on Google's developer page at https://developers.google.com/recaptcha/.
For more information, please read Google's Privacy Policy and Terms of Service carefully.
Personal Data: Cookies; Usage Data; other types of Data.,
Google Tag Manager.
This Site uses Google Tag Manager. Google Tag Manager is a solution operated by Google LLC that allows you to manage tags on managed websites using a dedicated interface.
Google Tag Manager is a tag management system for managing JavaScript and HTML tags used for monitoring and analysis on websites. Tags are small code elements that, among other things, are used to measure traffic and visitor behavior, to understand the effect of online advertising and social channels, to set up remarketing and target group targeting, and to test and optimize websites.
The Tag Manager tool itself (which implements tags) is a cookie-free domain and does not record Personal Data. This tool allows the activation of other tags that may, on their part, record Data under certain circumstances.
For more information about Google Tag Manager's privacy policy please see the following link https://policies.google.com/privacy?hl=en, while for terms of use https://www.google.com/analytics/tag-manager/use -policy/ and for Google Tag Manager's privacy answers https://support.google.com/tagmanager/answer/7207086.

Personal Data: Usage Data; other type of Data.

Behavioral targeting and remarketing
This type of service allows this Site and its partners to inform, optimize and prepare advertisements based on the User's past use of this Site.
This activity is facilitated by tracking Usage Data and using trackers to collect information that is then transferred to partners that handle remarketing and behavioral targeting.
Some services offer an email list-based remarketing option.

Facebook and Instagram Remarketing
Facebook (and Instagram) remarketing is a remarketing and behavioral targeting service provided by Facebook Inc.
With the help of the Facebook pixel (or equivalent functions for transferring event data or contact information via interfaces or other software in apps) Facebook (/Instagram) is able to frame visitors to this Site online services as a target for the presentation of advertisements.
Therefore, this Site uses Facebook Inc.'s "Custom Audiences" remarketing feature: this allows Site Users to display interest-based advertisements ("Facebook Ads" or "Instagram Ads") when they browse Facebook or Instagram social networks or other websites that use this process. Thus, ads that interest the User are shown in order to make online offers more interesting to him/her.
The use of Custom Audience causes the User's browser to automatically establish a direct connection to the Facebook/Instagram server.
The Data collected is processed by Facebook Inc. in the United States.
This Site has no power over the scope of the Data collected and the further use of that Data by Facebook Inc. so please read the relevant Facebook Privacy Policy and Instagram Privacy Policy carefully.
The User can obtain more information about Facebook's behavioral advertising by visiting this page: https://www.facebook.com/help/164968693837950
To turn off Facebook's interest-based ads, please follow these instructions: https://www.facebook.com/help/568137493302217
Facebook adheres to the Self-Regulatory Principles for Online Behavioral Advertising established by the Digital Advertising Alliance. To opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the U.S. http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or turn it off using your mobile device settings.
Turning off the "Facebook Custom Audiences" feature is available for users who are logged in at https://www.facebook.com/settings/?tab=ads#.

Personal Data: Usage Data; e-mail, Cookies, other types of Data.

Registration and authentication
Tools:
-WordPress.com
To register to the restricted area and authenticate when logging in, this Site uses the WordPress platform. For more information on the processing of Data by WordPress, the User is invited to read the relevant privacy policy.
Personal Data: various types of Data.
Platform Services.
The Site is created using the WordPress.com platform.
The User is invited to view the relevant privacy policy.
Personal Data: various types of Data.

PRIVACY SHIELD.
The Privacy Shield, or the "privacy shield" between the EU and the U.S., is a self-certification mechanism for companies established in the U.S. that intend to receive Personal Data from the European Union. It was also deemed appropriate by the European Commission in 2016.
Specifically, companies agree to abide by the principles it contains and to provide data subjects (i.e., all individuals whose Personal Data has been transferred from the European Union) with adequate safeguards, failing which they will be removed from the list of certified companies ("Privacy Shield List") by the U.S. Department of Commerce and possible sanctions by the Federal Trade Commission.
However, in Decision 2016/1250 of July 16, 2020 on the adequacy of the protection offered by the EU-U.S. Privacy Shield regime-known as the "Schrems II Judgment"-the Court of Justice of the European Union (CJEU), however, ruled that the Privacy Shield does not provide an adequate level of protection for Personal Data transferred from the EU to a company established in the United States.
In the same ruling, on the other hand, the CJEU upheld Decision 2010/87, ruling that standard contractual clauses for the transfer of Personal Data from the EU to a non-EU state are valid.
The User is invited to consult the FAQs on the Schrems II ruling and its effects prepared by the European Data Protection Board (EDPB), the website www.privacyshield.gov and the Italian Privacy Guarantor's website to better understand the issue.

COMMUNICATION AND TRANSFER OF DATA
The Data Controller specifies that the utmost care and confidentiality in the Processing of Data is one of its core values.
User Data may be communicated to third parties.
The Data Controller may use Data Processors and service providers such as, for example, authentication, hosting and maintenance services, data analysis services, email messaging services, delivery services, payment transaction management, solvency, address and email control, to the extent necessary to provide the services.
Some of the Data Processors/Service Providers referred to in the previous sections are located outside the European Union (EU)/European Economic Area (EEA). In any case, Your Personal Data will be shared with countries outside the EU/EEA, provided that:
the country in question is considered a safe third country;
the Data Processor/service provider in question has adhered to the European Commission's model contracts relating to the transfer of Personal Data to third countries;
the Data Processor/service provider in question is certified in accordance with Article 40 of the GDPR; or
the Data Processor/service provider in question has an approved set of binding business rules.
It is possible that User's Personal Data may be disclosed or shared in order to comply with a legal obligation or the directions of a Court/Judicial Authority or any other competent body or in order to enforce or apply the Site's Privacy Policy and/or other agreements or to protect the rights or safety of the Data Controller, Data Processors, service providers and/or other third parties or for fraud protection or credit risk reduction.
It is also possible that the User's Personal Data, and in particular the email, may be communicated or shared with companies and/or third parties with which the Data Controller collaborates and/or has entered into agreements if the Users have subscribed to the newsletter, expressly consenting with the so-called "point and click" modality to the transfer of said Data to companies and/or third parties for the purposes indicated in the relevant consent, including marketing purposes also through Profiling.

USER'S RIGHTS
The User may exercise, with reference to the Data processed by the Data Controller, the following rights:
- Right to revoke consent at any time. The User may revoke the consent previously given to the processing of his/her Personal Data (see GDPR, art. 7);
- right of access. The User has the right to obtain from the Data Controller confirmation as to whether or not Personal Data relating to him or her is being processed and, if so, to access his or her Personal Data and receive all information about it (including the purposes of processing), as well as a copy of said Data (see GDPR, art. 15);
- right to rectification of one's Personal Data. The User has the right to obtain from the Data Controller the rectification of inaccurate Personal Data concerning him/her without undue delay. Taking into account the purposes of the processing, the Data Subject has the right to obtain the integration of incomplete Personal Data, including by providing a supplementary declaration (see GDPR, Art. 16);
- right to erasure ("right to be forgotten"). The User has the right to obtain from the Data Controller the erasure of Personal Data concerning him/her without undue delay in such cases: if the Personal Data is no longer necessary or the User revokes the consent on which the processing is based and there is no other legal basis for the processing or if the User objects to the processing or the Personal Data has been processed unlawfully or if it must be erased in order to comply with a legal obligation under the law of the Union or the Member State to which the Data Controller is subject or if the Personal Data was collected in connection with the provision of information society services (see GDPR, Art. 17);
- right to restriction of processing. The User has the right to obtain from the Data Controller the restriction of such processing in the following cases: if the accuracy of the Personal Data is disputed by the User or if the processing is unlawful and the data subject objects to the deletion of the Personal Data and requests the restriction of their use or if the User who objected to the processing is awaiting verification as to whether the Data Controller's legitimate reasons prevail over those of the User (see GDPR, Art. 18);
- right to data portability. The User has the right to receive the Personal Data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used, machine-readable format and has the right to transmit such data to another data controller without hindrance from the Controller to whom the Personal Data was provided (see GDPR, Art. 20);
- right to object to the processing of Personal Data. You may object at any time to the processing of Personal Data relating to you (when carried out on a legal basis other than consent). In particular, where Personal Data are processed for direct marketing purposes, the User has the right to object at any time to the processing of Personal Data concerning him or her carried out for such purposes, including profiling insofar as it is related to such direct marketing (see GDPR, Art. 21);
- Right to lodge a complaint with the competent supervisory authority. The User may bring a complaint to the competent data protection supervisory authority (in Italy: www.garanteprivacy.it) and before the competent courts of the Member States (see GDPR, Art. 77 et seq.).
How to exercise your rights
To exercise their rights as set forth above, Users, without payment of any charge or consideration (except as provided in Article 12 paragraph 5 of the GDPR), may address a request to the contact details of the Data Controller found in the "CONTACTS" section

More information about Treatment
Defense in Court
The User's Personal Data may be used by the Data Controller in court or in the preparatory stages of its possible establishment for the defense against abuse in the use of the Site or related Services by the User.
The User declares that he/she is aware that the Data Controller may be obliged to disclose / communicate the Data by order of Public Authorities.
Specific disclosures
Upon the User's request, in addition to the information contained in this Privacy Policy, the Site may provide additional and contextual disclosures regarding specific Services or the collection and processing of Personal Data.

System Logs and Maintenance
For operation and maintenance purposes, the Site and any third-party services used by it may collect system logs, i.e., files that record interactions and may also contain Personal Data, such as the User's IP address.

Information not contained in this Privacy Policy
Further information in relation to the Processing of Personal Data may be requested at any time from the Data Controller as specified in the "CONTACT INFORMATION" section.
Changes to this Privacy Policy
The Data Controller reserves the right to modify or update this Privacy Policy at any time.
You are encouraged to consult this page regularly to ensure that you are always aware of the latest version of this Privacy Policy (see "Last Updated Date" at the end of this page). If the changes affect the processing of Personal Data whose legal basis is consent, the Data Controller will re-collect the User's consent, if necessary.

DEFINITIONS AND LEGAL REFERENCES
"Cookies" or "Cookies"
Small portion(s) of data stored within the User's device.
"Personal Data" or "Data" or "Personal Data" or "Data".
Any information referable to a Data Subject.
"Sensitive and/or Particular Data"
Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as dealing with genetic data, biometric data intended to uniquely identify a natural person, data relating to a person's health or sex life or sexual orientation.
"Usage Data"

This is the information collected automatically through the Site and/or by third party applications integrated into the Site, including: the IP addresses or domain names of the computers used by the User who connects with the Site, the addresses in URI (Uniform Resource Identifier) notation, the time of the request, the method used in forwarding the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response from the server (successful, error, etc. ) the country of origin, the characteristics of the browser and operating system used by the visitor, the various temporal connotations of the visit (e.g. the length of time spent on each page) and the details of the itinerary followed within the Application, with particular reference to the sequence of pages consulted, the parameters relating to the User's operating system and computer environment.
"Data Subject" or "Data Subjects".
The identified or identifiable natural person to whom the Personal Data refer. An identifiable person is any natural person who can be identified, directly or indirectly, with particular reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more characteristic elements of his or her physical, physiological, genetic, mental, economic, cultural or social identity.
"Profiling"
Any form of automated processing of Personal Data consisting of the use of such Personal Data to assess certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
"Service"
The service(s) provided by the Site as defined in the relevant terms (if any) on this site/application.


"Data Controller" or "Controller".
The natural or legal person, public authority, service or other body which, individually or jointly with others, determines the purposes and means of the processing of Personal Data; where the purposes and means of such processing are determined by Union or Member State law, the Data Controller or the specific criteria applicable to its designation may be established by Union or Member State law. The Data Controller, as better identified above, except as otherwise specified, is the owner of the Site.
"Processing" or "Data Processing".
Any operation or set of operations, performed with or without the aid of automated processes and applied to Personal Data or sets of Personal Data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, comparison or interconnection, restriction, erasure or destruction..
"European Union" or "EU"
Unless otherwise specified, any reference to the European Union in this document shall be deemed to extend to all current member states of the European Union and the European Economic Area (so-called EEA).
"User" or "Users"
The individual(s) who use(s) the Site and who, except where otherwise specified, coincide(s) with the Data Subject.

Legal references
This Privacy Policy is prepared on the basis of the relevant legislation in force, and in particular from the provisions of Articles 13 and 14 of Regulation (EU) 2016/679 (so-called GDPR), the relevant adaptation legislation D. Legislative Decree 101/2018, and to the extent still applicable by Legislative Decree 196/2003.
Date of last update: February 8, 2021.