Privacy Policy of castelbrio.com
This Application collects some Personal Data from its Users.
This document can be printed using the print command in any browser’s settings.
Data Controller
Simonini Dr. Gian Luca
Via del Mulino, 25/1
43037 Lesignano de’ Bagni
Parma – Italy
Data Controller’s email address: brio@castelbrio.com
Types of Data Collected
Among the types of Personal Data collected by this Application, either independently or through third parties, there are: Tracking Tools; Usage Data; first name; last name; phone number; email address.
Full details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific information texts displayed prior to Data collection.
Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using this Application.
Unless otherwise specified, all Data requested by this Application is mandatory. If the User refuses to provide it, this Application may be unable to provide the Service. In cases where this Application states that some Data is optional, Users are free not to communicate such Data without any consequences on the availability or operation of the Service.
Users who have questions about which Data is mandatory are encouraged to contact the Data Controller.
The possible use of Cookies – or other tracking tools – by this Application or by the owners of third-party services used by this Application is for the purpose of providing the Service requested by the User, as well as for any additional purposes described in this document and in the Cookie Policy.
The User assumes responsibility for the Personal Data of third parties obtained, published, or shared through this Application.
Methods and Place of Data Processing
Processing Methods
The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data.
The processing is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated. In addition to the Data Controller, in some cases, the Data may be accessible to certain types of persons involved in the operation of this Application (administrative, sales, marketing, legal, system administrators) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communication agencies) appointed, if necessary, as Data Processors by the Data Controller. The updated list of these parties may be requested from the Data Controller at any time.
Place
The Data is processed at the operational offices of the Data Controller and in any other locations where the parties involved in the processing are located. For further information, contact the Data Controller.
The User’s Personal Data may be transferred to a country other than the one in which the User is located. To obtain further information on the place of processing, the User may refer to the section detailing the processing of Personal Data.
Retention Period
Unless stated otherwise in this document, Personal Data is processed and retained for the time required to fulfill the purpose for which it was collected. It may be retained for a longer period due to legal obligations or based on the Users’ consent.
Purposes of Processing the Data Collected
The User’s Data is collected to enable the Data Controller to provide the Service, comply with legal obligations, respond to requests or enforcement actions, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, and for the following purposes: Traffic optimization and distribution, Displaying content from external platforms, and Contacting the User.
For detailed information on the purposes of the processing and on the Personal Data used for each purpose, the User may refer to the section “Details on the processing of Personal Data.”
Details on the Processing of Personal Data
Contacting the User
Contact Form
By filling in the contact form with their Data, the User authorizes its use to respond to requests for information, quotes, or any other nature indicated in the form’s header.
Personal Data processed: last name; Usage Data; email address; first name; phone number.
Contacting the User
Contact Form
By filling in the contact form with their Data, the User authorizes this Application to use these details to reply to requests for information, quotes, or any other kind of request as indicated by the form’s header.
Personal Data processed: last name; Usage Data; email; first name; phone number.
Traffic Optimization and Distribution
This type of service allows this Application to distribute its content using servers located in different regions and to optimize its performance.
The Personal Data processed depends on the characteristics and implementation methods of these services, which, by their nature, filter communications between this Application and the User’s browser.
Given the distributed nature of this system, it is difficult to determine the locations where the content, which may include the User’s Personal Data, is transferred.
Cloudflare (Cloudflare, Inc.)
Cloudflare is a traffic optimization and distribution service provided by Cloudflare Inc. The way Cloudflare is integrated means that it filters all the traffic through this Application, i.e., communication between this Application and the User’s browser, while also allowing the collection of statistical data about it.
Personal Data processed: Tracking Tools; various types of Data as specified in the privacy policy of the service.
Place of processing: United States – Privacy Policy.
Spam and bot protection
This type of service analyzes the traffic of this Application, potentially containing Users’ Personal Data, with the aim of filtering it from unwanted parts of traffic, messages and content recognized as SPAM or protecting it from malicious bot activity.
Google reCAPTCHA (Google Ireland Limited)
Google reCAPTCHA is a SPAM protection service provided by Google Ireland Limited. Use of the reCAPTCHA system is subject to Google’s privacy policy and terms of use. To learn about Google’s use of Data, please consult their partner policy and their Commercial Data page.
Personal Data processed: clicks; Usage data; keypress events; motion sensor events; touch events; mouse movements; position relative to scrolling; answers to questions; Tracking Tools.
Place of processing: Ireland – Privacy Policy.
Displaying Content from External Platforms
This type of service allows you to view content hosted on external platforms directly from the pages of this Application and interact with them. These services are often referred to as widgets—small elements embedded in a website or application that provide specific information or perform a particular function, often enabling interaction with the user.
Even if users do not use these services, they may still collect web traffic data related to the pages where they are installed.
Google Fonts (Google Ireland Limited)
Google Fonts is a typeface visualization service provided by Google Ireland Limited that allows this Application to integrate such content within its pages.
Personal Data processed: Usage Data; Tracking Tools.
Place of processing: Ireland – Privacy Policy.
Google Maps Widget (Google Ireland Limited)
Google Maps is a map visualization service provided by Google Ireland Limited that allows this Application to integrate such content within its pages.
Personal Data processed: Usage Data; Tracking Tools.
Place of processing: Ireland – Privacy Policy.
Cookie Policy
This Application uses Tracking Tools. For more information, Users may refer to the Cookie Policy.
Additional Information for Users
Legal Basis for Processing
The Owner processes Personal Data relating to the User if one of the following conditions applies:
- The User has given consent for one or more specific purposes.
- Processing is necessary for the performance of a contract with the User and/or for pre-contractual measures.
- Processing is necessary for compliance with a legal obligation to which the Owner is subject.
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Owner.
- Processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.
Users may always contact the Owner to clarify the specific legal basis that applies to each processing activity, particularly whether it is based on law, required for a contract, or necessary to enter into a contract.
Additional Information on Retention Periods
Unless otherwise specified in this document, Personal Data is processed and stored for as long as required for the purposes for which it was collected. Data may also be retained for longer periods due to legal obligations or based on the User’s consent.
Specifically:
- Personal Data collected for purposes related to the performance of a contract between the Owner and the User will be retained until such contract has been fully performed.
- Personal Data collected for purposes related to the Owner’s legitimate interests will be retained until those interests are fulfilled. Users may obtain further details about the legitimate interests pursued by the Owner in the relevant sections of this document or by contacting the Owner.
- When processing is based on the User’s consent, the Owner may retain the Personal Data until the consent is withdrawn. Additionally, the Owner may be required to retain Personal Data for a longer period in compliance with a legal obligation or by order of an authority.
At the end of the retention period, Personal Data will be deleted. Therefore, once the retention period has expired, the rights to access, erasure, rectification, and data portability cannot be exercised.
User Rights Under the General Data Protection Regulation (GDPR)
Users may exercise certain rights regarding their Data processed by the Owner.
Specifically, within the limits provided by law, Users have the right to:
- Withdraw their consent at any time. Users may withdraw consent previously given for the processing of their Personal Data.
- Object to data processing. Users may object to the processing of their Data when it is carried out on a legal basis other than consent.
- Access their Data. Users have the right to obtain information about the Data processed by the Owner, including details of certain processing activities, and to receive a copy of the Data.
- Verify and request rectification. Users may verify the accuracy of their Data and request updates or corrections.
- Restrict data processing. Users may request that the processing of their Data be restricted. In this case, the Owner will process the Data solely for storage purposes.
- Request erasure or removal of Personal Data. Users may request the deletion of their Data by the Owner.
- Receive their Data or have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used, and machine-readable format and, where technically feasible, to have it transferred to another controller without hindrance.
- Lodge a complaint. Users may file a complaint with their local data protection authority or take legal action.
Users also have the right to obtain information about the legal basis for Data transfers to countries outside the EU or to any international organization governed by public international law, such as the UN, and about the security measures adopted by the Owner to protect their Data.
Details on the Right to Object
When Personal Data is processed in the public interest, in the exercise of official authority vested in the Owner, or for the purposes of legitimate interests pursued by the Owner, Users have the right to object to such processing on grounds related to their particular situation.
Users are informed that if their Personal Data is processed for direct marketing purposes, they can object to the processing at any time, free of charge and without providing any justification. If Users object to processing for direct marketing purposes, their Personal Data will no longer be processed for such purposes. To find out whether the Owner processes Personal Data for direct marketing purposes, Users can refer to the relevant sections of this document.
How to Exercise Rights
Any requests to exercise User rights can be directed to the Owner using the contact details provided in this document. Requests are free of charge and will be addressed by the Owner as quickly as possible, in any case within one month. The Owner will also notify Users of any rectifications, erasures, or processing restrictions to any recipient to whom Personal Data has been disclosed, unless this proves impossible or involves a disproportionate effort. Upon request, the Owner will inform the User about such recipients.
Additional Information on Data Processing
Defense in Court
The User’s Personal Data may be used by the Data Controller in legal proceedings or in the preparatory phases leading to its possible establishment for the defense against misuse of this Application or related Services by the User.
The User declares to be aware that the Data Controller may be required to disclose the Data upon request of public authorities.
Specific Disclosures
Upon User’s request, in addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information regarding specific Services or the collection and processing of Personal Data.
System Logs and Maintenance
For operational and maintenance purposes, this Application and any third-party services it uses may collect system logs, which are files that record interactions and may also contain Personal Data, such as the User’s IP address.
Information Not Contained in This Policy
Further details concerning the processing of Personal Data may be requested at any time from the Data Controller using the contact details provided.
Changes to This Privacy Policy
The Data Controller reserves the right to make changes to this privacy policy at any time by notifying Users on this page and, if possible, within this Application as well as, if technically and legally feasible, by sending a notification to Users via any contact information the Data Controller holds.
Users are encouraged to check this page frequently, referring to the date of the last modification indicated at the bottom.
If the changes affect processing activities whose legal basis is consent, the Data Controller will collect the User’s consent again, where required.
Definitions and Legal References
Personal Data (or Data)
Any information that directly, or indirectly, in connection with any other information — including a personal identification number — allows for the identification or identifiability of a natural person constitutes personal data.
Usage Data
Information collected automatically through this Application (or third-party applications integrated into this Application), which may include: the IP addresses or domain names of the computers utilized by the User who connects with this Application, the Uniform Resource Identifier (URI) addresses, the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s response (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system used by the visitor, the various time details per visit (e.g., the time spent on each page), and the details about the path followed within the Application with particular reference to the sequence of pages visited, as well as other parameters about the User’s operating system and/or IT environment.
User
The individual using this Application who, unless otherwise specified, coincides with the Data Subject.
Data Subject
The natural person to whom the Personal Data refers.
Data Processor (or Processor)
A natural or legal person, public authority, agency, or other body that processes Personal Data on behalf of the Data Controller, as described in this privacy policy.
Data Controller (or Controller)
The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the owner of this Application.
This Application
The hardware or software tool by which the Personal Data of the Users is collected and processed.
Service
The service provided by this Application as described in the relative terms (if available) on this site/application.
European Union (or EU)
Unless otherwise specified, any reference to the European Union in this document includes all current member states of the European Union and the European Economic Area (EEA).
Cookies
Cookies are Tracking Tools consisting of small pieces of data stored in the User’s browser.
Tracking Tool
Tracking Tool refers to any technology — e.g., Cookies, unique identifiers, web beacons, embedded scripts, e-tags, and fingerprinting — that enables the tracking of Users, for example, by collecting or storing information on the User’s device.
Legal References
Unless otherwise specified, this privacy policy applies exclusively to this Application.
Last modified: February 3, 2025