Who is it for?

This privacy policy is intended for individuals who use the services provided by the website www.torreperrotti.it, specifically:

• Individuals who browse the website, even if only for consultation.

• Individuals who contact Torre del Mare srl through the "Contact Us" form.

In this policy, these individuals will be referred to as "Data Subjects."

​

Who processes the data?

The data controller for all processing activities resulting from the use of this website is Torre del Mare srl, an Italian company based in Santa Maria di Castellabate, represented by its legal representative from time to time.

For the processing activities described in this policy, the Data Controller can be contacted at the following address: info@agriturismoperrotti.it

The data is physically processed by the employees and collaborators of the Data Controller, who have been properly trained and authorized to process the data.

What data is processed?

For the management of the services provided through this site, the following data is processed:

• IP address, location, and activities on the website, for browsing the site.

• Name, surname, email (mandatory), phone, company (optional), for contacting Torre del Mare srl.

​​

Where is the data processed?

The data collected through this site will be processed by the Data Controller at their premises in Italy and by any external parties to whom administrative, organizational, or technological management is entrusted – who have been appointed as Data Processors – at their own offices and branches located within Italy.

​

How is the data processed?

Data is collected directly from the Data Subject using cookies or through submission via dedicated online forms for contacting the company.

Once collected, the Data Subject's data is stored and kept digitally on the computer systems of the Data Controller and/or its Data Processors.

​

Which cookies collect data?

This site uses technical cookies, which can be used without the Data Subject's consent, as they are strictly necessary for providing the service.

Additionally, third-party profiling cookies may be used, and their use is subject to consent directly given to these third parties by accessing their cookie usage policies. Profiling cookies may be used by the Data Controller or the owner of the cookie to store the choices made by the Data Subject, provide personalized or optimized functionalities, or to record habits and preferences expressed during navigation.

​

For what purposes is the data processed?

The data collected by the Data Controller is used to:

• Improve the use of the site and register usage statistics, as well as to profile Data Subjects.

• Respond to requests submitted by the Data Subject to Torre del Mare.

On what legal basis is the data processed?

The Data Controller will process the Data Subject's personal data solely based on the explicit consent of the Data Subject.

If the Data Subject withdraws consent, the Data Controller may continue processing the data for obligations arising from the law and/or based on the legitimate interest of the Data Controller.

​

How is the data protected?

To ensure the availability, integrity, and confidentiality of the information, Torre del Mare srl has implemented specific security measures to protect the data from the risk of loss or accidental destruction.

In particular, physical and IT access controls, credential management, modification limitations, incremental backups, and anti-intrusion systems have been established.

​

Is it mandatory to provide the data?

Providing data is mandatory for fulfilling the Data Subject's requests.

Failure to provide the data will make it impossible to provide the requested service, preventing the Data Subject from contacting Torre del Mare srl.

Providing data collected via technical cookies is mandatory for browsing the site, while providing data through analytical and profiling cookies is optional.

​

To whom is the data communicated?

The data collected and processed by the Data Controller may be communicated to public and private entities, in compliance with the applicable laws or for organizational, technical, or informational needs related to the requests made by the Data Subject.

​

How long is the data processed?

Data collected through the website www.torreperrotti.it is retained and processed only as long as necessary for the purposes for which it was collected:

• In the case of browsing, the data is processed for the duration specified for each cookie.

• In the case of a contact request, the data will be processed until the request is fully addressed, and in any case for no more than 12 months.

At the end of the period specified for each activity, the data will be destroyed or anonymized for statistical purposes.

​

How can Data Subjects protect their rights?

The Data Subject can protect themselves and their personal data by exercising the rights provided by the applicable regulations, by sending a free request to the Data Controller.

​

The Data Controller will respond as soon as possible, and in any case within one month of receiving the request. If additional time is needed to process the request, the Data Controller will inform the Data Subject within a maximum of two months.

​

If the Data Controller does not deem it necessary to fulfill the request, they will communicate their refusal directly to the Data Subject within one month of receiving the request. In such cases, the Data Subject can file a complaint with the Supervisory Authority in their country or seek judicial redress.

​

Exercising the Data Subject's rights is free unless the requests are manifestly unfounded or repetitive; in this case, the Data Controller may charge a contribution or refuse the request.

​

The Data Subject may exercise their right of access under Article 15 of Regulation (EU) 2016/679 by submitting a request to the Data Controller in order to obtain confirmation that processing is occurring (or not).

 

The same request may ask to know:

• Which data is being processed and for what purposes;

• How long the data will be kept;

• Whether the data has been or will be communicated to other parties, and if so, their identities and the country they are located in, as well as the existence of adequate safeguards for transfer;

• The existence of the right to request rectification, limitation, or erasure of their data;

• The existence of the right to object to processing;

• The existence of the right to lodge a complaint with a Supervisory Authority;

• The existence of automated decision-making, including profiling, and the consequences of such processing. The Data Subject is also entitled to receive a free copy of their personal data being processed, provided that this does not infringe upon the rights of others. Additional copies requested may incur a contribution fee.

​​

The Data Subject may exercise their right of rectification under Article 16 of Regulation (EU) 2016/679 by submitting a request to the Data Controller to correct any inaccurate data or, in the same manner, request that the data be supplemented with other information by submitting a declaration in this regard.

​

The Data Subject may exercise their right to erasure under Article 17 of Regulation (EU) 2016/679 by submitting a request to the Data Controller to delete their personal data in the following cases:

• If the data is no longer necessary for the purposes for which it was collected;

• If the Data Subject has withdrawn consent for processing;

• If the Data Subject has objected to processing;

• If the personal data has been processed unlawfully by the Data Controller;

• If the data must be erased to comply with a legal obligation the Data Controller is subject to;

• If the Data Subject is under the age of 16 and the persons exercising parental responsibility have not given consent.

​​

If the Data Controller has made the personal data public and is required to erase it, they will inform any third parties who are processing the Data Subject's data of the request for erasure, to the extent technically and economically feasible.

​

The Data Subject may exercise their right to restriction of processing under Article 18 of Regulation (EU) 2016/679 by submitting a request to the Data Controller to limit processing to the storage of the data, without allowing the Data Controller to carry out other operations, in the following cases:

• If the Data Subject contests the accuracy of the data, for the time needed for the Data Controller to verify it;

• If the processing is unlawful and the Data Subject objects to erasure;

• If the Data Controller no longer needs the data but must store it for legal reasons;

• If the Data Subject has objected to processing, for the time necessary to verify the balance between the Data Subject's rights and the legitimate interests of the Data Controller.

​​

The Data Subject may exercise their right to object to processing under Article 21 of Regulation (EU) 2016/679 at any time for reasons related to their specific situation. This right may be exercised by sending a communication to the Data Controller if the processing is based on the legitimate interest of the Data Controller or if the data is processed for scientific research or statistical purposes.

​

If the Data Subject believes that the processing of their personal data is in violation of Regulation (EU) 2016/679, they have the right to lodge a complaint with the Supervisory Authority, as per Article 77 of Regulation (EU) 2016/679, choosing the Supervisory Authority of their home country, the country where they work, or the country where the alleged violation occurred.

​

In any case, the Data Subject may seek to protect their rights by appealing to the Administrative and/or Judicial Authority in their country.

​

The Data Subject may withdraw consent to the processing of their data at any time, using the same methods by which they provided their consent or by sending communication to the Data Controller. The withdrawal of consent will not affect the processing already carried out, but will result in the interruption of ongoing processing and the destruction of the Data Subject's data.

​

Legislation and References

This policy is provided in accordance with Regulation (EU) 2016/679 and Legislative Decree 196/2003, as amended by Legislative Decree 101/2018, as well as the General Provision of 8 May 2014 of the Italian Data Protection Authority.

This version is effective from 13.02.2025.