m

Privacy & Cookie Policy

  /  Privacy & Cookie Policy

Generality

Tenuta San Masseo, a company registered under Italian law with VAT number 01687640936 and with registered office in Via Francesca, 24 – 06081 Assisi (Perugia), Italy (hereafter Company) has developed this Internet Privacy Policy in order to conform its activity to that of a trusted subject that ensures, respects and maintains the privacy rights of online visitors.

The Company is the Data Controller (hereinafter the Data Controller) of the processing of personal data collected through its website www.sanmasseoassisi.it (hereinafter the Site) as defined by art. 28 of Legislative Decree 30 June 2003, n.196 (Code regarding the processing of personal data) as well as in compliance with Community legislation (European Regulation for the protection of personal data No. 679/2016, GDPR) and subsequent amendments. The Data Controller will process any data collected through this Site for purposes, in a manner and as specifically explained below.

Legal basis of the processing

This site processes data based on consent. With the use or consultation of this site visitors and users explicitly approve this privacy statement and consent to the processing of their personal data in relation to the methods and purposes described below, including any disclosure to third parties if necessary for the provision of a service.
The provision of data and therefore the consent to the collection and processing of data is optional, the User can refuse consent and may revoke at any time a consent already provided by contacting the Owner. However, denying consent may make it impossible to provide certain services and the browsing experience on the site may be compromised.

Starting from 25 May 2018 (date of entry into force of the GDPR), this site will process some of the data based on the legitimate interests of the data controller.

Data collected and purposes

Like all websites, this site also makes use of log files in which information collected in an automated way is stored during user visits. The information collected could be the following:

  • internet protocol (IP) address;
  • type of browser and device parameters used to connect to the site;
  • name of the Internet service provider (ISP);
  • visit date and time;
  • web page of origin of the visitor (referral) and exit;
  • possibly the number of clicks.

The aforementioned information is processed in an automated form and collected in an exclusively aggregated form in order to verify the correct functioning of the site as well as for security reasons (from 25 May 2018 such information will be treated according to the legitimate interests of the Owner).
For security purposes (spam filters, firewalls, virus detection), the automatically recorded data may possibly also include personal data such as IP address, which could be used, in accordance with applicable laws, in order to block attempts at damage to the site itself or to cause damage to other users, or in any case harmful activities or constituting a crime. Such data are never used for the identification or profiling of the user, but only for the purposes of protection of the site and its users (from 25 May 2018 such information will be treated according to the legitimate interests of the owner).

Visitors to the site can provide their data voluntarily to access some services provided by the Site (eg comments, contact forms, newsletters, ..)

The data received will be used exclusively for the provision of the requested service and only for the time needed to provide the service.
The information that users of the site deem to make public through the services and tools made available to them, are provided by the user knowingly and voluntarily, exempting this site from any liability regarding any violation of laws. It is up to the user to verify that they have permission to enter personal data of third parties or contents protected by national and international standards.

The data collected by the site during its operation are used exclusively for the purposes indicated above and kept for the time strictly necessary to carry out the activities specified. In any case, the data collected from the site will never be provided to third parties, for any reason, unless it is a legitimate request by the judicial authority and only in the cases provided by law.

The data used for security purposes (block attempts to damage the site) are kept for 7 days.

COMMENTS

If the site allows the inclusion of comments, or in the case of specific services requested by the user, the site automatically detects and records some identification data of the user, including the email address. These data are voluntarily provided by the user at the time of requesting service delivery. When visitors leave comments on the site, we collect the data shown in the comments form and also the visitor’s IP address and the browser’s user agent string to help detect spam.
An anonymized string created by the Visitor’s email address (also called a hash) can be provided to the Gravatar service to see if it is being used. The privacy policy of the Gravatar service is available here: https://automattic.com/privacy/. After approval of the comment, the profile image is visible to the public in the context of the comment.
By inserting a comment or other information, the user expressly accepts the privacy policy and, in particular, agrees that the contents included are freely disseminated to third parties.

AVERAGE

Should the visitor upload images to the website, it is advisable to avoid uploading images including embedded location data (EXIF GPS). Website visitors can download and extract any position data from images on the website.

CONTACT MODULES

By filling out the contact form for requesting information, the Visitor agrees to communicate his data to the Data Controller. The requested data could be:

  • general information (name and surname);
  • email address;
  • telephone number;
  • city of residence.

These data will be processed according to the methods expressed in this policy and used for the sole purpose expressed.

Communication to third parties

Personal data may be the subject of communication to the Institutions and Institutes for the fulfillment of legal obligations or judicial authorities to respond to their explicit requests. The Data Controller does not knowingly collect sensitive or judicial personal data through the Website.
Sensitive Data, pursuant to art. 4 of the Code regarding the processing of personal data, include personal data suitable to reveal the racial and ethnic origin, religious beliefs, philosophical or otherwise, political opinions, membership of parties, trade unions, associations or organizations religious, philosophical, political or trade union, as well as personal data suitable to reveal the state of health and sexual life.

Judicial data, again pursuant to art. 4 of the Code, include personal data suitable for revealing the measures referred to in Article 3, paragraph 1, letters a) to o) and r) to u), of the D.P.R. November 14, 2002, n. 313, on the subject of criminal records, the register of administrative sanctions depending on the offense and the related pending charges, or the status of defendant or suspect under articles 60 and 61 of the criminal procedure code. We recommend that you do not provide such information through the Site. In the event that this is necessary (for example in the case of belonging to protected categories in case of sending a resume for recruitment purposes, in response to a job announcement or in in case of expression of interest to work in the Company) we invite you to send us a registered letter with the expression of your consent in writing to the processing of this information.

Links to third-party sites

Please note that the Site may contain links (links) to other sites that are not governed by this Privacy Policy.

Data retention

The data collected by the site are processed at the Seeweb web hosting data center. Web hosting, which is responsible for the processing of data, keeping data on behalf of the Owner, is located in the European Economic Area and acts in accordance with European standards.

The information and personal data of the Visitors collected from the Site, including the data freely provided in order to obtain the sending of informative material or other communications by writing in the form of the Site, will be kept for the sole purpose of providing the requested service and for the duration necessary for the same purpose. Once the service is complete, all personal data will be destroyed in compliance with the data retention policy, unless otherwise requested by the authority and unless required by law, or when indicated in this policy for particular sections of the portal.

Exercise of the rights of the interested party

Pursuant to European Regulation 679/2016 (GDPR) and national regulations, the User can, in accordance with the procedures and within the limits established by current legislation, exercise the following rights:

  • request confirmation of the existence of personal data concerning him / her (right of access);
  • to know its origin;
  • receive intelligible communication;
  • to have information about the logic, the methods and the purposes of the processing;
  • request the updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected;
  • in cases of consent-based processing, receive only the cost of any support, its data provided to the holder, in a structured and readable form by a data processor and in a format commonly used by an electronic device;
  • the right to lodge a complaint with the Control Authority (Privacy Guarantor – link to the Guarantor page);
  • as well as, more generally, exercise all the rights that are recognized by the current provisions of the law.

Requests should be sent to the Data Controller at info@sanmasseoassisi.it.

In the event that the data are processed on the basis of legitimate interests, the rights of data subjects are guaranteed (with the exception of the right to portability that is not provided for by the regulations), in particular the right to oppose the treatment that can be exercised by sending a request to the data controller.

Data security

This site processes the data of users in a lawful and correct manner, adopting the appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data. Processing is carried out using IT and / or telematic tools, with organizational methods and with logic strictly related to the purposes indicated. In addition to the owner, in some cases, may have access to the data categories of employees involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external subjects (as suppliers of third-party technical services, postal couriers, hosting providers, IT companies, communication agencies).

Cookie Policy

As is customary on all websites, this site also uses cookies, small text files that allow you to store information on visitor preferences, to improve the functionality of the site, to simplify navigation by automating the procedures (eg. login, site language, ..) and for the analysis of the use of the site.

Session cookies are essential in order to distinguish between connected users and are useful to avoid that a required feature can be provided to the wrong user, as well as for security purposes to prevent cyber attacks on the site. Session cookies do not contain personal data and last only for the current session, ie until the browser is closed. No consent is required for them.
The functionality cookies used by the site are strictly necessary for the use of the site, in particular they are linked to an express request for functionality by the user (such as login), for which no consent is required.

By using the site, the visitor expressly consents to the use of cookies.

A.1 THE COOKIES

The Website uses both its own cookies and third-party cookies. The proprietary cookies are used to navigate the site by the user and allow access to any protected areas. The duration of these cookies is usually linked to the user’s session and are deleted once the browser closes. Proprietary cookies are essential and can not be disabled as they would preclude the correct use of the Website itself.

The third-party cookies can have different purposes: statistical analysis, social interactions, video viewing, memorization of interests for the provision of targeted advertising services. These cookies are not controlled directly by the owner and to disable them you must follow the procedures indicated by the individual suppliers.
In general all cookies can be deactivated completely in your browser at any time by following the procedures indicated in point A.4.

A.2 OWNER COOKIES

If you leave a comment on our site, you can choose to save your name, email address and website in cookies. They are for your convenience so you do not have to fill in your details again when you leave another comment. These cookies will remain for one year.

If you have an account and access this site, a temporary cookie will be set to determine if the browser accepts cookies. This cookie does not contain personal data and is deleted when you close the browser.

When you log in, several cookies will be set to save login information and screen display options. The access cookies remain for two days and the cookies of the options on the screen remain for one year. If you select “Remember me”, your login will persist for two weeks. If you exit your account, access cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie does not include personal data and simply indicates the post ID of the article just edited. Expires after 1 day.

A.3 THIRD-PARTY COOKIES

On this site the following third-party cookies may be activated.

– Google Analytics (anonymized)

It is a Google analysis tool that through the use of cookies (performance cookies), collects anonymous browsing data (IP truncated to the last octet) and exclusively aggregates for the purpose of examining the use of the site by users , compile reports on activities on the site and provide other information, including the number of visitors and pages visited. Google may also transfer this information to third parties where required to do so by law or where such third parties process the information on Google’s behalf. Google will not associate the IP address with any other data held by Google. Data transmitted to Google are stored on Google’s servers in the United States.
On the basis of a specific agreement with Google, which is designated as the data controller, the latter undertakes to process the data according to the requests of the Data Controller (see at the end of the information), given through the software settings. Based on these settings, the advertising and data sharing options are disabled.

Further information on Google Analytics cookies can be found on the Google Analytics Cookie Usage on Websites page.

The user can selectively disable the collection of data by Google Analytics by installing the appropriate component provided by Google on their browser (opt out).

– Tracking AdWords conversions

Google AdWords Conversion Tracking is a statistics service provided by Google Inc. that links data from the Google AdWords ad network with actions taken within the Site. Personal data collected: Cookies and Usage Data. Place of processing: USA – Privacy Policy

– Google Fonts

The site uses fonts provided by the Google Fonts service. Personal data collected: cookies and usage data. Place of processing: USA – Privacy Policy

– Embedded contents

The site can be used Youtube and Vimeo videos, contents of social Facebook, Twitter, LinkedIn, Google+ and in general, as necessary, embeddable content of other platforms. These contents and / or plugins are programmed so as not to set any cookies when accessing the page, to safeguard the privacy of users. Possibly cookies are set, if so provided by social networks, only when the user makes effective and voluntary use of the plugin. Please note that if the user browses being logged into the social network, the use of cookies is already accepted through this site when registering with the social network. The collection and use of the information obtained by means of the plugin are governed by the respective privacy policies of the social networks, to which reference is made.

– Facebook: Privacy Policy – Cookie Policy
– Twitter: Privacy Policy – Cookie Policy
– Youtube: Privacy Policy – Cookie Policy
– LinkedIn: Privacy Policy – Cookie Policy
– Google+: Privacy Policy – Cookie Policy
– Vimeo: Privacy Policy – Cookie Policy
– Google Maps: Privacy Policy – Cookie Policy

For more information on the use of data and their processing by Google, it is recommended to view the information on the page provided by Google, and on the page on how to use the data by Google when using sites or apps of partners.

Content embedded by other websites

Articles on this site may include embedded content (e.g. videos, images, articles, ..). The embedded content of other websites behave in exactly the same way as the visitor has visited the other website. These websites can collect data about you, use cookies, integrate additional third-party tracking, and monitor interaction with that embedded content, including tracking your interaction with embedded content if you have an account and are connected to that site web.

A.4 HOW TO DISABLE THE COOKIES IN THE BROWSER

Cookies are connected to the browser used and CAN BE DISABLED DIRECTLY FROM THE BROWSER, thus refusing / withdrawing consent to the use of cookies. It should be noted that disabling cookies may prevent the correct use of some features of the site itself.
Instructions for disabling cookies can be found on the following web pages:

Mozilla Firefox – Microsoft Internet Explorer – Microsoft Edge – Google Chrome – Opera – Apple Safari

Transfer of data to non-EU countries

This site may share some of the data collected with services located outside the European Union area. In particular with Google, Facebook and Microsoft (LinkedIn) through social plugins and the Google Analytics service. The transfer is authorized on the basis of specific decisions of the European Union and the Guarantor for the protection of personal data, in particular Decision 1250/2016 (Privacy Shield – here the information page of the Italian Data Protection Authority), for which no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.

Responsible for processing

The web hosting Seeweb is appointed as data controller, keeping the data on behalf of the owner. Web hosting is located in the European Economic Area and acts in accordance with European standards. Google is appointed data controller, processing data on behalf of the Data Controller (Google Analytics).

Updates

This privacy policy is updated as of March 19, 2024.

Close

Luxury boutique resort & Events venue in Umbria, with a breathtaking panoramic view of Assisi.

Instagram

@ tenutasanmasseo

Follow Us

event@sanmasseoassisi.it