MUNTAGNA
Privacy Policy
This privacy policy is provided pursuant to EU Regulation 2016/679 (hereinafter “GDPR”) and describes how personal data of users visiting muntagna.it and subscribing to the MUNTAGNA newsletter is processed.
1. Data Controller
The Data Controller for the processing of personal data is:
SFV S.R.L. VAT 05881360878 Email: info@sfv.srl PEC: sfv@pec.it
2. Types of Data Collected
2.1 Data Provided Voluntarily by the User
The only personal data actively collected by this website is the email address, voluntarily provided by the user by filling out the newsletter subscription form in the “MUNTAGNA is still taking shape” section.
Providing an email address is optional, but failure to do so will make it impossible to receive updates and communications about the MUNTAGNA project.
2.2 Browsing Data
The computer systems and software procedures used to operate this website do not acquire, in the course of their normal operation, personal data whose transmission is implicit in the use of Internet communication protocols.
The website does not use any analytics, tracking, or profiling systems. For further details, please refer to the Cookie Policy.
3. Purposes of Processing
The data collected is processed for the following purposes:
- Sending updates on the progress of the MUNTAGNA project (renovation, opening, news)
- Sending promotional and commercial communications relating to the MUNTAGNA project, including offers, promotions, and marketing activities
- Administrative management of newsletter subscribers
The data will never be disclosed to third parties for marketing or profiling purposes by external entities.
4. Legal Basis for Processing
The processing of personal data is based on the explicit and informed consent of the data subject (Art. 6(1)(a) of the GDPR), given by checking the relevant checkbox in the subscription form.
Consent may be freely withdrawn at any time, without affecting the lawfulness of processing carried out prior to withdrawal.
5. Processing Methods
Data processing is carried out through computer and electronic tools, with logic strictly related to the stated purposes and in such a way as to ensure the security and confidentiality of the data.
Specific security measures are adopted to prevent data loss, unlawful or improper use, and unauthorized access.
6. Communication and Disclosure of Data
The personal data collected is not subject to disclosure and is not communicated to third parties, except as specified below with regard to technical service providers.
The following may have access to the data:
- Personnel and collaborators of the Data Controller, in their capacity as authorized processors
- Any third-party companies providing technical services, appointed as Data Processors pursuant to Art. 28 of the GDPR
7. International Data Transfers
For the management and sending of emails, the service Elastic Email (Elastic Email Inc., 329 Howe St PMB 2135, Vancouver, BC V6C 3N2, Canada) is used, appointed as Data Processor pursuant to Art. 28 of the GDPR.
Elastic Email Inc. is based in Canada, a country that benefits from an adequacy decision by the European Commission pursuant to Art. 45 of the GDPR. The transfer of data to Canada therefore takes place on an adequate legal basis.
Further information about Elastic Email’s privacy policy is available at: https://elasticemail.com/resources/usage-policies/privacy-policy ↗.
8. Data Retention Period
Personal data is retained for the time necessary to pursue the purposes for which it was collected and, in particular:
- Until the user requests deletion by withdrawing consent
- Until the user exercises the right to object to processing
- In the event of prolonged inactivity, the Data Controller reserves the right to delete data after a reasonable period of time
Withdrawal of consent or a deletion request will result in the immediate removal of the email address from the distribution list.
9. Data Subject Rights
Pursuant to Articles 15–22 of the GDPR, the data subject has the right to:
- Access (Art. 15): obtain confirmation as to whether processing is taking place and access their personal data
- Rectification (Art. 16): have inaccurate personal data corrected or incomplete data completed
- Erasure (Art. 17): have their personal data erased (“right to be forgotten”), subject to any legal obligations
- Restriction (Art. 18): obtain restriction of processing under certain conditions
- Portability (Art. 20): receive personal data in a structured, commonly used, and machine-readable format
- Objection (Art. 21): object to the processing of personal data on grounds relating to their particular situation
- Withdrawal of consent (Art. 7(3)): withdraw consent at any time, without affecting the lawfulness of processing based on consent given before withdrawal
To exercise these rights, the data subject may send a request via email to info@sfv.srl. The Data Controller will respond within the time limits set by law (30 days, extendable to 90 in particularly complex cases).
10. Right to Lodge a Complaint
The data subject has the right to lodge a complaint with the competent supervisory authority if they believe that the processing of their personal data violates the GDPR.
For Italy, the supervisory authority is the Garante per la Protezione dei Dati Personali (Italian Data Protection Authority) (www.garanteprivacy.it ↗).
11. Automated Decision-Making
Data processing does not involve any automated decision-making or profiling pursuant to Art. 22 of the GDPR.
12. Minors
The website and newsletter service are not intended for minors under the age of 18. The Data Controller does not knowingly collect personal data from minors. If it becomes aware of having collected data from a minor without parental consent, it will proceed with immediate deletion.
13. Changes to This Policy
This policy may be subject to changes and updates over time. Users are invited to periodically check this page. In the event of substantial changes, the Data Controller will notify subscribers via email.
Last updated: July 2026