Frasassi Experiences App Privacy Policy
The purpose of this document is to inform Users about the Personal Data collected by the Frasassi Experiences App (hereinafter the “Application”).
The Data Controller, as identified below, may modify or simply update this Privacy Policy, in whole or in part, informing Users accordingly. Changes and updates will be binding as soon as they are published on the Application. Users are therefore invited to read the Privacy Policy each time they access the Application.
If the User does not accept the changes made to this Privacy Policy, they must stop using this Application and may request the Data Controller to remove their Personal Data.
Personal Data collected by the Application
The Data Controller collects the following types of Personal Data:
Content and information voluntarily provided by the User
Minors may provide personal data only with parental consent.
Contact data and content: these are Personal Data that the User voluntarily provides to the Application during its use, such as personal details, contact information, login credentials for services and/or products provided, interests and personal preferences and other personal content, etc.
Failure by the User to provide Personal Data, where there is a legal or contractual obligation, or where such data is required for the use of the service or for the conclusion of a contract, will result in the impossibility for the Data Controller to provide its services.
The User who communicates Personal Data of third parties to the Data Controller is directly and exclusively responsible for their origin, collection, processing, communication or dissemination.
Data and content automatically acquired during the use of the Application
Technical data: the IT systems and software procedures used to operate this Application may acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols. This information is not collected in order to be associated with identified Users, but by its very nature could, through processing and association with data held by third parties, allow Users to be identified. This category includes IP addresses or domain names of the devices used by Users to connect to the Application, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained, etc.
Usage data: data relating to the User’s use of the Application may also be collected, such as pages visited, actions performed, features and services used.
Personal Data collected via cookies or similar technologies
This Application uses cookies, web beacons, unique identifiers and other similar technologies to collect data on pages, links visited and other actions you perform when using our Services, within advertising content or emails. These are stored to be transmitted again to the same sites on the User’s next visit.
The User can view the full Cookie Policy at the following address: https://www.frasassi.com/cookie-app-frasassi-experiences.aspx?l=en.
Purposes
The Personal Data collected may be used for the performance of contractual and pre-contractual obligations, as well as legal obligations, and for the following purposes:
- sending emails or newsletters and managing mailing lists
- storage, hosting and backend infrastructure management
- User registration and authentication (only older versions)
- the use of the camera permission is exclusively for scanning the QR code to load the correct audio guide
- the use of location permission is for displaying distances and finding nearby services such as restaurants and hotels
Methods of processing
The processing of Personal Data is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated.
In some cases, persons involved in the organization of the Data Controller (such as personnel management staff, commercial staff, system administrators, etc.) or external parties (such as IT companies, service providers, postal couriers, hosting providers, etc.) may also have access to Personal Data. These parties may be appointed, where necessary, as Data Processors by the Data Controller and may access Users’ Personal Data whenever necessary and will be contractually obliged to keep them confidential.
The updated list of Data Processors can be requested by email at info@frasassi.com.
Legal basis for processing
The Data Controller processes Personal Data relating to the User if one of the following conditions applies:
- the User has given consent for one or more specific purposes
- the processing is necessary for the performance of a contract with the User and/or for the implementation of pre-contractual measures
- the processing is necessary to comply with a legal obligation to which the Data Controller is subject
- the processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party
In any case, it is always possible to request the Data Controller to clarify the specific legal basis of each processing activity.
Location
The Data is processed at the operating offices of the Data Controller and in any other place where the parties involved in the processing are located. For further information, please contact the Data Controller at the following email address info@frasassi.com or at the following postal address Largo Leone XII, n 1 - 60040 Genga (AN).
For such countries there is an adequacy decision of the European Commission or, in the absence of such a decision, more information can be requested from the Data Controller regarding the appropriate safeguards adopted, as well as the means to obtain a copy of such Data or the exact location where they have been made available.
Security measures
The processing is carried out in such a way and with tools suitable to ensure the security and confidentiality of the Data, the Data Controller having adopted appropriate technical and organizational measures that ensure, and allow to demonstrate, that the processing is carried out in compliance with the applicable regulations.
Data retention period
The Data Controller will process Personal Data for the time necessary to fulfill the purposes related to the performance of the contract between the Data Controller and the User and in any case not longer than 11 years from the termination of the relationship with the User and in any case until the expiry of the limitation period provided for by applicable law.
Where the processing of Personal Data is necessary for the purposes of the legitimate interests pursued by the Data Controller, the Personal Data shall be retained until such interest is satisfied.
Where the processing of Personal Data is based on the User’s consent, the Data Controller may retain the Personal Data until such consent is withdrawn.
Personal Data may be retained for a longer period if necessary to comply with a legal obligation or by order of an authority.
All Personal Data shall be deleted upon expiry of the retention period. Upon expiry of such period, the right of access, deletion, rectification and the right to data portability can no longer be exercised.
Automated decision-making processes
All Data collected will not be subject to any automated decision-making process, including profiling, which may produce legal effects concerning the person or similarly significantly affect them.
User rights
Users may exercise certain rights with reference to the Data processed by the Data Controller. In particular, the User has the right to:
- withdraw consent at any time;
- object to the processing of their Data;
- access their Data;
- verify and request rectification;
- obtain restriction of processing;
- obtain deletion of their Personal Data;
- receive their Data or have it transferred to another controller;
- lodge a complaint with the supervisory authority for personal data protection and/or take legal action.
To exercise their rights, Users may send a request to the contact details of the Data Controller indicated in this document. Requests are made free of charge and processed by the Data Controller as quickly as possible, in any case within 30 days.
Data Controller
The Data Controller is Grotte di Frasassi Srl - Largo Leone XII, n 1 - 60040 Genga (AN) - marketing@frasassi.com - PEC: frasassi@pec.it - VAT No. 00222050429.
Last updated: 10/06/2021





