Polski (PL) Zmień język
Podróżujesz w grupie? Skontaktuj się z nami

Privacy

Information pursuant to Articles 13 and 14, EU Reg. 2016/679

Last update: 07 August 2020


This page is intended to illustrate the processing of personal data that HUMAN COMPANY carries out in relation to the services made available online through:
> website: palagina.it
> website: fattorialapalagina.it
> website: humancompany.com
> website: plushostels.com
> website: humantravel.com
> website: altomincio.humancompany.com
> website: jolly.humancompany.com
> website: norcenni.humancompany.com
> website: firenze.humancompany.com
> website: parkalbatros.humancompany.com
> website: montescudaio.humancompany.com
> website: ipini.humancompany.com
> website: fabulous.humancompany.com
> website: roma.humancompany.com
> website: birkelt.humancompany.com

1. THE "DATA CONTROLLER" (WHO DECIDES WHY, HOW AND FOR WHOM TO PROCESS THE DATA

Following consultation of the websites or use of the services offered online, data relating to identified or identifiable persons may be processed.


As well as browsing data, for example, information may be collected on the occasion of:
> a request for a booking or contact;
> the use of other services through the website or the contact area;
> the use of other services through the Platforms made accessible on the site; and through the use of cookies


The data controller (i.e. the party which determines the purposes and means of processing personal data and assumes responsibility for correctly processing personal data and having it processed) is Human Company S.r.l., with:
> registered office: Via Generale C. A. Dalla Chiesa 13 - 50136 Florence, Italy
> operational headquarters:Via Generale C. A. Dalla Chiesa 13 - 50136 Firenze, Italia | tel. +39 055 469 8029


Contact details for the Data Protection Officer: [email protected]

The co-data controllers are its subsidiaries and associated companies, which are involved in managing the services provided through the site and satisfying data subjects' requests, as well as in informational activities and sending commercial communications, each relating to its own activities:


Name | Activity
• Figline Agriturismo S.p.A. [P. IVA 00282740976] | Real estate holding
• Elite Vacanze Gestioni S.r.l. [P. IVA 06196120486] | Management holding
• Roma Camping S.r.l. [P.IVA 00954081006] | Management of I Pini Family Park and Roma Camping in Town
Roma Gestioni S.r.l. Unipersonale [P.IVA e C.F. 08219321000] | Management of Fabulous Village
Figline Agriturismo S.r.l. [P. iva P. IVA e C.F. 01681640973] | Management of Norcenni Girasole Village and Villa La Palagina
• Elite Livorno Gestioni S.r.l. [P.IVA e C.F. 05813780482] | Management of Park Albatros Village and Montescudaio Village
• Delta S.r.l. Unipersonale [P.IVA e C.F. 01954310510] | Management of Jolly Camping in Town
• Elite Veneto Gestioni S.r.l. [P.IVA e C.F. 05813690483] | Management of Altomincio Family Park
• Elite Firenze Gestioni S.r.l. [P.IVA e C.F. 05813700480] | Plus Florence and Firenze Camping in Town
• Società Agricola Le Driadi S.r.l. [P.IVA e C.F. 05627800484] | Management of Fattoria La Palagina and Agriturismo Le Corti
• La Quarta S.r.l. [P.IVA e C.F. 06441820484] | management of restaurants and bars
• ECV Shops S.r.l. [P.IVA e C.F. 06441810485] | management of markets and bazaars
• O’Tel S.r.l. [P. IVA 05467430483] | Real estate – company rental
• Adakitalia S.r.l. [C.F. 04719560486] | Tour operator "Norcenni Tour" and Human Travel
• Holding Terza S.r.l. [C.F. 06438440486] | Restaurant and market branch holding
• Plus Prague S.r.o. [C.F./P.IVA CZ699003294] | management of Plus Prague
• Plus Berlin m.b.H. [P.IVA/C.F. DE270699817] | management of Plus Berlin
• La Terra dei Sensi S.r.l. [C.F. 06717970484] | management of ANTS programme
• Camping International S.A. [N° TVA: LU13005324] | management of Camping Birkelt

2. DATA SUBJECTS' RIGHTS

With regard to the processing referred to in this document, data subjects (users of the sites and/or apps) have the right:
> to ask the data controller to access personal data and to correct or cancel it or restrict the processing of personal data concerning them and to object to its processing,
> if the processing is performed by automated (IT) means and on the basis of the data subject's consent, to receive the personal data concerning them in a structured format, commonly used and readable by an automatic device, and/or to obtain direct transmission to another data controller, if technically feasible
> to withdraw consent at any time (without prejudice to the lawfulness of the processing based on consent prior to withdrawal), obviously for processing performed on this basis
> to lodge a complaint with a supervisory authority: Data Protection Authority - Piazza di Monte Citorio 121, 00186 ROME - Fax: (+39) 06 69677 3785 - Switchboard: (+39) 06 696771 - Email: [email protected] - certified email [email protected]


More information at the end of this policy


Requests should be addressed to HUMAN COMPANY S.r.l. through the Contact Form on the sites or the address [email protected], always bearing in mind that it will not be possible to respond to phone requests if there is uncertainty about the caller's identity.

3. BROWSING DATA - data processed in relation to visiting the sites

During their normal operation, computer systems and software procedures used to operate a website acquire certain personal data. The transmission of this data is implicit in the use of internet communication protocols.


This information is not collected with the intention of associating it with identified users, but by its very nature could lead to identifying users through processing and through association with data held by third parties.


This category of data includes, for example, the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) format of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment, such as browser type and version, browser plug-in types and versions, mobile device ID (IDFA or AndroidID) and other parameters related to your operating system and IT environment,


In the absence of specific consent to processing for further purposes, this data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check it is functioning correctly.


The data could be used to ascertain responsibility in the event of any computer crimes against the site, and only in this case will specific procedures aimed at identifying the author be activated.


The LEGAL BASIS FOR PROCESSING this data is the data controllers' legitimate interest, consisting in the protection of data security, the site's proper functioning and improvements to service standards.


PROCESSING METHODS AND APPOINTEES
Personal data is processed using automated tools for the period of time strictly necessary to achieve the purposes for which it was collected. Processing relating to this site's web services are handled by personnel appointed by the Data Controller and by external parties appointed as data processors (Article 28, EU Reg. 2016/679), who are responsible for the technical management and maintenance of the site and related IT systems. Specific security measures are observed to prevent the loss of data, its illicit or incorrect use, and unauthorised access.


No data deriving from the web service is disclosed.
The personal data provided by users who request informative material (newsletter, answers to questions, etc.) is used for the sole purpose of providing the service requested and disclosed to third parties only if necessary for this purpose.

4. DATA PROVIDED VOLUNTARILY BY THE USER

Apart from that specified for browsing data, the user is free to provide the personal data requested during browsing to ask for information or other communications to be sent. Failure to provide data may make it impossible to obtain the requested service.


When the user visits part of the site or activates a feature available via an app that involves collecting personal data, they are provided with a link to this policy and asked to confirm their acknowledgement and, if necessary, consent.


The optional, explicit and voluntary sending of emails to the addresses indicated on this site or reachable through an app involves subsequently acquiring the sender's address, needed to respond to requests, and any other personal data included in the message which, unless different needs are duly communicated, will be kept for the time necessary to satisfy the requests.


Specific information is available below on the pages prepared for particular services on request or which can be used to acquire further personal data.

5. PROCESSING FOLLOWING A BOOKING OR CONTACT REQUEST

The personal data voluntarily provided by the data subject through the booking area or the email addresses made available on the site:


1. It is processed primarily with automated tools to:
• Ensure a certain and timely response that satisfies the data subject's requests (legal basis of the processing: legitimate interest and consent of the data subject in the case of "sensitive" personal data)
• Fulfil obligations deriving from EU laws, rules and regulations; fulfil instructions given by the Judicial Authority (legal basis of the processing: coinciding with the purpose)
• Feed the public knowledge acquisition system through statistical analysis, conducted through anonymised and aggregated data, useful to verify, improve and therefore design an increasingly efficient and adequate service to meet demand (legal basis of the processing: legitimate interest of the data controllers coinciding with the purpose)

2. The contact details, postal and email addresses provided may be used to send courtesy communications and/or informative material/offers relating to the products offered and services provided by the Data Controllers, obviously with the data subject's consent, including via SMS or other communication platforms like WhatsApp. It is understood that the data subject will still have the right to object to this processing at any time (legal basis of the processing: legitimate interest of the data controllers consisting in promoting their products/services, and the data subject's consent)

3. It may be processed by commercial staff, IT system maintenance personnel tasked with ensuring system functionality, data security and backup operations, other personnel assigned within the limits of the assigned tasks and as required by company procedures, and other parties that provide services for purposes auxiliary to satisfying the data subject's requests, also within the limits strictly necessary to fulfil their duties;

4. It may be communicated or made available:
• to parties who can access the data by virtue of law, regulations or EU legislation, within the limits provided for by such rules;
• other associated companies (subsidiaries – parent companies), always for current "administrative and accounting purposes" connected to satisfying the data subject's requests
• to other parties who provide services for purposes related to satisfying the data subject's requests, within the limits strictly necessary to perform their duties - commercial partners, whose collaboration is necessary to provide the requested services. The Commercial Partners will operate as independent data controllers for the processing and in compliance with the respective privacy policies, which they will make available

5. Personal data will be transferred to parties outside the European Economic Area to the country where the data subject resides or is located only if necessary to satisfy their requests and in compliance with current legislation.


When filling in the forms, mandatory fields are indicated with an asterisk. Without the requested data, it will not be possible to satisfy the data subject's requests.


If, at the time of the contact/booking request, the data subject has to communicate sensitive categories of data (e.g. personal data that reveals racial or ethnic origin, political opinions, religious/philosophical beliefs or union membership, and to process genetic data, biometric data intended to uniquely identify a natural person, data relating to the person's health, sex life or sexual orientation), specific consent may be required for its processing, without which it may be impossible to proceed with the data subject's requests.


5.1 ONLINE BOOKING AREA

This is the area of the site where the user can book stays at HUMAN COMPANY accommodation facilities.

The data the user enters at the time of the booking request will be entered on the management software managed by HUMAN COMPANY S.r.l. for all Data Controller Companies and stored in an area that can be accessed by the facility the data subject has expressed an interest in.

Once transmitted to the facility, the data may be processed by administrative employees, receptionists or other staff appointed by the data controller to record the booking, fulfil contractual, accounting and tax obligations, and offer the guest attentive and personalised services to satisfy their requests.
The legal bases of this processing are legal and contractual obligations and, in the case of "sensitive" personal data, the data subject's consent.
Further information can be found in the guest statement


ONLINE PAYMENTS by credit card
Human Company uses Banca Sella's banking gateway to transmit credit card data. In order to ensure greater security, the customer is redirected to a secure web page managed by Banca Sella to conclude the transaction. This obviously does not entail the need to have a current account with this banking institution; any type of credit cards issued by any bank can be used. Payment authorisation when using a credit card takes place at the time of the order, and the relative debit at the time of the order fulfilment.

In the unfortunate event that someone takes possession of my credit card data, how can I be protected from misuse?
First of all, please note that this risk is not only involved in online transactions, but in every occasion of ordinary use. If this happens, however, it is important to know that it is always possible to contact the credit card manager and refuse the charge, and obtain a refund of the amounts charged once the card's actual conditions of use have been ascertained.

6. NEWSLETTER SUBSCRIPTION

The personal data voluntarily provided by the data subject when registering for the Newsletter:
> is mainly processed with automated tools for the sole purpose of satisfying the requests of the data subject, who has the right to interrupt this processing at any time.
> can be processed by communication and marketing workers, IT system maintenance personnel tasked with ensuring system functionality, data security and backup operations, other employees within the limits of the tasks received and the provisions of company procedures and other parties that provide services for purposes auxiliary to satisfying the data subject's requests, within the limits strictly necessary to perform their duties
> may be communicated or made available:
- to parties who can access the data by virtue of law, regulations or EU legislation, within the limits provided for by such rules;
- to other parties who provide services for purposes related to satisfying the data subject's requests, within the limits strictly necessary to perform their duties;
- to associated companies (subsidiaries - parent companies), always for current administrative and accounting purposes connected with satisfying the data subject's requests


In this case, the legal bases of the processing consist in satisfying the data subject's requests and the legitimate interest of the Data Controller consisting in promoting its facilities.

7. Processing of personal data necessary to provide FREE WIFI services

It is mandatory for the user to communicate the data required for the registration procedure in order to use the service.


a) what data is processed
> email address used or made available at the time of registration,
> facility the connection is made from
> data relating to the use of the services provided (connection start date/time, connection end date/time, IP address, browsing log) for which the legislation sets out specific precautions.


b) why the data is processed and legal basis of the processing
Data will be processed for the following purposes:
> to fulfil contractual, accounting and tax obligations;
> to fulfil obligations deriving from EU laws, rules and regulations;
> to fulfil instructions from the judicial authority or another public body that has the power;
> where appropriate, to protect a legitimate interest, assert or defend a right,
> to pursue the legitimate interest of the data controller consisting in protecting the assets and the proper functioning and technical management of the service,


c) how the data is processed and retention periods
In relation to the aforementioned purposes, personal data will be processed mainly with IT and telematic tools, always guaranteeing the utmost confidentiality, relevance and non-excess in relation to the purposes described above, in terms of registration and data retention period.

Any logs will be kept for a maximum of 6 months. The technical processing is delegated to HUMAN COMPANY S.r.l.


d) who can process it
Data may be processed by the following categories of employees and/or data processors:
• personnel in charge of managing and maintaining information systems and responsible for ensuring system functionality, data security and backup operations
• Parties (companies/professionals), appointed as "external" Data Processors, who need to access some data for purposes auxiliary to managing the services requested by data subjects, within the limits strictly necessary to perform the tasks entrusted to them by the Data Controller, e.g. assisting and managing informatic systems, at all times and only to the extent actually necessary for them to perform their duties.


e) who it can be disclosed to
Without prejudice to disclosures made to fulfil legal obligations, the personal data in question may be disclosed or made available to:
> Judicial authorities and public bodies that can access the data pursuant to the provisions of the law, regulations or EU legislation, within the limits set by these rules;
> other parties (companies/professionals) who need to access some data for purposes auxiliary to managing the services requested by data subjects, within the limits strictly necessary to perform the tasks entrusted to them by the Data Controller, e.g. assistance in fulfilling or directly performing administrative obligations, managing information systems


Of course, all the aforementioned communications are limited only to the data necessary for the recipient body/office (which will be the independent data controller for all consequent processing) to achieve the legitimate purposes connected to the communication itself.

8. DATA RETENTION

The data communicated, unless otherwise duly indicated by the data subject, will be kept for the time necessary to satisfy the data subject's requests and comply with the law.


In the case of registration to some sections of the site or to the App, the data will be kept until the registration is cancelled, after which retention will continue only if required by law and in accordance with the rules on keeping administrative documentation.


If the data subject has a contractual relationship with the Data Controller, the data will be kept, if relevant to this, for the duration of the contract, after which it will only be further retained if required by law or with the data subject's consent and in compliance with the rules on keeping administrative documentation.


The contact details for which consent has been given to send commercial communications or newsletters will be kept for up to 12 months after the last sending or until the data subject withdraws consent.

9. COOKIE POLICY

This Paragraph describes the characteristics of the cookies in use and how HUMAN COMPANY uses them, in accordance with the provisions of the Data Protection Authority's Measure of 8 May 2014.


Legal bases of the processing that originate with the use of cookies are:
> For technical cookies (necessary for the site to function properly and to allow browsing): the legitimate interest of the data controller coinciding with the purpose of the cookies
> For any profiling cookies: the user's consent expressed in the manner described in the aforementioned Authority's measure, i.e. continuing to browse after having definitely read the notice displayed on the banner that appears immediately upon first arrival at the site


9.1 What cookies are and how they work
Cookies are small text files that the sites visited by a user send to their terminal. These files are saved and stored in the user's browser folders, then re-transmitted to the same sites on the next visit.

Through cookies, the servers receive information that is reread and updated every time the user returns to HUMAN COMPANY sites.

Cookies contain the following information:
• indication of the server or domain they were generated from;
• their duration (or expiration date);
• a unique identification code;
• a unique value.
In any case, cookies cannot cause damage to the user's computer.

9.2 What cookies are used for
Cookies have the task of facilitating use of the site and improving the browsing experience. They also provide the site manager with information - usually aggregated and anonymous - on user navigation, in order to obtain statistical data on the use of the site.

Furthermore, some cookies collect and store information on the user's device about what the user has done on the sites. This information can be used:
> to recognise the user (or rather the device used by the user), also proposing settings based on their previous requests/choices during subsequent visits
> to analyse preferences expressed by the user while browsing, by creating a profile essentially used to view or send personalised commercial promotion messages, i.e. in line with the interests which can be inferred from the user's browsing


9.3 Types of cookies
Cookies can be divided into the following categories: Technical cookies and Profiling cookies.

> "TECHNICAL" and functional COOKIES: Technical cookies are those used for the sole purpose of "carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide this service" (see Article 122, paragraph 1, of the Code).

These allow the site to function optimally, but the user can decide not to allow them to be used by changing their browser settings. Disabling these cookies may prevent access to some of the site's features.

Technical cookies can be distinguished between:
1. Browser cookies:
These are needed to browse the site and use all its functions (like maintaining the session and accessing restricted areas), and do not collect information for profiling or commercial purposes. Without these cookies, it would not be possible to provide the requested services.
2. Functional cookies:
These let the user browse based on a series of selected criteria (e.g. the site language), thus facilitating browsing. The information collected through these cookies is anonymous.
Users' prior consent is not required to install technical cookies, though the obligation to provide this information remains. Data deriving from the use of technical cookies has to be acquired and processed for the site to be used properly. If the user opposes it, they will not be able to view the site correctly and in its entirety.
The legal basis for using technical cookies remains the legitimate interest of the data controller, consisting in the site's proper functioning and improvements to the services rendered.
3. Analytics cookies:
These are similar to technical cookies to the extent they are used directly by the webmaster to collect aggregate information on the number of users and how they visit the site. They are used to optimise management. The information collected by these cookies does not allow identification of the user.

> PROFILING COOKIES
As mentioned above, these cookies allow information to be acquired on preferences and how the user interacts with the site. They are used to assign the user (in reality usually the terminal the user uses) a profile with the aim of optimising the site's effectiveness and usability at the highest level, including by personalising the promotional/advertising messages displayed to the individual user.

These cookies can be installed on users' terminals only when they have been previously and adequately informed and have provided consent which, as required by the measure mentioned above, can also be expressed simply by continuing to browse after reading the notice displayed upon first arrival on the site.

The legal basis for using profiling cookies is the consent of the data subject (user of the device used for browsing), expressed in the manner provided for by the aforementioned general measure of the Data Protection Authority "Identification of simplified methods for information and acquiring consent for the use of cookies" of 8 May 2014 [.https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/3118884]


9.4 DISABLING AND REMOVING COOKIES

The user's privacy is essentially guaranteed by the fact that they can, AT ANY TIME:
> configure the browser to accept all cookies, reject them all or receive a warning notice when one is sent,
> delete one, some or all of the cookies.

Each browser has its own specific settings, so please remember to consult your browser's "Help" section for more information on how to change your preferences.

Most browsers are initially set up to accept cookies automatically. In the case of different devices (e.g. computers, smartphones, tablets, etc.), the User must ensure that each device's browser settings are configured to reflect their cookie preferences.

Here are some links to online documentation for the main browsers:
Internet Explorer: https://support.microsoft.com/en-us/help/17442/win...
https://support.microsoft.com/en-us/help/17479/win...
Mozilla Firefox http://support.mozilla.org/it/kb/Attivare%20e%20di...
Google Chrome https://support.google.com/chrome/answer/95647?hl=...
Safari iOS (iPhone, iPad, iPod touch): http://support.apple.com/kb/HT1677?viewlocale=it

COOKIES ON MOBILE DEVICES
Just like with browsers on computers, browsers on mobile devices let you change your privacy configuration or settings to disable or delete cookies.
If you want to change your privacy settings, follow the instructions provided by the browser developer for your mobile device.
Below are the links valid for some browsers:
IOS https://goo.gl/fG1K8t
Chrome Mobile https://goo.gl/f0XME
Opera Mobile http://goo.gl/Nzr8s7
Windows Phone https://goo.gl/xsSg56
Microsoft Internet Explorer:
1. Click on "Tools" at the top of your browser window;
2. Select "Internet Options" and then click on the "Privacy" tab.
3. To enable cookies, the Privacy level must be set to "Medium" or below. To disable them, the Privacy level must be set above "Medium".
4. To activate the "Third-party cookies" option, select the "Advanced" button in the "Privacy" section, tick "Replace automatic cookie management", confirm the default option "Accept" next to "Third-party cookies", and save by clicking on OK. Alternatively, if you do not want to authorise third-party cookies, select "Block" and click on OK. If you want to accept or block third-party cookies from time to time, select the "Ask for confirmation" option and click on OK.
Mozilla Firefox:
1. Click on "Tools" at the top of your browser window and select "Options".
2. Select the "Privacy" icon and in the "History" section tick "Accept cookies from sites" to accept them. To prevent cookies being installed, including those from third parties, you have to deselect this option.
3. To allow third-party cookies to be installed, you need to have selected "Accept cookies from sites" (see previous point) and under "Accept third-party cookies" select the "Always" option that appears on the drop-down menu. If you do not want to accept cookies from third parties, select the "Never" option from the same drop-down menu.
Google Chrome:
1. Click on the Chrome menu icon and select "Settings".
2. At the bottom of the page, click on "Show advanced settings".
3. In the "Privacy" section, click on "Content settings".
4. To enable or disable cookies:
• To enable cookies, select "Allow local data to be set".
• To disable cookies, select "Block sites from setting any data".
• To prevent access by cookies from third parties, select the option "Block cookies from third parties" in the same Privacy section.
5. Click on Finish to save.
Safari (iPhone, iPad, iPod Touch):
1. Click on the "Settings" icon and select "Safari"
2. Select "Privacy and Security" and then "Block Cookies"
3. In this context, select the "Always block" option if you want to prevent cookies from being installed.

More information on cookies can be found at the following address: www.allaboutcookies.org
Permanently disabling profiling cookies

If you are using Internet Explorer:
1. Click on "Tools" at the top of your browser window;
2. Select "Internet Options" and then click on the "Privacy" tab.
3. To enable cookies, the Privacy level must be set to "Medium" or below. To disable them, the Privacy level must be set above "Medium".
4. To activate the "Third-party cookies" option, select the "Advanced" button in the "Privacy" section, tick "Replace automatic cookie management", confirm the default option "Accept" next to "Third-party cookies", and save by clicking on OK. Alternatively, if you do not want to authorise third-party cookies, select "Block" and click on OK. If you want to accept or block third-party cookies from time to time, select the "Ask for confirmation" option and click on OK.

If you are using Firefox 5 or later:
1. Open the "Options" menu and click on the "Privacy" tab
2. Select the "Request websites not to track" option

If you are using Google Chrome:
1. Open Chrome and then the "Settings" menu
2. Click on "Show advanced settings" at the bottom of the page.
3. Under "Privacy", in the "Send a request" box, put a tick next to "Do not keep track of your browsing traffic".


9.5 THIRD-PARTY COOKIES
When a user is browsing a site, cookies present there but coming from other sites and managed by third parties can be installed in the user's browser folders.

This happens because the site may contain elements like images, maps, sounds and specific links to web pages on other domains that reside on different servers from the one where the requested page is located. In other words, these cookies are set directly by managers of websites or servers other than the Site. These third parties could theoretically set cookies while visiting the site and thus obtain information relating to the fact that you have visited the Site.

In this case, the owner of the site visited only acts as a technical intermediary between the user and these other sites.
• Google's privacy statement relating to the Google Analytics service is available at http://www.google.com/intl/it_ALL/analytics/learn/....
• Google's privacy policy is available at http://www.google.com/intl/it/privacy/privacy-poli....
• Facebook's privacy policy is available at http://www.facebook.it/privacy/explanation.

To disable third-party cookies, please refer to the instructions given in the previous points.

For more information, visit the following site: www.youronlinechoices.com/it/

If the User decides not to give their consent to the storage of third-party cookies, they can only use the Site functions which do not require these cookies to be stored.

With regard to the ownership of the processing performed through these third-party cookies, please refer to the respective information and cookie policies found via the links above and in the following paragraphs.

9.6 Google Analytics (*)
This site uses Google Analytics, a web analysis service provided by Google Inc. to generate statistics on the use of the web portal.

Google Analytics uses "cookies" which are stored on your computer to analyse how users use the site. The information generated by the cookie about the use of the website (including the IP address) is transmitted by the user's browser to Google, based at 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, and stored on its servers.

Google Analytics collects information anonymously without identifying individual visitors. Browsers do not share the proprietary cookies of the Google Analytics tool between various domains. Google Analytics does not report information related to the actual addresses, but communicates information so that only part of the IP address is used for geolocation, instead of the whole address, using a method known as IP masking.

Google will use this information to track and examine the use of the website, compiling reports on website activities and providing other services to the website owner relating to website activities, connection methods (mobile, PC, browser used, etc.) and the methods of searching and reaching the portal pages. Google may also transfer this information to third parties to meet legal requirements or when said third parties process the aforementioned information on Google's behalf. Google will not associate your IP address with any other data held by Google.

Google Analytics cookies can be disabled by using the opt-out add-on provided by Google for the main browsers. In this way it will also be possible to use the online services.


See also:
- the Google Analytics terms of service
- Google's privacy statement http://www.google.com/intl/en/analytics/privacyove...
- Google's privacy policyhttp://www.google.com/intl/it/privacy/privacy-poli...
-https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
- https://support.google.com/analytics/answer/276305...


9.7 GOOGLE ADS (*)
This site hosts cookies from Google ADS, an online advertising service (Remarketing and Behavioural Targeting) of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States

The ADS functions allow monitoring, by activating cookies, of the conversions generated by your click on an advert published by Google: a cookie is added that lasts 30 days and does not collect or monitor information that can personally identify a user, but that is recognised and used by Google to show the user ads or information consistent with what has been detected, mainly on its search response pages (e.g. advertising banners that relate to our services or other similar ones will be proposed)

Users can disable Google tracking cookies in their internet browser settings. Google cookies can be disabled by using the opt-out add-on provided by Google for the main browsers https://tools.google.com/dlpage/gaoptout. In this way it will also be possible to use the online services.

See also:
• Google's privacy statement
• Google's privacy policy

9.8 Social Plugins
On the sites you can find "Social Plugins" (hereinafter called buttons) for social networks like Facebook. These buttons are disabled by default, i.e. they do not send data to the respective social networks without your consent.

To activate the buttons, simply click on them. After activation, a direct connection is established with the respective social network's server. The content associated with the button is then transmitted directly from social networks to your browser and connected by the latter to the web page.

When a button is activated, the respective social network can detect a series of data, regardless of your interaction with the button itself. If you have logged in to a social network, it can assign your visit to this web page to your user profile.

To know the purpose and extent of the detection and processing of data performed by social networks, which we have no part in, the user can access the privacy statements and policies made available on the portals of the social networks themselves.


9.9 Facebook Pixel (**)
The Facebook pixel is a data collection tool that measures the effectiveness of advertising displayed on the site. The Facebook pixel is used to understand the actions people perform on the site. This information is then recognised by Facebook, which will show the user ads or information consistent with what the pixel detects (for example, if you have visited our site, Facebook will propose advertising banners concerning our services or others like them). This is dynamic ad retargeting, which is also used to remind users of products they have seen but not purchased.

Retargeting on Facebook sets a cookie and a Facebook tracking pixel is integrated into our website. By setting the cookie, Facebook can recognise the user when they access web pages that are part of the Facebook advertising network.

Every time the user visits a web page where the Facebook retargeting service has been integrated, the browser automatically identifies itself on Facebook itself. As part of this technical process, Facebook can acquire personal data, such as the user's IP address or browsing behaviour, which Facebook uses e.g. to display advertisements of interest to the user.

Facebook's privacy policy is available at https://de-de.facebook.com/about/privacy/ and provides information on Facebook's processing of personal data. It also illustrates which settings tools Facebook makes available to the data subject.

Facebook's management company is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If the data subject lives outside Canada or the United States, the data controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.


9.10 Adabra

Adabra is a Marketing Intelligence and Behavioral Targeting service provided by Ad Spray S.r.l. Adabra uses tracking technology to monitor User behavior. These data are then used to personalize the user experience and to provide targeted messages and communications. Adabra may also connect the accumulated data with other networks, including advertising networks, and enable these third parties to track and direct the User. Personal data collected: Cookies, Fingerprint and Usage data. Place of processing: Italy

10 COOKIES USED ON HUMAN COMPANY SITES.

For each site, we list the cookies divided into two macro-categories:


> "TECHNICAL" and functional COOKIES: Technical cookies are those used for the sole purpose of "carrying out the transmission of a communication over an electronic communications network, or to the extent strictly necessary for the provider of an information society service explicitly requested by the subscriber or user to provide this service" (see Article 122, paragraph 1, of the Code). They are not used for other purposes. They can be divided into: browser or session cookies, which ensure normal browsing and use of the website (e.g. allowing purchases to be made or obtaining authentication to access restricted areas); analytics cookies, assimilated to technical cookies when used directly by the site operator to collect aggregate information on the number of users and how they visit the site; functional cookies, which let the user browse according to a series of criteria they select (e.g. language, products selected for purchase) in order to improve the service provided. Prior consent from users is not required to install these cookies;


> PROFILING COOKIES: Profiling cookies are aimed at creating profiles for the user and used to send advertising messages in line with the preferences they show when browsing online


10.1 What Kind Of Cookies Are Used By The Site https://humancompany.com/














































"TECHNICAL" COOKIES - analytics and functional


cookie name



HOW LONG THEY STAY ON THE TERMINAL used by the USER



Purpose



SOURCE
(for third-party cookies)



_fpb
3 month
Used by Facebook to provide a variety of advertising products such as real-time offers from third part advertisers
facebook.com
_ga
2 years
Used to distinguish users
google.com
_gid
24 hours
Used to distinguish users
google.com
_gat
1 minute
Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_.
google.com
_gcl_au
3 months
Enables us to understand how a user to our website uses the website by generating analytical data.
google.com


































PROFILING COOKIES


cookie name



HOW LONG THEY STAY ON THE TERMINAL used by the USER



Purpose



SOURCE
(for third-party cookies)


ion_selected_language
closing browser
Identify the language choose by the user for the website.
humancompany.com
token
around 30 minutes
token assign to user across the humancompany websites, only if user is logged in.
humancompany.com
CustomerId
around 30 minutes
user detail from huniverse card if user is logged in.
loyalty.humancompany.com

10.2 What Kind Of Cookies Are Used By The Site https://humantravel.com/






















"TECHNICAL" COOKIES - ANALYTICS AND FUNCTIONAL


cookie name



HOW LONG THEY STAY ON THE TERMINAL used by the USER



Purpose



SOURCE
(for third-party cookies)



XSRF-TOKEN
around 30 minutes
token assign based on session.
norcenni.humancompany.com




























PROFILING COOKIES


cookie name



HOW LONG THEY STAY ON THE TERMINAL used by the USER



Purpose



SOURCE
(for third-party cookies)


ion_selected_language
closing browser
Identify the language choose by the user for the website.
humancompany.com
laravel_session
around 30 minutes
identify the user by a session.
norcenni.humancompany.com





11. USER RIGHTS - FURTHER INFORMATION | Right of access

The data subject has the right to obtain confirmation from the data controller of whether their personal data is being processed and, if so, to obtain access to the personal data and the following information:


a) the purposes of the processing;
b) the categories of personal data concerned;


c) the recipients or categories of recipients to which the personal data has been or will be communicated, in particular if these are recipients from third countries or international organisations and, in this case, the existence of adequate guarantees;


d) when possible, the expected retention period of the personal data or, if not possible, the criteria used to determine this period;


e) the existence of the data subject's right to ask the data controller to correct or delete personal data or restrict the processing of personal data concerning them, or to object to its processing;


f) the right to lodge a complaint with a supervisory authority;


g) if the data has not been collected from the data subject, any available information on its source;


h) the existence of an automated decision-making process, including profiling, which produces legal effects concerning them or which significantly affects them and, at least in such cases, meaningful information on the logic used, as well as the significance and expected consequences of this processing for the data subject.


Right of rectification
The data subject has the right to have the data controller correct inaccurate personal data concerning them without undue delay.


Right of erasure
The data subject has the right to have the data controller delete personal data concerning them without undue delay, and the data controller is obliged to delete personal data without undue delay if one of the following grounds applies:


a) the personal data is no longer necessary with respect to the purposes for which it was collected or otherwise processed;


b) the data subject revokes the consent the processing is based on and there is no other legal basis for the processing;


c) the data subject objects to the processing, and there is no prevailing legitimate reason to proceed with the processing;


d) the personal data has been processed unlawfully;


e) the personal data must be erased to fulfil a legal obligation under European Union law or under the law of the Member State to which the data controller is subject;


Right to restrict the processing
The data subject has the right to have the data controller restrict the processing where one of the following applies:


a) the data subject contests the accuracy of the personal data, for the period necessary for the data controller to verify its accuracy;


b) the processing is unlawful and the data subject opposes the erasure of the personal data and instead requests the restriction of its use;


c) although the data controller no longer needs the personal data for processing purposes, the personal data is required by the data subject to ascertain, exercise or defend a right in court;


d) the data subject has objected to the processing, pending verification as to whether the data controller's legitimate reasons prevail over those of the data subject.


Right to object
The data subject has the right to object at any time to the processing of personal data concerning them performed for direct marketing purposes, including profiling to the extent that it is connected to such direct marketing.


Right to data portability
The data subject has the right to receive the personal data concerning them, which they have provided to a data controller, in a structured, commonly used and machine-readable format, and has the right to transmit this data to another data controller without hindrance from the data controller the personal data was provided to, when:


a) the processing is based on consent or on a contract; and


b) the processing is performed by automated means.


In exercising their rights regarding data portability, the data subject has the right to have the personal data transmitted directly from one data controller to another, where technically feasible.

12. Some Definitions

Personal data: Any information relating to an identified or identifiable natural person


"Sensitive" personal data NEEDS GREATER PROTECTION AND SPECIAL ATTENTION, and includes personal data that reveals racial or ethnic origin, political opinions, religious/philosophical beliefs or union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the person's health, sex life or sexual orientation (Article 9 of EU Reg. 2016/679)


Processing: any operation or set of operations, carried out with any means or methods and applied to personal data or sets of personal data (such as collection, recording, organisation, structuring, retention, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction)


Data Subject: the natural person the personal data refers to.


Data Controller: the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of personal data processing.


Data Processor (appointed pursuant to Article 28, EU Reg. 2016/679): the natural or legal person, public authority, service or other body which processes personal data on behalf of the Data Controller.


Legal basis of the processing: the normative principle according to which the described personal data processing can be performed, in many cases coinciding with the declared purpose.


European Economic Area (EEA): EU Member States, Norway, Iceland, Liechtenstein.

13. TERMS OF USE OF THE WIRELESS INTERNET CONNECTIVITY SERVICE OFFERED BY HUMAN COMPANY

These general conditions relate to the rules for using the wireless Internet connectivity service provided/offered in the common areas of HUMAN COMPANY facilities.


In particular, the service in question allows all those with portable PCs, smartphones, tablets or PDAs equipped with a wireless network card (hereinafter referred to individually as the "Device") to use the wireless internet connection.


HUMAN COMPANY reserves the right to expand and modify the range of features offered within the service.


Users' access to the service is subject to registration and full acceptance of the rules contained in this document


The service is reserved for users over the age of 18 or under the supervision of a parent or someone who exercises parental responsibility


13.1 SERVICE CHARACTERISTICS

The service is offered free of charge; obviously the maximum bandwidth actually available to the user is dependent on the number of users connected and the actual availability at the facility.


HUMAN COMPANY reserves the right to suspend and/or interrupt and/or vary the service at any time and without notice, and in any case cannot be considered responsible towards either the user or third parties for suspension or interruption.


13.2 DURATION OF THE SERVICE AND EFFECTIVENESS OF THE AGREEMENT

The service is aimed at HUMAN COMPANY facility guests:
> who are of legal age,
> who have the legal capacity to act,
> who are the holders and only users of the email address required to complete the registration referred to in Article 3 below


The service remains usable until the registration is revoked.


HUMAN COMPANY reserves the right to suspend and/or interrupt and/or vary the service at any time and without notice, and in any case cannot be considered responsible towards either the user or third parties for suspension or interruption.


HUMAN COMPANY may unilaterally supplement and/or modify this document's terms and conditions at any time and without notice.


Any changes and/or additions may be communicated to the user via the email address provided at the time of registration. Continuing to use the service after such communication effectively implies acceptance of the new conditions.


HUMAN COMPANY reserves the right to modify the characteristics of the Service's functionality.


13.3 USER REGISTRATION

The contract is finalised and therefore concluded when the User, having registered, accepts these Terms and Conditions of Use of the Service.


The possibility of registering is offered through the User's social media profile or by providing a valid email address WHICH THE USER HAS EXCLUSIVE USE OF


Please note that the registration process involves acquiring the MAC address of the device used during the procedure. The acquired MAC address will then be used to identify the user and allow them to access the service, therefore the user, for their own protection, needs to use a device they exclusively control and possess, preferably equipped with adequate security measures (such as passwords or other types of credentials for turning on and using the device)


13.4 IDENTIFYING AND MONITORING THE USER AND THE NETWORK

With reference to the functions that require network connection, the User acknowledges and accepts the existence of the electronic register of the service's operation (Log), maintained and kept by the connectivity services provider within the terms established by law.


The contents of the Log are completely confidential and can only be shown to the competent Authorities upon formal request.


In order to identify the connection's origin with certainty, the User acknowledges that HUMAN COMPANY will identify them, when connected, by means of the MAC address of the device used at the time of registration.


The user is informed that if the device they used to register is then used by third parties, this would allow the latter to use the service in the user's name.


The user has sole responsibility for keeping and looking after their device and any credentials necessary to activate it and access the wifi service; consequently, they remain solely responsible for all uses connected or related to it (including damage and harmful consequences caused to CTA and/or third parties).


13.5 USER OBLIGATIONS

The user agrees not to allow third parties to use the service through the former's device.


The user also undertakes not to use the service for communications that cause damage or disturbance to the network or third parties, or that violate the laws and regulations in force. In particular, by way of example and without limitation, the user undertakes not to introduce material in violation of copyright law, or other intellectual or industrial property rights, onto the network via the service.


The user undertakes:
- not to send advertising and/or promotional messages or communications to other users and/or discussion groups by email without requesting and obtaining the relative consent or without the sending having been explicitly solicited (spam);
- not to violate the secrecy of personal correspondence and the right to confidentiality;
- not to use ad hoc networks or other tools in the coverage areas that could adversely affect the network's performance and violate service users' right to privacy;
- to respect the rules of good conduct in use on the internet, known as "Netiquette", which have become standard through the document known as "RFC 1855";
- not to transmit material and/or messages that encourage third parties to engage in unlawful and/or criminal conduct incurring criminal or civil liability;
- not to put information on the network that may have pornographic, obscene, blasphemous, racist, defamatory, offensive, intolerant or xenophobic forms or content;
- not to engage, on the WiFi network, in any other activity prohibited by state law, international legislation, regulations and customs for using networks and related services.


HUMAN COMPANY reserves the right to unilaterally withdraw the service, at any time, without being obliged to provide any reason, without notice and without having to pay any compensation, if it determines, at its sole discretion, that the user has violated even one of the obligations indicated herein.


13.6 LIABILITY


  • The user is responsible for any violation of the conditions and rules of use of the service and undertakes to indemnify HUMAN COMPANY substantially and procedurally and to hold it harmless from any claim, including from third parties, for any reason whatsoever, in any way caused by violating these conditions and/or violating laws or regulations or administrative measures.

  • The user assumes all responsibility and burden regarding the content and forms of communications made through the service and undertakes to hold HUMAN COMPANY harmless from any claim or action that may be addressed to it by any party as a consequence of such communications. With this liability, the user expressly exempts HUMAN COMPANY from any liability and burden of assessment and/or control in this regard.

  • The user undertakes to hold HUMAN COMPANY harmless from all losses, damages, costs and charges, including any legal fees, which may be incurred by HUMAN COMPANY as a result of the use of the service made available to the user.

  • HUMAN COMPANY will not be liable to the user and/or its assignors or assignees and to third parties for direct, indirect or consequential damages, and for losses and costs incurred as a result of interruptions, suspensions, delays or any malfunctions in the delivery of the service.


13.7 APPLICABLE LAW AND JURISDICTION

The conditions and rules for using the service described in this document are governed by Italian law. For anything not expressly covered, current legislation applies.


For any disputes that may arise in relation to the service, including disputes over the interpretation, effectiveness, validity and execution of these conditions and rules of use, the Court of Florence will have exclusive jurisdiction.