PRIVACY POLICY

1. Privacy Policy

This is a policy that is also made pursuant to Article 13 of Legislative Decree no. 196/2003 of the Personal Data Protection Code to those who interact with cicerone.biz's Web services, accessible by Telematic means starting from the address: cicerone.biz corresponding to the homepage of the cicerone.biz’s official site.
According to the law, such treatment will be based on the principles of fairness, lawfulness and transparency and the protection of privacy and rights.
The policy is only made for the site owned by cicerone.biz and not for other Web sites that the user may consult through links.
This privacy policy is intended to provide you with information on how we treat your personal information. If you do not accept any part of this Privacy Policy then we will not be able to make the Platform or Services available to you and you must interrupt access to the Platform and disable your cicerone.biz Account.
The policy is also made in accordance with EU Regulation 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free circulation of such data to detect some minimum requirements for the collection of personal data online, and in particular the modalities, times and nature of the information that data handlers need to provide to users when they connect to web pages, regardless of the purpose of the connection.

2. Purpose of processing

cicerone.biz manages a platform and marketplace open to a vast community of users that helps people create real experiences and relationships directly with one another, where you can create, show, discover, and book services worldwide, either through our website, or through our mobile application. The provided data will only be processed to make this service as powerful and satisfying as possible:
- to allow one to access and use the Platform;
- to allow the user to communicate with other Members, including, by way of example only, through sending messages or other information during the booking process;
- to manage, protect, improve and optimize the Platform, cicerone.biz's activity, and our users' experience, such as conducting analysis and research, customizing the user experience and providing assistance to clients;
- to help create and maintain a more reliable and secure environment on the Platform and Services, such as detecting and preventing actual and potential fraud and other malicious activities, conducting surveys and risk assessments, our terms of service, verification of the address of the user Ads, verification of identification documents provided by the same (also comparing the photo on those identification documents with other photos that the user provided us), and the implementation of check ups at databases and information sources for the detection and prevention of fraud, risk assessment and damage prevention. In this regard, we may perform one or all of the above activities without further notification to the user;
- to send to the user service, support, or administrative messages, reminders, technical communications, updates, security alerts, and other user-requested information;
- to send to the user marketing, promotional and advertising messages and other information that may be of interest to him, including information about cicerone.biz, our services, or general promotions relating to partner campaigns and services .;
- To comply with our legal obligations, resolve potential disputes with our users, and assert our rights against Third Parties.

3. Processing Mode

Personal data is handled with automated tools for the time strictly necessary to achieve the purposes for which they were collected. Specific security measures are observed to prevent data loss, misuse or incorrect use, and unauthorized access.

4. Optional data provision

The provision of data is optional but any refusal to provide such data implies the impossibility of providing the services.

5. Communication and dissemination of data

User data, including personal data, may be transferred, stored, used, and processed in countries outside the European Economic Area (EEA), including Singapore and possibly other countries. By using the Platform, your consent is given to the transfer of your data to those countries. We urge you to consider that laws change from jurisdiction to jurisdiction and therefore privacy and data communications laws applicable to places where your data is transferred or stored, used, or processed may differ from laws and Privacy rules applicable to your place of residence.
Data may be disclosed to any other third party when the communication is mandatory by law.
With reference to art. 13, comma 1, letter (d) of the Privacy Code and art. 13, comma 1, letter (e) of the EU Regulation, are indicated the subjects or categories of persons who may become aware of the personal data of the user as the people responsible or assigned to them and below, a list of categories is provided:
• Data Controller’s staff, appointed in charge of processing;
• third parties involved by the Data Controller for the organization and administrative management of the Promotional Initiatives, from time to time considered, appointed to be responsible for the processing;
Personal data will not be disclosed.

6. Data Controller

The Data Controller is cicerone.biz ...

7. Rights of the parties concerned

Pursuant to Article 7 of the Privacy Code and in accordance with Article 13, comma 2, letters (b) and (d), 15, 18, 19 and 21 of the EU Regulation, the person concerned shall be informed that:
a) he has the right to ask the Data Controller to have access to personal data, rectify or erase them, or restrict the processing of the data or to oppose their processing in addition to the right to data portability;
b) he has the right to file a complaint with the Guarantor for the protection of personal data, following the procedures and instructions published on the official website of the Authority at www.garanteprivacy.it;
c) any corrections or cancellations or limitations of the processing made at the request of the party concerned - unless this proves impossible or improperly disproportionate - will be communicated by the Data Controller to each of the recipients to whom the personal data have been transmitted. The Data Controller may notify the concerned party such recepients if the interested party so requests. Exercise of rights is not subject to any form of constraint and is free of charge.
Article 7 of the Legislative Decree June 30, 2003 n. 196: "1. The person concerned has the right to obtain confirmation of the existence or not of personal data concerning him, even if they are not yet registered, and their communication in an intelligible form. 2. The person concerned has the right to obtain the indication: a) of the origin of the personal data; B) the aims and modalities of the processing; c) the logic applied in the case of processing carried out with the aid of electronic instruments; d) the identification details of the holder, the persons responsible and the designated representative in pursuant of Article 5, comma 2; e) the subjects or categories of persons to whom the personal data may be disclosed or who may become aware of them in the capacity of designated representative in the territory of the State, of persons responsible or in charge. 3. The person concerned has the right to obtain: a) updating, rectification or, where relevant, the integration of the data; b) the cancellation, transformation into anonymous form or the blocking of data processed in violation of law, including those that are not necessary to keep in relation to the purposes for which the data was collected or subsequently processed; c) the attestation that the transactions referred to in points (a) and (b) have been made aware, including their content, to those to whom the data have been communicated or disseminated, except where such fulfillment reveals impossible or involves the use of means manifestly disproportionate to the protected right. 4. The person concerned has the right to oppose, in whole or in part: a) for legitimate reasons for the processing of personal data concerning him, even though they are relevant to the purpose of the collection; b) the processing of personal data concerning him for the purpose of sending advertising material or direct sales or for conducting market research or commercial communications."
EU Regulation: Article 15 Right of access by the person concerned 1.The person concerned shall have the right to obtain from the Data Controller the confirmation of whether or not processing of personal data concerning him / her is in progress and in that case, access to personal data and to the following information: a) the purposes of the processing; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, particularly if they are recipients of third countries or international organizations; d) whenever possible, the period of retention of the personal data provided or, if not possible, the criteria used to determine that period; e) the existence of the right of the person concerned to ask the Data Controller to rectify or erase personal data or to limit the processing of personal data concerning him or to oppose their processing; f) the right to lodge a complaint with a supervisory authority; g) where the data are not collected from the person concerned, all information available on their origin; h) the existence of an automated decision-making process, including the profiling referred to in Article 22, paragraphs 1 and 4, and, at least in such cases, significant information on the logic used, as well as the importance and consequences of such treatment for the person concerned. 2. Where personal data are transferred to a third country or to an international organization, the person concerned shall have the right to be informed of the existence of appropriate safeguards pursuant to Article 46 concerning the processing. 3. The Data Controller shall provide a copy of the personal data being processed. In the case of additional copies requested by the person concerned, the Data Controller may charge a reasonable fee based on administrative costs. If the applicant submits the request by electronic means, and unless otherwise indicated by the person concerned, the information is provided in a commonly used electronic format. 4.The right to obtain a copy referred to in paragraph 3 shall not prejudice the rights and freedoms of others.
Article 16 Right of rectification The person concerned shall have the right to obtain from the Data Controller the rectification of inaccurate personal data concerning him without unjustified delay. Given the purpose of the treatment, the person concerned has the right to obtain the integration of incomplete personal data, even by providing an integrative statement.
Article 17 Right to Cancellation (“right to oblivion”) 1. The person concerned shall have the right to obtain from the Data Controller the cancellation of his / her personal data without unjustified delay and the Data Controller has the obligation to cancel without unjustified delay the personal data, if one of the following reasons exists: a) personal data are no longer necessary for the purposes for which they were collected or otherwise processed; 5.4.2016 L 119/43 Official Journal of the European Union IT b) the person concerned withdraws the consent on which the processing is based in accordance with Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a), and if there is no other legal basis for the treatment; c) the person concerned is opposed to processing in pursuant of Article 21, paragraph 1, and there is no prevalent legitimate reason for processing or refuses processing under Article 21, paragraph 2; d) personal data have been processed unlawfully; e) personal data must be deleted in order to comply with a legal obligation under the law of the Union or of the Member State to whom the Data Controller is subject; f) personal data have been collected in respect of the provision of information society services referred to in Article 8, paragraph 1. 2. The Data Controller, if he has disclosed personal data and has the obligation, pursuant to paragraph 1, to delete them, taking into account available technology and implementation costs, adopt reasonable, even technical, measures to inform the Data Controllers that are processing the personal data of the request of the person concerned to delete any links, copies or replicas of his / her personal data. 3. Paragraphs 1 and 2 shall not apply to the extent that treatment is necessary: ​​a) to exercise of the right to freedom of expression and information; b) for the fulfillment of a legal obligation requiring the processing provided for by the law of the Union or of the Member State to which the person concerned is subject or for the performance of a task performed in the public interest or in the exercise of public authority of which the Data Controller is invested; c) for reasons of public interest in the field of public health in accordance with Article 9, paragraph 2, letters h) and i) and Article 9, paragraph 3); d) for the purposes of archiving in the public interest, scientific or historical research or for statistical purposes in accordance with Article 89, paragraph 1, in so far as the right referred to in paragraph 1 is likely to render impossible or seriously undermine the attainment of the objectives of such processing; or e) for the purpose of determining, exercising or defending a right in the judicial system. Article 18 Right of limitation of processing 1. The person concerned shall have the right to obtain from the Data Controller the restriction of the processing when one of the following occurs: a) the person concerned disputes the accuracy of the personal data for the period necessary for the Data Controller to verify the accuracy of such personal data; b) the processing is illegal and the person concerned opposes the deletion of personal data and asks for limited use of the same; c) although the Data Controller would no longer require them for processing purposes, personal data are required by the person concened for the purpose of detecting, exercising or defending a legal right; d) the person concerned has objected to the processing pursuant to Article 21, paragraph 1, pending verification of the possible prevalence of the legitimate grounds of the Data Controller in respect to those of the person concerned. 2.If the processing is limited under paragraph 1, such personal data shall be processed, except for the retention, only with the consent of the person concerned or for the purpose of the detection, exercise or defense of a legal right or to protect the rights of another natural or legal person or for reasons of public interest of the Union or of a Member State. 5.4.2016 Law 119/44 Official Journal of the European Union IT 3. The person concerned having obtained the processing limitation under paragraph 1 shall be informed by the Data Controller before the said restriction is revoked.
Article 19 Obligation to notify in the event of rectification or deletion of personal data or limitation of treatment The data controller shall inform each of the recipients to whom personal data have been transmitted, any corrections or cancellations or limitations of the processing made pursuant to Article 16 , Article 17, paragraph 1, and Article 18, unless this proves impossible or improperly disproportionate. The Data Controller shall inform such recepients if the person concerned so requests.
Article 20 Right to data portability 1. The person concerned shall have the right to receive in a structured, commonly-readable and automatic-readable format the personal data concerning him / her that are provided to a Data Controller and shall have the right to transmit such data to another Data Controller without any objections by the Data Controller to whom he has provided them if: a) the processing is based on consent in pursuant of Article 6, paragraph 1, letter a) or Article 9, paragraph 2, letter a), or on a contract in pursuant of Article 6, paragraph 1, letter b); and b) the processing is carried out by automated means. 2. In exercising its rights in relation to data portability in accordance with paragraph 1, the person concerned shall have the right to obtain the direct transmission of personal data from one data controller to the other, if technically feasible. 3.The exercise of the right referred to in paragraph 1 of this Article shall be without prejudice to Article 17. This right shall not apply to the treatment necessary for the performance of a public interest task or relating to the exercise of public authority of which the data controller is invested. 4.The right referred to in paragraph 1 shall not prejudice the rights and freedoms of others
Article 21 Right of Opposition 1. The person concerned has the right to oppose at any time, for reasons related to his particular situation, the processing of personal data concerning him in accordance with Article 6, paragraph 1, letters e) and f) , including profiling on the basis of such provisions. The data controller shall refrain from further processing his / her personal data unless he or she demonstrates the existence of legitimate reasons for processing that prevail over the interests, rights and freedom of the person concerned or for the purpose of the assessment, exercise or the defense of a legal right. 2.Where personal data are handled for direct marketing purposes, the person concerned has the right to object at any time to the processing of his or her personal data relating to such purposes, including profiling in the measure that it is related to such direct marketing. 3. Where the person concerned objects to handling for direct marketing purposes, personal data are no longer treated for such purposes. 5.4.2016 Law 119/45 Official Journal of the European Union IT 4.The right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the person concerned and shall be presented clearly and separately from any other information at the latest, at the time of first communication with the person concerned. 5.In the context of the use of information society services and subject to Directive 2002/58 / CE, the person concerned may exercise his right of opposition by automated means using technical specifications. 6.Where personal data are processed for scientific or historical purposes or for statistical purposes in accordance with Article 89, paragraph 1, the person concerned, for reasons connected with his particular situation, has the right to oppose the processing of personal data concerning him, unless the processing is necessary for the performance of a public interest task.
Article 22 Automated decision-making process for natural persons, including profiling 1.The person concerned has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects that concern him or affect him significantly. 2. Paragraph 1 shall not apply where the decision: a) is necessary for the conclusion or performance of a contract between the person concerned and the data controller; b) it is authorized by the law of the Union or of the Member State to which the person concerned is subject, which also lays down appropriate measures to safeguard the rights, freedom and legitimate interests of the person concerned; c) is based on the explicit consent of the person concerned. 3. In cases referred to in paragraph 2, letters a) and c), the data controller shall take appropriate measures to protect the rights, freedom and legitimate interests of the person concerned, at least the right to obtain human intervention by the Data Controller, to express their views and to challenge the decision. 4.The decisions referred to in paragraph 2 shall not be based on the particular categories of personal data referred to in Article 9, paragraph 1, unless Article 9, paragraph 2, letters a) to g) applies, and there are no adequate measures to safeguard the rights, freedom and legitimate interests of the person concerned.
Article 23 Limitations 1. The law of the Union or of the Member State to which the data controller or is subject may, by means of legislative measures, limit the scope of the obligations and rights referred to in Articles 12 to 22 and 34 as well as Article 5, to the extent that the provisions contained therein correspond to the rights and obligations set out in Articles 12 to 22, where such limitation respects the essence of fundamental rights and freedom and is a necessary and proportionate measure in a democratic society to safeguard: a) national security; b) defense; c) public security; 5.4.2016 Law 119/46 Official Journal of the European Union IT d) the prevention, investigation, detection and prosecution of criminal offenses or the execution of criminal sanctions, including safeguards against and the prevention of public security threats; e) other major general interest objectives of the Union or of a Member State, in particular a major economic or financial interest of the Union or of a Member State, including monetary, fiscal and fiscal matters, public health and social security; f) safeguarding the independence of the judiciary and judicial proceedings; g) activities to prevent, investigate, detect and prosecute infringements of the regulated professions' ethics; h) a checking, inspection or regulatory function connected, even occasionally, with the exercise of public authority in the cases referred to in points a), to e) and (g); i) the protection of the person concerned or the rights and freedom of others; j) execution of civil actions. 2.In particular any legislative measure referred to in paragraph 1 shall contain specific provisions covering at least, where appropriate: a) the purposes of the processing or treatment categories; b) the categories of personal data; c) the extent of the restrictions introduced; d) guarantees to prevent abuse or unauthorized access or transfer; e) the precise indication of the data controller or the categories of controllers; f) the periods of storage and the guarantees applicable taking into account the nature, scope and purpose of the processing or the categories of processing; g) the risks to the rights and freedom of the persons concerned; and h) the right of the persons concerned to be informed of the restriction, unless this may jeopardize the purpose of the restriction.

8. Data retention times

The data will be retained for the period defined by the reference regulations, which is specified below pursuant to art. 13, comma 2, letter (a) of the EU Regulation.
With specific reference to personal data subjected to Processing for profiling purposes, the same will be kept for 12 months or less, if the withdrawal of the specific consent by the interested party occurs.
In addition, the five-year or ten-year terms of the retention of only documents and related data of a civil, accounting, and tax nature remain in force as required by applicable laws.

9. Cookie Policy

cicerone.biz uses "cookies" in relation to the operation of the Platform in order to obtain information. A cookie is a small data file that is transferred to the user's device (eg, the phone or computer) to keep certain information. For example, a cookie can allow the Platform to recognize your browser, other cookies can keep track of your preferences or store other information.
Your browser may allow you to set cookies, such as refusing to receive any cookies or asking you to decide whether to accept each cookie. However, we encourage you to keep in mind that some parts of the Platform may not work as expected or do not work at all without cookies.

cicerone.biz Cookies and Third Party Cookies

cicerone.biz can place cookies on your device through the Platform. As a result, our privacy policy will apply to the processing done by us of the information we have obtained through cookies.
We can also allow our trading partners to place cookies on the user's device. As further described below, Third Parties may also insert cookies on the user's device for advertising purposes.
There are two types of cookies used by the Platform, "persistent cookies" and "session cookies".
Session cookies normally expire when the user closes his browser, while persistent cookies remain on his device even after the browser is closed and can be used again on the next access to the Platform.

Other technologies
The Platform may use other technologies with features similar to cookies such as web beacons and URL trackings to obtain user-related log data. We can also use web beacons and URL trackings in the messages we send to determine if the user has opened a certain message or has access to a certain link.

cicerone.biz's Cookies Purpose
cicerone.biz uses cookies and similar processing technologies for various purposes, for example:
a. To make it possible, to facilitate and optimize the operation of the Platform in the transition between the different web pages and browsing sessions of the browser.
b. To simplify access to the Platform and its use for the user and to make its use more fluid.
c. To monitor and analyze the performance, operation and effectiveness of the Platform, in order to improve and optimize it.
d. To show the user contents (even advertisement) more relevant to his use.
e. For the detection and prevention of fraud.

Purpose of Third Party cookies
Our partners' cookies are used to obtain information in order to help them provide services to cicerone.biz. Third Party Websites using cookies and other tracking technologies to provide targeted advertising on our Platform and / or Third Party sites, may offer you ways to avoid receiving such targeted advertising by choosing not to receive it through the specific opt-out function at industry-specific sites. The user may also be able to control advertiser cookies provided by advertisers. The user must keep in mind that if he chooses not to receive anymore targeted advertising, he may still continue to receive advertising on the Platform, but the same would no longer be customized according to his interests.
In addition, Facebook, via the Platform, places a cookie that allows Facebook to get Personal Data in an aggregate and non-personal format, useful for optimizing its services

Disabling cookies
Most browsers automatically accept cookies, but the user can change their browser settings to refuse the receipt of cookies by accessing the "Help" section of the browser toolbar. If you decide to decline the cookies, we encourage you to keep in mind that you may not be able to sign up, make customizations, or use some of the interactive features of the Platform. Flash cookies work differently than browser cookies, and browser cookie management tools will not remove flash cookies.

Changes to this cookie policy
We can modify this cookie policy at any time. If we make any relevant changes to cookie policy, we will notify you of such changes by posting them on the updated cookie information Platform, or by emailing the user.
It is important for the user to see the updated cookie information. If the user does not intend to accept the updated Cookie Policy, we will not be able to continue providing him with access to the Platform and Services, and his only remedy will be to stop using the Platform and disable your cicerone.biz Account.