Privacy and cookies policy

In compliance with the obligations arising from national legislation (Privacy Code) and community legislation (European General Regulation no. 679/2016) regarding the protection of personal data, lofoo.it by Locanda Lo Foo di William Henriod respects and protects the privacy of visitors and users.
This privacy policy applies both to the collection of information from the website and from other channels.

1 – Legal basis of the processing
By using or consulting this site, visitors and users explicitly approve this privacy policy and consent to the processing of their personal data in relation to the methods and purposes described below, including any disclosure to third parties if necessary for the provision of a service.
The provision of data and therefore the Consent to the collection and processing of data is optional, the User can deny consent, and can revoke a consent already provided at any time. However, denying consent may make it impossible to provide some services and the browsing experience on the site would be compromised.
The data of registered Customers are processed in accordance with the contract in force with lofoo.it of Locanda Lo Foo di William Henriod from the moment the contract was concluded.

2 – Purpose of the processing
The processing of personal data means: registration, storage, organization, consultation, selection, extraction, comparison, processing, use, modification, interconnection, blocking, communication, cancellation and destruction, transfer or dissemination, or the combination of two or more of these operations.
The processing of data collected by the site, in addition to the purposes connected, instrumental and necessary to the provision of the service, is aimed at the following purposes:

2.1 – Statistics
Collection of data and information in an exclusively aggregated and anonymous form in order to verify the correct functioning of the site, to improve the online store and the platform.
None of this information is related to the physical person-User of the site, and does not allow identification in any way.

2.2 – Security
Collection of data and information in order to protect the security of the site and users (spam filters, firewalls, virus detection) and to prevent or expose fraud or abuse to the detriment of the website.
Such data is never used to identify or profile the User and is deleted periodically.

2.3 – Provision of services
Collection of data to manage reservations, provide services, process payments, communicate with users regarding reservations and update records.

2.4 – Ancillary activities
Communicating data to third parties who perform functions necessary or instrumental to the operation of the service, and to allow third parties to carry out technical, logistical and other activities on our behalf.
This site uses suppliers to carry out certain activities, such as processing orders, delivering packages, sending traditional mail, analyzing data, providing marketing assistance, making payments with credit cards and providing customer services.
Providers have access only to personal data that is necessary to perform their tasks, and undertake not to use the data for other purposes, and are required to process personal data in accordance with applicable regulations. This category of data is retained only for the period of time necessary to provide the service.

3 – Data collected

3.1 – Data collected automatically
This website does NOT collect web users' browsing data through automated analytical systems.

3.2 – Data provided voluntarily
The site may collect other data in the event of voluntary use of services by users, such as commenting services, communication (chat, contact and booking forms):
Name and surname;
Email address;
Telephone number;
Arrival and departure date;
Number of guests;
all data present in the availability and booking request form.

This data is provided voluntarily by the User when requesting the service, or entering the comment, and will be used exclusively for the provision of the requested service and processed only for the time necessary to provide the service.

Tax data is necessary in order to use the services provided for a fee, and for invoicing purposes.
The data collected by the site are not provided to third parties, unless it is a legitimate request by the judicial authority and only in the cases provided for by law. However, the data may be provided to third parties if this is necessary for the provision of a specific service requested by the User, or for tax purposes or for the execution of security checks or optimization of the site.

4 – Place of processing
The data collected by the site are processed at the headquarters of the Data Controller and at data centers located within the European Economic Area (EEA), and are handled only by personnel in charge of processing. Personal data are processed with automatic and non-automatic tools, for the time strictly necessary to achieve the purposes for which they were collected.

5 – Data retention period

The data collected are processed for the time necessary for the purposes for which they were collected, and in any case no longer than the times prescribed by law.
The data necessary for tax purposes are retained until the assessments relating to the corresponding tax period are defined, therefore for at least 10 years and more if the related year is not yet prescribed for tax purposes.
Upon expiration, the data will be deleted or anonymized, unless there are additional purposes for the retention of the same (e.g. warranty supply obligations, tax obligations).

6 – Transfer of collected data to third parties and non-EU countries
This site, in carrying out its activities and in the execution of the services requested by users, may have to transfer some data to third parties who perform specific tasks that are instrumental and connected to those of the site. Suppliers have access only to the data necessary for the performance of their specific task, and are required to process them in accordance with this Policy.
In the event of a transfer of a company or production units, the personal data of Customers are included in the company assets that are transferred, but remain subject to the commitments set out in this Policy, unless new consent is requested.

In the event that data is transferred to companies located outside the European Union (for example Google, Facebook and Microsoft – for LinkedIn and Skype), we ensure that it is transferred in compliance with the regulations in force on the matter and in particular with the provisions of the General Regulation for the protection of personal data. The transfer is authorized based on specific decisions of the European Union and the Guarantor for the protection of personal data http://www.garanteprivacy.it/home/provvedimenti-normativa/normativa/normativa-comunitaria-e-intenazionale/trasferimento-dei-dati-verso-paesi-terzi, in particular decision 1250/2016 (Privacy Shield http://eur-lex.europa.eu/legal-content/IT/TXT/?uri=CELEX%3A32016D1250 – here is the information page of the Italian Guarantor http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/5306161), for which no further consent is required.
By activating the contract, the user expressly consents to the transfer of data in the cases indicated above.

7 – Cookies
This site uses cookies and similar technologies. Cookies allow us to store information about visitors' preferences, allow us to verify the correct functioning of the site and improve its functionality by customizing the content of the pages based on the type of browser used, or to simplify navigation by automating procedures (e.g. Login, site language) and for the analysis of the use of the site by visitors.

Technical cookies
Cookies in this category include both persistent cookies and session cookies, allow us to distinguish between connected users, preventing a service from being provided to the wrong User and therefore are the result of an express request by the user, and are also used for the security of the site and the users themselves. In the absence of these cookies, the site or some portions of it may not function correctly. Cookies in this category are always sent from our domain, and consent is not required for them.

Analytical cookies (e.g. Google Analytics)
Cookies in this category are used to collect information on the correct use of the site and on user behavior for statistical analysis purposes, to improve the site and simplify its use. This type of cookie collects information anonymously about user activity on the site and how they arrived at the site and the pages visited. Cookies in this category are sent from the site itself or from third-party domains.

Marketing cookies
Cookies in this category are used to collect information on the correct use of the site and on user behavior for statistical analysis purposes, to improve the site and simplify its use. This type of cookie collects information anonymously about user activity on the site and how they arrived at the site and the pages visited. Cookies in this category are sent from the site itself or from third-party domains.

This site uses the following cookies:
- ASPSESSION - ID
Technical cookie for the operation of the website and its pages.
Allows the website to store data on the serialization status. It is used to establish a user session and to communicate the status data through a temporary cookie, commonly called session cookie. Since the ASPSESSIONID cookie does not have a time limit, it disappears when the browser is closed

7.1 – Consent to the use of cookies
By using the site, continuing to browse the site, or by clicking on the banner present upon first access to the site, the visitor expressly consents to the use of cookies and similar technologies, and in particular to the registration of such cookies on his terminal for the purposes indicated above, or to access information on his terminal via cookies.


7.2 – Refusal or revocation of consent to cookies
The user can refuse the use of cookies and can revoke a consent already provided at any time. Since cookies are linked to the browser used, THEY CAN BE DISABLED DIRECTLY FROM THE BROWSER, thus refusing/revoking consent to the use of cookies.
DISABLING COOKIES COULD PREVENT THE CORRECT USE OF SOME FUNCTIONS OF THE SITE ITSELF, in particular the services provided by third parties may not be accessible, and therefore may not be viewable: YouTube videos or other video sharing services; social buttons of social networks; Google maps.

8 – Video
– Youtube: platform, owned by Google, for sharing videos.
For any videos present on the Embedded version of the site, the "advanced privacy (no cookies)" option has been activated, which does not provide for the storage of information on visitors unless they voluntarily reproduce the video.

9 – Social links
This site uses direct links to the external pages of the respective social channels of the activity (Facebook - Instagram).

10 – Cookie Management
You can find further information on cookies and how to manage them by consulting the site www.aboutcookies.org.

11 – Security measures
The Data Controller processes the data of visitors/users in a lawful and correct manner, adopting the appropriate security measures aimed at preventing unauthorized access, disclosure, modification or unauthorized destruction of the data, as well as illicit use of the data. The processing is carried out using IT and/or telematic tools, with organizational methods and with logic strictly related to the purposes indicated, and the data is stored and kept in secure facilities with limitations on access and verification of personnel. Access to the information is strictly limited to authorized personnel.
The website is constantly monitored to check for any security breaches and to ensure that the information is safe.
In addition to the Data Controller, in some cases, categories of persons involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external parties (such as third-party technical service providers, postal couriers, hosting providers, IT companies, communication agencies) may have access to the data.
It is important that you adopt suitable protections against unauthorized access to your password and your computer. Always make sure you are logged out when using a computer shared with other users.

12 – User Rights
In compliance with the obligations arising from national legislation (Privacy Code) and community legislation (European General Regulation no. 679/2016), the User may, according to the methods and within the limits established by current legislation:
oppose in whole or in part, for legitimate reasons, the processing of personal data concerning him/her for the purpose of sending advertising or direct sales material or for carrying out market research or commercial communication;
Request confirmation of the existence of personal data concerning him/her;
Know its origin;
Receive intelligible communication;
Have information about the logic, methods and purposes of the processing;
request its updating, rectification, integration, cancellation, transformation into anonymous form, blocking of data processed in violation of the law, including those no longer necessary for the pursuit of the purposes for which they were collected;
in cases of consent-based processing, receive, at the sole cost of any support, your data provided to the owner, in a structured and readable form by a data processor and in a format commonly used by an electronic device
the right to lodge a complaint with the Supervisory Authority (Privacy Guarantor - link to the Guarantor page http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524);
As well as, more generally, exercise all the rights recognized by the current provisions of law.
Requests must be addressed to the Data Controller.

13 - Data Controllers
The Data Controller pursuant to the laws in force is: lofoo.it of Locanda Lo Foo di William Henriod, with headquarters in Fraz. Challancin/Chez Les Monnet - 11015 La Salle (AO), contactable at the email info@lofoo.it, or at the address specified.