Privacy Policy

Information pursuant to Articles 13 and 14, EU Reg. 2016/679

Ultimo aggiornamento: January 31st, 2024

Last update: 29/07/2022
This page is intended to illustrate the processing of personal data that HUMAN COMPANY carries out in relation to the services made available online through:
• website: palagina.it
• website: fattorialapalagina.it
• website: huopenair.com
• website: plushostels.com
• website: humantravel.com
• website: altomincio.huopenair.com
• website: venezia.huopenair.com
• website: norcenni.huopenair.com
• website: firenze.huopenair.com
• website: parkalbatros.huopenair.com
• website: montescudaio.huopenair.com
• website: ipini.huopenair.com
• website: fabulous.huopenair.com
• website: roma.huopenair.com
• website: birkelt.huopenair.com
• and the MYHU web app

Index

1. The "data controller" (who decides why, how and for who to process the data) 2. Data subject' rights 3. Browsing data 4. Data provided voluntarily by the user 5. Processing following a booking or contact request 5.1 Online booking area 5.2 Data processing after the forwarding of the reservation 6. Newsletter subscription 7. My hu webapp 7.1 Data processing resulting from MYHU registration 7.1.1 Public relations, direct marketing, information and promotional activities 7.1.2 Profiling 8. Data retention 9. User rights - further information 10. Some definitions 11. Terms of use the wireless internet connectivity serivice offered by Human Company

1. The "data controller" (who decides why, how and for who to process the data)

Following consultation of the websites or use of the services offered online, data relating to identified or identifiable persons may be processed.

As well as browsing data, for example, information may be collected on the occasion of:
> a request for a booking or contact;
> the use of other services through the website or the contact area;
> the use of other services through the Platforms made accessible on the site; and through the use of cookies

The data controller (i.e. the party which determines the purposes and means of processing personal data and assumes responsibility for correctly processing personal data and having it processed) is Human Company S.r.l., with:
> registered office: Via Generale C. A. Dalla Chiesa 13 - 50136 Florence, Italy
> operational headquarters:Via Generale C. A. Dalla Chiesa 13 - 50136 Firenze, Italia | tel. +39 055 469 8029

Contact details for the Data Protection Officer: [email protected]

The co-data controllers are its subsidiaries and associated companies, which are involved in managing the services provided through the site and satisfying data subjects' requests, as well as in informational activities and sending commercial communications, each relating to its own activities:

Name | Activity

• Figline Agriturismo S.p.A. [P. IVA 00282740976] | Real estate holding
• Elite Vacanze Gestioni S.r.l. [P. IVA 06196120486] | Management holding
• Roma Camping S.r.l. [P.IVA 00954081006] | Management of I Pini Family Park and Roma Camping in Town
Roma Gestioni S.r.l. Unipersonale [P.IVA e C.F. 08219321000] | Management of Fabulous Village
Figline Agriturismo S.r.l. [P. iva P. IVA e C.F. 01681640973] | Management of Norcenni Girasole Village and Villa La Palagina
• Elite Livorno Gestioni S.r.l. [P.IVA e C.F. 05813780482] | Management of Park Albatros Village and Montescudaio Village
• Delta S.r.l. Unipersonale [P.IVA e C.F. 01954310510] | Management of Jolly Camping in Town
• Elite Veneto Gestioni S.r.l. [P.IVA e C.F. 05813690483] | Management of Altomincio Family Park
• Elite Firenze Gestioni S.r.l. [P.IVA e C.F. 05813700480] | Plus Florence and Firenze Camping in Town
• Società Agricola Le Driadi S.r.l. [P.IVA e C.F. 05627800484] | Management of Fattoria La Palagina and Agriturismo Le Corti
• La Quarta S.r.l. [P.IVA e C.F. 06441820484] | management of restaurants and bars
• ECV Shops S.r.l. [P.IVA e C.F. 06441810485] | management of markets and bazaars
• O’Tel S.r.l. [P. IVA 05467430483] | Real estate – company rental
• Adakitalia S.r.l. [C.F. 04719560486] | Tour operator "Norcenni Tour" and Human Travel
• Holding Terza S.r.l. [C.F. 06438440486] | Restaurant and market branch holding
• Plus Prague S.r.o. [C.F./P.IVA CZ699003294] | management of Plus Prague
• Plus Berlin m.b.H. [P.IVA/C.F. DE270699817] | management of Plus Berlin
• La Terra dei Sensi S.r.l. [C.F. 06717970484] | management of ANTS programme
• Camping International S.A. [N° TVA: LU13005324] | management of Camping Birkelt

2. Data subject' rights

With regard to the processing referred to in this document, data subjects (users of the sites and/or apps) have the right:
> to ask the data controller to access personal data and to correct or cancel it or restrict the processing of personal data concerning them and to object to its processing,
> if the processing is performed by automated (IT) means and on the basis of the data subject's consent, to receive the personal data concerning them in a structured format, commonly used and readable by an automatic device, and/or to obtain direct transmission to another data controller, if technically feasible
> to withdraw consent at any time (without prejudice to the lawfulness of the processing based on consent prior to withdrawal), obviously for processing performed on this basis
> to lodge a complaint with a supervisory authority: Data Protection Authority - Piazza di Monte Citorio 121, 00186 ROME - Fax: (+39) 06 69677 3785 - Switchboard: (+39) 06 696771 - Email: [email protected] - certified email [email protected]

More information at the end of this policy

Requests should be addressed to HUMAN COMPANY S.r.l. through the Contact Form on the sites or the address [email protected], always bearing in mind that it will not be possible to respond to phone requests if there is uncertainty about the caller's identity.

3. Browsing data

data processed in relation to visiting the sites

During their normal operation, computer systems and software procedures used to operate a website acquire certain personal data. The transmission of this data is implicit in the use of internet communication protocols.

This information is not collected with the intention of associating it with identified users, but by its very nature could lead to identifying users through processing and through association with data held by third parties.

This category of data includes, for example, the IP addresses or domain names of the computers used by users who connect to the site, the addresses in URI (Uniform Resource Identifier) format of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's IT environment, such as browser type and version, browser plug-in types and versions, mobile device ID (IDFA or AndroidID) and other parameters related to your operating system and IT environment,

In the absence of specific consent to processing for further purposes, this data is used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check it is functioning correctly.

The data could be used to ascertain responsibility in the event of any computer crimes against the site, and only in this case will specific procedures aimed at identifying the author be activated.

The LEGAL BASIS FOR PROCESSING this data is the data controllers' legitimate interest, consisting in the protection of data security, the site's proper functioning and improvements to service standards. [> google privacy policy](https://policies.google.com/technologies/partner-sites)

PROCESSING METHODS AND APPOINTEES
Personal data is processed using automated tools for the period of time strictly necessary to achieve the purposes for which it was collected. Processing relating to this site's web services are handled by personnel appointed by the Data Controller and by external parties appointed as data processors (Article 28, EU Reg. 2016/679), who are responsible for the technical management and maintenance of the site and related IT systems. Specific security measures are observed to prevent the loss of data, its illicit or incorrect use, and unauthorised access.

No data deriving from the web service is disclosed.
The personal data provided by users who request informative material (newsletter, answers to questions, etc.) is used for the sole purpose of providing the service requested and disclosed to third parties only if necessary for this purpose.

4. Data provided voluntarily by the user

Apart from that specified for browsing data, the user is free to provide the personal data requested during browsing to ask for information or other communications to be sent. Failure to provide data may make it impossible to obtain the requested service.

When the user visits part of the site or activates a feature available via an app that involves collecting personal data, they are provided with a link to this policy and asked to confirm their acknowledgement and, if necessary, consent.

The optional, explicit and voluntary sending of emails to the addresses indicated on this site or reachable through an app involves subsequently acquiring the sender's address, needed to respond to requests, and any other personal data included in the message which, unless different needs are duly communicated, will be kept for the time necessary to satisfy the requests.

Specific information is available below on the pages prepared for particular services on request or which can be used to acquire further personal data.

5. Processing following a booking or contact request

The personal data voluntarily provided by the data subject through the booking area or the email addresses made available on the site:

  1. is processed primarily with automated tools to:
    1. Ensure a certain and timely response that satisfies the data subject's requests (legal basis of the processing: legitimate interest and consent of the data subject in the case of "sensitive" personal data)
    2. fulfil obligations deriving from EU laws, rules and regulations; fulfil instructions given by the Judicial Authority (legal basis of the processing: coinciding with the purpose)
    3. Feed the public knowledge acquisition system through statistical analysis, conducted through anonymised and aggregated data, useful to verify, improve and therefore design an increasingly efficient and adequate service to meet demand (legal basis of the processing: legitimate interest of the data controllers coinciding with the purpose)
  2. The contact details, postal and email addresses provided may be used to send courtesy communications and/or informative material/offers relating to the products offered and services provided by the Data Controllers, obviously with the data subject's consent, including via SMS or other communication platforms like WhatsApp. It is understood that the data subject will still have the right to object to this processing at any time (legal basis of the processing: legitimate interest of the data controllers consisting in promoting their products/services, and the data subject's consent)
  3. it may be processed by commercial staff, IT system maintenance personnel tasked with ensuring system functionality, data security and backup operations, other personnel assigned within the limits of the assigned tasks and as required by company procedures, and other parties that provide services for purposes auxiliary to satisfying the data subject's requests, also within the limits strictly necessary to fulfil their duties;
  4. it may be communicated or made available:
  • to parties who can access the data by virtue of law, regulations or EU legislation, within the limits provided for by such rules;
  • other associated companies (subsidiaries – parent companies), always for current "administrative and accounting purposes" connected to satisfying the data subject's requests
  • to other parties who provide services for purposes related to satisfying the data subject's requests, within the limits strictly necessary to perform their duties - commercial partners, whose collaboration is necessary to provide the requested services. The Commercial Partners will operate as independent data controllers for the processing and in compliance with the respective privacy policies, which they will make available
  1. Personal data will be transferred to parties outside the European Economic Area to the country where the data subject resides or is located only if necessary to satisfy their requests and in compliance with current legislation.

When filling in the forms, mandatory fields are indicated with an asterisk. Without the requested data, it will not be possible to satisfy the data subject's requests.

If, at the time of the contact/booking request, the data subject has to communicate sensitive categories of data (e.g. personal data that reveals racial or ethnic origin, political opinions, religious/philosophical beliefs or union membership, and to process genetic data, biometric data intended to uniquely identify a natural person, data relating to the person's health, sex life or sexual orientation), specific consent may be required for its processing, without which it may be impossible to proceed with the data subject's requests.

5.1 Online booking area

This is the area of the site where the user can book stays at HUMAN COMPANY accommodation facilities.

The data the user enters at the time of the booking request will be entered on the management software managed by HUMAN COMPANY S.r.l. for all Data Controller Companies and stored in an area that can be accessed by the facility the data subject has expressed an interest in.

Once transmitted to the facility, the data may be processed by administrative employees, receptionists or other staff appointed by the data controller to record the booking, fulfil contractual, accounting and tax obligations, and offer the guest attentive and personalised services to satisfy their requests.

The legal bases of this processing are legal and contractual obligations and, in the case of "sensitive" personal data, the data subject's consent.

Further information can be found in the guest statement

ONLINE PAYMENTS by credit card
Human Company uses Banca Sella's banking gateway to transmit credit card data. In order to ensure greater security, the customer is redirected to a secure web page managed by Banca Sella to conclude the transaction. This obviously does not entail the need to have a current account with this banking institution; any type of credit cards issued by any bank can be used. Payment authorisation when using a credit card takes place at the time of the order, and the relative debit at the time of the order fulfilment.

In the unfortunate event that someone takes possession of my credit card data, how can I be protected from misuse?

First of all, please note that this risk is not only involved in online transactions, but in every occasion of ordinary use. If this happens, however, it is important to know that it is always possible to contact the credit card manager and refuse the charge, and obtain a refund of the amounts charged once the card's actual conditions of use have been ascertained.

5.2 Data processing after the forwarding of the reservation

The data provided by the data subject or by a third party acting on their behalf will be processed with mainly computer and/or telematic tools, for the following purposes: a) fulfilling obligations deriving from Community laws, rules and regulations, including the obligation relating to the communication of accommodation to the Public Security Authorities provided for by Article 109 of Royal Decree 773 of 18 June 1931 and subsequent amendments, which will be carried out after check-in; (legal basis coinciding with the purpose) b) fulfilling contractual and accounting and tax obligations; carrying out the services requested by the data subject or by third parties on their behalf; (legal basis coinciding with the purpose) c) offering the guest attentive and personalised services throughout the period of their stay within our facility; (legal basis: legitimate interest consisting in the correct organisation and planning of activities and in the improvement of its service) d) purposes related to public relations, information and commercial activities. In particular, we can use the contact details, postal and email addresses that have been provided to submit courtesy communications and/or advertising material relating to services similar to those covered by the existing commercial relationship. It is understood that the guest has the right to object at any time to the aforementioned processing; (legal basis: legitimate interest in processing personal data for direct marketing purposes, always taking into account the reasonable expectations of the data subject based on their relationship with the Data Controller) e) assert or defend a right, including by resorting to agents with representation, both out-of-court and in administrative or judicial proceedings (legal basis coinciding with the purpose).
For the same purposes, the data may be processed, always and only within the limits of what is actually necessary to carry out their functions, by the following categories of employees and/or managers: company administrators and managers; administrative staff, receptionists, personnel responsible for the management/maintenance of computer systems, and finally Associated Companies or other entities (companies/professionals), appointed for this purpose, who need to access some data for ancillary purposes, always within the limits strictly necessary to carry out the tasks delegated to them. Personal data relating to guests may be communicated: > limited to accounting and tax data to banks, credit institutions, data processing companies and credit card companies, for activities strictly related to the execution and administrative management of the contract. > to Law Enforcement or Public Bodies in compliance with the law> to insurance institutions, public bodies and agencies for the purpose of carrying out legal obligations. > to other subjects who need to access certain data to carry out ancillary activities for the purposes indicated above, always within the limits strictly necessary to carry out the tasks delegated to them such as: tax, accounting, welfare, insurance compliance, management of information systems, financial services; Of course, all the communications described above are limited only to the data necessary for the Recipient Body/Office to carry out their tasks and/or for the achievement of the purposes related to the communication itself.
The processing of the data in question may also consist in their communication abroad, both within and outside the European Union to the country of origin or destination of the guest and limited to the data strictly necessary, in relation to the specific requests of the guest. The transfer of data will always be carried out in full compliance with the regulations and may only be carried out when the legitimacy conditions referred to above are present. The data will not be disclosed.

6. Newsletter subscription

The personal data voluntarily provided by the data subject when registering for the Newsletter:

> is mainly processed with automated tools for the sole purpose of satisfying the requests of the data subject, who has the right to interrupt this processing at any time.
> can be processed by communication and marketing workers, IT system maintenance personnel tasked with ensuring system functionality, data security and backup operations, other employees within the limits of the tasks received and the provisions of company procedures and other parties that provide services for purposes auxiliary to satisfying the data subject's requests, within the limits strictly necessary to perform their duties
> may be communicated or made available:
- to parties who can access the data by virtue of law, regulations or EU legislation, within the limits provided for by such rules;
- to other parties who provide services for purposes related to satisfying the data subject's requests, within the limits strictly necessary to perform their duties;
- to associated companies (subsidiaries - parent companies), always for current administrative and accounting purposes connected with satisfying the data subject's requests

In this case, the legal bases of the processing consist in satisfying the data subject's requests and the legitimate interest of the Data Controller consisting in promoting its facilities.

7. My hu webapp

The my hu webapp is effectively an interface that allows the User to: > interact with the my hu web platform and obtain information about the HUMAN COMPANY and the services that are available to you
> register to:
- receive the newsletter and communications regarding the offers and benefits reserved for registered users
- order food & beverage products online at the takeaways within hu openair facilities
- purchase online experiences and other services available to guests of the hu openair facility
- take advantage of the services that will gradually be made available to registered users

N.B.: Registration on the platform:

is only allowed to adult users

is valid for all HU Openair facilities on the national territory managed by the companies indicated in the previous paragraph THE "DATA CONTROLLER"

7.1 Data processing resulting from MYHU registration

What data is processed and where it comes from

> data provided by the interested party and necessary for the registration process;
> data relating to the user's interactions with the platform;
> data relating to the services requested or used and the purchases made
We remind you again that the legislation establishes special protections for "particular categories of data" as defined by art. 9 of Reg. EU 2016/679: (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the person's health or sexual life or sexual orientation); normally no data is acquired and processed that falls into these categories unless they are communicated by the data subject in relation to their purchases, in which case specific consents may be required, where the characteristics or methods of processing so require.
With the exception of data originating within the organisation of the Data Controllers or originating from computer systems, the data is normally acquired and updated through the data subject or by third parties who manage services related to the pursuit of the purposes indicated below.

Why data is processed

The processing to which the personal data will be subjected has the following purposes, for each of which the "legal basis" that makes it possible is indicated in brackets [the "legal bases" are the conditions indicated in articles 6 and 9 of Reg. EU 2016/679, which make it a lawful purpose]:
> in the event of a purchase, the fulfilment of contractual and accounting and tax obligations deriving from the business relationship; to fulfil obligations deriving from Community laws, rules and regulations; the fulfilment of provisions issued by the Judicial Authority, the financial authority, insurance institutions; [legal basis: contractual-legal fulfilment- art. 6 c.1 b-c EU Reg. 2016/679]
> purposes strictly connected and instrumental to the management of relations with users and suppliers, always in relation to the management of purchases that have been made: to satisfy the requests of the interested party, forward communications concerning the request that has been received or the product/service that has been purchased [legal basis: legitimate interest in the efficient organisation of activities art. 6 para. 1, f - contractual-legal fulfilment- art. 6 para. 1, b-c-]
> identifying the degree of satisfaction of the interested parties, internal operational and management requirements such as registered user registry management, directories and internal statistical calculations; [legal basis: legitimate interest in consistency in the efficient organisation of activities art. 6 para. 1]
> to possibly protect a legitimate interest, ascertain, assert or defend a right; [legal basis: coinciding with the purpose art. 6 para. 1, f - art. 9 para. 2, f - EU Reg. 2016/679]
> And, with regard to the management of comments and complaints from users or third parties:
> To ensure a reliable and timely response to the comments received, facilitating the creation of an effective communication channel between my hu account and users
> To provide information for the registration system and the systematic analysis of the defects of the service, in order to correct them [https://accounts.huopenair.com/](https://accounts.huopenair.com/)
With the exception of data originating within the organisation of the Data Controllers or originating from computer systems, the data is normally acquired and updated through the data subject or by third parties who manage services related to the pursuit of the purposes indicated below.

7.1.1 Public relations, direct marketing, information and promotional activities

Until otherwise indicated by the data subject, the contact details, postal and email addresses provided may be used to send courtesy communications, newsletters and informative and promotional materials relating to services/products that are similar and/or related to those covered by the existing business relationship. It is understood that the data subject has the right to object at any time to this processing (legal basis: legitimate interest in processing personal data for direct marketing purposes, always taking into account the reasonable expectations of the interested party based on their relationship with the Data Controller [Article 6, para. 1, f] - Legislative Decree 196/2003 art. 130 para.4).

7.1.2 Profiling

The data provided by the data subject, the data relating to their interactions with the platform (e.g.: setting up preferred pages) and relating to the reservations and their purchases may be processed to generate a profile of the data subject aimed at identifying their interests and used mainly to better target the communications and invitations referred to in the previous paragraph, avoiding repetitive or low-interest suggestions. The legal basis for this profiling is consent, obviously optional, and if it is not provided it does not preclude the possibility of registering and using the services made available.

How the data is processed

In relation to the aforementioned purposes, personal data may be processed using mainly computer and telematic instruments, chosen according to criteria of functionality, security and effectiveness. In particular, the data will be stored on a single database managed by Human Company srl and will be accessible to all subsidiaries (indicated in the previous paragraph "THE "DATA CONTROLLER") The personal data referred to in point 1 above will be kept for the duration of the registration of the interested party, and subsequently, without prejudice to the provisions of the rules on the storage of administrative documentation, it will be kept exclusively for the time allowed/imposed by the current legislation applicable to the specific purpose for which the data is processed. The email addresses used for public relations, direct marketing and information will be kept for 12 months following the last communication or contact with the interested party.

Payment management

In order to provide the best possible service with the highest security standards, the management of the payment stages has been entirely entrusted to Stripe Payments Europe, Ltd. - C/O A&L Goodbody, Ifsc, North Wall Quay, Dublin 1 - more information on processing methods and security measures can be found at https://stripe.com/it/ssa. No data relating to credit cards used will be stored by HUMAN COMPANY.

Who can process the data

Data may be processed by the following categories of employees and/or data processors:
> personnel called in by the Data Controllers (company management, administrative staff, communication and marketing staff, administrative staff for managing administrative aspects, etc.);
> personnel responsible for managing and maintaining computer systems and responsible for ensuring the systems' functionality, data security and backup operations;
> subjects (companies /professionals who own the shops), connected or not to the owners who carry out ancillary activities for the purposes stated above, within the limits strictly necessary to carry out the tasks entrusted to them, such as: assistance in the performance or direct execution of tax/accounting/welfare obligations, management of information systems, production/addresses/delivery of the products ordered.

To whom the data can be communicated

Personal data can be communicated or made available to:
> companies associated with the Data Controllers (parent companies, subsidiaries, investee companies or companies subject to the same control) for current administrative and accounting purposes;
> parties who can access the data in accordance with legal, regulatory or statutory requirements, within the limits provided for by such regulations;
> other subjects (companies /professionals), connected or not to the owner, who carry out ancillary activities for the purposes stated above, within the limits strictly necessary to carry out the tasks entrusted to them, such as: financial services, management of computer systems and platforms in support of my hu.
Naturally, all the communications described above are limited to the data necessary for the recipient agency (which will remain an autonomous Data Controller for all subsequent processing) to perform its tasks and/or to achieve the purposes connected with the communication itself, always with reference to the purposes stated above.
Transfer of data abroad Personal data may be transferred abroad, outside the European Union, only at the request of the data subject to entities indicated by them. DISCLOSURE
Personal data will not be disclosed.

When it is mandatory to communicate your data

Communicating and updating the data required at the time of the request or subsequent to this is entirely optional. Obviously, an indication will always be given that in the absence of certain data it will not be possible to register and purchase products and services

8. Data retention

The data communicated, unless otherwise duly indicated by the data subject, will be kept for the time necessary to satisfy the data subject's requests and comply with the law.

In the case of registration to some sections of the site or to the App, the data will be kept until the registration is cancelled, after which retention will continue only if required by law and in accordance with the rules on keeping administrative documentation.

If the data subject has a contractual relationship with the Data Controller, the data will be kept, if relevant to this, for the duration of the contract, after which it will only be further retained if required by law or with the data subject's consent and in compliance with the rules on keeping administrative documentation.

The contact details for which consent has been given to send commercial communications or newsletters will be kept for up to 12 months after the last sending or until the data subject withdraws consent.

9. User rights - Further information

Right of access

The data subject has the right to obtain confirmation from the data controller of whether their personal data is being processed and, if so, to obtain access to the personal data and the following information:
a) the purposes of the processing;
b) the categories of personal data concerned;

c) the recipients or categories of recipients to which the personal data has been or will be communicated, in particular if these are recipients from third countries or international organisations and, in this case, the existence of adequate guarantees;

d) when possible, the expected retention period of the personal data or, if not possible, the criteria used to determine this period;

e) the existence of the data subject's right to ask the data controller to correct or delete personal data or restrict the processing of personal data concerning them, or to object to its processing;

f) the right to lodge a complaint with a supervisory authority;

g) if the data has not been collected from the data subject, any available information on its source;

h) the existence of an automated decision-making process, including profiling, which produces legal effects concerning them or which significantly affects them and, at least in such cases, meaningful information on the logic used, as well as the significance and expected consequences of this processing for the data subject.

Right of rectification
The data subject has the right to have the data controller correct inaccurate personal data concerning them without undue delay.

Right of erasure
The data subject has the right to have the data controller delete personal data concerning them without undue delay, and the data controller is obliged to delete personal data without undue delay if one of the following grounds applies:

a) the personal data is no longer necessary with respect to the purposes for which it was collected or otherwise processed;

b) the data subject revokes the consent the processing is based on and there is no other legal basis for the processing;

c) the data subject objects to the processing, and there is no prevailing legitimate reason to proceed with the processing;

d) the personal data has been processed unlawfully;

e) the personal data must be erased to fulfil a legal obligation under European Union law or under the law of the Member State to which the data controller is subject;

Right to restrict the processing
The data subject has the right to have the data controller restrict the processing where one of the following applies:

a) the data subject contests the accuracy of the personal data, for the period necessary for the data controller to verify its accuracy;

b) the processing is unlawful and the data subject opposes the erasure of the personal data and instead requests the restriction of its use;

c) although the data controller no longer needs the personal data for processing purposes, the personal data is required by the data subject to ascertain, exercise or defend a right in court;

d) the data subject has objected to the processing, pending verification as to whether the data controller's legitimate reasons prevail over those of the data subject.

Right to object
The data subject has the right to object at any time to the processing of personal data concerning them performed for direct marketing purposes, including profiling to the extent that it is connected to such direct marketing.

Right to data portability
The data subject has the right to receive the personal data concerning them, which they have provided to a data controller, in a structured, commonly used and machine-readable format, and has the right to transmit this data to another data controller without hindrance from the data controller the personal data was provided to, when:

a) the processing is based on consent or on a contract; and

b) the processing is performed by automated means.

In exercising their rights regarding data portability, the data subject has the right to have the personal data transmitted directly from one data controller to another, where technically feasible.

10. Some Definitions

Personal data: Any information relating to an identified or identifiable natural person

"Sensitive" personal data NEEDS GREATER PROTECTION AND SPECIAL ATTENTION, and includes personal data that reveals racial or ethnic origin, political opinions, religious/philosophical beliefs or union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data relating to the person's health, sex life or sexual orientation (Article 9 of EU Reg. 2016/679)

Processing: any operation or set of operations, carried out with any means or methods and applied to personal data or sets of personal data (such as collection, recording, organisation, structuring, retention, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, comparison or interconnection, restriction, erasure or destruction)

Data Subject: the natural person the personal data refers to.

Data Controller: the natural or legal person, public authority, service or other body that, individually or together with others, determines the purposes and means of personal data processing.

Data Processor (appointed pursuant to Article 28, EU Reg. 2016/679): the natural or legal person, public authority, service or other body which processes personal data on behalf of the Data Controller.

Legal basis of the processing: the normative principle according to which the described personal data processing can be performed, in many cases coinciding with the declared purpose.

European Economic Area (EEA): EU Member States, Norway, Iceland, Liechtenstein.

11. Terms of use the wireless internet connectivity serivice offered by Human Company

These general conditions relate to the rules for using the wireless Internet connectivity service provided/offered in the common areas of HUMAN COMPANY facilities.

In particular, the service in question allows all those with portable PCs, smartphones, tablets or PDAs equipped with a wireless network card (hereinafter referred to individually as the "Device") to use the wireless internet connection.

HUMAN COMPANY reserves the right to expand and modify the range of features offered within the service.

Users' access to the service is subject to registration and full acceptance of the rules contained in this document

The service is reserved for users over the age of 18 or under the supervision of a parent or someone who exercises parental responsibility

11.1 SERVICE CHARACTERISTICS

The service is offered free of charge; obviously the maximum bandwidth actually available to the user is dependent on the number of users connected and the actual availability at the facility.

HUMAN COMPANY reserves the right to suspend and/or interrupt and/or vary the service at any time and without notice, and in any case cannot be considered responsible towards either the user or third parties for suspension or interruption.

11.2 DURATION OF THE SERVICE AND EFFECTIVENESS OF THE AGREEMENT

The service is aimed at HUMAN COMPANY facility guests:
> who are of legal age,
> who have the legal capacity to act,
> who are the holders and only users of the email address required to complete the registration referred to in Article 3 below

The service remains usable until the registration is revoked.

HUMAN COMPANY reserves the right to suspend and/or interrupt and/or vary the service at any time and without notice, and in any case cannot be considered responsible towards either the user or third parties for suspension or interruption.

HUMAN COMPANY may unilaterally supplement and/or modify this document's terms and conditions at any time and without notice.

Any changes and/or additions may be communicated to the user via the email address provided at the time of registration. Continuing to use the service after such communication effectively implies acceptance of the new conditions.

HUMAN COMPANY reserves the right to modify the characteristics of the Service's functionality.

11.3 USER REGISTRATION

The contract is finalised and therefore concluded when the User, having registered, accepts these Terms and Conditions of Use of the Service.

The possibility of registering is offered through the User's social media profile or by providing a valid email address WHICH THE USER HAS EXCLUSIVE USE OF

Please note that the registration process involves acquiring the MAC address of the device used during the procedure. The acquired MAC address will then be used to identify the user and allow them to access the service, therefore the user, for their own protection, needs to use a device they exclusively control and possess, preferably equipped with adequate security measures (such as passwords or other types of credentials for turning on and using the device)

11.4 IDENTIFYING AND MONITORING THE USER AND THE NETWORK

With reference to the functions that require network connection, the User acknowledges and accepts the existence of the electronic register of the service's operation (Log), maintained and kept by the connectivity services provider within the terms established by law.

The contents of the Log are completely confidential and can only be shown to the competent Authorities upon formal request.

In order to identify the connection's origin with certainty, the User acknowledges that HUMAN COMPANY will identify them, when connected, by means of the MAC address of the device used at the time of registration.

The user is informed that if the device they used to register is then used by third parties, this would allow the latter to use the service in the user's name.

The user has sole responsibility for keeping and looking after their device and any credentials necessary to activate it and access the wifi service; consequently, they remain solely responsible for all uses connected or related to it (including damage and harmful consequences caused to CTA and/or third parties).

11.5 USER OBLIGATIONS

The user agrees not to allow third parties to use the service through the former's device.

The user also undertakes not to use the service for communications that cause damage or disturbance to the network or third parties, or that violate the laws and regulations in force. In particular, by way of example and without limitation, the user undertakes not to introduce material in violation of copyright law, or other intellectual or industrial property rights, onto the network via the service.

The user undertakes:
- not to send advertising and/or promotional messages or communications to other users and/or discussion groups by email without requesting and obtaining the relative consent or without the sending having been explicitly solicited (spam);
- not to violate the secrecy of personal correspondence and the right to confidentiality;
- not to use ad hoc networks or other tools in the coverage areas that could adversely affect the network's performance and violate service users' right to privacy;
- to respect the rules of good conduct in use on the internet, known as "Netiquette", which have become standard through the document known as "RFC 1855";
- not to transmit material and/or messages that encourage third parties to engage in unlawful and/or criminal conduct incurring criminal or civil liability;
- not to put information on the network that may have pornographic, obscene, blasphemous, racist, defamatory, offensive, intolerant or xenophobic forms or content;
- not to engage, on the WiFi network, in any other activity prohibited by state law, international legislation, regulations and customs for using networks and related services.

HUMAN COMPANY reserves the right to unilaterally withdraw the service, at any time, without being obliged to provide any reason, without notice and without having to pay any compensation, if it determines, at its sole discretion, that the user has violated even one of the obligations indicated herein.

11.6 LIABILITY
  • The user is responsible for any violation of the conditions and rules of use of the service and undertakes to indemnify HUMAN COMPANY substantially and procedurally and to hold it harmless from any claim, including from third parties, for any reason whatsoever, in any way caused by violating these conditions and/or violating laws or regulations or administrative measures.
  • The user assumes all responsibility and burden regarding the content and forms of communications made through the service and undertakes to hold HUMAN COMPANY harmless from any claim or action that may be addressed to it by any party as a consequence of such communications. With this liability, the user expressly exempts HUMAN COMPANY from any liability and burden of assessment and/or control in this regard.
  • The user undertakes to hold HUMAN COMPANY harmless from all losses, damages, costs and charges, including any legal fees, which may be incurred by HUMAN COMPANY as a result of the use of the service made available to the user.
  • HUMAN COMPANY will not be liable to the user and/or its assignors or assignees and to third parties for direct, indirect or consequential damages, and for losses and costs incurred as a result of interruptions, suspensions, delays or any malfunctions in the delivery of the service.
11.7 APPLICABLE LAW AND JURISDICTION

The conditions and rules for using the service described in this document are governed by Italian law. For anything not expressly covered, current legislation applies.

For any disputes that may arise in relation to the service, including disputes over the interpretation, effectiveness, validity and execution of these conditions and rules of use, the Court of Florence will have exclusive jurisdiction.