Check-in
This page is intended to illustrate the processing of personal data that HUMAN COMPANY carries out in relation to the services made available online through:
> website: palagina.it
> website: fattorialapalagina.it
Following consultation of the websites or use of the services offered online, data relating to identified or identifiable persons may be processed.
As well as browsing data, for example, information may be collected on the occasion of:
> a request for a booking or contact;
> the use of other services through the website or the contact area;
> the use of other services through the Platforms made accessible on the site; and through the use of cookies
The data controller (i.e. the party which determines the purposes and means of processing personal data and assumes responsibility for correctly processing personal data and having it processed) is Human Company S.r.l., with:
> registered office: Via Generale C. A. Dalla Chiesa 13 - 50136 Florence, Italy
> operational headquarters:Via Generale C. A. Dalla Chiesa 13 - 50136 Firenze, Italia | tel. +39 055 469 8029
Contact details for the Data Protection Officer: [email protected]
The co-data controllers are its subsidiaries and associated companies, which are involved in managing the services provided through the site and satisfying data subjects' requests, as well as in informational activities and sending commercial communications, each relating to its own activities:
Name | Activity
• Figline Agriturismo S.r.l. [P. iva P. IVA e C.F. 01681640973] | Management of Norcenni Girasole Village and Villa La Palagina
• Società Agricola Le Driadi S.r.l. [P.IVA e C.F. 05627800484] | Management of Fattoria La Palagina and Agriturismo Le Corti
With regard to the processing referred to in this document, data subjects (users of the sites and/or apps) have the right:
> to ask the data controller to access personal data and to correct or cancel it or restrict the processing of personal data concerning them and to object to its processing,
> if the processing is performed by automated (IT) means and on the basis of the data subject's consent, to receive the personal data concerning them in a structured format, commonly used and readable by an automatic device, and/or to obtain direct transmission to another data controller, if technically feasible
> to withdraw consent at any time (without prejudice to the lawfulness of the processing based on consent prior to withdrawal), obviously for processing performed on this basis
> to lodge a complaint with a supervisory authority: Data Protection Authority - Piazza di Monte Citorio 121, 00186 ROME - Fax: (+39) 06 69677 3785 - Switchboard: (+39) 06 696771 - Email: [email protected] - certified email [email protected]
More information at the end of this policy
Requests should be addressed to HUMAN COMPANY S.r.l. through the Contact Form on the sites or the address [email protected], always bearing in mind that it will not be possible to respond to phone requests if there is uncertainty about the caller's identity.
During their normal operation, computer systems and software procedures used to operate a website acquire certain personal data. The transmission of this data is implicit in the use of internet communication protocols.
This information is not collected with the intention of associating it with identified users, but by its very nature could lead to identifying users through processing and through association with data held by third parties.
This category of data includes, for example, the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) format of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment, such as browser type and version, browser plug-in types and versions, mobile device ID (IDFA or AndroidID) and other parameters related to your operating system and IT environment,
In the absence of specific consent to processing for further purposes, this data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check it is functioning correctly.
The data could be used to ascertain responsibility in the event of any computer crimes against the site, and only in this case will specific procedures aimed at identifying the author be activated.
The LEGAL BASIS FOR PROCESSING this data is the data controllers' legitimate interest, consisting in the protection of data security, the site's proper functioning and improvements to service standards.
PROCESSING METHODS AND APPOINTEES
Personal data is processed using automated tools for the period of time strictly necessary to achieve the purposes for which it was collected. Processing relating to this site's web services are handled by personnel appointed by the Data Controller and by external parties appointed as data processors (Article 28, EU Reg. 2016/679), who are responsible for the technical management and maintenance of the site and related IT systems. Specific security measures are observed to prevent the loss of data, its illicit or incorrect use, and unauthorised access.
No data deriving from the web service is disclosed.
The personal data provided by users who request informative material (newsletter, answers to questions, etc.) is used for the sole purpose of providing the service requested and disclosed to third parties only if necessary for this purpose.
Apart from that specified for browsing data, the user is free to provide the personal data requested during browsing to ask for information or other communications to be sent. Failure to provide data may make it impossible to obtain the requested service.
When the user visits part of the site or activates a feature available via an app that involves collecting personal data, they are provided with a link to this policy and asked to confirm their acknowledgement and, if necessary, consent.
The optional, explicit and voluntary sending of emails to the addresses indicated on this site or reachable through an app involves subsequently acquiring the sender's address, needed to respond to requests, and any other personal data included in the message which, unless different needs are duly communicated, will be kept for the time necessary to satisfy the requests.
Specific information is available below on the pages prepared for particular services on request or which can be used to acquire further personal data.
The personal data voluntarily provided by the data subject through the booking area or the email addresses made available on the site:
When filling in the forms, mandatory fields are indicated with an asterisk. Without the requested data, it will not be possible to satisfy the data subject's requests.
If, at the time of the contact/booking request, the data subject has to communicate sensitive categories of data (e.g. personal data that reveals racial or ethnic origin, political opinions, religious/philosophical beliefs or union membership, and to process genetic data, biometric data intended to uniquely identify a natural person, data relating to the person's health, sex life or sexual orientation), specific consent may be required for its processing, without which it may be impossible to proceed with the data subject's requests.
5.1 ONLINE BOOKING AREA
This is the area of the site where the user can book stays at HUMAN COMPANY accommodation facilities.
The data the user enters at the time of the booking request will be entered on the management software managed by HUMAN COMPANY S.r.l. for all Data Controller Companies and stored in an area that can be accessed by the facility the data subject has expressed an interest in.
Once transmitted to the facility, the data may be processed by administrative employees, receptionists or other staff appointed by the data controller to record the booking, fulfil contractual, accounting and tax obligations, and offer the guest attentive and personalised services to satisfy their requests.
The legal bases of this processing are legal and contractual obligations and, in the case of "sensitive" personal data, the data subject's consent.
Further information can be found in the guest statement
ONLINE PAYMENTS by credit card
Human Company uses Banca Sella's banking gateway to transmit credit card data. In order to ensure greater security, the customer is redirected to a secure web page managed by Banca Sella to conclude the transaction. This obviously does not entail the need to have a current account with this banking institution; any type of credit cards issued by any bank can be used. Payment authorisation when using a credit card takes place at the time of the order, and the relative debit at the time of the order fulfilment.
In the unfortunate event that someone takes possession of my credit card data, how can I be protected from misuse?
First of all, please note that this risk is not only involved in online transactions, but in every occasion of ordinary use. If this happens, however, it is important to know that it is always possible to contact the credit card manager and refuse the charge, and obtain a refund of the amounts charged once the card's actual conditions of use have been ascertained.
The personal data voluntarily provided by the data subject when registering for the Newsletter:
> is mainly processed with automated tools for the sole purpose of satisfying the requests of the data subject, who has the right to interrupt this processing at any time.
> can be processed by communication and marketing workers, IT system maintenance personnel tasked with ensuring system functionality, data security and backup operations, other employees within the limits of the tasks received and the provisions of company procedures and other parties that provide services for purposes auxiliary to satisfying the data subject's requests, within the limits strictly necessary to perform their duties
> may be communicated or made available:
- to parties who can access the data by virtue of law, regulations or EU legislation, within the limits provided for by such rules;
- to other parties who provide services for purposes related to satisfying the data subject's requests, within the limits strictly necessary to perform their duties;
- to associated companies (subsidiaries - parent companies), always for current administrative and accounting purposes connected with satisfying the data subject's requests
In this case, the legal bases of the processing consist in satisfying the data subject's requests and the legitimate interest of the Data Controller consisting in promoting its facilities.
It is mandatory for the user to communicate the data required for the registration procedure in order to use the service.
a) what data is processed
> email address used or made available at the time of registration,
> facility the connection is made from
> data relating to the use of the services provided (connection start date/time, connection end date/time, IP address, browsing log) for which the legislation sets out specific precautions.
b) why the data is processed and legal basis of the processing
Data will be processed for the following purposes:
> to fulfil contractual, accounting and tax obligations;
> to fulfil obligations deriving from EU laws, rules and regulations;
> to fulfil instructions from the judicial authority or another public body that has the power;
> where appropriate, to protect a legitimate interest, assert or defend a right,
> to pursue the legitimate interest of the data controller consisting in protecting the assets and the proper functioning and technical management of the service,
c) how the data is processed and retention periods
In relation to the aforementioned purposes, personal data will be processed mainly with IT and telematic tools, always guaranteeing the utmost confidentiality, relevance and non-excess in relation to the purposes described above, in terms of registration and data retention period.
Any logs will be kept for a maximum of 6 months.
The technical processing is delegated to HUMAN COMPANY S.r.l.
d) who can process it
Data may be processed by the following categories of employees and/or data processors:
at all times and only to the extent actually necessary for them to perform their duties.
e) who it can be disclosed to
Without prejudice to disclosures made to fulfil legal obligations, the personal data in question may be disclosed or made available to:
> Judicial authorities and public bodies that can access the data pursuant to the provisions of the law, regulations or EU legislation, within the limits set by these rules;
> other parties (companies/professionals) who need to access some data for purposes auxiliary to managing the services requested by data subjects, within the limits strictly necessary to perform the tasks entrusted to them by the Data Controller, e.g. assistance in fulfilling or directly performing administrative obligations, managing information systems
Of course, all the aforementioned communications are limited only to the data necessary for the recipient body/office (which will be the independent data controller for all consequent processing) to achieve the legitimate purposes connected to the communication itself.
The data communicated, unless otherwise duly indicated by the data subject, will be kept for the time necessary to satisfy the data subject's requests and comply with the law.
In the case of registration to some sections of the site or to the App, the data will be kept until the registration is cancelled, after which retention will continue only if required by law and in accordance with the rules on keeping administrative documentation.
If the data subject has a contractual relationship with the Data Controller, the data will be kept, if relevant to this, for the duration of the contract, after which it will only be further retained if required by law or with the data subject's consent and in compliance with the rules on keeping administrative documentation.
The contact details for which consent has been given to send commercial communications or newsletters will be kept for up to 12 months after the last sending or until the data subject withdraws consent.
This Paragraph describes the characteristics of the cookies in use and how HUMAN COMPANY uses them, in accordance with the provisions of the Data Protection Authority's Measure of 8 May 2014.
Legal bases of the processing that originate with the use of cookies are:
> For technical cookies (necessary for the site to function properly and to allow browsing): the legitimate interest of the data controller coinciding with the purpose of the cookies
> For any profiling cookies: the user's consent expressed in the manner described in the aforementioned Authority's measure, i.e. continuing to browse after having definitely read the notice displayed on the banner that appears immediately upon first arrival at the site
9.1 What cookies are and how they work
Cookies are small text files that the sites visited by a user send to their terminal. These files are saved and stored in the user's browser folders, then re-transmitted to the same sites on the next visit.
Through cookies, the servers receive information that is reread and updated every time the user returns to HUMAN COMPANY sites.
Cookies contain the following information:
In any case, cookies cannot cause damage to the user's computer.
9.2 What cookies are used for
Cookies have the task of facilitating use of the site and improving the browsing experience. They also provide the site manager with information - usually aggregated and anonymous - on user navigation, in order to obtain statistical data on the use of the site.
Furthermore, some cookies collect and store information on the user's device about what the user has done on the sites. This information can be used:
> to recognise the user (or rather the device used by the user), also proposing settings based on their previous requests/choices during subsequent visits
> to analyse preferences expressed by the user while browsing, by creating a profile essentially used to view or send personalised commercial promotion messages, i.e. in line with the interests which can be inferred from the user's browsing
9.3 Types of cookies
Cookies can be divided into the following categories: Technical cookies and Profiling cookies.
> "TECHNICAL" and functional COOKIES: Technical cookies are those used for the sole purpose of "carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide this service" (see Article 122, paragraph 1, of the Code).
These allow the site to function optimally, but the user can decide not to allow them to be used by changing their browser settings. Disabling these cookies may prevent access to some of the site's features.
Technical cookies can be distinguished between:
These are needed to browse the site and use all its functions (like maintaining the session and accessing restricted areas), and do not collect information for profiling or commercial purposes. Without these cookies, it would not be possible to provide the requested services.
These let the user browse based on a series of selected criteria (e.g. the site language), thus facilitating browsing. The information collected through these cookies is anonymous.
Users' prior consent is not required to install technical cookies, though the obligation to provide this information remains. Data deriving from the use of technical cookies has to be acquired and processed for the site to be used properly. If the user opposes it, they will not be able to view the site correctly and in its entirety.
The legal basis for using technical cookies remains the legitimate interest of the data controller, consisting in the site's proper functioning and improvements to the services rendered.
Analytics cookies
These are similar to technical cookies to the extent they are used directly by the webmaster to collect aggregate information on the number of users and how they visit the site. They are used to optimise management. The information collected by these cookies does not allow identification of the user.
> PROFILING COOKIES
As mentioned above, these cookies allow information to be acquired on preferences and how the user interacts with the site. They are used to assign the user (in reality usually the terminal the user uses) a profile with the aim of optimising the site's effectiveness and usability at the highest level, including by personalising the promotional/advertising messages displayed to the individual user.
These cookies can be installed on users' terminals only when they have been previously and adequately informed and have provided consent which, as required by the measure mentioned above, can also be expressed simply by continuing to browse after reading the notice displayed upon first arrival on the site.
The legal basis for using profiling cookies is the consent of the data subject (user of the device used for browsing), expressed in the manner provided for by the aforementioned general measure of the Data Protection Authority "Identification of simplified methods for information and acquiring consent for the use of cookies" of 8 May 2014 [.https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/3118884]
9.4 DISABLING AND REMOVING COOKIES
The user's privacy is essentially guaranteed by the fact that they can, AT ANY TIME:
> configure the browser to accept all cookies, reject them all or receive a warning notice when one is sent,
> delete one, some or all of the cookies.
Each browser has its own specific settings, so please remember to consult your browser's "Help" section for more information on how to change your preferences.
Most browsers are initially set up to accept cookies automatically. In the case of different devices (e.g. computers, smartphones, tablets, etc.), the User must ensure that each device's browser settings are configured to reflect their cookie preferences.
Here are some links to online documentation for the main browsers:
Internet Explorer: https://support.microsoft.com/en-us/help/17442/win...
https://support.microsoft.com/en-us/help/17479/win...
Mozilla Firefox http://support.mozilla.org/it/kb/Attivare%20e%20di...
Google Chrome https://support.google.com/chrome/answer/95647?hl=...
Safari iOS (iPhone, iPad, iPod touch): http://support.apple.com/kb/HT1677?viewlocale=it
COOKIES ON MOBILE DEVICES
Just like with browsers on computers, browsers on mobile devices let you change your privacy configuration or settings to disable or delete cookies.
If you want to change your privacy settings, follow the instructions provided by the browser developer for your mobile device.
Below are the links valid for some browsers:
IOS https://goo.gl/fG1K8t
Chrome Mobile https://goo.gl/f0XME
Opera Mobile http://goo.gl/Nzr8s7
Windows Phone https://goo.gl/xsSg56
Microsoft Internet Explorer
Mozilla Firefox
Google Chrome
Safari (iPhone, iPad, iPod Touch)
More information on cookies can be found at the following address: www.allaboutcookies.org
Permanently disabling profiling cookies
If you are using Internet Explorer
If you are using Firefox 5 or later
If you are using Google Chrome
9.5 THIRD-PARTY COOKIES
When a user is browsing a site, cookies present there but coming from other sites and managed by third parties can be installed in the user's browser folders.
This happens because the site may contain elements like images, maps, sounds and specific links to web pages on other domains that reside on different servers from the one where the requested page is located. In other words, these cookies are set directly by managers of websites or servers other than the Site. These third parties could theoretically set cookies while visiting the site and thus obtain information relating to the fact that you have visited the Site.
In this case, the owner of the site visited only acts as a technical intermediary between the user and these other sites.
To disable third-party cookies, please refer to the instructions given in the previous points.
For more information, visit the following site: www.youronlinechoices.com/it/
If the User decides not to give their consent to the storage of third-party cookies, they can only use the Site functions which do not require these cookies to be stored.
With regard to the ownership of the processing performed through these third-party cookies, please refer to the respective information and cookie policies found via the links above and in the following paragraphs.
9.6 Google Analytics (*)
This site uses Google Analytics, a web analysis service provided by Google Inc. to generate statistics on the use of the web portal.
Google Analytics uses "cookies" which are stored on your computer to analyse how users use the site. The information generated by the cookie about the use of the website (including the IP address) is transmitted by the user's browser to Google, based at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, and stored on its servers.
Google Analytics collects information anonymously without identifying individual visitors. Browsers do not share the proprietary cookies of the Google Analytics tool between various domains. Google Analytics does not report information related to the actual addresses, but communicates information so that only part of the IP address is used for geolocation, instead of the whole address, using a method known as IP masking.
Google will use this information to track and examine the use of the website, compiling reports on website activities and providing other services to the website owner relating to website activities, connection methods (mobile, PC, browser used, etc.) and the methods of searching and reaching the portal pages. Google may also transfer this information to third parties to meet legal requirements or when said third parties process the aforementioned information on Google's behalf. Google will not associate your IP address with any other data held by Google.
Google Analytics cookies can be disabled by using the opt-out add-onprovided by Google for the main browsers. In this way it will also be possible to use the online services.
See also:
- the Google Analytics terms of service
- Google's privacy statement http://www.google.com/intl/en/analytics/privacyove...
- Google's privacy policyhttp://www.google.com/intl/it/privacy/privacy-poli...
-https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
- https://support.google.com/analytics/answer/276305...
9.7 GOOGLE ADS (*)
This site hosts cookies from Google ADS, an online advertising service (Remarketing and Behavioural Targeting) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States
The ADS functions allow monitoring, by activating cookies, of the conversions generated by your click on an advert published by Google: a cookie is added that lasts 30 days and does not collect or monitor information that can personally identify a user, but that is recognised and used by Google to show the user ads or information consistent with what has been detected, mainly on its search response pages (e.g. advertising banners that relate to our services or other similar ones will be proposed)
Users can disable Google tracking cookies in their internet browser settings.
Google cookies can be disabled by using the opt-out add-on provided by Google for the main browsers https://tools.google.com/dlpage/gaoptout. In this way it will also be possible to use the online services.
See also:
9.8 Social Plugins
On the sites you can find "Social Plugins" (hereinafter called buttons) for social networks like Facebook. These buttons are disabled by default, i.e. they do not send data to the respective social networks without your consent.
To activate the buttons, simply click on them. After activation, a direct connection is established with the respective social network's server. The content associated with the button is then transmitted directly from social networks to your browser and connected by the latter to the web page.
When a button is activated, the respective social network can detect a series of data, regardless of your interaction with the button itself. If you have logged in to a social network, it can assign your visit to this web page to your user profile.
To know the purpose and extent of the detection and processing of data performed by social networks, which we have no part in, the user can access the privacy statements and policies made available on the portals of the social networks themselves.
9.9 Facebook Pixel (**)
The Facebook pixel is a data collection tool that measures the effectiveness of advertising displayed on the site. The Facebook pixel is used to understand the actions people perform on the site. This information is then recognised by Facebook, which will show the user ads or information consistent with what the pixel detects (for example, if you have visited our site, Facebook will propose advertising banners concerning our services or others like them). This is dynamic ad retargeting, which is also used to remind users of products they have seen but not purchased.
Retargeting on Facebook sets a cookie and a Facebook tracking pixel is integrated into our website. By setting the cookie, Facebook can recognise the user when they access web pages that are part of the Facebook advertising network.
Every time the user visits a web page where the Facebook retargeting service has been integrated, the browser automatically identifies itself on Facebook itself. As part of this technical process, Facebook can acquire personal data, such as the user's IP address or browsing behaviour, which Facebook uses e.g. to display advertisements of interest to the user.
Facebook's privacy policy is available at https://de-de.facebook.com/about/privacy/ and provides information on Facebook's processing of personal data. It also illustrates which settings tools Facebook makes available to the data subject.
Facebook's management company is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If the data subject lives outside Canada or the United States, the data controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
For each site, we list the cookies divided into two macro-categories:
> "TECHNICAL" and functional COOKIES: Technical cookies are those used for the sole purpose of "carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide this service" (see Article 122, paragraph 1, of the Code). They are not used for other purposes. They can be divided into: browser or session cookies, which ensure normal browsing and use of the website (e.g. allowing purchases to be made or obtaining authentication to access restricted areas); analytics cookies, assimilated to technical cookies when used directly by the site operator to collect aggregate information on the number of users and how they visit the site; functional cookies, which let the user browse according to a series of criteria they select (e.g. language, products selected for purchase) in order to improve the service provided. Prior consent from users is not required to install these cookies;
> PROFILING COOKIES: Profiling cookies are aimed at creating profiles for the user and used to send advertising messages in line with the preferences they show when browsing online
10.1 What Kind Of Cookies Are Used By The Site https://humancompany.com/
"TECHNICAL" COOKIES - ANALYTICS AND FUNCTIONAL |
|||
|
cookie name |
HOW LONG THEY STAY ON THE TERMINAL used by the USER |
Purpose |
SOURCE |
| _fpb | 3 month | Used by Facebook to provide a variety of advertising products such as real-time offers from third part advertisers | facebook.com |
| _ga | 2 years | Used to distinguish users | google.com |
| _gid | 24 hours | Used to distinguish users | google.com |
| _gat | 1 minute | Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_ |
google.com |
| _gcl_au | 3 months | Enables us to understand how a user to our website uses the website by generating analytical data. | google.com |
PROFILING COOKIES |
|||
|
cookie name |
HOW LONG THEY STAY ON THE TERMINAL used by the USER |
Purpose |
SOURCE |
| ion_selected_language | closing browser | Identify the language choose by the user for the website. | humancompany.com |
| token | around 30 minutes | token assign to user across the humancompany websites, only if user is logged in. | humancompany.com |
| CustomerId | around 30 minutes | user detail from huniverse card if user is logged in. | loyalty.humancompany.com |
10.2 What Kind Of Cookies Are Used By The Site https://palagina.it/
"TECHNICAL" COOKIES - ANALYTICS AND FUNCTIONAL |
|||
|
cookie name |
HOW LONG THEY STAY ON THE TERMINAL used by the USER |
Purpose |
SOURCE |
| XSRF-TOKEN | around 30 minutes | token assign based on session. | palagina.it |
PROFILING COOKIES |
|||
|
cookie name |
HOW LONG THEY STAY ON THE TERMINAL used by the USER |
Purpose |
SOURCE |
| ion_selected_language | closing browser | Identify the language choose by the user for the website. | humancompany.com |
| laravel_session | around 30 minutes | identify the user by a session. | palagina.it |
Right of access
The data subject has the right to obtain confirmation from the data controller of whether their personal data is being processed and, if so, to obtain access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to which the personal data has been or will be communicated, in particular if these are recipients from third countries or international organisations and, in this case, the existence of adequate guarantees;
d) when possible, the expected retention period of the personal data or, if not possible, the criteria used to determine this period;
e) the existence of the data subject's right to ask the data controller to correct or delete personal data or restrict the processing of personal data concerning them, or to object to its processing;
f) the right to lodge a complaint with a supervisory authority;
g) if the data has not been collected from the data subject, any available information on its source;
h) the existence of an automated decision-making process, including profiling, which produces legal effects concerning them or which significantly affects them and, at least in such cases, meaningful information on the logic used, as well as the significance and expected consequences of this processing for the data subject.
Right of rectification
The data subject has the right to have the data controller correct inaccurate personal data concerning them without undue delay.
Right of erasure
The data subject has the right to have the data controller delete personal data concerning them without undue delay, and the data controller is obliged to delete personal data without undue delay if one of the following grounds applies:
a) the personal data is no longer necessary with respect to the purposes for which it was collected or otherwise processed;
b) the data subject revokes the consent the processing is based on and there is no other legal basis for the processing;
c) the data subject objects to the processing, and there is no prevailing legitimate reason to proceed with the processing;
d) the personal data has been processed unlawfully;
e) the personal data must be erased to fulfil a legal obligation under European Union law or under the law of the Member State to which the data controller is subject;
Right to restrict the processing
The data subject has the right to have the data controller restrict the processing where one of the following applies:
a) the data subject contests the accuracy of the personal data, for the period necessary for the data controller to verify its accuracy;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and instead requests the restriction of its use;
c) although the data controller no longer needs the personal data for processing purposes, the personal data is required by the data subject to ascertain, exercise or defend a right in court;
d) the data subject has objected to the processing, pending verification as to whether the data controller's legitimate reasons prevail over those of the data subject.
Right to object
The data subject has the right to object at any time to the processing of personal data concerning them performed for direct marketing purposes, including profiling to the extent that it is connected to such direct marketing.
Right to data portability
The data subject has the right to receive the personal data concerning them, which they have provided to a data controller, in a structured, commonly used and machine-readable format, and has the right to transmit this data to another data controller without hindrance from the data controller the personal data was provided to, when:
a) the processing is based on consent or on a contract; and
b) the processing is performed by automated means.
In exercising their rights regarding data portability, the data subject has the right to have the personal data transmitted directly from one data controller to another, where technically feasible.
Personal data: Any information relating to an identified or identifiable natural person
"Sensitive" personal data NEEDS GREATER PROTECTION AND SPECIAL ATTENTION, and includes personal data that reveals racial or ethnic origin, political opinions, religious/philosophical beliefs or union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the person's health, sex life or sexual orientation (Article 9 of EU Reg. 2016/679)
Processing: any operation or set of operations, carried out with any means or methods and applied to personal data or sets of personal data (such as collection, recording, organisation, structuring, retention, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction)
Data Subject: the natural person the personal data refers to.
Data Controller: the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of personal data processing.
Data Processor (appointed pursuant to Article 28, EU Reg. 2016/679): the natural or legal person, public authority, service or other body which processes personal data on behalf of the Data Controller.
Legal basis of the processing: the normative principle according to which the described personal data processing can be performed, in many cases coinciding with the declared purpose.
European Economic Area (EEA): EU Member States, Norway, Iceland, Liechtenstein.
These general conditions relate to the rules for using the wireless Internet connectivity service provided/offered in the common areas of HUMAN COMPANY facilities.
In particular, the service in question allows all those with portable PCs, smartphones, tablets or PDAs equipped with a wireless network card (hereinafter referred to individually as the "Device") to use the wireless internet connection.
HUMAN COMPANY reserves the right to expand and modify the range of features offered within the service.
Users' access to the service is subject to registration and full acceptance of the rules contained in this document
The service is reserved for users over the age of 18 or under the supervision of a parent or someone who exercises parental responsibility
13.1 SERVICE CHARACTERISTICS
The service is offered free of charge; obviously the maximum bandwidth actually available to the user is dependent on the number of users connected and the actual availability at the facility.
HUMAN COMPANY reserves the right to suspend and/or interrupt and/or vary the service at any time and without notice, and in any case cannot be considered responsible towards either the user or third parties for suspension or interruption.
13.2 DURATION OF THE SERVICE AND EFFECTIVENESS OF THE AGREEMENT
The service is aimed at HUMAN COMPANY facility guests:
> who are of legal age,
> who have the legal capacity to act,
> who are the holders and only users of the email address required to complete the registration referred to in Article 3 below
The service remains usable until the registration is revoked.
HUMAN COMPANY reserves the right to suspend and/or interrupt and/or vary the service at any time and without notice, and in any case cannot be considered responsible towards either the user or third parties for suspension or interruption.
HUMAN COMPANY may unilaterally supplement and/or modify this document's terms and conditions at any time and without notice.
Any changes and/or additions may be communicated to the user via the email address provided at the time of registration. Continuing to use the service after such communication effectively implies acceptance of the new conditions.
HUMAN COMPANY reserves the right to modify the characteristics of the Service's functionality.
13.3 USER REGISTRATION
The contract is finalised and therefore concluded when the User, having registered, accepts these Terms and Conditions of Use of the Service.
The possibility of registering is offered through the User's social media profile or by providing a valid email address WHICH THE USER HAS EXCLUSIVE USE OF
Please note that the registration process involves acquiring the MAC address of the device used during the procedure. The acquired MAC address will then be used to identify the user and allow them to access the service, therefore the user, for their own protection, needs to use a device they exclusively control and possess, preferably equipped with adequate security measures (such as passwords or other types of credentials for turning on and using the device)
13.4 IDENTIFYING AND MONITORING THE USER AND THE NETWORK
With reference to the functions that require network connection, the User acknowledges and accepts the existence of the electronic register of the service's operation (Log), maintained and kept by the connectivity services provider within the terms established by law.
The contents of the Log are completely confidential and can only be shown to the competent Authorities upon formal request.
In order to identify the connection's origin with certainty, the User acknowledges that HUMAN COMPANY will identify them, when connected, by means of the MAC address of the device used at the time of registration.
The user is informed that if the device they used to register is then used by third parties, this would allow the latter to use the service in the user's name.
The user has sole responsibility for keeping and looking after their device and any credentials necessary to activate it and access the wifi service; consequently, they remain solely responsible for all uses connected or related to it (including damage and harmful consequences caused to CTA and/or third parties).
13.5 USER OBLIGATIONS
The user agrees not to allow third parties to use the service through the former's device.
The user also undertakes not to use the service for communications that cause damage or disturbance to the network or third parties, or that violate the laws and regulations in force. In particular, by way of example and without limitation, the user undertakes not to introduce material in violation of copyright law, or other intellectual or industrial property rights, onto the network via the service.
The user undertakes:
- not to send advertising and/or promotional messages or communications to other users and/or discussion groups by email without requesting and obtaining the relative consent or without the sending having been explicitly solicited (spam);
- not to violate the secrecy of personal correspondence and the right to confidentiality;
- not to use ad hoc networks or other tools in the coverage areas that could adversely affect the network's performance and violate service users' right to privacy;
- to respect the rules of good conduct in use on the internet, known as "Netiquette", which have become standard through the document known as "RFC 1855";
- not to transmit material and/or messages that encourage third parties to engage in unlawful and/or criminal conduct incurring criminal or civil liability;
- not to put information on the network that may have pornographic, obscene, blasphemous, racist, defamatory, offensive, intolerant or xenophobic forms or content;
- not to engage, on the WiFi network, in any other activity prohibited by state law, international legislation, regulations and customs for using networks and related services.
HUMAN COMPANY reserves the right to unilaterally withdraw the service, at any time, without being obliged to provide any reason, without notice and without having to pay any compensation, if it determines, at its sole discretion, that the user has violated even one of the obligations indicated herein.
13.6 LIABILITY
13.7 APPLICABLE LAW AND JURISDICTION
The conditions and rules for using the service described in this document are governed by Italian law. For anything not expressly covered, current legislation applies.
For any disputes that may arise in relation to the service, including disputes over the interpretation, effectiveness, validity and execution of these conditions and rules of use, the Court of Florence will have exclusive jurisdiction.
updated December 2019
This page describes the website’s management of the processing of the personal data of the users who engage with it.
This information only applies to this website and not to other websites that the user may visit via links.
THE DATA CONTROLLER
Following a visit to this website, data may be processed that is related to identified or identifiable persons.
The joint data controllers of the data processing are: Human Company S.r.l. , to which all the operations connected to the management of the website are delegated, and its subsidiaries and affiliates:
Figline Agriturismo S.r.l.
Elite Firenze Gestioni S.r.l.
Roma Camping S.r.l.
Elite Livorno Gestioni S.r.l.
Elite Veneto Gestioni S.r.l.
Delta S.r.l.
Roma Gestioni S.r.l.
La Quarta S.r.l
Ecv Shops S.r.l.
Adakitalia S.r.l.
Plus Prague S.r.o.
Plus Berlin G.m.b.h.
Variete S.r.l.
TYPES OF DATA PROCESSED - Browsing data
The computer systems and software procedures used for the regular operation of this website acquire, over the course of their usual operation, certain personal information whose transmission is implicit in the use of the communication protocols of the Internet.
This information is not collected in order to be associated with identified individuals, but it could, by its very nature and through processing and association with data held by third parties, allow for the users to be identified.
This category of data includes IP addresses or domain names of the computers used by the users who visit the website, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and computing environment of the user.
This data is used solely for the purpose of obtaining anonymous statistical information about the use of the website and to check that it is working properly. This data may only be used to ascertain liability in the case of hypothetical computer crimes against the site, and only thing can specific procedures aimed at identifying the perpetrator be activated.
The LEGAL BASIS FOR THE PROCESSING of this data is constituted by the legitimate interest of the controllers, namely the protection of the data’s security and the proper functioning of the website.
DATA PROCESSING METHODS AND OFFICERS
Personal data is processed with automated tools for the period of time strictly necessary to achieve the purposes for which it is collected. The processing of the web services of this website are managed by staff nominated by the Data Controller, as well as external parties, appointed managers, who are in charge of the technical management and maintenance of the website and its computer systems. Specific security measures are in place to prevent data loss, illicit or incorrect use and unauthorised access.
No data which comes from the web service is disclosed.
The personal data provided by users who request to be sent informative material (newsletters, answers to questions, etc.) is used for the sole purpose of performing the service requested and is communicated to third parties only where this is necessary for that purpose.
TRANSFERRAL OF DATA
Apart from as specified for browsing data, the user is free to supply the personal data required during navigation to request for informative material or other communications to be sent.
Not providing it may render it impossible for the request to be fulfilled.
DATA PROVIDED VOLUNTARILY BY THE USER
When the user visits a part of the Website that requires the collection of personal data, they are provided with a link to this informative document and, if necessary, they are asked to provide their consent.
The optional, explicit and voluntary sending of emails to the email addresses listed on this website entails the subsequent acquisition of the sender’s email address, which is necessary in order to respond to requests, as well as any other personal data included in the message that, aside from various requirements which will be duly communicated, will be kept for as long as is necessary to fulfill these requests.
Below you will find specific information related to the pages of the website that are designated for special services upon request or through which additional personal information may be acquired.
PROCESSING RESULTING FROM A REQUEST FOR CONTACT
The personal data provided voluntarily by the user in question through the contact area
1. is mainly processed with automated tools in order to:
a. Ensure a reliable and timely response and meet the demands of the user themselves
b. Comply with obligations arising from European laws, rules and regulations; fulfill provisions issued by the Judicial Authority,
c. Provide information to the system of acquisition of public knowledge, which is necessary for the verification, improvement and thus designing of a service which is increasingly capable of meeting both demand and environmental constraints
d. The contact information, postal addresses and email addresses supplied may be used in order to send courtesy communications and/or communications containing information/offers relating to products offered and services performed by the Data Controller - only, of course, with the consent of the user in question - as well as via SMS or other means of communication, such as WhatsApp. It is understood that the user will nonetheless have the option of refusing the processing of their data for the aforementioned purposes at any time.
2. may be processed by communications and marketing staff, computer systems maintenance staff (whose role it is to ensure the proper functioning of the systems, the security of the data and backup operations), other staff within the limits of their job descriptions and as provided for by corporate procedures, and other employees who provide services for auxiliary purposes in order to meet the demands of the user in question, within the limits that are strictly necessary to carry out the tasks assigned to them.
3. may be disclosed or made available:
- to individuals who may access the data by virtue of provisions of European laws, rules and regulations, within the limits set by these rules;
- to other individuals who provide services in order to meet the demands of the user in question, within the limits that are strictly necessary to carry out the tasks assigned to them;
- to related companies (subsidiaries - parent companies), again for administrative and accounting purposes related to meeting the demands of the user in question.
When filling in the forms, certain fields are marked as optional, and in the absence of the other required information it will not be possible to satisfy the requests of the user in question.
If, at the time of the request for contact, the user in question provides information that falls within certain categories (such as: personal data that reveals the user’s racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify an individual, data relating to the health, sexual activity or sexual orientation of the person), specific consent for it to be processed may be required, without which it may not be possible to respond to the requests of the user in question.
Any data provided, unless governed by duly-communicated requirements stating otherwise, will be kept for as long as is necessary to satisfy the requests of the user in question. Where the user in question has a contractual relationship with the Data Controller, the data will be kept - if relevant thereto - for the duration of the contract, upon the expiry of which it will continue to be kept only if provided for by law.
SUBSCRIPTION TO THE NEWSLETTER
The personal data provided voluntarily by the user in question when they subscribe to the Newsletter:
> is mainly processed with automated tools for the sole purpose of meeting the demands of the user themselves, who has the option of refusing the processing of their data for the aforementioned purposes at any time.
> may be processed by communications and marketing staff, computer systems maintenance staff (whose role it is to ensure the proper functioning of the systems, the security of the data and backup operations), other staff within the limits of their job descriptions and as provided for by corporate procedures, and other employees who provide services for auxiliary purposes in order to meet the demands of the user in question, within the limits that are strictly necessary to carry out the tasks assigned to them.
> may be disclosed or made available:
- to individuals who may access the data by virtue of provisions of European laws, rules and regulations, within the limits set by these rules;
- to other individuals who provide services in order to meet the demands of the user in question, within the limits that are strictly necessary to carry out the tasks assigned to them;
- to related companies (subsidiaries - parent companies), again for administrative and accounting purposes related to meeting the demands of the user in question.
RETENTION OF DATA
Any data provided, unless governed by duly-communicated instructions from the user in question stating otherwise, will be kept for as long as is necessary to satisfy the requests of the user in question and comply with legal requirements.
If the user signs up to certain sections of the website, their data will be retained until their registration is deleted, after which the data will continue to be retained only if provided for by law and in accordance with the rules on the retention of administrative documentation.
Where the user in question has a contractual relationship with the Data Controller, the data will be kept - if relevant thereto - for the duration of the contract, upon the expiry of which it will continue to be kept only if provided for by law and in accordance with the rules on the retention of administrative documentation.
The contact information for which the consent to send commercial communications has been provided will be retained for up to 12 months from when the last communication is sent, or until the user in question withdraws their consent.
This type of service is functional to the centralised management of the tags or scripts used on this Website.
The use of these services involves the flow of User Data through them and, if necessary, their retention.
Google Tag Manager is a tag management service provided by Google LLC.
Personal Data Collected: Cookies and Usage Data.
Place of processing: United States - Privacy Policy. Subject adhering to the Privacy Shield.
The services contained in this section allow the Data Controller to monitor and analyse traffic data and are used to keep track of the User's behaviour.
On this application, Google Analytics may use advertising based on Google's interests, third-party audience data and information from the DoubleClick cookie in order to extend statistics with demographic data, interests and information on advert interactions.
Personal Data Collected: Cookies and Usage Data.
Place of processing: United States - Privacy Policy - Opt Out; Ireland - Privacy Policy. Subject adhering to the Privacy Shield.
Google Ads conversion tracking is a statistics service provided by Google LLC or Google Ireland Limited, depending on where this Application is used, which links data from the Google Ads advertisement network with actions taken within this Application.
Personal Data Collected: Cookies and Usage Data.
Place of processing: United States - Privacy Policy; Ireland - Privacy Policy. Subject adhering to the Privacy Shield.
Google Analytics is a web analytics service provided by Google Inc. (“Google”). Google uses the Personal Data collected to track and analyse the use of this Application, creating reports and sharing them with other services developed by Google.
Google may use Personal Data to contextualise and customise the ads on its own advertising network.
This integration of Google Analytics makes your IP address anonymous. Anonymisation works by shortening the IP address of the Users within the member states of the European Union or in other countries that are parties to the Agreement in the European Economic Area. Only in exceptional cases will the IP address be sent to Google's servers and abbreviated within the United States.
Personal Data Collected: Cookies and Usage Data.
Place of processing: United States - Privacy Policy - Opt Out; Ireland - Privacy Policy. Subject adhering to the Privacy Shield.
On this application, Google Analytics uses a function called User ID. This permits more accurate tracking of Users by assigning each one a unique ID for various sessions and devices, but in a way that does not allow Google to personally identify an individual or permanently identify a specific device.
The User ID extension also allows you to connect Data from Google Analytics with other User Data collected by this Application.
The Opt Out link provided below lets you disable tracking for the device you are using, but does not exclude further tracking activities performed by the Data Controller. To deactivate the latter, please contact the Data Controller via the contact email address.
Personal Data Collected: Cookies.
Place of processing: United States - Privacy Policy - Opt Out; Ireland - Privacy Policy. Subject adhering to the Privacy Shield.
Facebook Ads (Facebook pixels) conversion tracking is a statistics service provided by Facebook, Inc. that links data from the Facebook ad network with actions taken within this Application. Facebook pixel tracks conversions that can be attributed to Facebook, Instagram and Audience Network ads.
Personal Data Collected: Cookies and Usage Data.
Place of processing: United States - Privacy Policy. Subject adhering to the Privacy Shield.
Bing Ads is an advertising service provided by Microsoft Corporation.
Personal Data Collected: Cookies and Usage Data.
Place of processing: United States - Privacy Policy - Opt Out.
This type of service enables this Application and its partners to communicate, optimise and propose advertisements based on the User's past use of the Application.
This activity is carried out through the tracking of Usage Data and the use of Cookies, information that is transferred to partners to whom the activity of remarketing and behavioural targeting is linked.
In addition to the opt-out options offered by the following services, the User may opt out of receiving cookies relating to a third-party service by visiting the opt-out page of the Network Advertising Initiative.
Google Ads Remarketing is a remarketing and behavioural targeting service provided by Google LLC or Google Ireland Limited, depending on the location where this Application is used, that links the activity of this Application with the Google Ads advertising network and the DoubleClick Cookie.
Users may choose not to use Google cookies for ad personalisation by visiting Google Ads Settings .
Personal Data Collected: Cookies and Usage Data.
Place of processing: United States - Privacy Policy - Opt Out; Ireland - Privacy Policy - Opt Out. Subject adhering to the Privacy Shield.
Google Analytics remarketing is a remarketing and behavioural targeting service provided by Google LLC or Google Ireland Limited, depending on the location in which this Application is used, that links the tracking activity performed by Google Analytics and its Cookies with the Google Ads advertising network and the DoubleClick Cookie.
Personal Data Collected: Cookies and Usage Data.
Place of processing: United States - Privacy Policy - Opt Out; Ireland - Privacy Policy. Subject adhering to the Privacy Shield.
Facebook Custom Audience is a remarketing and behavioural targeting service provided by Facebook, Inc. that connects the activity of this Application with the Facebook advertising network.
Personal Data Collected: Cookies and emails.
Place of processing: United States - Privacy Policy - Opt Out. Subject adhering to the Privacy Shield.
Facebook Remarketing is a remarketing and behavioural targeting service provided by Facebook, Inc. that links the activity of this Application with the Facebook advertising network.
Personal Data Collected: Cookies and Usage Data.
Place of processing: United States - Privacy Policy - Opt Out. Subject adhering to the Privacy Shield.
Google Maps is a map viewing service operated by Google Inc. that allows this Website to integrate such content into its pages.
Personal Data Collected: Cookies and Usage Data.
Place of processing: United States
YouTube is a video content viewing service operated by Google Inc. that allows this Application to integrate this content into its pages.
Personal Data Collected: Cookies and Usage Data.
Place of processing: United States - Privacy Policy; Ireland - Privacy Policy. Subject adhering to the Privacy Shield.
