1. Data Controller
The Data Controller for personal data processed through this Service is Canal Courtyards, the editorial project operating the website at canalcourtyards.com.
- Address: Fondamenta Madona de l'Orto, 3482, 30121 Venezia VE, Italy
- Contact: privacy@canalcourtyards.com
- Editor: editor@canalcourtyards.com
This Policy is issued in accordance with Regulation (EU) 2016/679 (the GDPR) and Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018 (the Italian Data Protection Code).
2. Categories of Personal Data Collected
| Category | Examples | Source |
|---|---|---|
| Technical data | IP address, user-agent, referring URL, page viewed, timestamp | Automatic, on each page request |
| Preference data | Cookie consent choices | Provided by you via the cookie banner |
| Contact data | Name, email address, message content | Provided by you when writing to us |
| Aggregate analytics | Anonymised page-view counts, country-level location | Server-side analytics, only if you accept analytics cookies |
We do not collect special categories of personal data (Article 9 GDPR), payment information, or precise geolocation.
3. Purposes of Processing & Legal Bases
| Purpose | Legal basis (Article 6 GDPR) |
|---|---|
| Operating the Service, security, fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Storing your cookie preferences | Legal obligation (Art. 6(1)(c)) and consent (Art. 6(1)(a)) |
| Replying to your enquiries | Pre-contractual / legitimate interest (Art. 6(1)(b)/(f)) |
| Aggregate analytics | Consent (Art. 6(1)(a)) |
4. Third-Party Recipients
We use a small number of processors strictly necessary to operate the Service:
| Provider | Service | Location |
|---|---|---|
| Static-site hosting provider | Web hosting, edge cache | European Union |
| Email provider | Transactional email and the contact mailbox | European Union |
| Privacy-preserving analytics (only if accepted) | Aggregate page-view counting without personal profiles | European Union |
We do not sell, rent or trade personal data. We do not engage advertising networks.
5. International Transfers
All processors used by the Service are based in the European Union or the European Economic Area. We do not transfer personal data to third countries outside the EU/EEA. If this changes, we will update this Policy and rely only on transfer mechanisms recognised under Chapter V GDPR (such as European Commission adequacy decisions or Standard Contractual Clauses).
6. Retention Periods
| Data | Retention |
|---|---|
| Server access logs | 14 days, then deleted |
| Cookie consent record | 12 months, or until you change your choices |
| Email correspondence | 24 months from last contact, then deleted |
| Aggregate analytics | 24 months in anonymised form |
7. Your Rights Under the GDPR
If you are in the European Union, the European Economic Area or the United Kingdom, you have the following rights in respect of your personal data:
- Access (Art. 15) — confirmation of, and a copy of, the personal data we hold about you;
- Rectification (Art. 16) — correction of inaccurate data;
- Erasure (Art. 17) — deletion of your data, where applicable;
- Restriction (Art. 18) — to limit processing in defined circumstances;
- Portability (Art. 20) — to receive your data in a machine-readable format;
- Objection (Art. 21) — to processing based on legitimate interests;
- Withdraw consent (Art. 7(3)) — at any time, without affecting prior lawful processing;
- Lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali, Piazza Venezia 11, 00187 Roma; www.garanteprivacy.it) or with your local supervisory authority.
To exercise any of these rights, write to privacy@canalcourtyards.com. We will respond within 30 days, as required by Article 12 GDPR.
8. Children
The Service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided personal data without verifiable parental consent, please contact us so the data can be deleted.
9. Automated Decision-Making
We do not engage in automated decision-making, including profiling, with legal or similarly significant effects on you (Article 22 GDPR).
10. Security Measures
We apply technical and organisational measures appropriate to the risks of the processing, including TLS encryption in transit, restricted access to administrative interfaces, and regular software updates. No system is perfectly secure; we cannot guarantee absolute security.
11. Cookies
Cookies and similar technologies are described in detail in our Cookie Policy. You can change your consent at any time via the cookie banner or by clearing your browser storage for this site.
12. Changes to this Policy
We may update this Policy. The "Last Updated" date above reflects the most recent revision. Material changes will be flagged on the home page for at least 30 days.
13. Contact
Privacy enquiries: privacy@canalcourtyards.com.