Privacy Policy

1. INTRODUCTION
We respect your privacy in compliance with Regulation (EU) 2016/679 (of the European Parliament and of the Council concerning the protection of natural persons with regard to the processing of personal data, and the free movement of such data). Our goal is to protect and safeguard your personal data when interacting with our website.

2. WHO ARE WE?

• The Data Controller is the natural person, public authority, company, public or private entity, association, etc., that makes decisions regarding the purposes and methods of processing (Article 4, paragraph 1, point 7 of Regulation EU 2016/679).
• The Data Processor is the natural or legal person to whom the Data Controller assigns specific and defined tasks for managing and controlling the data processing (Article 4, paragraph 1, point 8 of Regulation EU 2016/679).

Data Controller:

• Mr. Gianluca Prianti
• Email: info@lecinquelampade.com

Data Processor:

• QUOVAI SRL, Via Custoza, 13, 56040 Monteverdi Marittimo (PI)
• Email: supporto@quovai.com
• VAT Number: 01871320493

3. WHAT INFORMATION DO WE COLLECT AND USE?

We do not collect your personal data while you browse the site anonymously. We collect your data (voluntarily provided) in order to provide the requested services.

(A) For the provision of our online service (booking through the booking engine), we collect the following information:

• First name and last name
• Email address
• Mobile number
• Credit card information

(B) When using our information request form, we collect the following personal data:

• First name and last name
• Email address
• Mobile number
• Information voluntarily disclosed in the "Message" section, which may contain sensitive data.

QUOVAI S.r.l. does not collect or process personal data classified as "special data" (such as, for example, data revealing racial or ethnic origin, religious, philosophical or other beliefs, political opinions, membership in associations or organizations of a religious, philosophical, or trade union nature, as well as personal data revealing health status or relating to criminal convictions and offenses), unless you have given your explicit consent, such as may occur when sending an information request (case (B)). For operational and maintenance purposes, this site may collect system logs, which are files that record interactions and may also contain personal data, such as the IP address.

The data you provide will be processed for the following purposes (among others): responding to information requests and handling support requests; carrying out sales or booking services; sending information about future events; managing payments; compiling statistics to measure the portal’s performance in an aggregated and anonymous form (which does not allow the identification of any natural person). Your credit card details (first name, last name, card number, and expiration date) are collected via the Stripe payment gateway (stripe.com/it) and are stored in encrypted form until the service has been provided.

4. ON WHAT LEGAL BASES DO WE PROCESS YOUR PERSONAL DATA?
We collect, use, and share the data in our possession in the manner described, based on the following legal grounds:

• The processing is lawful if it is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject. This expressly includes administrative and accounting purposes. In this context, the service provided by the administrative department is included, and therefore the processing of the data subject's personal data for booking management and the sending of responses to support requests. The legal basis is Article 6, paragraph 1, letter b) of Regulation (EU) 2016/679.
• Consent to the processing of your personal data for one or more specific purposes (e.g., sending promotional material by email following voluntary subscription to the newsletter). For this purpose, you must give your consent, which can be revoked at any time. The legal basis is Article 6, paragraph 1, letter a) of Regulation (EU) 2016/679.
• Our legitimate interests, including our interest in providing a safe and efficient service for you, are protected by Article 130, paragraph 4, of the Privacy Code, which also permits the sending of promotional communications by email to customers (current or former) to promote services similar to those previously purchased (so-called soft spam). There is a right to opt-out. The legal basis is Article 6, paragraph 1, letter f) of Regulation (EU) 2016/679.

5. LOCATION OF DATA PROCESSING
The processing related to the web service provided by QUOVAI S.r.l. takes place at the company’s headquarters and on the Data Centers of the company HETZNER, which are located in Germany. No data is transferred outside the European Union.

The Platform may share some of the collected data with services located outside of Italy, particularly the Google Analytics service. Google Analytics 4 is a web analysis service provided by Google Inc. (“Google”). This data may be transferred outside the European Union, such as to the United States, in accordance with the new EU-U.S. Data Privacy Framework (DPF), which guarantees the protection of personal data. All collected data is used securely and transparently to improve the user experience and our services.

6. WHAT PERSONAL INFORMATION DO WE DISCLOSE TO THIRD PARTIES?
We do NOT disclose, sell, or transfer your personal data to companies or third parties not directly involved in the core purposes of our business. Your data will be known to our employees. In addition, other recipients include: entities we rely on for the execution of the contract; entities that provide services for platform management; entities that provide legal, tax, and accounting consulting services; competent authorities and supervisory bodies for the fulfillment of legal obligations; and Public Administrations for their institutional purposes.

The subjects belonging to the above categories, in some cases, operate independently as distinct Data Controllers, in other cases, they act as Data Processors appointed by the Controller in compliance with Article 28 of Regulation (EU) 2016/679. However, we may be required to disclose personal data in response to a request from the Judicial Authority, as well as for fraud prevention purposes or if we believe such action is necessary to protect our business.

7. COOKIES
For information regarding Cookies, please refer to our specific Cookie Policy.

8. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We retain your personal data for the time necessary to carry out the operations related to the activities of the Data Controller in compliance with Regulation (EU) 2016/679. The processing of personal data is mainly carried out using IT tools for the time strictly necessary to achieve the purposes for which the data was collected and for the subsequent 10 years from the date of acquisition. Upon expiry, the online data will be deleted or anonymized by our provider QUOVAI S.r.l., unless there are further purposes for retaining it. We must retain your tax data for the 10 years required by Italian law; after this period, there is no longer a lawful basis (legal obligation) for further retention, so we delete it. We do not collect special categories of personal data. However, if this information is entered into a free-text section of the site or in emails sent to us, such information will be retained (if identified and recognized) for the time strictly necessary to achieve the original purposes.

9. HOW DO WE PROTECT YOUR PERSONAL DATA?
To prevent unauthorised access to your personal data and to maintain its accuracy, we are committed to implementing appropriate security measures that safeguard its confidentiality, integrity, and security. It is important to note, however, that no Internet transmission can ever be 100% secure. On parts of the site where personal data is collected, Secure Socket Layer (SSL) technology is used, ensuring that all communications between the user’s computer and us cannot be intercepted or deciphered.

By convention, Internet addresses (URLs) that involve an SSL connection start with https:// instead of http://. Additionally, in most common browsers, a green padlock icon is displayed to the left of the URL to show that a full SSL connection has been established between the user’s browser and our Platform. If your browser does not support SSL technology, you should upgrade to the latest version.

10. HOW DO WE HANDLE MINORS' PRIVACY?
The website is directed at a general audience and does not offer services intended for minors. Minors under the age of 18 should NOT provide us with any information or personal data. If we discover that a minor has provided us with personal data without parental or guardian consent, we will promptly delete such information.

11. WHAT ARE YOUR RIGHTS?
Pursuant to Regulation (EU) 2016/679, you may, in accordance with the procedures and within the limits provided by current regulations, exercise the following rights by addressing a request to the contact details of the Data Controller:

•     Access your personal data;
•     Withdraw consent;
•     Object to the processing of your personal data (when it is based on a legal ground other than consent);
•     Verify and request rectification;
•     Obtain the restriction of processing (in this case, we will not process your data for any other purpose except storage);
•     Obtain the deletion or removal of your personal data;
•     Request data portability;
•     Lodge a complaint.

Requests should be directed to us directly as the Data Controller. We strive to respond to all legitimate requests within one month. Occasionally, it may take more than a month if your request is particularly complex. If you believe that the processing of your data violates privacy laws or that your rights have been infringed in any other way, you can contact the supervisory authority:

• Data Protection Authority: Piazza di Monte Citorio n. 121, Rome, 00186, Italy
• Tel: +39-06-69677-3785
• Website: www.garanteprivacy.it/

12. HOW CAN YOU CONTACT US?
For any request related to the processing of your personal data, you may

•  Send us an email at supporto@quovai.com
•  Call us at +39-02-87198048

13. CHANGES TO THIS PRIVACY POLICY
This Privacy Policy is effective from the date indicated at the beginning of the document. The Data Controller may modify this Privacy Policy at any time; in such cases, we will publish the updated version here and change the effective date shown below.

This Privacy Policy is updated as of 01/09/2024.