Information on the Processing of Personal Data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR)
Effective from: 29/06/2022
PREAMBLE
This privacy policy complies with the provisions of the GDPR and the Italian Privacy Code (Legislative Decree No. 196 of June 30, 2003). It has also been drafted in accordance with the guidelines of the Italian Data Protection Authority, especially the Anti-Spam Guidelines issued on July 4, 2013.
Data Controller:
Ciro via delle Terme sas
Website covered by this Privacy Policy: www.ciroviadelleterme.it
The Data Controller has not appointed a Data Protection Officer (DPO). Therefore, you may send any inquiries directly to the Data Controller.
GENERAL INFORMATION
This document describes how the Data Controller processes your personal data collected via the Website.
Below, you will find details on the main data processing activities, including the legal basis, whether providing the data is mandatory, and the consequences of not doing so. Where applicable, we also clarify when a particular type of data processing does not occur.
Website Registration
The Website does not offer user registration. Therefore, your personal data is not processed for this purpose.
Purchases on the Website
Purchases are not possible via the Website. Accordingly, your personal data will not be processed for this purpose. The Data Controller does not send reminder emails related to products or services.
Responding to Inquiries
Your personal data will be processed to respond to your requests. Providing this data is optional, but failure to do so may prevent the Data Controller from responding. The legal basis for this processing is the legitimate interest of the Data Controller, which corresponds to your interest in receiving a reply.
General Marketing
With your consent, your data may be used for sending promotional materials and/or newsletters related to the Data Controller’s or third parties’ products or services. The legal basis is your explicit consent. Refusal will result in the inability to receive marketing communications or participate in surveys.
Profiling
The Data Controller does not perform profiling or send personalized promotional content.
Data Sharing
The Data Controller does not sell your personal data to third parties.
Geolocation
The Website does not use IP address-based geolocation tools.
SPECIFIC PRIVACY NOTICE
Article 1 – Data Processing Methods
1.1 Processing is primarily carried out using electronic or automated tools, in compliance with security and confidentiality standards under the GDPR.
1.2 Data processing is relevant and limited to the purpose of providing services.
1.3 The Website does not process special categories of data (e.g., ethnic origin, political or religious beliefs, health status, sexual orientation).
1.4 The Website does not process judicial data.
Article 2 – Data Communication
Personal data may be shared with:
- Public authorities or legal entities in accordance with the law;
- Professionals or consultants as required by law (e.g., legal, accounting services);
- Internal employees and collaborators;
- Third-party platforms for email communication (e.g., CRM systems);
- Customer service companies (for support purposes only).
This list may change based on operational needs. Please review this policy regularly.
Article 3 – Data Retention
3.1 Marketing data is retained until consent is withdrawn. Inactive users’ data will be deleted one year after the last email interaction.
Accounting data is retained for at least 10 years, as per Article 2220 of the Italian Civil Code.
3.2 Data may be retained further as required by applicable laws.
Article 4 – Data Transfer
4.1 The Data Controller is based in the EU. Transfers within the EU or to countries with an adequacy decision are considered safe.
4.2 Data may also be transferred to non-EU countries without an adequacy decision.
4.3 If applicable, the Data Controller will comply with any more favorable laws of your country upon request.
Article 5 – Data Subject Rights
Under Article 13 of the GDPR, you have the right to:
- Access, rectify, delete, or restrict the processing of your personal data
- Object to processing and request data portability
- Withdraw your consent at any time without affecting the lawfulness of prior processing
- File a complaint with a supervisory authority (e.g., the Italian Data Protection Authority)
Requests may be sent directly to the contacts listed in the Preamble.
Article 6 – Changes and Miscellaneous
The Data Controller reserves the right to amend this policy at any time and will appropriately notify users. Please review this policy regularly. Significant changes may be communicated via email.