Le Spighe S.r.l.
PRATO (PO) VIA TIEPOLO 34
ZIP CODE 59100
REA Number PO - 486985
Tax Code 01959880970
(hereinafter referred to as "CONTROLLER" or "DATA CONTROLLER")
(hereinafter referred to as "WEBSITE" or "SITE")
01/25/2023
Dear User,
this privacy notice serves to show you how the Data Controller (and any joint controllers) collect your personal data, how they protect this information, how they use and share it, and how you can directly contact the Data Controller to ask questions about privacy (and more).
By using and browsing this Website, or by filling out online forms or performing specific actions, some of your personal data may be collected by the Controller, namely information that could be used to identify you.
These may indicate the method used in submitting the request to our servers and other purely technical and anonymous parameters (possibly related to the user's operating system or computing environment).
This information is usually implicit in the use of web communication protocols and is not collected in any way to be associated with the user (it's worth repeating, this is not our purpose!).
However, they could allow, through associations and processing with data held by third parties (not in our possession), to identify you (even if it is a remote possibility).
Finally, this data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.
Some of the following provisions may be necessary and applied only to a specific category of users. In such cases, the users in question will be specified, while in other cases the clauses apply to all users.
By using our Site, you declare that you understand and meet the following requirements:
The right of withdrawal applies only to European customers/consumers
There are no distinctions between consumers or professional users.
Unless otherwise specified or clearly recognizable, all material and content present on this Website are provided or are the exclusive property of the Controller and its licensors.
The Controller commits to ensure that the content available on the Site does not violate applicable regulations or third-party rights.
Obviously, this is not always possible (even for purely technical reasons) and in these cases, without prejudice to legally exercisable rights and claims, you are requested to submit your complaints to the contacts specified in this document.
The Controller reserves all intellectual property rights on the content created for the Website and does not authorize you to use them in any way that is not necessary, implicit, or described in this document.
In particular, there is an absolute prohibition on:
Through the use of this Site, you may have access to content and resources provided and distributed by third parties. By using them, you acknowledge and accept that the Controller has no and cannot have any control over such resources and therefore is not responsible for either their content or their availability.
You may use the Site and all related services only for the purposes for which they are offered, according to these terms and under applicable law.
Please remember that it is your sole responsibility to ensure that your use of this Site and its integrated services does not violate the law, third-party rights, or regulations.
Consequently, the Controller reserves the right to adopt any measure aimed at protecting and safeguarding its legitimate interests. In particular, it may:
Such actions may be taken by the Controller whenever you act or there is suspicion that you are engaging in:
If these terms are not respected or if the Controller or its appointees do not act immediately, this does not indicate that they are waiving any of the rights they could exercise. Consequently, no waiver can be considered final in reference to a specific right or any other right.
In some cases, the Controller might interrupt the Site/Service and within the limits of law will work to ensure that you can extract your personal data.
You are not in any way, as a user, authorized to reproduce, duplicate, copy, sell, resell or exploit in ways not described by these terms the Site or Service in whole or in part without prior written consent from the Controller.
We process the data you provide us with the utmost attention and always according to the most common principles of fairness, transparency, and protection of confidentiality in accordance with current regulations, adopting appropriate security measures to protect information and prevent unauthorized access, disclosure, or modification.
Processing is always carried out using computer, telematic, or analytical tools and with organizational methods correlated to the indicated purposes.
The Controller may also use digital communication channels (such as email and/or instant messaging systems) and telephone (calls, SMS, etc.) as well as postal channels to respond to users' questions or to contact them with direct authorization from the interested party.
Some of the data voluntarily provided by the user are:
The entirely optional and always explicit and voluntary sending of data through online forms or through the addresses indicated on this Website. This action involves the subsequent acquisition of the sender's personal data, which is necessary to respond to requests or to provide dedicated consultation. Additional specific summary information will be reported according to new needs on the Website pages prepared for particular services. The personal data you provide us when requesting documents or informational material (such as subscribing to a possible newsletter) are used solely and exclusively to perform the requested service or provision and are absolutely not subject to transfer or dissemination. Having said this, no use of automated processing aimed at profiling you while browsing the Website is planned.
The use of the few and possible personal data collected is often necessary to allow safe use of the Website and to receive assistance.
Below you will find some specific information about the purposes of processing:
As expressly provided by Art. 5, paragraph 1, letter e) of the GDPR, data is stored only for the time necessary for processing in relation to the performance of the service you have directly requested or in reference to the purposes described in this document.
In detail:
At the end of the retention period, the data will be permanently deleted and consequently, the rights of access, deletion, rectification, and data portability can no longer be exercised.
Your data is processed at the Controller's operational headquarters (or by third parties selected for their reliability and security). For further information, you can contact the Data Controller who will provide you with all the relevant information.
Due to force majeure or specific contractual constraints, your data might transit and be transferred to a country different from where you are (and managed by any natural and/or legal persons based in EU or non-EU member countries).
In the latter case, the Controller will adopt all appropriate contractual measures to ensure adequate data protection.
This Website, to ensure secure navigation and particularly when Personal Data is entered, is equipped with an SSL certificate and uses the HTTPS protocol. Thanks to the use of this protocol, transactions and data are transmitted with maximum security and the communication content is not read or manipulated by third parties.
Where possible, we ensure that data flows directly from user to Controller, without passing through third parties (still in compliance with GDPR).
We avoid saving as much data as possible on the server so that if it were, unfortunately, attacked by hackers, they would not find useful information anyway.
Furthermore, the Site is equipped with DNS-level firewall and automatically tries to block threats and hacking attempts.
The CMS platform is constantly updated and we try, as much as possible, to use the minimum number of external tools.
The server is located in Europe and is hosted by one of the world's best server farms.
This Website uses cookies.
You surely already know what they are - small text files that can be used by websites to improve user experience and customize content as well as provide some social functionality and analyze traffic.
They have multiple purposes and different characteristics, and might be used both by the Website you are visiting and by third parties.
If you don't authorize certain cookies (called "technical"), you might have difficulty navigating the site or viewing its contents.
Some scripts and services allow viewing content hosted on external platforms directly from this Website's pages and interacting with them. If one of these services is installed, there is a possibility that the same tool (regardless of the Controller's will) collects traffic data related to the pages where it is installed. This Website frequently changes the use of these tools and seeks, where possible, to reduce their use.
CloudFlare is a DNS optimization and traffic distribution service provided by CloudFlare Inc. CloudFlare typically filters traffic on this Site, i.e., communications between this Site and your browser, also allowing anonymous collection of statistical data.
Personal data collected
Various types of data as specified in the service's privacy policy.
Place of processing:
USA – Privacy Policy
Cookie name: _cfduid
Fathom Analytics is a completely anonymous analytics and statistics service provided by Conva Ventures Inc. that allows the Controller to understand website usage. The collected data is anonymized through the use of hashing techniques.
Personal data collected
Tracker and anonymous usage data. Servers are located in Europe.
Place of processing:
Canada – Privacy Policy
By filling out the contact form with your data, you consent to their use to respond to requests for information, quotes, consultations, or any other nature indicated on the form page itself.
Personal data collected
Name, surname, email, phone number
Place of processing:
Controller's headquarters
The Site uses an online booking system to verify the availability of the accommodation facility and allow the creation of quotes and orders. The tool in question is called Simplebooking and is managed by QNT S.r.l. This tool collects additional personal data relating to the user to provide additional services and functionalities. Our Site does not process data related to payment systems (such as credit card numbers), which will instead be acquired by the service provider in an encrypted, protected manner and according to the security requirements provided by PCI certification.
Personal data collected
Various personal data managed by QNT S.r.l. such as name, surname, email, phone number, address, city, province, ZIP code, country, and possibly credit card data and additional notes. By booking through Simplebooking, you consent to the communication of your personal data to QNT S.r.l.
Place of processing:
Florence, Italy - Privacy Policy
Cloudflare Turnstile is a SPAM protection service provided by Cloudflare Inc. used by this site.
Personal Data processed: Data communicated to use the Service; Usage data; keypress events; motion sensor events; touch events; question responses. Place of processing: United States – Privacy Policy. Category of personal information collected according to CCPA: internet information; indirect information. This type of processing constitutes a "sale of data" under the CCPA. In addition to the information contained in this clause, the User can consult the section describing California consumer rights for information on how to opt out of the sale.
Personal data collected
Place of processing:
USA - Privacy Policy
Google Tag Manager is a tag management service provided by Google Ireland Limited.
Personal data collected
Cookies; Usage data.
Place of processing:
Ireland – Privacy Policy
The Data Controller reserves the right to make changes to this Privacy Policy at any time by updating this page, which we ask you to consult often (always referring to the date of last modification indicated at the beginning).
If you do not wish to accept the changes made to this Privacy Policy, you must cease using this Website and you can request the Data Controller to remove your personal data.
In all other cases, the previous Privacy Policy will continue to apply to your personal data collected until the indicated date.
The Controller cannot be held responsible in any way for updating the links (internal but especially external) present in the Privacy Policy, therefore whenever you find one that is not working and/or updated, please always refer to the document and/or section of the websites referenced by such link.