**Vitti’s Home as the Data Controller**

Vitti’s Home, acting as the Data Controller of personal data, in accordance with EU Regulation 2016/679 (“GDPR”), intends to accurately describe the management of personal data processing of users through this “Privacy and Cookie Policy.” The following information is to be understood as the Privacy Notice provided in accordance with Article 13 of the GDPR to those who interact with the Website and complies with Recommendation No. 2/2001 on the minimum requirements for collecting online data in the European Union, adopted on May 17, 2001, by the EDPB (European Data Protection Board, formerly WP29).

**Contact Details of the Data Controller**

We inform you that the Data Controller is Vitti’s Home, with its registered office at: Via del perlar 35 – 37135 VR – ITALY, VAT Number 04429830237.

**Limitation of Liability**

The Data Controller cannot be held responsible in any way for damages of any kind caused directly or indirectly by accessing the website, the inability or impossibility to access it, and the use of the information contained therein. Links to external websites are provided as a simple service to users, with no responsibility for the accuracy and completeness of the links provided.

The Data Controller also reserves the right to modify or simply update the content of the website, in whole or in part, also due to changes in Applicable Regulations. The date of the last update is indicated at the bottom.

**Data Processing Methods**

In order to ensure adequate security and protection of personal data, the Data Controller has adopted effective technical and organizational measures that are, if necessary, reviewed and updated.

The data collected are adequate, relevant, accurate, up-to-date, and processed lawfully, correctly, transparently, and in accordance with the principles set out in Article 5 of the GDPR, using electronic and non-electronic tools, by individuals or legal entities formally authorized and instructed by the Data Controller to process Personal Data, who have committed to confidentiality or have an adequate legal obligation of confidentiality. In particular, your personal data is processed by the personnel of the undersigned as “authorized data processors” in accordance with the principle of “data minimization,” within the limits of the purpose for which they were collected. Your personal data is processed in compliance with the current regulations on the protection of personal data. Data concerning your person is recorded and stored in computer databases.

**Types of Data Processed**

The website serves the purpose of:

– Providing various information such as products offered by the Data Controller;
– Data provided by the user.

Among the Personal Data collected by this Application, either independently or through third parties, are: Tracking Tool; name and surname; Usage Data; email.

Complete details on each type of data collected are provided in the dedicated sections of this privacy policy or through specific informative texts displayed before the data is collected.

Unless otherwise specified, all data requested by this Application is mandatory. If the User refuses to provide them, it may be impossible for this Application to provide the Service. In cases where this Application indicates some data as optional, Users are free to refrain from communicating such data without any consequences on the availability or functioning of the Service.

The Users who have doubts about which data are mandatory are encouraged to contact the Data Controller.

The possible use of Cookies – or other tracking tools – by this Application or by third-party service providers used by this Application, unless otherwise specified, serves the purpose of providing the Service requested by the User, as well as any other purposes described in this document and in the Cookie Policy, if available.

The User is responsible for the Personal Data of third parties obtained, published, or shared through this Application and guarantees that they have the right to communicate or disseminate them, releasing the Data Controller from any liability to third parties.

The Data Controller will process this data in compliance with the current regulations on the protection of personal data. They may refer to the User or to third parties who have expressly authorized the User to provide them based on a suitable legal basis legitimizing the processing of the data in question. In such cases, the User acts as an independent data controller, assuming all legal obligations and responsibilities. The User therefore grants the broadest indemnity with respect to any dispute, claim, request for compensation for damages that may be received by the Data Controller from third parties whose Personal Data has been processed through the use of the Website in violation of the current regulations on the protection of personal data. Any liability for providing false, misleading, not in good faith, or otherwise different from the truth information is entirely the responsibility of the party providing such information.

**Navigation Data**

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This information is not collected to be associated with identified individuals, but by its very nature, it could allow the identification of users through processing and association with data held by third parties.

This category of data includes IP addresses or domain names of the computers used by users who connect to the site, addresses in URL notation (Uniform Resource Locator) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters related to the operating system and the user’s computer environment.

This data is used solely to obtain anonymous statistical information about the use of the site and to check its correct functioning.

Furthermore, this data may be used, at the request of the competent judicial authority and in compliance with the law, to ascertain liability in the event of computer crimes against the site.

**Cookies**

Whenever the user accesses this website, they accept the use of cookies as described below.

Cookies are short pieces of text (letters and/or numbers) that allow the web server to store information on the client (the browser, e.g., Internet Explorer, Chrome, Firefox, Opera…) to be reused during the same visit to the site (session cookies) or later, even days later (persistent cookies).

They are an essential part of the operation of our website: their main purpose is to improve the user’s browsing experience. In the case of system cookies, for example, they help us remember preferences (language, country, etc.) of individual users during navigation and during future visits. Other cookies allow us to collect information to improve our website by adapting it to the individual interests of users or by speeding up searches.

Cookies are stored, depending on the user’s preferences, by the individual browser on the specific device used (computer, tablet, smartphone).

Based on their characteristics and use, cookies can be categorized as follows:

Strictly necessary cookies: These are essential cookies for the proper functioning of the Website, used to manage various services related to websites (such as login or access to reserved functions on websites). The duration of these cookies is strictly limited to the work session, or they may use a longer retention time to remember the visitor’s choices. Disabling strictly necessary cookies may affect the user experience and functionality of the website.

Analytical cookies: These cookies are used to collect and analyze traffic and website usage anonymously. These cookies, although not identifying the user, allow, for example, to detect if the same user reconnects at different times. They also allow monitoring of the system and improving its performance and usability. Disabling these cookies can be done without any

loss of functionality and will be discussed in detail later.

Profiling cookies: These are persistent cookies used to identify (anonymously and non-anonymously) user preferences and improve their browsing experience. For more information on these cookies not used by the Website, please visit the specific section on the garanteprivacy.it/cookie website.

This website uses the following cookies:

[cookie_audit]

Most browsers automatically accept cookies, but you can change your settings to delete cookies or prevent them from being accepted. The following links explain how to control cookies in different browser types. This choice will apply to all websites visited.

Internet Explorer: https://support.microsoft.com/en-us/kb/278835/it

Chrome: https://support.google.com/chrome/answer/95647?hl=it

Firefox: https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie?redirectlocale=en-US&redirectslug=Enabling+and+disabling+cookies

Safari: https://support.apple.com/it-it/HT201265

Android: http://support.google.com/mobile/bin/answer.py?hl=en&answer=169022

**Legal Basis for Processing**

The data provided by the user through the Website will be processed exclusively to respond to the request received through the website. The legal basis for the processing can be found in:

– The execution of a contract of which the data subject is a party or the execution of pre-contractual measures taken at the request of the data subject (Art. 6, par. 1.b of the GDPR).
– Consent to the processing of personal data by the data subject for one or more specific purposes (Art. 6.1.a of the GDPR).
– The fulfillment of legal obligations (Art. 6.1.c. of the GDPR).

Subject to your free and explicit consent, it will also be possible to send you commercial information about the products and offers of the data controller.

All data collected through the website may also be used for the purpose of ascertaining, exercising, or defending a right in court or whenever the authorities exercise their judicial functions.

Analytical cookies may be used for website optimization purposes. The legal basis for processing is represented by the pursuit of a legitimate interest of the data controller (Art. 6, par. 1.f of the GDPR).

They can also be used anonymously for research or statistical analysis. Since it is not possible to identify the data subject, this activity does not constitute processing of personal data.

These data processing activities are considered legitimate under the applicable data protection regulations (EU Regulation 2016/679 and Legislative Decree 196/2003 and subsequent amendments).

**Social Plugins: Facebook, Google Maps, Instagram, and Youtube**

By selecting the button with the logo of the social forum, the browser will create a direct link to the relevant servers. If you are logged into it, the page will be added to your active account on it. If you do not want your personal data to be sent, you must disconnect from the social forum before accessing the web pages where the plugin is located. However, cookies containing information such as IP address, visited site, date, and time of access, plus other information not identifiable by the site, will still be sent. To learn about the methods and purposes of this processing, please carefully read the data protection information provided by the individual social forums.

**Retention Period of Personal Data**

The data collected will be processed for the time strictly necessary to achieve the purposes indicated in this notice and up to the time permitted by Italian law to protect its interests (Art. 2947 of the Civil Code). Further information regarding the retention period of Personal Data and the criteria used to determine it can be requested by sending a registered letter with return receipt to the Data Controller.

**Transfer of Data Outside the European Economic Area**

Personal Data will not be transferred to entities outside the European Economic Area and will not be disclosed.

**Subjects or Categories of Subjects to Whom Data May Be Communicated**

Personal Data may be shared with:

– Individuals authorized by the Data Controller to process Personal Data who have committed to confidentiality or have an adequate legal obligation of confidentiality (e.g., employees, collaborators…).
– Subjects necessary for the provision of services offered by the Website, including, for example, sending emails and analyzing the operation of the Website, who typically act as data processors.
– Any other subjects to whom the applicable legal and/or contractual regulations provide for an obligation to communicate.
– Judicial authorities in the exercise of their functions when required by Applicable Regulations.
– Corporate legal consultants, as external Data Processors, for the resolution of any legal issues related to the purchase contract.

The complete list of subjects to whom data may be communicated can be requested from the Data Controller.

**Rights of the Data Subject**

Within the limits of the Applicable Regulations on the protection of personal data (EU Regulation 2016/679 and Legislative Decree 196/2003 and subsequent amendments), as a data subject, you have the right to request access to your Personal Data at any time by contacting the Data Controller and:

– Obtain the deletion or transformation into anonymous form or blocking of data processed in violation of the law.
– Obtain the updating, rectification, and integration of data.
– Obtain certification that such changes have been brought to the attention of those to whom the data has been communicated.
– Object to the processing of data for legitimate reasons or to any automated decision-making process.
– Obtain the restriction of processing or portability to another Data Controller.
– Withdraw consent to processing for the purposes mentioned above, without affecting the lawfulness of processing based on consent before withdrawal.
– Obtain, in a structured, commonly used, and machine-readable format, the data concerning you.

As a data subject, you also have the right to lodge a complaint with the competent supervisory authority (the Data Protection Authority) if you believe that the processing of your Personal Data does not comply with current regulations.

Last revision: 28/08/2023.