This notice is provided pursuant to Regulation (EU) 2016/679 (“GDPR”) and Legislative Decree No. 196/2003, as amended by Legislative Decree. 101/2018.

1. Data Controller

The Data Controller is:
Marble Dental Wellness Center
Viale Giacomo Matteotti 33R, 50121 Florence (FI)
VAT No. 07415540488
Unique Code: M5UXCR1
Contact e-mail: info@marblefirenze.it

2. Types of Data Collected

The website marblefirenze.it may collect the following categories of data:

• Browsing data (e.g., IP address, access logs, browser type, aggregated statistical data).

• Data voluntarily provided by the user (through contact forms, online bookings, newsletter subscriptions, e-mail requests).

• Cookies and similar technologies, for technical purposes and, with prior consent, for analytics and marketing (see Cookie Policy).

3. Purposes and Legal Bases of Processing

Personal data are processed for the following purposes:

1. Provision of the requested services (bookings, responses to information requests, sending estimates).

   • Legal basis: performance of a contract or pre-contractual measures (Art. 6.1.b GDPR).

2. Legal and tax compliance.

   • Legal basis: legal obligation (Art. 6.1.c GDPR).

3. Promotional communications and newsletters (only with explicit consent).

   • Legal basis: consent (Art. 6.1.a GDPR).

4. Statistical analysis and improvement of the website through cookies and third-party tools (Google Analytics or similar).

   • Legal basis: consent (Art. 6.1.a GDPR).

4. Modalities of Processing

Data are processed using IT and/or electronic tools, adopting appropriate security measures to prevent unauthorized access, disclosure, loss, or destruction.

5. Recipients of the data

Data may be disclosed to:

• Collaborators and employees of the Data Controller, within the limits of the purposes indicated.

• Providers of IT, hosting, and digital communication services.

• External professionals and consultants (accountants, IT specialists, lawyers).

• Competent authorities, where required by law.

The transfer of personal data outside the European Union is not envisaged, except in the case of third-party services that ensure adequate protection standards (e.g., EU Standard Contractual Clauses).

6. Data Retention Period

• Data collected for contractual purposes will be retained for the duration of the relationship and for a further 10 years for tax and accounting purposes.

• Data processed for marketing purposes will be retained until consent is withdrawn.

• Technical browsing data are retained for limited periods, unless required for the investigation of computer crimes.

7. Rights of the Data Subject

As a data subject, the user has the right to:

• Access their personal data (Art. 15 GDPR).

• Obtain rectification of inaccurate personal data (Art. 16 GDPR).

• Request erasure of personal data (“right to be forgotten”, Art. 17 GDPR).

• Restrict processing (Art. 18 GDPR).

• Object to processing (Art. 21 GDPR).

• Request data portability (Art. 20 GDPR).

• Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Requests may be submitted to the Data Controller at the contact details indicated above.

8. Complaint to the Supervisory Authority

Data subjects who believe that their rights have been violated may lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali) at www.garanteprivacy.it

9. Amendments to this Privacy Notice

The Data Controller reserves the right to update this Privacy Policy at any time. Any changes will be published on this page with the date of the last update.