Information on the processing of personal data of website users

Artt. 13 e 14 del Regolamento 2016/679/UE (nel seguito anche “GDPR”)

Destination Florence Convention & Visitors Bureau (hereinafter also referred to as “DFCVB“) is committed to respecting and protecting your privacy, and wants you to feel safe both when simply browsing the website and if you decide to register by providing us with your personal details in order to take advantage of the services made available to its Users and/or Clients. On this page “DFCVB” intends to provide some information on the processing of personal data relating to users who visit or consult the website accessible by electronic means from the address

www.tuscanyforweddings.com (the “Website”).

This information is provided only for the website of “DFCVB” and not for other websites that may be consulted by the user through links (for which please refer to the respective privacy information/policies). The reproduction or use of the pages, materials and information contained in the Site, by any means and on any medium, is not permitted without the prior written consent of Destination Florence Convention & Visitors Bureau. Copying and/or printing for exclusively personal and non-commercial use is permitted (for requests and clarifications, please contact “DFCVB” at the addresses indicated below). Other uses of the content, services and information on this site are not permitted.

With respect to the content offered and the information provided, “DFCVB” will endeavor to keep the contents of the Site reasonably up to date and revised, without offering any guarantee as to the adequacy, accuracy or completeness of the information provided and expressly disclaims any liability for any errors of omission in the information provided on the Site.

BROWSING DATA

DFCVB” informs you that the personal data supplied by you and acquired in connection with the request for information and / or contact, site registration and use of services through smartphones or any other tool used to access the Internet, and the data necessary for the provision of such services, including navigation data and data used for any purchase of products and services offered by “DFCVB” but also only the so-called “navigation” of the site by Users, will be treated in compliance with applicable legislation. The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of the Internet. This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified as surfers. This category of data includes “IP addresses” or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the web server, the size of the file obtained in reply, the numerical code indicating the status of the response from the web server (successful, error, etc..) and other parameters regarding the operating system and computer environment. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check the correct functioning of the Destination Florence Convention & Visitors Bureau website. Please note that the aforesaid data could be used to ascertain responsibility in the event of computer crimes against the “DFCVB” website or other websites connected or linked to it: except for this possibility, at present, the data on web contacts do not persist for more than a few days.

DATA PROVIDED BY THE USER

DFCVB” collects, stores and processes your personal data in order to provide the products and services offered on the Site, or for legal obligations. With regard to some specific services, products, promotions, etc.. “DFCVB” may process your data for commercial purposes. In these cases, a specific consent will be required, separate, optional and always revocable in the manner and at the addresses listed below.

The optional, explicit and voluntary sending of electronic mail to the addresses indicated in the appropriate section of the Website, as well as the filling in of questionnaires (e.g. forms), entails the subsequent acquisition of some of your personal data, including those collected through the use of related services, necessary to respond to requests. We also point out that it may be necessary to transfer your personal data to such third parties. In particular, we share your data with “Toscana Promozione Turistica” in order to fulfill the task given to us as winners of the tender. At the end of the call, the obligation of communication on our part will also cease. Explicit consent will be required for such communication.

Please also note that you may access the Site or connect to areas where you may be able to post information using blogs or bulletin boards, communicate with others, such as from the “DFCVB” page on Facebook®, LinkedIn®, YouTube®, and other social networking sites, review products and offers, and post comments or content. Before interacting with these areas, please read their General Terms and Conditions of Use carefully, keeping in mind that, under certain circumstances, the information you post may be viewed by anyone with access to the Internet and any information you include in your postings may be read, collected and used by third parties.

PURPOSE OF PROCESSING AND LEGAL BASIS

The data are processed for the purposes

1) strictly connected and necessary to the registration to the site www.tuscanyforweddings.com to the services and/or Apps developed or made available by “DFCVB“, to the fruition of the relative information services, to the management of requests for contact or information, for the execution of purchases of products and services offered through the site “DFCVB“;

2) for ancillary activities related to the management of User/Customer requests and the sending of feedback that may include the transmission of promotional material; for the completion of the purchase order of products and services offered;

3) related to the fulfillment of obligations under EU and national regulations, the protection of public order, detection and prosecution of crimes;

The provision of data for the purposes referred to in paragraphs 1), 2) and 3), connected to a pre-contractual and / or contractual or functional to a user request or provided by a specific provision of law, is required and, failing that, you can not receive the information and access to services may be required.

DFCVBmay send commercial communications relating to products and / or services similar to those already provided, in accordance with Directive 2002/58/EU, using the coordinates of electronic mail, or paper, you have indicated on these occasions to which you can oppose in the manner and at the addresses below.

PURPOSES FOR WHICH CONSENT IS NOT REQUIRED

  1. Browsing data
    These data are used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
  2. Personal data provided voluntarily by users processed as a result of requests for a service or otherwise
    These data will be used only for the purpose and for the time strictly necessary to perform the service or provision requested and may, for this reason, be disclosed to third parties (eg couriers for the shipment of products required, other consultants necessary to respond to your requests etc..) or to persons within our organization (eg office employees, production employees, etc..).
  3. Processing of traffic information (which does not allow personal identification)
    is used on an aggregate, non-personal basis to analyze user behavior in order to understand how visitors use the Site and to measure interest in the various pages. This allows us to improve the content of the site, to simplify consultation

PURPOSES FOR WHICH CONSENT IS REQUIRED

  1. Profiling purposes

    Data processing for profiling purposes conducted automatically by collecting information on navigation during access and use of services. By means of statistical correlation algorithms, this information can be linked to other similar information from other users in order to identify common traits and group similar ones within classes of interest. By assigning your browser to a class of interest, our systems will then be able to provide you with content that is closer to your tastes and present advertisements that better meet your needs and better target the interests of advertisers while reducing the level of disruption to your experience. As of the date you read this Policy, DFCVB uses profiling data to aggregate marketing profiles, to manage the relationship with advertisers and improve campaigns, to infer patterns of use of our products and services, and to assist business units in developing digital strategies.

  2. Direct Marketing Purposes
    The data collected may be used to perform statistical analysis, market surveys, promotional activities via social media and to send commercial information about DFCVB’s products and promotional initiatives.

  3. Marketing purposes by third parties
    The data collected may be provided to other companies who may contact you as Owners of autonomous initiatives – the updated list is at your disposal and can be requested from the Data Processor at the address below – for statistical analysis, market research and sending commercial information on products and promotional initiatives.

Communications for market surveys or commercial information on products and promotional initiatives may be carried out by e-mail. We would like to inform you that some activities may be carried out through suppliers who are specifically appointed as Data Processors, including those outside the European Union. The legal bases of the purposes described above are the execution of your request as an interested party and the consents expressed by you.

PROCEDURES FOR DATA COLLECTION AND STORAGE TIMES

The collection of information through the site can be done in one of the following ways:

  1. Explicit mode
  2. Implicit mode
  3. Information sent voluntarily by the interested party

EXPLICIT ACQUISITION
This information is collected through an explicit request when you use the Site and may include: your name, e-mail address, etc. This information is required when you request a service, participate in promotional activities, fill out questionnaires, etc. When the user visits a part of the site that requires the acquisition of personal data, an explicit request in this regard appears and the user is invited to give his consent if it is provided.

IMPLICIT ACQUISITION OF INFORMATION
Browsing data
The computer systems and software procedures used to operate this site acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols and which are not in any way used or managed by the DFCVB.

This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified.

This category of data includes IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) notation of the resources requested, the time of the request, the method used in submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user’s operating system and computer environment.

Other information collected in this way may concern: the “Uniform Resource Locator” (URL) of the site from which the user comes, which pages of the Site were visited, what is the next URL the user connected to, what browser was used to reach the site.

Such data, necessary for the use of web services, are also processed, in aggregate form, in order to:

  • obtain statistical information on the use of the services (most visited pages, number of visitors by time slot or daily, geographical areas of origin, etc.);
  • check the correct functioning of the services offered.

The navigation data do not persist for more than seven days and are deleted immediately after their aggregation (except for eventual necessity of verification of crimes by the judicial authority).

COOKIES
What cookies are
A cookie is a short string of text that is sent to your browser and possibly saved on your computer (alternatively on your smartphone/tablet or any other tool used to access the Internet); this sending generally occurs every time you visit a website. DFCVB uses cookies for various purposes, in order to offer you a fast and secure digital experience, for example, allowing you to maintain an active connection to the protected area while browsing through the pages of the site.

Cookies stored on your terminal device cannot be used to retrieve any data from your hard disk, transmit computer viruses or identify and use your e-mail address. Each cookie is unique to the browser and device you use to access the Website. Generally, the purpose of cookies is to improve the operation of the Website and your experience in using it, although cookies may be used to deliver advertisements (as specified below). For more information on what cookies are and how they work, you can visit the “All about cookies” website http://www.allaboutcookies.org

How cookies are classified
Cookies are classified into:

  • Technical: these are the cookies that serve to carry out navigation or provide a service requested by the user. They are not used for further purposes and are normally installed directly by the website’s DFCVB. Without the use of these cookies, some operations could not be carried out or would be more complex and/or less secure, such as home banking activities (viewing account statements, bank transfers, bill payments, etc.), for which the cookies, which allow the user to be identified and maintained during the session, are essential. The use of such cookies does not require the user’s prior consent;
  • Profiling: These are the cookies used to track the user’s navigation on the network and create profiles on their tastes, habits, choices, etc. With these cookies, advertising messages can be sent to the user’s terminal in line with the preferences already manifested by the same user when browsing online. The use of these cookies requires the prior acquisition of the user’s free and informed consent.
  • Third party cookies: It may also happen that a web page contains cookies coming from other sites and contained in various elements hosted on the page itself, such as advertising banners, images, videos, maps or specific links to web pages of other domains that reside on servers other than the one on which the requested page is located. In other words, these cookies are set directly by managers of websites or servers other than this website. We speak, in these cases, the so-called third-party cookies, which are usually used for profiling purposes. The use of these cookies requires the prior acquisition of the free informed consent of the user.

Cookies and other tracking systems in place
Pursuant to the Provision of the Privacy Guarantor of 08/05/2015 Published in OJ n.126 of 03/06/2014 cookies cannot be freely installed on users’ terminals, but are required compliance with a number of requirements. In the table below we communicate the types of cookies used on our website:

COOKIES ON THE WEBSITE AND THE ENTITY THAT MANAGES THEM

In this table we point out the various types of cookies on our site and for each of them we indicate whether they are managed directly by us or by third parties. If the cookie is managed by third parties, not only do we not see the data stored, but we have no possibility to intervene. For this reason you will find a link to their information and consent forms.

CONSENT

COOKIE

TYPE

COOKIE MANAGEMENT

DESCRIPTION OF AND LINKS TO THIRD-PARTY DISCLOSURES

THECNICAL

PROFILING

Owner

Third party

NO

Session Cookie

X

 

X

 

The use of session cookies is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable the safe and efficient exploration of the site. The so-called session cookies used in this site avoid the use of other computer techniques that could potentially compromise the privacy of the users and not allow the acquisition of personal identification data.

The aggregate information collected is anonymous and allows the analysis of the type of traffic on the site. Over time, this may help us improve our content and make it easier to use.

Most browsers automatically accept cookies, but you can also refuse them altogether or selectively accept only some of them, acting on the preferences of your browser.

If you inhibit the loading of cookies, some components of the site may not be available and some pages may be incomplete.

NO

Google Analytics

X

 

 

X

In order to improve the website and understand which parts or elements are most appreciated by users, third party Google Analytics cookies are used as an anonymous and aggregate analysis tool. These cookies are not tools of our ownership, for more information, therefore, you can see the information provided by Google

NO

Essential technical cookies for statistics and performance analysis

X

 

X

 

These cookies allow us to know how visitors use the site, so that we can assess and improve its operation and favour the production of content that better meets the information needs of our users. For example, they allow us to know which pages are the most and least frequented. They take into account, among other things, the number of visitors, the time spent on the site by the average user and the way in which they arrive. This way, we can know what’s working well and what to improve, as well as making sure that pages load quickly and are displayed correctly. All information collected by these cookies is anonymous and not linked to your personal information. To perform these functions on our sites, we use third-party services that anonymize data so that it cannot be traced back to individuals (so-called “single-in”). Where there are services that are not fully anonymized, you will find them listed among the third-party cookies for which you can refuse consent, to ensure your privacy.

NO

Widget social network

X

 

 

X

The site integrates the main Social Networks through scripts made available by them. These scripts may use Cookies in order to facilitate the sharing of content on social networks or interaction with other members.

These types of cookies are managed by the different companies that are part of the individual Social Networks each of which is responsible for its own cookies. Through the links below you can learn more about the privacy policies published:

·         Google + / YouTube: http://www.google.it/policies/privacy/

·         Twitter: https://twitter.com/privacy

·         Facebook: http://www.facebook.com/policy.php

·         Pinterest: https://about.pinterest.com/it/privacy-policy

·         Instagram: https://instagram.com/about/legal/privacy/

SI

FBP

 

X

 

X

Used by Facebook to provide a variety of advertising products as real-time offers from third-party advertisers. Retention time: 3 months

SI

Google Analytics

 

X

X

 

Record unique ID used to generate data about how the visitor uses the site. Retention time: 2 years.

INFORMATION SENT VOLUNTARILY BY THE INTERESTED PARTY

The optional, explicit and voluntary sending of messages to the contact addresses of DFCVB, as well as the filling in and forwarding of the forms present on the sites, imply the acquisition of the contact data of the sender, necessary to reply, as well as all the personal data included in the communications. Specific information will be published on the pages of DFCVB sites set up for the provision of certain services.

LINKS TO OTHER SITES

The site may contain links to third-party sites. When you use these links, you are entering an environment that is not under the control of our organization, and we are not responsible for the content you may encounter or the privacy practices employed there. This policy does not extend to the privacy practices of linked sites. You should carefully review the practices of each site you visit. In addition, those sites may independently send their own cookies to users, collect data or solicit personal information.

LOGICAL PROCESSING PROCEDURES AND SECURITY MEASURES

The processing is also carried out with the aid of electronic or automated means and is performed by “DFCVB” and/or third parties that “DFCVB” may use to store, manage and transmit the data. The data processing will be carried out with logic of organization and processing of your personal data, also related to the logs originated from access and use of services made available via web, products and services used related to the above purposes and, in any case, so as to ensure the security and confidentiality of data. The personal data processed will be kept for the time provided for by the legislation applicable at the time.

Also with regard to data security, in the sections of the website set up for particular services, where personal data is requested from the user navigator, the data is encrypted using a security technology called Secure Sockets Layer, abbreviated as SSL. SSL technology encrypts information before it is exchanged via Internet between the user’s computer and the central systems of “DFCVB“, making it incomprehensible to unauthorized persons and thus guaranteeing the confidentiality of the information transmitted. Just in reference to the aspects of protection of personal data, the user / customer is invited, pursuant to art. 33 of the GDPR to report to “DFCVB” any circumstances or events from which a potential “violation of personal data (data breach)” in order to allow an immediate assessment and the adoption of any actions to counter this event by sending a notice to privacy@conventionbureau.it or contacting us at the contact details indicated.

SCOPE OF DATA COMMUNICATION AND TRANSFER

For the pursuit of the above purposes, “DFCVB” may communicate and process, in Italy and abroad, personal data of users/customers to third parties with whom we have dealings, where these third parties provide services at our request. We will only provide these third parties with the information necessary to carry out the services requested, taking all measures to protect your personal data. Data may be transferred outside the European Economic Area if this is necessary for the management of your contractual relationship. In this case, the recipients of the data will be subject to protection and security obligations equivalent to those guaranteed by DFCVB. In the case of use of services offered directly by Partners we will provide only the data strictly necessary for their execution. In any case, only the data necessary for the pursuit of the intended purposes will be communicated and the guarantees applicable to data transfers to third countries will be applied, where required. We may also disclose personal data to our commercial service providers, for marketing reasons, for this purpose appointed as external data controllers. In addition, personal data may be disclosed to the competent public authorities and authorities for the needs of compliance with regulatory requirements or to ascertain responsibility in case of computer crimes against the site and communicated to, or allocated to, third parties (as managers or, if they are providers of electronic communications services, independent owners), which provide computer and telecommunication services (eg. DFCVB” makes use of these third parties (as managers or, where suppliers of electronic communication services are concerned, independent owners) who provide IT and telecommunications services (e.g. hosting services, website management and development services) and which “DFCVB” uses to carry out tasks and activities of a technical and organizational nature that are instrumental to the functioning of the website. The subjects belonging to the above categories operate as separate data controllers or as managers appointed for this purpose by “DFCVB“.

Access to data is also allowed to categories of employees of DFCVB involved in the organization for data processing (administrative staff, sales, marketing, customer service, system administrators). The updated list of managers can always be requested from DFCVB.

This is without prejudice to the right of communication to other third parties upon specific and optional consent. Personal data may also be known by employees/consultants of “DFCVB” who are specially trained and appointed in charge of processing data.

The categories of recipients to whom the data may be communicated are available by contacting “DFCVB” at the addresses listed below.

RIGHTS OF THE INTERESTED PARTIES

You may at any time exercise the rights granted to you by law, including that:

  1. to access your personal data, obtaining evidence of the purposes pursued by DFCVB, the categories of data involved, the recipients to whom the same may be communicated, the applicable storage period, the existence of automated decision-making processes;
  2. to obtain without delay the rectification of inaccurate personal data concerning him/her;
  3. to obtain, in the cases provided for, the cancellation of your data;
  4. to obtain the limitation of the treatment or to oppose it, when possible;
  5. to request the portability of the data that you have provided to “DFCVB”, i.e., to receive them in a structured, commonly used and machine-readable format, within the limits and with the constraints provided by Article 20 of the GDPR;

In addition, you may lodge a complaint with the Data Protection Authority pursuant to Article 77 of the GDPR.

For the treatments referred to in point d) of the purposes, the customer may always revoke consent and exercise the right to object to direct marketing (in “traditional” and “automated”). The opposition, in the absence of any indication to the contrary, will refer to both traditional and automated communications.

RIGHT TO COMPLAIN

Interested parties who believe that the processing of personal data relating to them carried out through this site is in violation of the provisions of the Regulation have the right to complain to the Guarantor, as provided for in Article 77 of the Regulation itself, or to take appropriate legal action (Article 79 of the Regulation) by contacting garante@gpdp.it or through the site http://www.gpdp.it.

Data Controller

The Data Controller, pursuant to art. 4 of the GDPR, is Destination Florence Convention & Visitors Bureau, Via del Tiratoio, 1 – 50124 Firenze (FI) P.IVA: 04674960481 – CF: 04674960481

Data Protection Manager

The undersigned Company has appointed as DPO (Data Protection Officer)

Pangea Consulenze Srl – Sig.Corti Alessandro – Tel.0577/043092

whom you may contact to obtain information and forward requests regarding your data or to report inefficiencies or any problems that may arise.

The use of the Web Site, including those intended for tablets and/or smartphones, by the Customer and/or User implies full knowledge and acceptance of the content and any indications included in this version of the notice published by “DFCVB” at the time the site is accessed. “DFCVB” informs you that this policy may be modified without notice and therefore recommends periodic reading.

This privacy policy was updated on 07/03/2022.