Privacy

WHY THIS INFORMATION

In accordance with Regulation (EU) 2016/679 (hereinafter referred to as the “Regulation” or “GDPR”), this page describes the processing methods of personal data for users visiting the website of GIO’S HYGGE NEST, accessible online at the following address: www.gioshyggenest.it.

These details do not apply to other websites, pages, or online services that may be accessed via hyperlinks published on this site, which refer to resources outside the domain www.gioshyggenest.it.

DATA CONTROLLER

By browsing this website, data related to identified or identifiable individuals may be processed.

The Data Controller is GIO’S HYGGE NEST, with its registered and operational office at: Via San Francesco 2 – 61010 Monte Grimano Terme (PU) VAT Number: 02713660419 Email: hello@gioshyggenest.it Phone: +39 366 1284643

DATA PROTECTION OFFICER (DPO)

The Data Protection Officer (DPO) is Georgiana Bortesi, who can be contacted at: hello@gioshyggenest.it Phone: +39 366 1284643 and PEC (Certified Email): giorgia.bortesi@messaggipec.it

TYPES OF DATA PROCESSED, PURPOSE OF PROCESSING, AND LEGAL BASIS

Browsing Data
Legal basis: Data processing necessary for website navigation – contractual obligation – Article 6, paragraph 1, letter b) of the GDPR

The IT systems and software procedures responsible for the operation of this website collect certain personal data during their normal operation, the transmission of which is implicit in the use of Internet communication protocols.

This category of data includes: IP addresses or domain names of users’ computers and devices, URI/URL addresses (Uniform Resource Identifier/Locator) of requested resources, Time of the request, Method used to submit the request to the server, Size of the file obtained in response, Numerical code indicating the response status from the server (successful, error, etc.), Other parameters related to the user’s operating system and IT environment.

These data, necessary for navigating the website and accessing its content, are also processed by the Data Controller for the following purposes:

• Obtaining aggregated and anonymous statistical information about website usage (e.g., most visited pages, number of visitors per time slot or day, geographic origin of visitors, etc.).
• Ensuring the correct usability of the website’s content.
• Preventing or counteracting possible cyber crimes, fraudulent use of website features, and reconstructing security incidents for tracking purposes.

 

Data Retention Period

In compliance with the principles of lawfulness, purpose limitation, and data minimization as outlined in Article 5 of the GDPR, browsing data will be retained only for the time necessary to fulfill the technical purposes for which they were collected and processed.
However, should the judicial authorities require them for crime investigation purposes, they may be stored for a longer period.

User-Provided Data
Legal Basis: Data processing necessary to respond to user inquiries – contractual obligation – Article 6, paragraph 1, letter b) of the GDPR

The optional, explicit, and voluntary submission of messages to GIO’S HYGGE NEST’s contact addresses, private messages sent by users to the official profiles/pages on social media (where applicable), as well as the completion and submission of forms available on GIO’S HYGGE NEST’s websites, result in the acquisition of the sender’s contact details, which are necessary to provide a response, along with any other personal data included in the communication.

Specific privacy notices are published on the website pages designated for certain services. Where necessary, user consent is obtained, with clear information provided regarding the purpose of data collection and the optional nature of data submission.

Data Retention Period:

User-provided data is retained only for the time necessary to manage individual requests. Any subsequent retention for statistical purposes involves anonymizing such data (except in cases where judicial authorities require it for crime investigation purposes).

Cookies and Other Tracking Systems

The website uses:

1.  Technical Cookies – Necessary for user navigation, ensuring the proper functioning of the website and making content easily accessible. Legal Basis: Contractual necessity, as they are functional and required.
2. Analytical Cookies – Used to generate aggregated statistical analyses on user behavior and interaction with the website. Requires user consent. Legal Basis: User consent.
3. Profiling Cookies – Collect information about user preferences while browsing and generate reports for targeted advertising and marketing campaigns. Requires user consent. Legal Basis: User consent.

Details regarding data processing, purpose, retention period, and full cookie management, including user consent and withdrawal options, are available in the Cookie Management document, also accessible in the website footer.

Social Media Policy

Processing of Personal Data on Social Media Platforms
For information on how social media platform providers process personal data, please refer to their respective privacy policies.
The Data Controller processes the personal data provided by users through the official social media pages, exclusively for business promotion and advertising purposes, as well as for managing interactions with users (comments, public posts, messages, shares, etc.), in compliance with applicable data protection regulations and this privacy policy.
Where required, user consent is obtained, with clear information provided about data usage and the optional nature of data submission. Any personal or sensitive data shared within public comments or posts on social media channels may be removed to ensure compliance with data protection regulations.

Social Media Platforms Used:

Facebook: https://www.facebook.com/profile.php?id=61573765060186 
Instagram: https://www.instagram.com/gioshyggenest/

DATA RECIPIENTS

The data collected through some of the services mentioned above may be shared with:
Third parties designated as data processors under Article 28 of the GDPR, including service providers in the fields of web agencies, digital communication, system support, and other digital service providers. A complete list of these providers is available upon request by contacting hello@gioshyggenest.it.
Independent data controllers, in cases where some data (such as cookies) is transmitted or acquired for statistical purposes—these data are usually anonymized before transmission.
If any data transfers to non-EU countries are required, the security measures undertaken will be detailed in Section 6 of this document.

Personal data collected is also processed by the staff of “GIO’S HYGGE NEST”, who operate under specific instructions provided regarding the purposes and methods of data processing.

DATA PROCESSING SECURITY

Personal data, which is transmitted and stored for the necessary period to fulfill the stated purposes, is protected by specific technical and organizational security measures in compliance with Article 32 of the GDPR. These measures ensure the confidentiality, integrity, and availability of data on a continuous basis, as well as the ability to restore access and availability of personal data in the event of a physical or technical incident.
These security measures are designed to mitigate risks such as destruction, loss, alteration, unauthorized disclosure, or accidental or unlawful access to personal data that is transmitted, stored, or otherwise processed.

TRANSFER OF PERSONAL DATA TO NON-EU COUNTRIES

The Data Controller does not transfer personal data to non-EU countries.
Should such a transfer become necessary, data subjects will be informed in advance, and appropriate safeguards will be implemented, including:
Verification of the European Commission’s adequacy decisions for the recipient country.
Signing of Standard Contractual Clauses (SCCs).
Implementation of additional security measures as recommended by EDPB Recommendation 01/2020.
In exceptional cases, where data transfers fall under Article 49 of the GDPR, such transfers will only occur if necessary due to:
A contractual or pre-contractual obligation benefiting the data subject.
Explicit consent from the data subject for the transfer.

DATA SUBJECT RIGHTS

Data subjects have the right to request from GIO’S HYGGE NEST, in the cases provided by law, access to their personal data, as well as its rectification, deletion, restriction of processing, portability, or the right to object to processing and withdraw consent (where consent serves as the legal basis).
These rights are granted under Articles 15 to 22 of the GDPR and can be exercised by contacting:
GIO’S HYGGE NEST
Registered and operational office: Via San Francesco 2 – 61010 Monte Grimano Terme PU
VAT Number: 02713660419
Email: hello@gioshyggenest.it
Phone: +39 366 1284643

To exercise these rights, data subjects may also use the official request form provided by the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) available at this link:
🔗 https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9038275

RIGHT TO FILE A COMPLAINT

If data subjects believe that their personal data has been processed unlawfully through this website, they have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) under Article 77 of the GDPR, or to take legal action as provided under Article 79 of the GDPR.
The official complaint form is available at the following link:
🔗 https://www.garanteprivacy.it/home/docweb/-/docweb-display/docweb/4535524