Privacy Policy
1. Introduction
At Masseria Spina, accessible via https://masseriaspina.com, we are committed to safeguarding the privacy and personal data of our users, customers, and visitors. We recognize the fundamental importance of data protection and strive to ensure that all personal data is handled in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other relevant legislation. Our commitment is privacy-first—we collect and process personal data with care, transparency, and accountability.
2. Scope of This Policy and Data Controller Role
This Privacy Policy applies to all personal data collected through our website masseriaspina.com, any related digital services, and communications you may have with us. We, Masseria Spina (hereafter “we,” “us,” or “our”), act as the data controller for the personal information processed through our services. Should you have any questions about how we process your data, you may contact us at [email protected].
3. Categories of Personal Data We Process
We may collect and process the following categories of personal data:
a. Usage Data – includes browser type, IP address, access dates and times, referring website addresses, and interactions with our website.
b. Account Data – includes your name, postal address, email address, and telephone number when you register or book services with us.
c. Profile Data – includes your service preferences, past purchases, user behavior on the website, and feedback provided.
d. Communication Data – includes records of conversations, support queries, booking inquiries, and other correspondence with us.
e. Technical Data – includes device information, operating system, browser settings, language preferences, and system configurations.
f. Transaction Data – includes payment information, billing address, order history, and delivery details related to products or services ordered.
g. Preference Data – includes marketing consents, subscription preferences, and declared areas of interest related to our offerings.
4. Legal Bases for Processing
We only process personal data when we have a valid legal basis to do so. These bases include:
– Consent: When you have provided clear consent for us to process your personal data for a specific purpose (e.g., to receive marketing emails).
– Contract: When processing is necessary to perform or enter into a contract with you (e.g., fulfilling a booking or service request).
– Legal Obligation: Where we are required to comply with a legal obligation (e.g., maintaining financial records).
– Legitimate Interests: When processing is necessary for our legitimate interests (e.g., improving our services or preventing fraud), provided these interests do not override your fundamental rights and freedoms.
5. Your Rights
Subject to local laws and limitations, you have the following rights regarding your personal data:
– Right of Access – you may request details of the personal data we hold about you.
– Right to Rectification – you may request correction of inaccurate or incomplete data.
– Right to Erasure – you may request the deletion of your data, subject to legal conditions.
– Right to Restrict Processing – you may ask us to suspend processing of your data under certain circumstances.
– Right to Data Portability – you may request to receive your data in a structured, commonly-used format, and have it transferred to another data controller.
To exercise any of these rights, please send a written request to [email protected].
6. Security Measures
We implement appropriate organizational, technical, and administrative safeguards to ensure your personal data is secure. These measures include, but are not limited to:
– Secure encryption protocols for data transmission and storage
– Access control mechanisms, including role-based permissions
– Regular backups with integrity checks
– Staff training on data privacy and protection practices
While no system can be completely secure, we continuously assess and improve our protective measures to reduce data security risks.
7. International Data Transfers
Your personal data may be transferred to, and processed in, countries outside of your jurisdiction. Where this occurs, we ensure an adequate level of protection through:
– Standard contractual clauses approved by the EU Commission or similar safeguards for jurisdictions outside the EEA
– Compliance mechanisms aligned with GDPR and CCPA requirements
– Additional contractual and technical safeguards to maintain data security
8. Data Retention
We retain your personal data only as long as necessary to fulfill the purposes for which it was collected, including to comply with legal, accounting, or reporting obligations. Examples of retention periods include:
– Account and Transaction Data: up to 7 years for tax and contractual obligations
– Communication Records: up to 3 years from last interaction
– Preference and Marketing Data: until you withdraw consent or unsubscribe
– Technical and Usage Data: up to 12 months for analytics purposes
9. Cookie Policy
We utilize cookies and similar technologies on our website to improve your user experience. These include:
– Essential Cookies: required for website functionality and security
– Functional Cookies: store user preferences and improve usability
– Analytics Cookies: help us understand how visitors engage with masseriaspina.com
– Performance Cookies: monitor site speed and usability, contributing to platform optimization
For a full list of cookies used and their purposes, please review our dedicated Cookie Notice section available on our site.
10. Cookie Management and GDPR/CCPA Compliance
You have control over your cookie preferences. Upon first visit, you will be prompted to configure cookie preferences in compliance with GDPR and CCPA requirements. You may also manage or withdraw your consent at any time by accessing the cookie settings from the website’s footer or browser settings. CCPA rights also include opting out of the “sale” of personal data, which can be done through Do Not Sell My Personal Information links where applicable.
11. Children’s Privacy
We do not knowingly collect or solicit personal data from anyone under the age of 13. If we learn that a child under 13 has provided us with personal information, we will immediately delete such data from our records. If you believe we may have collected data from a minor, please contact us promptly at [email protected].
12. Changes to This Policy
We reserve the right to update this Privacy Policy to reflect changes in legal requirements or operational needs. Any changes will be communicated via this page or other appropriate channels. Continued use of masseriaspina.com after modifications constitutes acceptance of the revised policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we process your personal data, please contact:
Email: [email protected]
We are committed to privacy compliance under the GDPR, CCPA, and applicable privacy legislation. Please reach out to us at [email protected] for any concerns about how your data is processed, stored, or shared.