REGULATORY REFERENCES
Directive 2002/58/EC - on "the processing of personal data and the protection of privacy in the electronic communications sector."

Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/ec (General Data Protection Regulation).

DATA CONTROLLER
As part of the consultation of this site, data relating to identified or identifiable persons may be processed. The "Data Controller" of their processing is La Fiorida S.r.l. Società Agricola Azienda Agrituristica Valtellina, Via Lungo Adda, 12 - 23016 Mantello (SO).

PERSONAL DATA SUBJECT TO PROCESSING
As a result of browsing the Site, we inform you that the Controller will process your personal data, which may consist of an identifier such as your first name, last name, email address or other personal data that you freely give to the Controller (hereinafter also only "personal data") through your entry in the contact and/or registration forms for which there is a specific information notice.

PLACE OF DATA PROCESSING
Data processing related to the web services of this site takes place at the headquarters of the owner and is carried out only by technical personnel duly appointed for the processing, or by any third party suppliers in charge of occasional maintenance operations, appointed as Data Processors pursuant to Article 28 of the RGPD. The data collected will be kept - for each type of data processed - only for the time necessary to fulfill the specific purposes indicated in the specific summary information displayed on the pages of the site and prepared for particular services.

TYPES OF DATA PROCESSED
Navigation data
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified data subjects, but which by its very nature could allow users to be identified. This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) notation addresses of the requested resources, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the user's operating system and computer environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct operation and are deleted immediately after processing. The data could, in addition, be used to ascertain responsibility in case of hypothetical computer crimes against the site: except for this eventuality, at present the data on web contacts do not persist for more than seven days.

Data provided voluntarily by the user
The optional, explicit and voluntary sending of personal data by the user to the contacts on this site involves the subsequent acquisition of the data provided by the sender, necessary for the provision of the requested service. Specific summary information will be progressively reported or displayed on the pages of the site prepared for particular services on request. These data will be processed by the Owner mainly by computer, in order to follow up on the user's request.

COOKIE
Cookies are small text files that are deposited on your computer by the sites you visit. They are mainly used in order to make websites work and operate more efficiently, as well as to provide information to the owners of the website itself.

Below in detail are the cookies used. Cookies can be either session or persistent. Session cookies remain stored in the terminal for a short period of time and are deleted as soon as the user closes the browser. Their use is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable secure and efficient exploration of the site. Persistent cookies, on the other hand, remain stored in the user's terminal until a predetermined expiration date. These, since they are not deleted directly when the browser is closed, allow to remember the choices made by the user on its site as well as to collect information about the pages of the site visited by the user, the frequency with which the site is visited and to identify the navigation path of users, in order to improve the experience on this site. Cookies, whether session or persistent, can finally be First Party or Third Party depending on whether the party installing the cookies on the user's terminal is the same operator of the site that the user is visiting (we will then speak of First Party cookies) or a different party (we will then speak of Third Party cookies).

Cookies used by this site

This site makes use of both First Party and Third Party cookies as it makes use of the functionality of Google Analytics services, offered by Google Inc.

Google Analytics uses "cookies" to collect and analyze information about how you use the websites you visit. For more information about Google Analytics cookies and their use by Google Inc. you can consult:

Google's Cookie Use Policy available at:http://www.google.com/intl/it/policies/technologies/cookies/ and https://developers.google.com/analytics/devguides/collection/analyticsjs/cookies-usage

Google Analytics privacy policy statement at:http://www.google.com/intl/en/analytics/privacyoverview.html

THIRD PARTY COOKIES
The site also makes use of the functionality offered by the Google Analytics service, which uses cookies to anonymously collect and analyze information about website usage behavior. This information (including the user's IP address) is collected by Google Analytics, which processes it for the purpose of compiling reports for the site operator regarding activity on its/their website(s). Google does not associate the IP address with any other data in its possession or attempt to link an IP address with a user's identity. Google may also disclose this information to third parties where required to do so by law or where such third parties process the information on Google's behalf.

For more information, see:
- the privacy policy statement for Google Analytics.
- the statement about Google's use of cookies.

You can disable the Google Analytics feature by following the instructions here: http://tools.google.com/dlpage/gaoptout?hl=it-IT

If the user does not wish to receive any type of cookies on his or her computer, either from this site or from others, he or she can raise the privacy protection level of his or her browser using the appropriate function. The operator of the site reminds you that, according to Article 7 of Legislative Decree No. 196 of June 30, 2003, there is a right to request at any time those who make use of such solutions to delete information collected through cookies

COOKIE MANAGEMENT
Normally, browsers allow you to control most cookies through your browser settings. Please note that the total or partial disabling of so-called technical cookies may affect the use of the site's functionalities. In any case, the user can decide whether or not to accept cookies by changing the security settings of his/her browser.
- Chrome
- Firefox
- Internet Explorer
- Opera
- Safari

• Safari 8 Yosemite
• Safari on iPhone, iPad, or iPod touch

LINKS TO OTHER WEBSITES
This site may contain links or references to access other websites, such as social networks Facebook, Google+, Twitter etc... The Company does not control the cookies/tracking technologies of other websites to which this Policy does not apply.

OPTIONAL SUBMISSION OF DATA
Apart from what is specified for navigation data, the user is free to provide his/her personal data. However, failure to provide them may result in the impossibility of obtaining what has been requested.

PURPOSES OF PROCESSING
The personal data in the section "PERSONAL DATA SUBJECT TO PROCESSING" will be processed for the following purposes, respectively:

• enable the provision of the Services you have requested, i.e.: i) requesting registration on the Site to create an account to purchase goods on the Site; ii) making a reservation at the hotel; iii) making a reservation at the restaurant.
• To enable online payments for services expressly provided for within the Site;
• Provide feedback to your requests for information;
• to evaluate applications submitted in the dedicated "Work with Us" section;
• For sending newsletters.

LEGAL BASIS AND MANDATORY OR OPTIONAL NATURE OF THE PROCESSING
La Fiorida processes your personal data for the performance of a contract to which you are a party or of pre-contractual measures taken at your request. In this case, the provision of personal data for these purposes is optional, but failure to do so would result in the impossibility of activating the services provided by the Website or responding to your requests.
La Fiorida, also processes your personal data subject to your express consent. In this case, you are free to give your consent to the specific processing activity and any failure to provide it does not entail the impossibility of using the services provided by the Website.
The interested party there where you have given your consent has the right to revoke it at any time by sending an email to the email address direzione@lafiorida.com.
We remind you that within the Website there are specific summary information on the processing of personal data and requests for consent will be progressively reported or displayed on the pages of the Website itself prepared for particular services.

OPTIONAL SUBMISSION OF DATA
Apart from what is specified for navigation data, the user is free to provide his/her personal data. However, failure to provide them may result in the impossibility of obtaining what has been requested.

METHODS OF PROCESSING
Personal data are processed, including by means of automated tools, for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. The Data Controller has taken all the minimum security measures required by law and inspired by the main international standards, it has also adopted additional security measures to minimize the risks related to confidentiality, availability and integrity of the personal data collected and processed.

DATA SHARING, COMMUNICATION AND DISCLOSURE
The data collected may be transferred or communicated to other companies for activities strictly related and instrumental to the operation of the service, such as the management of the computer system. The personal data provided by users who forward requests for the sending of informative material (brochures, informational material, etc.) are used for the sole purpose of performing the service or provision requested and are communicated to third parties only if this is necessary for that purpose (companies that provide enveloping, labeling, shipping services). Outside of these cases, personal data will not be communicated or granted to anyone, unless contractually stipulated or authorized by the subjects. In this sense, personal data could be transmitted to third parties, but only and exclusively in the event that: a) there is explicit consent to share data with third parties; b) there is a need to share information with third parties in order to provide the requested service; c) this is necessary to comply with requests from the Judicial or Public Security Authorities. No data from the web service is disseminated.

DATA STORAGE
Personal data processed for the purposes set out in this privacy policy will be kept for the time strictly necessary to achieve those same purposes in compliance with the principles of minimization and limitation of storage ex art. 5.1. letter e) of the Regulations. In any case, La Fiorida will process personal data for the time necessary to fulfill contractual and legal obligations. With reference to the storage of data for the purpose of sending promotional communications, they will be kept until the pursued purpose is achieved and in any case until the revocation of the expressed consent.

RIGHTS OF DATA SUBJECTS
The data protection legislation expressly provides for certain rights of the individuals to whom the data relate (so-called data subject). In particular, pursuant to Articles 15 et seq. of Regulation (EU) 2016/679, each data subject has the right to obtain confirmation of the existence or non-existence of data relating to him or her, to obtain an indication of the origin and the purposes and methods of processing, to update, rectify, supplement data as well as to obtain their deletion if they are processed in violation of the law or if one of the reasons specified in Article 17 of Regulation (EU) 2016/679 exists.
A data subject who believes that the processing of personal data carried out through La Fiorida's website occurs in violation of the provisions of the Regulation has the right to lodge a complaint with the Guarantor, as provided for in Article 77 of the Regulation itself, or to take appropriate legal action (Article 79 of the Regulation).

CHANGES TO THIS PRIVACY POLICY
The Owner periodically reviews its privacy and security policy and, where appropriate, revises it in relation to regulatory, organizational or technological changes. If the policy changes, the new version will be posted on this page of the website.

QUESTIONS, COMPLAINTS AND SUGGESTIONS
Anyone interested in more information, to contribute their own suggestions or to make complaints or objections regarding privacy policies or the way in which our Company processes personal data may do so by writing to La Fiorida S.r.l. Società Agricola Azienda Agrituristica Valtellina, Via Lungo Adda, 12 - 23016 Mantello (SO).