Privacy and Cookie Policy

Dear User,

this privacy notice serves to show you how the Data Controller (and any joint controllers) collect your personal data, how they protect this information, how they use and share it, and how you can directly contact the Data Controller to ask questions about privacy (and more).

1. Personal Data

By using and browsing this Website, or by filling out online forms or performing specific actions, some of your personal data may be collected by the Controller, namely information that could be used to identify you.

• Data provided by you through the completion of online forms including identification data (such as name and surname), contact data (email address, residence address or phone number) or other information added by you independently in the free fields.
• Data we collect automatically while you browse the Website. These are usually navigation data, possible site usage times, or submission of requests through online forms.

These may indicate the method used in submitting the request to our servers and other purely technical and anonymous parameters (possibly related to the user's operating system or computing environment).

This information is usually implicit in the use of web communication protocols and is not collected in any way to be associated with the user (it's worth repeating, this is not our purpose!).

However, they could allow, through associations and processing with data held by third parties (not in our possession), to identify you (even if it is a remote possibility).

Finally, this data could be used to ascertain responsibility in case of hypothetical computer crimes against the site.

2. Terms of Use

Some of the following provisions may be necessary and applied only to a specific category of users. In such cases, the users in question will be specified, while in other cases the clauses apply to all users.

By using our Site, you declare that you understand and meet the following requirements:

Right of Withdrawal

The right of withdrawal applies only to European customers/consumers

Users

There are no distinctions between consumers or professional users.

Copyright and Intellectual Property

Unless otherwise specified or clearly recognizable, all material and content present on this Website are provided or are the exclusive property of the Controller and its licensors.

The Controller commits to ensure that the content available on the Site does not violate applicable regulations or third-party rights.

Obviously, this is not always possible (even for purely technical reasons) and in these cases, without prejudice to legally exercisable rights and claims, you are requested to submit your complaints to the contacts specified in this document.

The Controller reserves all intellectual property rights on the content created for the Website and does not authorize you to use them in any way that is not necessary, implicit, or described in this document.

In particular, there is an absolute prohibition on:

• copying
• downloading
• sharing, transmitting, transferring (including to third parties)
• modifying and/or transforming
• translating
• processing
• publishing, selling, distributing (including in the form of sublicenses)
• selling
• creating derivative works from the original content available on this Site
• allowing third parties to undertake any of the above points through your User account/device (voluntarily or unknowingly)

External Resources

Through the use of this Site, you may have access to content and resources provided and distributed by third parties. By using them, you acknowledge and accept that the Controller has no and cannot have any control over such resources and therefore is not responsible for either their content or their availability.

Permitted Use

You may use the Site and all related services only for the purposes for which they are offered, according to these terms and under applicable law.

Please remember that it is your sole responsibility to ensure that your use of this Site and its integrated services does not violate the law, third-party rights, or regulations.

Consequently, the Controller reserves the right to adopt any measure aimed at protecting and safeguarding its legitimate interests. In particular, it may:

• deny you access to the Site or its services and tools
• terminate various contracts
• report all censurable activities carried out through this Site to the competent authorities

Such actions may be taken by the Controller whenever you act or there is suspicion that you are engaging in:

• violation of regulations
• violations of law
• violation of terms
• infringement of third-party rights
• acts that may prejudice the legitimate interests of the Controller
• offenses against the Controller or a third party (even if not directly connected to the Controller)

3. General and Common Provisions

If these terms are not respected or if the Controller or its appointees do not act immediately, this does not indicate that they are waiving any of the rights they could exercise. Consequently, no waiver can be considered final in reference to a specific right or any other right.

In some cases, the Controller might interrupt the Site/Service and within the limits of law will work to ensure that you can extract your personal data.

You are not in any way, as a user, authorized to reproduce, duplicate, copy, sell, resell or exploit in ways not described by these terms the Site or Service in whole or in part without prior written consent from the Controller.

4. Methods of Personal Data Processing

We process the data you provide us with the utmost attention and always according to the most common principles of fairness, transparency, and protection of confidentiality in accordance with current regulations, adopting appropriate security measures to protect information and prevent unauthorized access, disclosure, or modification.

Processing is always carried out using computer, telematic, or analytical tools and with organizational methods correlated to the indicated purposes.

The Controller may also use digital communication channels (such as email and/or instant messaging systems) and telephone (calls, SMS, etc.) as well as postal channels to respond to users' questions or to contact them with direct authorization from the interested party.

Some of the data voluntarily provided by the user are:

The entirely optional and always explicit and voluntary sending of data through online forms or through the addresses indicated on this Website. This action involves the subsequent acquisition of the sender's personal data, which is necessary to respond to requests or to provide dedicated consultation. Additional specific summary information will be reported according to new needs on the Website pages prepared for particular services. The personal data you provide us when requesting documents or informational material (such as subscribing to a possible newsletter) are used solely and exclusively to perform the requested service or provision and are absolutely not subject to transfer or dissemination. Having said this, no use of automated processing aimed at profiling you while browsing the Website is planned.

5. Purposes of Personal Data Processing and Legal Basis

The use of the few and possible personal data collected is often necessary to allow safe use of the Website and to receive assistance.

Below you will find some specific information about the purposes of processing:

• They allow you to navigate the website safely and improve the user experience. This is a fundamental point, we want to give you the best possible experience.
• They allow us to fulfill any type of obligation required by current laws, regulations, and all related regulations (and commercial uses) in tax and fiscal matters. Usually, this processing is mandatory to comply with a legal obligation to which the Data Controller is subject.
• Some processing is optional and based on your explicit consent (such as when you fill out our online forms or use integrated messaging tools). However, partial or failure to communicate one or more data (personal or not) will result in the impossibility of responding to the request for information and using the services offered by the Controller.
• They allow us to perform statistical analysis in completely anonymous form on European servers (in compliance with GDPR). In particular, we use a statistics system called Fathom (https://usefathom.com/), GDPR Compliant and extremely privacy-conscious (we don't even see the anonymized IP address!). These statistics allow us to analyze some of your behaviors and improve the Website as well as the services provided by the Controller.
• They also serve other ancillary purposes and/or connected to those indicated above and in any case always falling within the scope of Website activities.

6. Duration of Processing

As expressly provided by Art. 5, paragraph 1, letter e) of the GDPR, data is stored only for the time necessary for processing in relation to the performance of the service you have directly requested or in reference to the purposes described in this document.

In detail:

• Data we collect for contractual obligations will be stored for the time necessary to complete the aforementioned purposes and, in any case, according to what is provided by law.
• Data collected for tax, administrative, or contractual obligations will be stored for the time necessary for the fulfillment of the aforementioned purposes and, in any case, according to what is provided by law.
• Data collected for purposes connected to the legitimate interest of the Controller will be preserved until the satisfaction of such interest, and you can always obtain information about the legitimate interest pursued by the Controller by contacting them directly at the email address listed above.
• Data collected based on your consent may be stored until you voluntarily decide to revoke it (see below).
• Finally, data might be stored by the Controller for a longer period in compliance with legal obligations or by direct order of an authority.

At the end of the retention period, the data will be permanently deleted and consequently, the rights of access, deletion, rectification, and data portability can no longer be exercised.

7. Place of Processing and Data Transfer Abroad

Your data is processed at the Controller's operational headquarters (or by third parties selected for their reliability and security). For further information, you can contact the Data Controller who will provide you with all the relevant information.

Due to force majeure or specific contractual constraints, your data might transit and be transferred to a country different from where you are (and managed by any natural and/or legal persons based in EU or non-EU member countries).

In the latter case, the Controller will adopt all appropriate contractual measures to ensure adequate data protection.

9. Security Measures Adopted

This Website, to ensure secure navigation and particularly when Personal Data is entered, is equipped with an SSL certificate and uses the HTTPS protocol. Thanks to the use of this protocol, transactions and data are transmitted with maximum security and the communication content is not read or manipulated by third parties.

Where possible, we ensure that data flows directly from user to Controller, without passing through third parties (still in compliance with GDPR).

We avoid saving as much data as possible on the server so that if it were, unfortunately, attacked by hackers, they would not find useful information anyway.

Furthermore, the Site is equipped with DNS-level firewall and automatically tries to block threats and hacking attempts.

The CMS platform is constantly updated and we try, as much as possible, to use the minimum number of external tools.

The server is located in Europe and is hosted by one of the world's best server farms.

10. Cookies

This Website uses cookies.

You surely already know what they are - small text files that can be used by websites to improve user experience and customize content as well as provide some social functionality and analyze traffic.

They have multiple purposes and different characteristics, and might be used both by the Website you are visiting and by third parties.

If you don't authorize certain cookies (called "technical"), you might have difficulty navigating the site or viewing its contents.

11. Content on External Platforms

Some scripts and services allow viewing content hosted on external platforms directly from this Website's pages and interacting with them. If one of these services is installed, there is a possibility that the same tool (regardless of the Controller's will) collects traffic data related to the pages where it is installed. This Website frequently changes the use of these tools and seeks, where possible, to reduce their use.

Cloudflare

CloudFlare is a DNS optimization and traffic distribution service provided by CloudFlare Inc. CloudFlare typically filters traffic on this Site, i.e., communications between this Site and your browser, also allowing anonymous collection of statistical data.

Personal data collected

Various types of data as specified in the service's privacy policy.

Place of processing:

USA – Privacy Policy

Cookie name: _cfduid

Fathom Analytics (Conva Ventures Inc.)

Fathom Analytics is a completely anonymous analytics and statistics service provided by Conva Ventures Inc. that allows the Controller to understand website usage. The collected data is anonymized through the use of hashing techniques.

Personal data collected

Tracker and anonymous usage data. Servers are located in Europe.

Place of processing:

Canada – Privacy Policy

Contact Form - larugealespighe.com

By filling out the contact form with your data, you consent to their use to respond to requests for information, quotes, consultations, or any other nature indicated on the form page itself.

Personal data collected

Name, surname, email, phone number

Place of processing:

Controller's headquarters

Simplebooking (QNT S.r.l)

The Site uses an online booking system to verify the availability of the accommodation facility and allow the creation of quotes and orders. The tool in question is called Simplebooking and is managed by QNT S.r.l. This tool collects additional personal data relating to the user to provide additional services and functionalities. Our Site does not process data related to payment systems (such as credit card numbers), which will instead be acquired by the service provider in an encrypted, protected manner and according to the security requirements provided by PCI certification.

Personal data collected

Various personal data managed by QNT S.r.l. such as name, surname, email, phone number, address, city, province, ZIP code, country, and possibly credit card data and additional notes. By booking through Simplebooking, you consent to the communication of your personal data to QNT S.r.l.

Place of processing:

Florence, Italy - Privacy Policy

Cloudflare Turnstile (Cloudflare Inc.)

Cloudflare Turnstile is a SPAM protection service provided by Cloudflare Inc. used by this site.

Personal Data processed: Data communicated to use the Service; Usage data; keypress events; motion sensor events; touch events; question responses. Place of processing: United States – Privacy Policy. Category of personal information collected according to CCPA: internet information; indirect information. This type of processing constitutes a "sale of data" under the CCPA. In addition to the information contained in this clause, the User can consult the section describing California consumer rights for information on how to opt out of the sale.

Personal data collected

• Usage data or data necessary for the service operation.
• Touch/keypress events or motion sensor related events.
• Question responses.

Place of processing:

USA - Privacy Policy

Google Tag Manager (Google Ireland Limited)

Google Tag Manager is a tag management service provided by Google Ireland Limited.

Personal data collected

Cookies; Usage data.

Place of processing:

Ireland – Privacy Policy

12. Changes to this Privacy Policy

The Data Controller reserves the right to make changes to this Privacy Policy at any time by updating this page, which we ask you to consult often (always referring to the date of last modification indicated at the beginning).

If you do not wish to accept the changes made to this Privacy Policy, you must cease using this Website and you can request the Data Controller to remove your personal data.

In all other cases, the previous Privacy Policy will continue to apply to your personal data collected until the indicated date.

The Controller cannot be held responsible in any way for updating the links (internal but especially external) present in the Privacy Policy, therefore whenever you find one that is not working and/or updated, please always refer to the document and/or section of the websites referenced by such link.