Skip to main content

Privacy Policy

Last updated: 04/23/2025

1. Introduction

Welcome to www.miglio50.it. Your privacy is important to us. This Privacy Policy describes how we collect, use, and protect your personal data, in accordance with EU Regulation 2016/679 (GDPR) and Legislative Decree 196/2003 (Privacy Code), as amended by Legislative Decree 101/2018.

This document outlines the methods of processing personal data of users who visit and use the services offered by the website https://www.miglio50.it. This notice applies solely to this website and not to other websites that may be accessed by the visitor via links, for which reference is made to their respective privacy policies. The use of the services on this site involves the processing of data as described below.

2. Data Controller (Art. 13, para. 1, letter a GDPR)

Data Controller:
Briciole SRL
Corte San Lorenzo 1-3
VAT: 02698490469
Email: amministrazione@miglio50.it

For any questions or requests regarding the protection of personal data, you can contact us at the above details.

Data Protection Officer (DPO):
The Controller has appointed a Data Protection Officer who can be contacted at the email address: amministrazione@miglio50.it

3. Data Collected (Art. 13, para. 1, letter c GDPR)

We collect the following personal data:

  • Browsing data: IP address, browser information, pages visited, time spent via Google Analytics;
  • Data voluntarily provided through the contact form for job applications:
    • Identification data: name, email, phone
    • Personal data: date of birth
    • Curriculum vitae (CV) containing additional personal, professional, and educational information voluntarily provided by you;
  • Data resulting from interaction with Google Maps;
  • Information related to interaction with social networks through linking buttons (e.g., Facebook, Instagram);
  • Data collected through Google’s reCAPTCHA for anti-spam protection.

Links to Facebook, Instagram, and Google Maps do not generate cookies or automatic tracking but lead to external services that apply their own privacy policies.

4. Purpose of Processing (Art. 6, para. 1 GDPR)

Your data is processed for:

  • Responding to contact requests and job applications (Art. 6, para. 1, letter b GDPR);
  • Evaluation of job applications and establishment of a potential employment relationship (Art. 6, para. 1, letter b GDPR);
  • Monitoring and analyzing website usage statistics through tools like Google Analytics (Art. 6, para. 1, letter a GDPR – consent);
  • Ensuring website security and preventing unauthorized access (Art. 6, para. 1, letter f GDPR);
  • Facilitating interaction with social networks and enabling the use of call, social, and map buttons (Art. 6, para. 1, letter a GDPR, if applicable).

5. Legal Basis for Processing

The processing of personal data is carried out in accordance with the GDPR and is based on the following legal grounds:

  • Execution of pre-contractual measures (Art. 6, para. 1, letter b GDPR): to manage requests sent via the contact form and to evaluate job applications;
  • User consent (Art. 6, para. 1, letter a GDPR): for statistical monitoring activities or for interaction with external elements (e.g., maps, social, analytics);
  • Legitimate interest of the Controller (Art. 6, para. 1, letter f GDPR): to ensure the security and proper functioning of the website.

The consent given can be revoked at any time without affecting the lawfulness of the processing carried out before the revocation.

6. Data Processing Methods
The processing of personal data is carried out using IT and/or telematic tools, with organizational methods and logic strictly related to the purposes indicated. Data is processed in a manner that ensures the security and confidentiality of the data itself, in compliance with the organizational, physical, and logical measures provided by current regulations.
In particular, regarding curricula vitae, these are:
Stored electronically in protected archives
Accessible only by authorized and adequately trained personnel
Used exclusively for personnel selection purposes
7. Data Sharing (Art. 13, para. 1, letter e GDPR)
Personal data may be shared with third-party providers for technical reasons related to site management. In particular:
Google (for Analytics, reCAPTCHA, and Maps), according to their respective privacy policies;
Any hosting and technical maintenance providers.
The site uses technical plugins for managing cookie preferences and languages (Complianz, Polylang), which may collect technical information without tracking.
Data is not transferred to third parties for commercial or profiling purposes.
8. Data Transfer Abroad
Some of the third-party services used (such as Google Analytics, reCAPTCHA, Maps) may involve the transfer of personal data to countries outside the European Union or the European Economic Area. Such transfers are carried out in compliance with the provisions of Articles 44-49 of the GDPR, based on:
Adequacy decisions adopted by the European Commission pursuant to Art. 45 GDPR;
Standard contractual clauses approved by the European Commission pursuant to Art. 46, para. 2, letter c) GDPR;
EU-US Data Privacy Framework for transfers to the United States, where applicable;
Supplementary technical, contractual, and organizational measures when necessary;
In the absence of the above guarantees, any derogations provided for by Art. 49 GDPR.
In particular, the Google services used may involve the transfer of data to servers in the United States. We inform you that Google has adopted adequate guarantees in compliance with the GDPR, including adherence to the EU-US Data Privacy Framework and the implementation of standard contractual clauses supplemented by additional security measures.
For more information on the guarantees adopted for the international transfer of data, you can contact us at the addresses indicated in this notice.
9. Data Retention (Art. 5, para. 1, letter e GDPR)
Personal data is processed and retained for the minimum period necessary to achieve the purposes for which it was collected, in compliance with the principle of storage limitation (Art. 5, para. 1, letter e of the GDPR):
Data collected through the contact form: is retained exclusively for the time necessary to respond to the data subject’s request and in any case for a period not exceeding 6 months from the conclusion of the related processing;
Curricula vitae and data for job applications: are retained for a maximum period of 12 months from the date of receipt, after which they will be deleted or anonymized, unless explicit renewal of consent by the data subject;
Browsing data: is retained in aggregated and anonymized form for statistical purposes for a maximum period of 14 months through the Google Analytics service;
Cookies: for detailed information on the cookies used, their duration, and management methods, please refer to the site’s Cookie Policy.
10. Automated Decision-Making and Profiling
The site does not carry out automated decision-making processes or profiling activities that produce legal effects on data subjects or significantly affect them, pursuant to Art. 22 of Regulation (EU) 2016/679 (GDPR).
To protect the site from attempts to send automated spam, we use the Google reCAPTCHA service, which analyzes certain user behavior parameters solely to distinguish natural persons from automated systems. This processing is based on the legitimate interest of the data controller (Art. 6, para. 1, letter f of the GDPR) to protect the website from fraudulent access and does not involve decisions that significantly affect the data subject.

11. User Rights (Art. 15-22 GDPR)

The user may exercise the following rights:

  • Right of access (Art. 15 GDPR): to obtain confirmation of whether personal data concerning them is being processed and access to such data;
  • Right to rectification (Art. 16 GDPR): to obtain the correction of inaccurate personal data or the completion of incomplete data;
  • Right to erasure (Art. 17 GDPR): to obtain the deletion of data in cases provided by law;
  • Right to restriction of processing (Art. 18 GDPR): to obtain restriction of processing in cases provided by law;
  • Right to data portability (Art. 20 GDPR): to receive in a structured format the data provided to the controller and transmit it to another controller;
  • Right to object (Art. 21 GDPR): to object to processing based on the legitimate interest;
  • Right to withdraw consent (Art. 7, para. 3 GDPR): to withdraw consent at any time.

To exercise your rights, contact us at the email address indicated in point 2.

12. Right to Lodge a Complaint

The user has the right to lodge a complaint with the competent supervisory authority, particularly in the Member State where they habitually reside, work, or where the alleged violation occurred. In Italy, the supervisory authority is the Garante per la Protezione dei Dati Personali (www.garanteprivacy.it).

13. Data Security (Art. 32 GDPR)

We adopt technical and organizational security measures to ensure the protection of personal data against unauthorized access, loss, disclosure, or modification. Such measures include:

  • Encryption of sensitive data;
  • Regular backup procedures;
  • Access and authorization controls;
  • Staff training on security practices;
  • Regular updates of security systems.

14. Changes to the Privacy Policy

We reserve the right to amend this Privacy Policy at any time. Changes will be published on this page with the updated date. In the case of substantial changes, we will notify users via a notice on the site.

+39 0583 14 10 056

mail: prenotazioni@miglio50.it

Corte San Lorenzo 1-3

55100 Lucca 

From Wednesday to Saturday: 12:00 PM - 3:00 PM / 7:30 PM - 10:30 PM

Tuesday and Sunday: 12:00 PM - 3:00 PM

Briciole Srl

PIVA e CF: 02698490469

Privacy Policy | Cookie Policy