Privacy Notice

(Last update: 05/06/2024)

This page describes how we process users’ personal data when visiting this website under Art. EU Reg. 2016/679 (GDPR).
The information below refers only to this website and does not concern other websites, pages, online services, or external resources that can be reached via any hyperlinks published there.

Data Controller
The Data Controller is Guild Living International Italy s.r.l., 50129 Firenze (FI), via Duca D’Aosta 20, P.IVA 07271070489.
The Data Controller can be contacted by email at info@guildsiena.com.

Categories of Data Collected

Data provided by the user
We collect and process data in accordance with the principle of minimisation, and therefore, we ask you to provide only the data necessary for processing purposes.
The data you voluntarily provide is those entered in the contact form (name, surname, email address, telephone number, and any personal data included in your message), in the blog’s comments section (name, surname, email, and comment), or when filling in the questionnaire.

Browsing data
The computer systems and procedures used to operate this website acquire some personal data during their normal operation, whose transmission is implicit in Internet communication protocols.
This data is not collected to be matched to identified interested parties, but due to its very nature, it could allow site users to be identified through processing and association with data held by the Data Controller or by third parties.
Such data include IP address, the domain names of the computers and terminals used by users who access the website, the URI/URL (Uniform Resource Identifier/Uniform Resource Locator) notation addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the reply provided by the server (successful, error, etc.) and other parameters relating to the user’s operating system and computing environment.

Cookies and Other Tracking Technologies
As to cookies and other tracking technologies, please refer to our Cookie Policy.

Purpose, Legal Basis for Data Processing and Retention Period

Personal data collected through the contact form is processed to reply to the requests for information (legal basis: legitimate interest arising from the user’s expectation that the Data Controller will respond to his or her requests; retention period: up to 4 years) or to initiate or continue negotiations upon request of the Data Subject (legal basis: execution of pre-contractual measures requested by the Data Subject; retention period: up to 4 years).

By ticking the box to subscribe to the newsletter, the Data Subject’s personal data will be used to send communications containing information and news on the Data Controller’s activities, products, and services (legal basis: consent; retention period: until consent is revoked).

Personal data collected through the blog’s comments section is processed to interact with users responding to requests, comments and feedback received (legal basis: legitimate interest arising from the user’s expectation to communicate with the Data Controller; retention period: until the Data Subject requests cancellation).

The data collected by answering the questionnaire is processed to:

a) Gain statistical information on the habits, opinions, preferences and needs of the data subjects (legal basis: consent under Art. 6 (1), (a) for ordinary personal data and under Art. 9 (2) (a) for special categories of personal data; retention period: up to 4 years);

b) Analyse the profile of the data subject and conduct targeted marketing activities based on the answers provided (legal basis: consent under Art. 6(1)(a) for common personal data and under Art. 9(2)(a) for special categories of personal data; retention period: up to 4 years).

Browsing data is processed to a) allow browsing on this website, b) monitor its proper operation and security, c) obtain anonymous statistical information on the use of the website (legal basis: legitimate interest; storage period: 4 years, except where required by judicial authorities to investigate offences).

As to cookies and other tracking technologies, please refer to our Cookie Policy.

Personal data can be processed to comply with any legal obligations (including tax, accounting and administrative obligations), national and EU regulations and orders issued by judicial or administrative authorities (legal basis: fulfilment of a legal obligation imposed on the Data Controller; storage period: depending on the relevant legislation; regarding processing for tax, accounting and administrative purposes, the storage period established by the law is ten years).

We may also process your data to assert or defend a right of the Data Controller in a Court of Law and to settle any claims or disputes (legal basis: legitimate interest arising from the Data Controller’s need to protect its rights; retention period: the duration of the dispute and any legal proceedings and until expiry of the limitation and prescription periods).

Processing Methods

Personal data is processed in paper or electronic form by the Data Controller or by authorised personnel (Data Processors), i.e., employees of the company, who operate in compliance with this Privacy Policy and by adopting appropriate technical and organisational measures to protect data security. Upon consent of the person concerned, personal data can be profiled.

Personal data processing does not involve automated decision-making processes or profiling.

Consequences of Not Providing Personal Data

Providing personal data by the user is generally optional, and no consequences are established in case of refusal. However, in the absence of the data marked as ‘compulsory’ in the forms on the website, it will not be possible to provide the requested service (e.g. replying to requests for information).
The processing of browsing data is necessary to allow browsing on this website, guarantee its security, and analyse its traffic.
As to cookies and other tracking technologies, please refer to our Cookie Policy.

Data Recipients

Personal data can be disclosed to parties acting as Data Processors or independent Data Controllers, such as the provider of the web hosting service, the provider of the website management and maintenance service, system administrators, the newsletter emailing platform, call centres, public entities, subjects in charge of web marketing activities, subjects in charge of managing the company’s social media, other companies in the same group of companies and consultants.

The list of Data Processors can be consulted by contacting the Data Controller at the addresses indicated above.

Users’ personal data can be transferred to countries outside the EEA. Specifically:

– In the USA, HubSpot Inc: a recipient that provides adequate protection under Art. 45 GDPR as a company adhering to the Data Privacy Framework;
– In the UK, a country that provides adequate protection under Art. 45 GDPR.

Should further non-EEA data transfers become necessary, the Data Controller undertakes to ensure compliance with the required security standards and conditions set out in Arts. 45-49 EU Reg. 2016/679 (GDPR).

Rights of the Data Subject

Pursuant to Art. 15 ff. GDPR, you are guaranteed the following rights:
– Obtaining access to your personal data;
– Obtaining the rectification of inaccurate personal data and the integration of incomplete data;
– Obtaining the deletion of your personal data in any cases established in Art. 17(1) of GDPR, unless otherwise provided for in paragraph 3 of the same Article;
– Obtaining the processing restriction under the provisions of Art. 18(1) of GDPR;
– Requesting and obtaining information about the recipients of personal data;
– Obtaining the data portability, in the cases established by Art. 20 GDPR.

You can exercise your rights anytime by contacting the Data Controller at the above addresses.
You are also entitled to lodge a complaint to a supervisory authority (for Italy, the Garante per la protezione dei dati personali or Garante Privacy) without prejudice to any other administrative or judicial redress.

Right to Object

As a Data Subject, you have the right to object to processing based on legitimate interest. In this case, the Data Controller will no longer process such data unless it can prove that it has compelling legitimate grounds for further processing which override the interests, rights and freedoms of the Data Subject or that the processing is required to establish, exercise or defend a right in the Court.
You can exercise your right to object by contacting the Data Controller at the contact addresses above.

Amendments to the Privacy Policy

This privacy policy is subject to amendments and updates. Users are invited to refer to the updated version.

___________________

Privacy Policy on Company Social Media
(Last update: 05/06/2024)

Pursuant to Art. 13 of (EU) Reg. 2016/679 (GDPR), this section describes how the personal data of the Data Controller’s social media users (Facebook, Instagram and Linkedin) is processed.

Data Controller

The Data Controller is Guild Living International Italy s.r.l., 50129 Firenze (FI), via Duca D’Aosta 20, P.IVA 07271070489.
The Data Controller can be emailed at info@guildsiena.com.

Guild Living International Italy s.r.l. is the Independent Data Controller of the personal data collected through social media referred to in this information notice, while it is the Joint Controller of the data processing operations referred to in the statistical data (Insights). As regards personal data obtained through social media not mentioned in this Policy, the Data Controller is the relevant social media.

Joint Controller relevant to Statistical Data

Facebook, Instagram, and LinkedIn provide page administrators with Page Insights, i.e., aggregated statistics created by certain events recorded by the social media servers when people interact with the pages and the associated content, for example, by liking or undoing a like or commenting on a post.

Social media is the sole entity that establishes the categories of recorded events, which page administrators cannot configure or change. Furthermore, page administrators are not permitted to access users’ personal data; they can only access statistical data.
As regards Insights, the joint data controllers are:
– For Facebook and Instagram: Guild Living International Italy s.r.l.
and
Meta Platforms Ireland Limited, Serpentine Avenue, Block J, Dublino 4, Irlanda.

More information is available in the Appendix on the Data Controller for Insights of the Page at the following link:
https://www.facebook.com/legal/terms/page_controller_addendum.

– For Linkedin: Guild Living International Italy s.r.l.
and
LinkedIn Ireland Unlimited Company.

More information can be found in the Page Insights Joint Controller Addendum (‘The Addendum’) at the following link:
https://legal.linkedin.com/pages-joint-controller-addendum

Categories of Data Collected

As Data Controller, the following data is collected: identification data (first name, surname, nickname …), contact data, picture of the Data Subject, data provided by the Data Subject via his or her profile or page (profession, work experience, employment status …), and data disclosed or communicated by the Data Subject via comments or messages.
As Joint Controller, statistical data (‘ Insight’) are collected.

Purpose and Legal Basis of Processing

Personal data is processed to:

– Interact and provide feedback to the Data Subject’s requests (legal basis: legitimate interest arising from the user’s expectation that the Data Controller will respond to his or her requests; storage period: up to 4 years);
– Start or carry on a negotiation upon request of the Data Subject (legal basis: execution of pre-contractual measures requested by the Data Subject; retention period: up to 4 years /10 years from the conclusion of the legal relationship in the event of a successful conclusion of the negotiation, subject to the Data Controller’s rights protection requirements);
– Optimise social pages and profiles, obtaining information on how Data Subjects interact with them (legal basis: legitimate interest of the Data Controller to improve the quality of the content published and assess its suitability given the interest expressed by the Data Subjects; retention period: until cancellation by the Data Subject);
– Accomplish any legal obligations (including tax, accounting and administrative obligations), with national and EU regulations and with orders issued by Judicial or Administrative Authorities (legal basis: fulfilment of a legal obligation imposed on the Data Controller is subject; retention period: depending on the reference legislation; when processing for tax, accounting and administrative purposes, the retention period established by the law is ten years).

We could also process your data to assert or defend a Data Controller’s right in Court and to handle any claims or disputes (legal basis: legitimate interest arising from the Data Controller’s need to protect its rights; retention period: duration of the dispute and any legal proceedings and until the expiry of the limitation and prescription periods).

Processing Methods

Personal data is processed in paper or electronic form by the Data Controller or by authorised personnel (Data Processors), i.e., employees of the company, who operate in compliance with this Privacy Policy and by adopting appropriate technical and organisational measures to protect data security.
Personal data processing does not involve automated decision-making processes or profiling.

Consequences of Not Providing Personal Data

The provision of personal data by the Data Subject is generally optional, and no consequences are established in case of refusal. If the Data Subject prefers to refrain from providing his or her data, refraining from interacting with the Data Controller through the relevant social media will be sufficient.

Data Recipients

Personal data can be disclosed to parties acting as Data Processors or independent Data Controllers, such as web marketing agencies, other companies in the same group of companies, law firms, and advisors.
The list of Data Processors can be consulted by contacting the Data Controller at the addresses indicated above.
Personal data is not transferred outside the European Economic Area.
Should it become necessary to transfer the data outside the EEA, the Data Controller is committed to ensuring compliance with the required security standards and conditions as set out in Arts. 45-49 EU Reg. 2016/679 (GDPR).

Rights of the Data Subject

Pursuant to Art. 15 ff. GDPR, you are guaranteed the following rights:

– Obtaining access to your personal data;
– Obtaining the rectification of inaccurate personal data and the integration of incomplete data;
– Obtaining the deletion of personal data concerning you in any cases set out in Art. 17(1) of GDPR, unless otherwise provided for in paragraph 3 of the same Article;
– Obtaining the processing restriction under the provisions of Art. 18(1) of GDPR;
– Requesting and obtaining information about the recipients of personal data.

You can exercise your rights anytime by contacting the Data Controller at the above addresses.
You are also entitled to lodge a complaint to a supervisory authority (for Italy, the Garante per la Protezione dei dati personali or Garante Privacy) without prejudice to any other administrative or judicial redress.

Right to Object

As a Data Subject, you are entitled to object to processing based on legitimate interest. In this case, the Data Controller will no longer process such data unless it can prove that it has compelling legitimate grounds for further processing which override the interests, rights and freedoms of the Data Subject or that the processing is required to establish, exercise or defend a right in the Court.
You can exercise your right to object by contacting the Data Controller at the contact addresses above.

Amendments to the Privacy Policy

This Privacy Policy is subject to amendments and updates. Users are invited to refer to the updated version.