View of Vallugola Bay

Privacy Policy

Notice under EU Regulation 2016/679 (GDPR)

Version of
In brief

The vallugola.it website collects a minimum amount of data to function properly: server technical logs, data voluntarily provided through contact forms, technical session cookies and anonymous analytics cookies subject to consent. No data is sold to third parties.

1. Data controller

The data controller's contact details are published on the site in a dedicated section. To exercise the rights listed in section 7 or for any privacy-related request, you may contact the controller using the published contact details.

2. Types of data collected

Browsing data

During browsing, the system automatically collects some data whose transmission is implicit in the use of internet communication protocols:

  • IP address (anonymised where possible)
  • Browser type and operating system
  • URL of the requested page
  • Date and time of the request
  • Referrer (page of origin)
  • Response status code

This data is used solely to derive anonymous statistical information on the use of the site and to check that it is working correctly.

Data provided voluntarily

Some data is collected only when the user actively provides it, for example by filling in a contact form:

  • First and last name
  • Email address
  • Phone (if provided)
  • Content of the message

Cookies

The site uses technical cookies and, subject to consent, analytics cookies. For full details see the Cookie Policy.

3. Purpose of processing

The personal data collected is processed for the following purposes:

  1. Service delivery: enabling browsing, access to content and proper operation of the site.
  2. Response to requests: handling and replying to requests sent through contact forms or by email.
  3. Aggregate statistical analysis: understanding site usage anonymously, in order to improve content and accessibility.
  4. Legal obligations: meeting obligations under current legislation (e.g. tax, contractual).

4. Legal basis

Processing is based on one or more of the following legal grounds, in accordance with Article 6 GDPR:

  • Explicit consent (Art. 6.1.a): for non-technical cookies and marketing activities, given through the cookie banner or a dedicated checkbox.
  • Performance of a contract (Art. 6.1.b): to manage bookings or service requests.
  • Legal obligation (Art. 6.1.c): for legal compliance.
  • Legitimate interest (Art. 6.1.f): for site security and aggregate technical analysis.

5. Data retention

Personal data is kept for the time strictly necessary for the purposes for which it was collected:

Type of dataRetention
Server logsUp to 12 months
Contact emailsUp to 24 months from the last contact
Booking data10 years (tax obligation)
Technical cookiesDuration of the session
Analytics cookiesVariable (see Cookie Policy)

Once the indicated periods have elapsed, data is deleted or irreversibly anonymised.

6. Processing methods and security

Data is processed using electronic tools, in accordance with logic strictly related to the purposes indicated. Appropriate technical and organisational measures are adopted to ensure the security of the data against unauthorised access, loss or destruction, in particular:

  • HTTPS connection with TLS certificate on all pages
  • Regular updates of server software and dependencies
  • Access to data limited to authorised staff
  • Periodic data backups

7. Rights of the data subject

As a data subject, under Articles 15 to 22 of the GDPR, you have the right to:

  • Access your personal data (Art. 15)
  • Ask for its rectification if inaccurate or incomplete (Art. 16)
  • Ask for its erasure, within the limits set by law (Art. 17, "right to be forgotten")
  • Ask for restriction of processing (Art. 18)
  • Exercise the right to data portability (Art. 20)
  • Object to processing on legitimate grounds (Art. 21)
  • Withdraw consent at any time, without affecting the lawfulness of previous processing
  • Lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it)

To exercise these rights, you may contact the controller using the contact details published on the site. Requests are handled within 30 days.

8. Communication and transfer of data

The personal data collected is not disclosed and is not communicated to third parties, except in the following cases:

  • Where required by a legal obligation
  • To providers of technical services (hosting, email) strictly as needed for the performance of their functions, appointed as data processors under Art. 28 GDPR
  • To judicial authorities on motivated request

Any transfers of data outside the European Economic Area (EEA) take place only to countries deemed adequate by the European Commission or on the basis of appropriate safeguards (standard contractual clauses).

9. Minors

The site is not intended for children under 14 and does not knowingly collect personal data from minors without the consent of those exercising parental responsibility. If you believe a minor has provided personal data without consent, please contact the controller for immediate deletion.

10. Changes to the policy

This notice may be amended over time, in particular for legal updates or changes to the site. The current version is always published at this address, with the date of last update. In case of substantial changes, users will be clearly informed on the page.

11. Contacts

For any question relating to this notice or to the processing of your personal data, you may contact the controller using the contact details published on the site.