Skip to main content Skip to footer

Privacy Policy

(pursuant to Regulation (EU) 2016/679 – GDPR)

1. Data Controller

Grotte di Frasassi S.r.l.
Registered office: Largo Leone XII, 1 – 60040 Genga (AN), Italy
VAT No.: 00222050429
Email: privacy@frasassi.com
The Data Controller processes personal data in compliance with Regulation (EU) 2016/679 (GDPR) and applicable national legislation.

2. Data Protection Officer (DPO)

The Data Controller has appointed a Data Protection Officer (DPO) pursuant to Articles 37–39 of the GDPR:
PIX S.r.l.
Designated contact for DPO functions: Pietro Forconi
DPO Email: dpo@pixpix.it
The DPO operates with full autonomy and independence from the operational data processing activities.

3. Categories of Data Processed
  1. Browsing Data
    During their normal operation, the website's IT systems automatically acquire certain personal data whose transmission is inherent in the use of Internet protocols (e.g. IP addresses, logs, technical data). Such data are used exclusively to:
    • ensure the proper functioning of the website;
    • guarantee system security;
    • generate anonymous statistics on website usage.
  2. Data Voluntarily Provided by the User
    Through the forms available on the website, users may voluntarily provide:
    • first and last name;
    • email address;
    • city of residence.
    Providing such data is optional, but necessary in order to be contacted or to receive the requested communications.
4. Purposes of Processing and Legal Bases

The personal data collected through the website are processed for the following purposes:

  1. Managing Contact Requests
    Responding to requests for information or communications submitted by the user.
    Legal basis:
    Article 6(1)(b) GDPR (pre-contractual measures).
  2. Marketing and Communication Activities
    Subject to the user's explicit consent, contact details may be used for:
    • sending newsletters and promotional communications;
    • providing updates on events, initiatives, activities, and projects related to the Frasassi Caves.
  3. Legal basis:
    Article 6(1)(a) GDPR (consent).
    Consent may be withdrawn at any time.
  4. Statistical Analysis
    Anonymous and aggregated analysis of website usage aimed at improving the website's content and services.
    Legal basis:
    Article 6(1)(f) GDPR (legitimate interest).
5. Processing Methods

Personal data are processed using IT and electronic tools in accordance with the principles of lawfulness, fairness, transparency, and data minimization, adopting appropriate security measures pursuant to Article 32 GDPR.
No automated decision-making processes or profiling activities are carried out.

6. Data Processors and Data Recipients

For the performance of certain technical and IT-related activities, the Data Controller relies on external service providers appointed as Data Processors pursuant to Article 28 GDPR, including:

  • PIX S.r.l., which is responsible for:
    • the technical management of the website;
    • hosting on servers managed by PIX S.r.l. and on cloud computing services provided by Retelit;
    • maintenance and updates of the platform;
    • the systems responsible for processing the submission and receipt of data entered through online forms.

Within PIX S.r.l., technical operational activities are carried out under the responsibility of the designated technical contact, Debora Sincini, who is separate from the designated contact performing DPO functions.

Personal data may also be processed by duly authorized personnel of the Data Controller and by any additional IT service providers appointed as Data Processors.
Personal data are not disclosed or transferred to third parties for commercial purposes.

7. Place of Processing and Transfers Outside the EU

Processing related to the website's web services takes place at:

  • the Data Controller's premises;
  • the infrastructures and systems managed by PIX S.r.l., including cloud computing services provided by Retelit, located within the European Union / European Economic Area (EEA).

Any transfers of personal data to countries outside the EU resulting from the use of third-party tools (e.g. marketing or analytics services) are carried out in compliance with Articles 44 et seq. of the GDPR and are described in the Cookie Policy.

8. Data Retention Period
  • data collected for contact requests: for the time necessary to manage the request;
  • data processed for marketing purposes: until consent is withdrawn;
  • browsing data: according to the retention periods specified in the Cookie Policy.
9. Data Subjects' Rights

Users may exercise the rights provided for under Articles 15–22 GDPR, including:

  • right of access;
  • right to rectification;
  • right to erasure;
  • right to restriction of processing;
  • right to object;
  • right to withdraw consent.
Requests may be sent to:
privacy@frasassi.com
Data subjects also have the right to lodge a complaint with the competent Data Protection Supervisory Authority.

10. Cookies

For information regarding the use of cookies and similar technologies, please refer to the website's Cookie Policy.

11. Links to External Websites and Social Networks

The website may contain links to external websites and official social media pages.
Accessing such platforms involves the processing of personal data by third parties acting as independent Data Controllers. Users are encouraged to consult the relevant privacy policies.

12. Changes to this Privacy Policy

This Privacy Policy may be updated from time to time.
The most up-to-date version is always available on this page.




Last updated: January 28, 2026