According to Regulation (EU) 2016/679 (hereinafter “Regulation”), on this page, the Municipality of Londa, as Data Controller (hereinafter “Controller”), according to art. 13 of Regulation (EU) no. 2016/679, known as the “General Data Protection Regulation” (hereinafter “GDPR”), intends to inform you about the terms and methods of processing personal data of users who consult the website (hereinafter, the “Site”), owned by the Municipalities of Londa and San Godenzo, developed as part of the project called “Montagna Prossima/Montagna Fiorentina” aimed at implementing cultural regeneration interventions in the Municipalities of Londa and San Godenzo (hereinafter “Project”).
The data will be processed in accordance with the principles of fairness, lawfulness, transparency, and confidentiality protected. To this end, the following information is provided:

The Data Controller for the processing of personal data is the Municipality of Londa, represented by the current Mayor, with a registered office in Londa, Piazza Umberto I (VAT number 01298630482), whose contact details are as follows:
address: Piazza Umberto I, No.9
phone: 055835251
PEC (Certified Email):

The Data Controller informs you that it has appointed as an external Data Processor according to Article 28 of the GDPR, the company LAMA Società Cooperativa – Impresa Sociale, with registered office in Florence, via Panciatichi, No. 10-14, Building F, (hereinafter “Data Processor”), which processes data when the User accesses the Site.
The Data Controller and the Data Processor also inform you that according to Article 28, paragraph 2, of the GDPR, they have appointed as a sub-processor of the processing the company HAPPY MINDS Srl, VAT/CF 02350590390, with a registered office in Ravenna, via Mariani No. 7, (hereinafter “Sub-Processor”) which may process personal data for the development of the Site.

Browsing data
The computer systems and software procedures used to operate the Site acquire, during their regular operation, some personal data whose transmission is implicit in Internet communication protocols.
This category of data includes IP addresses or domain names of the computers and terminals used by users, URI/URL (Uniform Resource Identifier/Locator) addresses of the resources requested, the time of the request, the method used in submitting the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.), and other parameters relating to the user’s operating system and computer environment.
This data, necessary for web services use, is also processed to ensure the proper functioning of the services offered.

Data communicated by the User
Through the completion of the appropriate forms on the Site (“Send a booking request” and “Contact us”), the User voluntarily and explicitly transmits the data that they choose to communicate.
Such data may consist of name, surname, email address, city, and messages, with communications that the User chooses to share. The transmission of such data involves their acquisition by the Controller and the Sub-Processor, who will process them solely for the purposes related to the reasons for which the User transmits them.
The User who communicates, publishes, disseminates, shares, or obtains personal data of third parties through the Site assumes full responsibility for them. The User releases the Site Owner from any direct and third-party liability, guaranteeing the right to communicate, publish, and disseminate them.

Cookies and other tracking systems

Please refer to the Cookie Policy for specific information on cookies and tracking systems.

Personal data may be processed for:
a) complying with obligations provided for by laws, national regulations, or Community legislation, or by provisions issued by authorities authorised by law, as well as by supervisory bodies;
b) purposes strictly connected and instrumental to the requested service (sending a booking request to participate in an experience provided within the Project or requesting information);
c) sending communications with informational content and promotional material relating to events organised within the Project.
Processing for the purposes referred to in letter a) does not require consent.
Processing for the purposes referred to in letter b) is based on the user’s consent but is necessary to provide the services the user requests. Failure to give express consent to data processing prevents the User from enjoying the services accessible through the forms on the Site.
Processing for the purpose referred to in letter c) is based on the specific consent of the user, who is free to give or withhold it and may revoke it at any time

Personal data will be processed mainly using electronic and automated tools with protected and constantly monitored procedures and logic; personal data may also be processed using computerised or paper archives for the sole purposes necessary for the provision of the services requested by the User. Remote storage servers are under our exclusive legal control (internalised or with third-party technical service providers contractually bound).

The data communicated by the User through the forms on the Website will be kept for a period not exceeding the achievement of the purposes for which they are processed, including those of archiving and protection of the rights of the Data Controller, in full compliance with the principle of storage limitation provided for by the GDPR and/or for the time necessary for legal obligations.

The processing of personal data will be carried out in a manner that ensures adequate security and confidentiality to prevent unauthorised access or use of both the personal data and the tools used for their processing; personal data will also be processed and stored in full compliance with the principles of necessity and data minimisation.

The data communicated by the User through the forms may be communicated to:

  • internal subjects of the Data Controller and the Sub-Processor specifically authorised to perform activities connected and instrumental to the management of the requested services;
  • subjects specifically appointed as Data Processors or Sub-Processors.

The data communicated by the User through the “Send a booking request” form may also be communicated, in addition to the subjects indicated above, to the following categories of Recipients:
– Tour operators in the territory of the Municipalities of Londa or the Municipality of San Godenzo who have accepted or will accept to be part of the Project.

The data communicated by the User through the forms will not be transferred to countries outside the EU. extra EU.
The provided data are stored at the Data Controller’s headquarters and on servers located within the territory of the European Union.
Furthermore, all data may be communicated to public recipients by law, to judicial authorities, and to all those subjects to whom communication is mandatory for institutional purposes. The subjects will process the data as independent data controllers.

In accordance with Articles 13-21 of the GDPR, under the conditions provided therein, the data subject may at any time exercise the following rights against the Data Controller:

  • Right of access (the data subject has the right to obtain confirmation of the existence of processing as well as information about the data processed and the right to receive a copy thereof);
  • Right to rectification (the data subject has the right to request the updating or correction of their personal data);
  • Right to erasure of data, the so-called “right to be forgotten” (the data subject may request the erasure of their personal data in the cases and conditions outlined in Article 17 of the GDPR);
  • Right to restriction of processing (the data subject may request the restriction of the processing of their data in the cases outlined in Article 18 of the GDPR. If processing is restricted, personal data will be processed, except for storage, only with the consent of the data subject or for the establishment, exercise, or defence of a legal claim or to protect the rights of another natural or legal person or for reasons of substantial public interest of the Union or of a Member State);
  • Right to data portability (in the cases and conditions outlined in Article 20 of the GDPR, the data subject has the right to receive their data in a structured, commonly used, and machine-readable format and, where technically feasible, to have it transferred without hindrance to another controller);
  • Right to object (the data subject has the right to object at any time, for reasons related to their particular situation, to the processing of personal data concerning them pursuant to Article 6, paragraph 1, letters e) or f), including profiling based on these provisions. The Data Controller shall refrain from further processing the personal data unless there are compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defence of a legal claim);
  • The right to withdraw consent at any time if the processing is based on Article 6, paragraph 1, letter a), or Article 9, paragraph 2, letter a) of the GDPR. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

The data subject always has the right to complain to the competent supervisory authority (Data Protection Authority), pursuant to Article 77 of the Regulation, if they believe that processing their personal data is contrary to the applicable law.

To exercise the aforementioned rights, the data subject must address their request directly to the Data Controller using the contact details provided in point 1.