top of page

Privacy Notice for

Visitors of the Website

​

Pursuant to the European Union General Data Protection Regulation (GDPR), we inform you about the methods of processing your personal data.

1.Data Controller

The Data Controller is the National Coordination Secretariat of Cittaslow Italia - Palazzo dei Sette, Corso Cavour, 87 - 05018 Orvieto (TR) - VAT 05469850480.

2.How We Collect Your Personal Data

We collect your Personal Data in the following circumstances:

  • Directly, through your interaction with the forms on the website;

  • Automatically and indirectly, when you visit the website with a digital device.

3.What Data We Collect and Why We Need It (Categories of Personal Data, Purpose, Legal Basis for Processing, Nature of Data Provision, and Retention Period)

3.1.Subscription to the Website's Tourist Services

  • Category of Data: Personal identification data (e.g., name, surname, date of birth, tax ID), contact data (e.g., email, mobile phone), data of residence and/or domicile.

  • Purpose of Processing and Nature of Data: We need the above data to process your subscription to the tourist services offered by our Company. If you do not wish to provide the data marked as mandatory, we will not be able to process and manage your request for service subscription. You are free to refrain from providing the data marked as optional without affecting your ability to use the services.

  • Legal Basis: The legal basis for processing such data is based on the necessity of executing a contract with the User and/or the execution of pre-contractual measures.

  • Retention Period: We retain your data for the period necessary to execute the service and for the subsequent standard limitation period.

3.2.Advertising Communications and Marketing (Newsletter)

  • Category of Data: Name, surname, and email. Additionally, every time you interact with the digital communications we send you; we automatically collect the telematic connection data related to your interaction with our IT systems (IP Address, device parameters used to connect, name of the internet service provider, date and time of visit, unique code of the sent communication).

  • Purpose of Processing and Nature of Data: We need the above data to send you our newsletters and direct advertising communications and/or from business partners. If you do not wish to provide the data marked as mandatory, you will not be able to receive such communications. You are free to refrain from providing the data marked as optional without affecting your ability to receive the communications.

  • Legal Basis: The legal basis for processing such data is based on the consent given by the data subject.

  • Retention Period: Subscription and related processing are valid for a maximum period of 24 months.

3.3.Handling Questions and Requests

  • Category of Data: Personal identification data (e.g., name, surname, tax ID), contact data (e.g., email, mobile phone), data of residence and/or domicile.

  • Purpose of Processing and Nature of Data: We need the above data to respond to questions, complaints, and suggestions regarding our activities and Services. If you do not wish to provide the data necessary for handling the question and/or request, we will not be able to process your question and/or request.

  • Legal Basis: The legal basis for processing such data is based on the legitimate interest of the controller for the proper handling of customer questions, complaints, and suggestions regarding the Outlet, portal, and services offered.

  • Retention Period: We retain your data for the period strictly necessary to handle the request or, in the case of a complaint, for the standard limitation period.

3.4.Telematic Connection Data

  • Category of Data: We automatically collect telematic connection data related to the connection to IT systems (IP Address, browser type, device parameters used to connect, name of the internet service provider, date and time of visit, source and exit webpage, country of origin, pages visited, regional and language settings, numeric code indicating the server's response status). The Controller may also save cookies, as described in more detail in the Cookie Policy, which we invite you to consult.

  • Purpose of Processing and Nature of Data: We need telematic connection data for IT security and network protection reasons and to monitor the proper functioning of the application and the portal. The data is mandatory for the use of the portal.

  • Legal Basis: The legal basis for processing such data is based on the legitimate interest of the controller for network protection and the proper functioning of the provided services.

  • Retention Period: We retain the telematic connection data for a period strictly necessary for its purpose, except for any extensions related to investigative activities.

Additionally, we may use your data for the following further purposes:

  • To comply with obligations under applicable national and supranational legislation and/or regulations (legal basis: necessity to fulfill legal obligations);

  • To defend the Controller's rights in judicial, administrative, or out-of-court proceedings, and in disputes arising concerning the services offered (legal basis: legitimate interest in protecting its rights).

4.Special Categories of Data

We do not ask you to provide "special" data, i.e., personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data intended to uniquely identify a person, data relating to health or a person's sex life or sexual orientation.

5.How We Process Data (Processing Methods)

During the period of data processing, we adopt appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of data and will require third-party providers to implement similar security measures.

Processing is carried out using paper, IT, and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated.

6.To Whom We Communicate Your Data (Transfer to Third Parties)

Your personal data may be communicated to third parties and/or recipients whose activities are necessary for providing the services offered and possibly for responding to specific legal obligations. The third parties and/or recipients will process your personal data as Data Processors acting under the authority of the Controller for the purposes provided in this privacy notice.

7.To Which Countries We Transfer Your Data (Transfer of Personal Data to a Third Country)

We may transfer the personal data we collect about you to our affiliates and third-party service providers in countries other than the country in which the information was originally collected (including the United States), where necessary to fulfill the purposes described in this Privacy Notice. These countries may not have the same data protection laws as your country of residence, and your personal data will be subject to applicable foreign laws. When we transfer your information to other countries, we will protect such information as described in this Privacy Notice. We have also implemented appropriate safeguards to ensure such a level of data protection during the transfer of personal data, including the conclusion of data transfer agreements incorporating the European Commission’s Standard Contractual Clauses, or other applicable data transfer mechanisms. Wix.com Ltd is based in Israel, and it is deemed adequate by the European Commission to offer an adequate level of protection for the Personal Information of residents in EU Member States. Wix.com Ltd participates in and has certified its compliance with the EU-U.S. Privacy Shield. Wix.com Ltd commits to subject all Personal Information received from EU Member Countries to the applicable Privacy Shield principles.

8.What Are Your Rights? (Data Subject Rights)

As a data subject, you can exercise the following rights:

  • Right of access: you have the right to obtain confirmation of whether data processing concerning your data is ongoing and to receive any information related to the same processing.

  • Right to rectification: you have the right to obtain the rectification of your data in our possession, should they be incomplete or inaccurate.

  • Right to erasure: in certain circumstances, if the data are not necessary to fulfill legal obligations, you have the right to obtain the deletion of your data present in our archives.

  • Right to restriction of processing: under specific conditions, you have the right to obtain the restriction of processing related to your data.

  • Right to data portability: you have the right to obtain your personal data in a structured, commonly used, and machine-readable format and the right to transmit them to another data controller without hindrance.

  • Right to object: you have the right to object to the processing of your data.

  • Right to lodge a complaint: you have the right to lodge a complaint with the Supervisory Authority if your data have been processed in violation of the GDPR.

  • Right to withdraw consent: you have the right to withdraw your consent for processing based on such legal grounds at any time. Withdrawal will not affect processing carried out before the withdrawal.

9.How to Exercise Your Rights

To exercise the above rights, you can use the contact methods described in the “How to Contact Us” section.

10.How to Contact Us (Data Controller Contact Details and Data Protection Officer)

You can contact us via email at info@cittaslow.net. Alternatively, you can contact us by registered mail at the following address:

 

Headquarters Palazzo dei Sette

Corso Cavour 87 - 05018 - Orvieto (Italy)

 

The Controller undertakes to respond to your requests within one month, except in cases of complexity, for which it may take up to three months. In any case, the controller will explain the reason for the delay within one month from your request.

11.How We Make Changes to the Privacy Notice

We reserve the right to modify or simply update the content, in part or completely, of this Privacy Notice, including due to changes in applicable legislation. We invite you to regularly visit this section to become aware of the most recent and updated version of the Privacy Notice.

12. What are Cookies?

Cookies are small text strings that the website sends and stores on your computer or mobile device, to be sent back to the same site upon your next visit. Thanks to cookies, the website remembers your actions and preferences.

In addition to the cookies sent by the website, during browsing, you may also receive cookies sent from other websites (so-called "Third-Party" cookies) on your computer or mobile device. Cookies can remain on your computer or mobile device for the duration of a session (so-called "Session Cookies") or for longer periods (so-called "Persistent Cookies").

Cookies are categorized into Technical Cookies, Analytical Cookies (so-called "Statistical Cookies"), and Marketing Cookies (so-called "Profiling Cookies").

  • Technical Cookies are used to enable the functioning of the website, such as keeping your identification as a user of the website during the session, and are further divided into Necessary Cookies (they ensure basic functionalities such as page navigation and access to secure areas of the website) and Preference Cookies (they store information that affects the behavior or appearance of the website).

  • Analytical Cookies (so-called "Statistical Cookies") are used to collect information about the use of the website and can be of “reduced identification power,” meaning they do not allow tracing back to your connection as they are masked (anonymous data).

  • Marketing Cookies (so-called "Profiling Cookies") are used to track web browsing and create profiles based on your preferences, habits, choices, etc., allowing advertising messages aligned with your preferences and habits to be sent to your device.

13. What Types of Cookies Do We Use and Why Do We Need Them (Category of Personal Data, Purpose, Legal Basis for Processing, Nature of Data Provision)

13.1. Technical Cookies

  • Category of Data: Data related to technical cookies, preference cookies, and analytical cookies with reduced identification power, both first-party and third-party;

  • Purpose of Processing and Nature of Data: We require this data to ensure the proper functioning of the website. The provision of such data is optional, but if cookies are disabled, the website may become unusable or difficult to use.

  • Legal Basis: The legal basis for processing such data is the legitimate interest of the Controller aimed at ensuring the proper functioning of the website.

13.2. Statistical Cookies

  • Category of Data: Data related to first-party and third-party analytical cookies;

  • Purpose of Processing and Nature of Data: We require this data to improve the website. The provision of data through cookies is optional, and their deactivation will not affect the functionality of the website.

  • Legal Basis: The legal basis for processing such data is based on the consent of the data subject.

13.3. Marketing Cookies

  • Category of Data: Data related to first-party and third-party marketing cookies;

  • Purpose of Processing and Nature of Data: We require this data to provide personalized content based on your individual profile. The individual profile is created through the processing, including automated processing, of your browsing habits, tastes, and preferences. The provision of data through cookies is optional, and their deactivation will not affect the functionality of the website.

  • Legal Basis: The legal basis for processing such data is based on the consent of the data subject.

​

​

bottom of page