top of page

Privacy Policy

Types of Data Collected

Various types of personal data are collected and processed through the Site:

Identification data: name, surname, address, telephone number, email address.

Payment data: credit/debit card information, PayPal, or other payment systems (processed through secure providers; the Data Controller does not retain complete card details).

Browsing data: IP address, logs, technical cookies, and, with prior consent, profiling and analytics cookies.

Service data: information required for booking horseback rides (e.g., number of participants, age, any useful notes).

 

Purpose of Processing

Personal data is processed for the following purposes:

Management of orders and shipments of artisanal products purchased online.

Booking and management of services (horseback rides and related activities).

Service communications relating to orders or reservations.

Legal and tax obligations related to commercial management.

Direct marketing (newsletters, promotions, events) only with explicit consent.

Statistical analysis and website improvement, using cookies and tracking tools, with prior consent.


Legal Basis

Data processing is based on:

Performance of a contract (Article 6, letter b, GDPR) for orders and reservations.

Legal obligation (Article 6, letter c, GDPR) for tax and accounting compliance.

Explicit consent (Article 6, letter a, GDPR) for marketing activities and the use of non-technical cookies.

Legitimate interest (Article 6, letter f, GDPR) for website security and fraud prevention.


Processing Methods

Data is processed electronically and on paper, with appropriate security measures to guarantee its integrity, confidentiality, and availability.
No automated profiling is performed without consent.

Data Retention

Order data: retained for 10 years for tax and accounting purposes.

Booking data: retained until the service is completed + a maximum of 12 months.

Marketing data: until consent is revoked.

Browsing data: generally no longer than 12 months.


Data Communication and Dissemination

Personal data may be disclosed to:

Payment service providers (e.g., PayPal, Stripe).

Couriers and freight forwarders.

Tax and legal advisors.

Hosting and IT service providers.

The data will not be disclosed to the public or transferred to unauthorized third parties.


Transfers outside the EU

Some data (e.g., managed by cloud providers or payment systems) may be transferred to countries outside the EU. In this case, the transfer will take place in accordance with Articles 44-49 GDPR, ensuring adequate protection measures (e.g., standard contractual clauses).

 

Rights of the Data Subject

As a data subject, you may exercise the rights provided for in Articles 15-22 GDPR, including:

Obtain confirmation of the existence of your data.

Access, rectify, or erase your data.

Restrict or object to processing.

Request data portability.

Withdraw your consent at any time.
Requests should be sent to [owner's email].


Cookies

The Site uses technical cookies and, with your consent, analytical and profiling cookies. For more information, please consult the Cookie Policy.

bottom of page