Privacy policy

Data protection privacy statement

This privacy statement clears up about the nature, the scope and purpose of the processing of personal data (hereafter short “data”) within our website and the Web pages associated with it, functions and content as well as external online presences, such as our social media profiles on (hereinafter together referred to as “Online services”). In regard to the terminology used, please refer to the definitions in article 4 of the data protection Regulation.


Villa di Meleto via di Meleto 19 I-50051 Castelfiorentino



Types of processed data

– Inventory data (E.g., names, addresses).
– Contact information (E.g., email, phone number)
– Content data (for example, text entries, photographs, videos)
– Used data (E.g., interest in content, access times visited Web pages,)
– Meta – / communication data (for example, device information, IP addresses).

Categories of people concerned
– visitors and users of the website (below refer to the people concerned collectively as “Users”).

Purposes of processing
– provision of the website, its features and content.
– Respond to contact requests and communicating with users
– security measures.-audience measurement/marketing

Used terms

“Personally identifiable information” is any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); a natural person is regarded as identifiable, the directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, to site data to an online ID (E.g.Cookie) or to one or more specific characteristics identified can, which are an expression of physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Processing” is anyone with or without the help of automated procedures performed operation or every such operation number in connection with personal data. The concept goes a long way and includes practically every dealing with data.” Use of pseudonyms” the processing of personal data in such a way that the personal data without using additional information of no longer a specific person concerned can be associated, if these additional Information is kept separately and are subject to technical and organisational measures that ensure that the personal data is assigned to one identified or identifiable natural person. “Profiling” any kind of automated processing of personal data, that is, that these personal data are used to evaluate certain personal aspects relating to a natural person, in particular to aspects with regard to job performance, economy, health, personal preferences, interests, reliability, behavior, to analyze the place of residence or change of location of that natural person or to predict. The natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of personal data alone or jointly with others, is known as “Responsible”. “Processor” a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Measures of Security

Security measures we take in accordance with art. 32 DSGVO, taking into account the State of technology, the implementation costs and the type, scope, the circumstances and the purposes of the processing, as well as the different probability and Severity of the risk to the rights and freedoms of individuals, appropriate technical and organisational measures to ensure a level of protection commensurate with the risk. In particular ensuring the confidentiality, integrity and availability of data among the measures by controlling physical access to data, as also concerning him or her access, input, sharing, securing availability and their Separation.

Furthermore we have established procedures, a perception of affected rights, deletion of data and response to risk of data guarantee.

Also we already take into account the protection of personal data in the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and privacy-friendly default settings (art.)25 DSGVO).

Cooperation takes place with subcontractors and any third party unless we reveal information to other persons and companies (subcontractors or third parties) during our processing, submit it to them or otherwise provide them access to the data, only on the basis of a legal permit (E.g. If a transfer of data to third parties, such as to payment, pursuant.Art. 6 ABS. 1 lit.b DSGVO to the performance of the contract is required), you have given your consent, so provides a legal obligation or on the basis of our vested interests (E.g.the use of agents, Web hosting providers, etc.). Unless we so-called third parties to process data based on one. “Order processing contract” hire, is done on the basis of the art. 28 DSGVO

Transfers to third countries

If we transfer data to a third country (i.e.process outside the European Union (EU) or the European economic area (EEA)) or in the context of the use of services of third parties, or disclosure, or transfer of data to third parties is done, this is only allowed if it is done to meet our (pre) contractual obligations, upon your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual licences, process or we let the data to a third country only when the existence of the special requirements of the type.44 et seq. DSGVO Basic of special guarantees, such as determining officially recognized, one of the appropriate level of data protection (E.g. for the United States through the “Privacy shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).

Rights of the persons concerned

You have the right to ask whether the data will be processed a confirmation and information about these data, as well as on more information and copy of the data according to art.15 DSGVO. You have according to Art.16 DSGVO the right to demand the completion of data relating to you or the correction of inaccurate data concerning you.

You have according art. 17 DSGVO the right to require that data be deleted immediately, or alternative in accordance with art. 18 DSGVO to ask for a restriction of the processing of data. You have the right to request that the personal data you have provided to us in accordance with art. 20 DSGVO and submitting them to other officials to demand. You have also according Art. 77 DSGVO the right to submit a complaint to the competent supervisory authority.

Right of withdrawal

You have the right granted according Art. 7.3 DSGVO with effect for the future to revoke right of objection to the future processing of personal data in accordance with art 21 DSGVO.

Right to opposition

You can oppose to future processing of personal data. The opposition can be made in particular to the processing for direct marketing purposes.

Cookies and right of objection to direct marketing

As “Cookies” are small files referred to, which are stored on computers of users. Different readings can be stored within the cookies. A cookie is primarily used the information to a user (or to store the device where the cookie is stored) during or after his visit within a website.” As a temporary cookies, or” Session cookies” or “transient cookie”, are called cookies, deleted after a user leaves an online offer and closes his browser. eg contents of a shopping cart in an online store or a login traffic jams can be stored in a such cookie. Cookies are called “permanent” or “persistent”, which will be retained after the browser is closed. So the login status can be saved when the users search them for several days. As the interests of users, it can be stored in such a cookie used for audience measurement, or marketing purposes. Cookies are referred to as “Third party cookies”, which are offered by other vendors as the person in charge, who runs the online offer, (otherwise, if they are only the cookies it is called “First-Party Cookies”).

We may use temporary and permanent cookies and enlighten about this in our privacy policy .If users do not want that cookies are stored on your computer, they will be asked the appropriate option in the system settings of your browser to disable. Stored cookies can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional limitations of this online offer. A general opposition to the use of cookies for purposes of online marketing in a variety of services, especially in the case of tracking, on the American side of or the EU side can http:// are explained. Also, the storage of cookies can be achieved using whose cut-off in the settings of your browser. Please note that if necessary, not all functions of this website can be used.

Deletion of data

The data processed by us are in accordance with the art.17 and 18 DSGVO deleted or restricted in their processing. If not explicitly specified in the context of this privacy policy, the data stored with us are deleted as soon as they are no longer required for its intended purpose and no statutory retention obligations preclude deletion. If the data is not deleted because they are required for other legally permissible purposes, the processing is restricted. Eg the data is locked and not processed for any other purpose.This is for example for data that must be kept for commercial or fiscal reasons. According to legal requirements in Germany, is the storage for 10 years in accordance with §§ 147 para1 AO, 257 ABS. 1 Nr. 1 and 4, paragraph4 HGB (books, records, reports, accounting records, books, for taxation-related documents, etc.) and 6 years in accordance with § 257 ABS.1 Nr. 2 and 3, ABS. 4 HGB (commercial letters).According to statutory provisions in Austria is storage for 7 J in accordance with § 132 paragraph1 BAO (accounting records, receipts/invoices, accounts, documents, business papers, statement of revenue and expenditure, etc.), for 22 years in connection with land and for 10 years at documents relating to electronic services, Telecommunication, radio and television services provided to non-entrepreneurs in EU Member States and for which the mini-one-stop-shop (MOSS) claim is taken.

Business-related processing

Iin addition we process contract data (E.g., subject matter, maturity, customer category).-Payment data (E.g., bank details, payment history) from our customers, prospects and business partners for the purpose of provision of contractual services, service and customer care, marketing, advertising and market research. We handle administration, accounting, Office management, contact management data in the framework of administrative tasks and organization of our operations, financial accounting and compliance with the legal obligations such as archiving. Here we process the same data that we process in the framework of the provision of our services. The basics of processing are art. 6.1 DSGVO. Customers, prospects, partners and Web site visitors are concerned by this processing. The purpose and our interest in the processing of archiving of data is to maintain our business activities, our duties and guarantee our services. The deletion of data relating to contractual services and the contractual communication corresponds to the information referred to in these processing activities. We reveal or transmit data to the financial management, consultants, accountants or auditors and other fees set and payment service provider. In addition, we save on basis of our economic interests, information regarding suppliers, operators and other business partners. We save data for the purpose of later contracts. We save these mostly business-related data permanently.


The hosting services used by us are serves for provision of the following services: infrastructure and platform services, compute, storage and database services, security services and technical for the purpose of the operation of this website. Therefore we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta – and communication data from customers, prospective customers and visitors of this website on the basis of our legitimate interests according to a safe and efficient provision of this website. (Art. 6 ABS. 1 lit.f DSGVO i.V.m.Art. 28 DSGVO).

Collection of access data and log files

We, or our hosting provider, collect on basis of our legitimate interests within the meaning of art.6 ABS. 1 lit.f.DSGVO data on every access to the server on which this service resides (so-called server log files). The access data include: name of the retrieved Web page, file, date and time of the retrieval, amount of data, message about successful retrieval, browser type and version, the operating system of the user, referrer URL (the previously visited page), IP address, and the requesting provider. Log file information are reasons (eg for elucidation of abuse or fraud) stored for the duration of 7 days and then deleted. Data, which more conservation is required for evidentiary purposes are excluded from deletion until final clarification of the incident. Log file information is stored for security reasons (e.g. to the elucidation of abuse or fraud) for a period of 7 days and then deleted. Data, for which more conservation is required for evidentiary purposes, are excluded from deletion until final clarification of the incident.

Online presences in social media

We have online presences within social networks and platforms, for the purpose to communicate to and inform active customers, prospective customers and users about our services there. When you call of the respective networks and platforms, the terms and conditions and the data processing guidelines of this networks and platforms and their respective operators are applied. Unless otherwise specified in our privacy policy, we process the data of the user when they communicate with us within the social networks and platforms, e.g.write posts on our online presence or send messages to us.

Third part offers

On basis of our legitimate interests (i.e. integration of services and content Interest in the analysis, optimization and economic operation of our online offer within the meaning of art.6 ABS. 1 lit.f.DSGVO) we use contents or services from third-part offers, such as videos or fonts to be embed (hereinafter uniformly referred to as “Content”).

This always assumes that the third-part provider of such content, perceive the IP address of the user, because they could not send the content without the IP address to their browser. The IP address is required for the presentation of this content. We try to using only such content, their respective provider use the IP address only for the delivery of content.   Third part provider can also use pixel tags (invisible graphics, also referred to as “Web Beacons”) for statistical and marketing purposes. Information such as the visitor traffic on the pages of this website can be evaluated by the “pixel tags”. The pseudonymous information can be stored in cookies on the user’s device and include technical information about the browser and operating system, referring Web sites, visit time and further information on the use of our online offer contain, as well as be connected with such information from other sources.

Google Maps

We integrate the maps of the service “Google maps” of the provider Google LLC, 1600 Amphitheatre Parkway, mountain view, CA 94043, USA. The processed data can include in particular IP addresses and location information of users but not collected without their consent (generally as part of their mobile devices settings) occurred. The data can be processed in the United States. Privacy Policy:, opt-out:

Use of facebook plugins

We use, on basis of our legitimate interest, (e.g. interest on the analysis, optimization and economic operation of our online offer within the meaning of art.6 ABS. 1 lit.f.DSGVO) social plug-ins (“plug-ins”) of the social network, which is operated by the Facebook Ireland Ltd., 4 Canal square, Grand Canal Harbour, Dublin 2, Ireland Grand (“Facebook”). The plug-ins can represent interaction elements or content (e.g. videos, graphics or texts) which can be recognized by one of the Facebook logos (white “f” on a blue background, the terms “Like”, “I like it” or a “thumbs up” sign) or marked with the addition “Facebook Social Plugin”. The list and the look of the Facebook social plugins can be viewed here:

Facebook is certified under the privacy shield agreement and this provides a guarantee to comply with European data protection law (

If a user calls a function of this website, which contains such a plugin, his device builds a direct connection with the Facebook servers. The contents of the plugin is transmitted directly to the device of the user’s Facebook and incorporated into the online offering from this. This usage profiles of the users can be created from the processed data. We have therefore no effect on the amount of data, which Facebook using this plugin collects and it informs the users therefore according to our level of knowledge.

Through the integration of plugins, Facebook gets the information that a user has called on the relevant page of the website. If the Facebook user is logged in, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example the like button, or leave a comment, the information from your device is directly delivered to Facebook and stored there. If a user is not a member of Facebook, it is still possible, that Facebook recognize its IP address and stores it. According to Facebook, only an anonymous IP address is stored in Germany.

You can find the purpose and scope of data collection and further processing and use of data by Facebook and the rights and options for protecting the privacy of the users, the privacy of Facebook here: https://

If a Facebook user do not want that Facebook via this online offer collects data about him and linked to its member data stored on Facebook, he must log out before the use of our online offer on Facebook and delete its cookies. More settings and contradictions to the use of the data for advertising purposes, are possible within the Facebook profile settings: or, or that the American page EU page The settings are platform-independent, which means that they are transferred for all devices, like desktop computers or mobile devices.

Created with                         RA Dr. Thomas Schwenke

You may also like...