We recognize the importance of protecting personal data. Therefore, any data you provide to us—voluntarily or even involuntarily—while browsing our website will be processed in compliance with applicable regulations.
We invite you to review the following information, provided pursuant to Article 13 of Regulation (EU) No. 2016/679 ("GDPR"), regarding the management and processing of browsing data as well as data you may send us by writing to the addresses listed on the Website. Please note that we may update this notice at any time, with any changes published on the Website. We therefore encourage you to periodically check the relevant page.
1. Types of Data Collected ("Data"), Purposes, and Legal Basis for Processing
a) Browsing Data
The computer systems and software procedures used to operate the Website acquire, during normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category includes:
IP addresses or domain names of users' devices connecting to the site,
MAC (Media Access Control) addresses,
URI (Uniform Resource Identifier) addresses of requested resources,
the time of the request,
the method used to submit the request to the server,
the size of the file obtained in response,
the numerical code indicating the server response status (successful, error, etc.),
and other parameters related to the user's operating system and IT environment.
We use this Data for the following purposes:
To derive anonymous statistical information about Website usage and ensure its proper functioning. Data used for this purpose is deleted immediately after processing. However, it may be used to establish liability in case of cybercrimes against the Website. The legal basis for this processing is Article 6(1)(b) of the GDPR, as it is necessary to enable you to use the requested service (i.e., browsing the Website).
To comply with legal obligations or judicial authority requests. The legal basis for this processing is Article 6(1)(c) of the GDPR, as it is necessary to fulfill a legal obligation to which we are subject.
b) Data You Voluntarily Provide
Whenever you send emails to the addresses listed on the Website, we will process your email address and any additional personal data included in the message for the following purposes:
To respond to your requests via email. The legal basis for this processing is Article 6(1)(b) of the GDPR, as it is necessary to provide the requested service (i.e., addressing your inquiries).
To comply with legal obligations or judicial authority requests. The legal basis for this processing is Article 6(1)(c) of the GDPR, as it is necessary to fulfill a legal obligation to which we are subject.
We ask that you do not send us "special categories of data" as defined by applicable law (e.g., health data or religious beliefs). If such data is provided, it will be deleted immediately.
c) Cookies
Our Website uses only technical cookies (session and browsing cookies) to ensure normal navigation and functionality (e.g., allowing authentication and access to restricted areas). For more information on data processing via cookies, please refer to the dedicated cookie policy, accessible in the footer of every page on the Website as well as at [insert link].
2. Data Retention Period
Browsing Data is retained for the duration of the service and is deleted or anonymized within 7 days of collection.
Data you voluntarily provide is retained after we have fulfilled your request or responded to your communication, except where required for tax, accounting, administrative, or legal compliance purposes.
3. Processing Methods
Your Data will be processed by authorized personnel using electronic tools, organized in databases, and stored on appropriate media (e.g., digital and paper). We do not use automated decision-making processes.
To prevent data loss, misuse, or unauthorized access, we have implemented specific security measures, including regular cybersecurity audits by specialized firms to ensure server integrity.
4. Data Provision
Browsing Data is mandatory for Website use. Without it, we cannot allow navigation.
Providing data for additional purposes is optional. Failure to do so will not result in penalties, but we may be unable to fulfill your request.
5. Data Disclosure
We may disclose your Data to:
(i) Entities legally authorized to access it;
(ii) Companies, associations, or professionals assisting us in fulfilling legal obligations or organizational needs (designated as "Data Processors").
If you wish to know the identities of these Processors, you may request this information via the contact details in Section 9. We will not disseminate your Data.
6. Data Transfers Outside the EU or to International Organizations
We do not transfer Data collected through Website browsing or services to countries outside the European Union or to international organizations.
7. Links to Third-Party Sites or Services
This notice applies only to data processing via our Website and not to third-party sites, even if accessed through links. Their operators act as independent data controllers, so we advise reviewing their privacy policies.
8. Your Rights
As a data subject, you may exercise the following rights under the GDPR at any time:
Request information on:
(i) Data origin;
(ii) Processing purposes/methods;
(iii) Logic applied if electronic tools are used;
(iv) Our and our Processors’ identifying details.
Obtain:
(i) Access, updates, corrections, or additions to your Data;
(ii) Deletion, anonymization, or blocking of unlawfully processed Data;
(iii) Processing restrictions;
(iv) A copy of your Data in a standard format.
Object, in whole or in part, to processing:
(a) For scientific/historical/statistical research (if related to your specific situation);
(b) For public-interest tasks or our legitimate interests;
(c) For promotional/marketing purposes.
Withdraw consent (where applicable) without affecting pre-withdrawal processing.
Lodge a complaint with the supervisory authority of your EU member state if you believe processing violates GDPR.
The Italian Data Protection Authority (Garante) can be contacted via its website.
9. Data Controller
The Data Controller is:
Marco Prandi
Via Grez 62Q, 38066 Riva del Garda (TN), Italy
Email: info@carotahouse.com
To exercise your rights, please write to: info@carotahouse.com.