Information on the processing of personal data and cookies on the website
1. Background
In compliance with the obligations arising from the Regulation (EU) No. 2016/679 of the European Parliament and of the Council of April 27, 2016 (hereinafter, the “Regulation” or “GDPR”) and the national legislation in force, including Legislative Decree 196/2003 (Privacy Code, as amended by Legislative Decree 101/2018), B&B Degli Angeli di Caterina Bellassai respects and protects the personal data of visitors and users (hereinafter, the “Data Subjects”) of the website www.bebdegliangeli.it (hereinafter, the “Website”). This document provides information on the processing of personal data collected by B&B Degli Angeli di Caterina Bellassai through the Website and, therefore, constitutes a disclosure to Data Subjects under the aforementioned regulations and does not apply to personal data collected by B&B Degli Angeli di Caterina Bellassai through channels other than the Website. According to the provisions of the Regulations, the processing of the personal data of the Interested Parties is carried out in compliance with the principles of correctness, lawfulness, transparency and protection of confidentiality. The Internet Site contains links to other Internet sites: this policy does not cover such other Internet sites, which may be consulted by the Interested Parties through special links. Such websites may contain information on the processing of personal data that differs, in whole or in part, from this statement. B&B Degli Angeli di Caterina Bellassai therefore invites the Interested Parties to carefully read the privacy notices of each other site they link to, especially before entering any personal information.
2. Identity and contact details of the data controller
The data controller is B&B Degli Angeli di Caterina Bellassai (hereinafter,
“B&B Degli Angeli di Caterina Bellassai” or the
“Data Controller“), P. IVA 03859011201, located at Via Ca’ del Costa 6 40034 – Castel d’Aiano(BO) (tel: +39 3663307205; email caterinabellassai@gmail.com).
3. Types of data processed through the Website
The Data Controller, through the Internet Site, may process the following data: Data collected in an automated manner – traffic and navigation data The computer systems and software procedures responsible for the operation of the Internet Site acquire, in the course of their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This category of data includes IP addresses or domain names of the computers and terminals used by users, the type of browser, the name of the Internet Service Provider, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the resources requested, the date and time of visit to the Internet Site, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc..), the user’s source and output web pages and other parameters related to the user’s operating system and computer environment. The Website does not intentionally collect data belonging to special categories (e.g. health data, religious, political, trade union beliefs), unless specific informed consent is given.
4. Data disclosed by Data Subjects
The optional, explicit and voluntary sending of messages to the contact addresses of the Data Controller, as well as the filling in and forwarding of the contact forms on the Website, entail the acquisition of the sender’s contact data, necessary to reply, as well as all the personal data included in the communications (such as, purely by way of example, name, surname, email address). In any case, Data Subjects are required to provide true and accurate data and to promptly inform the Data Controller of any subsequent changes.
5. Cookies and other tracking systems
The Website makes use of cookies and similar technologies. Please refer to our Cookie Policy for information on the use of cookies.
6. Purpose and legal basis for processing
The Data Controller processes traffic and browsing data for the following purposes: (a) to manage, administer and improve the Internet Site; to control the proper functioning of the services offered; (b) to fulfill the obligations required by law and/or regulations and/or orders of the Judicial Authority; (c) to prevent and/or detect fraudulent and/or harmful activities for the Internet Site; (d) to carry out analyses with technical and/or commercial purposes; to obtain statistical information on the use of the services (most visited pages, number of visitors per time slot or daily, geographical areas of origin, etc.). The processing of such data is necessary to be able to browse the Website. The Data Controller processes the data communicated by the Data Subjects for the following purposes: (e) to respond to requests for assistance and, in general, to any question and/or request made by users; (f) to send administrative and/or technical support emails to users (by way of example only, technical notes, reminders, updates..); (g) to send by mail and/or email newsletters, commercial communications and/or advertising material on products and/or services offered by the Data Controller. The processing of data communicated by the Data Subjects for the above purposes requires the consent of the Data Subjects. Such consent is always optional but, in default, B&B Degli Angeli di Caterina Bellassai will not be able to process the data collected for the aforementioned purposes.
7. Disclosure of data
The personal data collected may be communicated to supervisory bodies, judicial authorities as well as to all subjects to whom communication is obligatory by law and/or necessary for the fulfillment of the purposes described above.
8. Method of processing personal data collected and storage period
The data collected may be subject to both paper and electronic and/or automated processing. In any case, the Data Controller will process the personal data collected for the time necessary to fulfill the purposes set forth in this notice and, in any case, for a period not exceeding what is required by current legislation (including tax regulations). The data will be kept for the time strictly necessary for the purposes for which it was collected, in accordance with the following terms:
- Browsing data: maximum 12 months;
- Data provided voluntarily: up to 10 years for legal or administrative obligations;
- Data for marketing purposes: until consent is revoked, but no longer than 24 months.
9. Possible transfer of personal data
The management and storage of data will take place on servers located within the European Union of the Data Controller and/or third party companies contracted and duly appointed as Data Processors. Currently, the servers are located in Italy. It is in any case understood that the Data Controller, should it become necessary, will have the right to move the location of the servers to Italy and/or the European Union and/or non-EU countries. In this case, the Data Controller assures as of now that the transfer of the data outside the EU will take place in compliance with the applicable legal provisions by entering, if necessary, into agreements that guarantee an adequate level of protection and/or by adopting the standard contractual clauses provided by the European Commission.
10. Security Measures.
The Data Controller processes the data of the Data Subjects in a lawful and correct manner, adopting appropriate security measures aimed at preventing unauthorized access, unauthorized disclosure, modification or destruction of the data, as well as unlawful use of the data. The processing is carried out by means of computer and/or telematic tools, with organizational methods and logics strictly related to the stated purposes, and the data are stored and maintained in secure facilities with limited access and verification of personnel. Access to information is strictly limited to authorized personnel. The Website is constantly monitored for security breaches. In addition to the Data Controller, in some cases, categories of staff involved in the organization of the Internet Site (administrative, commercial, marketing, legal, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies), who will act on the basis of specific instructions provided by the Data Controller, may have access to the data. In any case, the Data Controller invites Data Subjects to adopt appropriate protections and/or precautions against unauthorized access to their private area and/or computer.
11. Rights of data subjects
In accordance with the provisions of Chapter III of the GDPR, Data Subjects may be able to exercise at any time the rights provided therein and in particular: Right of access: to obtain from the Data Controller confirmation as to whether or not Personal Data relating to them are being processed and, if so, to receive information as to the purposes of the processing, the categories of Data involved, the recipients or categories of recipients to whom the Personal Data are or will be disclosed, the period of storage of the Personal Data or the criteria for determining that period ( art. 15, GDPR); Right to rectification: to obtain from the Data Controller, without undue delay, the rectification of inaccurate Personal Data and the supplementation of incomplete Personal Data by also providing a supplementary statement (art. 16, GDPR); Right to erasure: to obtain from the Data Controller, without undue delay, the erasure of Personal Data, in the cases provided for by the GDPR (so-called “right to be forgotten” – art. 17, GDPR); Right to restriction: to obtain from the Data Controller the restriction of processing, in the cases provided for by the GDPR (art. 18, GDPR); Right to portability: to receive from the Data Controller in a structured, commonly used and machine-readable format, the Personal Data concerning them provided to the Data Controller and to request to transmit them directly, or through the Data Controller if technically feasible, to another Data Controller (c.d. “right to data portability” – art. 20 GDPR); Right to object: to object, upon the occurrence of special situations concerning them, to the processing of Data and% as well as to the processing of Personal Data for direct marketing purposes (art. 21 GDPR); Right not to be subjected to decisions based solely on automated processing ( art.22 GPDR). The appropriate request can be made by contacting at any time B&B Degli Angeli di Caterina Bellassai by mail at: B&B Degli Angeli di Caterina Bellassai Via Ca’ del Costa 6 40034 – Castel d’Aiano(BO)); by e-mail at caterinabellassai@gmail.com. By the same means, the consents expressed with reference to this information can be revoked at any time without affecting the lawfulness of the processing based on the consent given before the revocation. Any communications and actions taken by B&B Degli Angeli di Caterina Bellassai in response to the exercise of the rights listed below will be carried out free of charge, except for the cases provided for in Article 12, paragraph 5, of the GDPR. The interested parties may also contact B&B Degli Angeli di Caterina Bellassai at the telephone number +39 3663307205 for the case in which they need information and/or clarifications regarding the processing of personal data carried out through the Website.
12. Right of complaint
Interested parties who believe that the processing of personal data relating to them carried out through the Website is in violation of the provisions of the Regulations have the right to lodge a complaint with the Guarantor, as provided for in Article 77 of the Regulations themselves, or to take appropriate legal action (Article 79 of the Regulations).
13. Child protection
The Data Controller does not allow persons under the age of 16 to use its services and, therefore, does not intentionally collect information about them. Should it become aware that it has collected data relating to persons under the age of 16, in the absence of demonstrable parental consent, it will delete such data as soon as possible.
14. Periodic updates to this privacy policy
This Privacy Policy is valid and effective as of May 25, 2018 and may be subject to change over time, including as a result of amendments or additions to current legislation. Should the Data Controller make any significant changes to this document, the same will inform the Data Subjects through the means it deems most appropriate for the purpose (such as, but not limited to, publication on the home page of the Website and/or sending a newsletter to the email address provided by the Data Subjects). This policy was updated on May 25, 2018.
15. Content generated through artificial intelligence
Some content on the Website (including text, images, graphic or multimedia elements) may be created, even partially, with the help of generative artificial intelligence tools. The use of such technologies takes place in accordance with the principles of fairness, transparency and reliability, with the aim of providing content that is up-to-date, consistent and of interest to users. Content created with artificial intelligence does not use the personal information (such as name, email, preferences, or browsing behavior) of people who visit the site. Artificial intelligence does not analyze or study user behavior to create profiles, personalized advertisements, or targeted content.
This policy was updated on May 6, 2025.
