1. INTRODUCTION

DESTINATION FLORENCE CONVENTION AND VISITORS BUREAU (hereinafter "DFCVB") takes care of your privacy, therefore we have adopted a Privacy Policy regarding the way we collect, use, transfer and store your data. We invite you to read this document to learn about our privacy protection policies, if you have any questions you can write to us at the contacts indicated below.
With this document DFCVB provides you, pursuant to articles 13 and 14 of Regulation EU 2016/679 the protection of natural persons with regard to the processing of personal data (hereinafter "GDPR"), some information relating to the use of the website https://www.destinationflorence.com (hereinafter only "Site") and any processing of personal data connected to it.

2. DATA PROCESSED AND PROVISION

2.1 Data collected while using the website

Personal data may be used to identify or contact you, as well as to provide better services to all our users.

Data collected automatically
The computer systems and software procedures used to operate the website and all DFCVB applications acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. These information are not collected to be associated with identified data subjects but for its nature, could, through processing and association with data held by third parties, allow the users to be identified.
This type of data include: the IP address or domain name of the device that is used, the operating system, the model and brand of the device, the phone operator, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply given by the server (successful, error, etc.) and other parameters related to the operating system and IT environment of your device.
These data are used to obtain anonymous statistical information on the use of the website and to check its proper functioning.

Data provided voluntarily by the user
SIf you choose to interact with any forms on the site or to contact us by email, you may have to send and/or provide some personal information, necessary to identify you and/or to respond to your requests. The information that may be requested are, by way of example: name and surname, e-mail address and type of request, payment data. You are responsible for the accuracy of the personal information you submit/provide to DFCVB.

2.2 Provision of the data

Apart from that specified for navigation data, the user is free to provide their personal data. Failure to provide such data may, however, make it impossible to obtain what has been requested.

3. PURPOSE OF THE PROCESSING AND LEGAL BASIS

3.1 Your data will be processed:

a) to allow you to use the functions available and, in particular, to register on our site (creation of your personal account) and to purchase products, services and tickets for events on our store;
b) to comply with legal obligations and in particular administrative and accounting obligations
c) to reply to your requests;
d) for the technical management of the services of the site;
e) to exercise the rights of the Data Controller;
f) to send you - via newsletter - advertising material for tourism promotion of Florence as well as a selection of services, events and experiences listed on our website and/or selected for you by DFCVB.
Please note that, if you pay by credit card, your data will not be processed by DFCVB, but only by the payment service provider. For more information, please see https://payyo.ch/terms-and-services/.
Other purposes may be indicated in the information related to the use of specific services.

3.2 The legal bases of the processing

In relation to the purposes 3.1.a and 3.1.c, the legal basis of the processing is the execution of a contract of which the data subject is a party and/or the execution of pre-contractual measures adopted at the request of the same.
For the purpose 3.1.b the legal basis is the fulfillment of legal obligations.
For the purposes 3.1.d and 3.1.e, the legal basis of the processing is the legitimate interest of the Data Controller in a correct administration of the systems, as well as to exercise and defend its rights.
For the purposes 3.1.f the legal basis of the processing is your consent.

4. DATA RETENTION PERIOD

The data relating to your account will be stored until your eventual request for deletion. Your data will also be processed for the time necessary to manage your requests, as well as - where necessary - for the duration required by specific legal obligations (such as the conservation of accounting documents for tax purposes).
For the processing related to the sending of advertising material, via newsletter, the data will be stored until your possible withdrawal of consent.
Once the storage terms indicated above have elapsed, your personal data will be destroyed, deleted or made anonymous, compatibly with the technical cancellation and backup procedures.

5. METHOD OF PROCESSING AND THEIR USE

The data will be processed, in compliance with the necessary security and confidentiality, collected and recorded for specific, explicit and legitimate purposes.
Each data processing is based on principles of correctness, lawfulness and transparency and can be carried out either manually or through automated methods and will take place through appropriate technical and organizational measures, avoiding the risk of loss, destruction, unauthorized access or disclosure or, in any case, illicit use, as well as through reasonable measures to promptly delete or rectify any inaccurate data.

6. RECIPIENTS OF PERSONAL DATA

Designated personnel, duly trained and operating under the authority and responsibility of the Data Controller, will process the data. Information can be communicated to recipients that carry out activities related to the purposes above, such as communication services, e-mail and mail provider and website's hosting and technical assistance and other service providers related to the aforementioned purposes. Only the data strictly necessary for the performance of the activities will be communicated to the subjects indicated above. The updated list of all recipients is available at the headquarters of the Data Controller and will be provided at your request by writing to the following e-mail address: privacy@conventionbureau.it

7. YOUR RIGHTS

You can exercise rights under Chapter III of GDPR at any time. In particular, you have the right to ask the Data Controller for access to your data, their correction or cancellation, the integration of incomplete data, the limitation of processing, to withdraw the consent or object, to receive them in a structured, commonly used and machine-readable format, as well as to exercise the other rights recognized by the applicable regulations. These rights can be exercised using the portal’s features or by writing to the following e-mail address: privacy@conventionbureau.it. Pursuant to art. 77 of the GDPR, moreover, you have the right to lodge a complaint with the Supervisory Authority if you consider that the processing violates the GDPR.

8. USE OF COOKIES AND COOKIE POLICY

At the following link https://www.destinationflorence.com/en/cookie-policy you can find all the information on cookies installed through this site, as well as the necessary indications on how to manage your preferences in this regard.

9. CHANGES TO THIS PRIVACY POLICY

DFCVB, as Data Controller, reserves the right to make changes to this privacy policy at any time by giving notice to Users on this page. Please therefore consult this page taking as reference the date of last modification indicated at the bottom.

10. CONTACT DETAILS OF THE DATA CONTROLLER AND DATA PROTECTION OFFICER (DPO)

The Data Controller is Destination Florence Convention and Visitors Bureau Scrl which you can contact for any information or request using the following contacts: Via del Tiratoio,1 - Firenze (Fi) Telefono: 055/29881 E-mail: info@conventionbureau.it.
Contact details of the Data Protection Officer: privacy@conventionbureau.it

Last updated: January 2023