The purpose of this privacy policy is to provide full transparency about the information this website collects and how it is used, in compliance with Regulation (EU) 2016/679 (GDPR).
The data controller is Elena Merli, owner of A Spasso con Elena, with registered office at Præstefælledvej 55, 2770 Kastrup, Denmark (CVR DK38295748).
For any privacy-related enquiries, please write via the Contact page.
This website processes personal data on the following grounds:
- Consent: for sending messages via the contact form and posting blog comments.
- Legitimate interest: for website security (protection against spam and cyberattacks) and for traffic analysis in aggregate, anonymous form.
- Contractual performance: for handling consultation requests, quotes, and professional assignments.
Providing personal data is optional. Failure to provide data may prevent the use of certain services (for example, sending messages via the contact form).
Consent may be withdrawn at any time through browser settings (for cookies) or by contacting the data controller.
Website operation
Collection of technical data necessary for the correct delivery of web pages (IP address, browser type, date and time of visit). These data are processed automatically and are not linked to identifiable individuals. No consent is required.
Security
Collection of data to protect the website from cyberattacks, spam, and misuse. IP addresses may be logged for security purposes and stored for a limited period. No consent is required.
Communications
When the contact form is used, the website collects your name, email address, and message content. These data are used solely to respond to the enquiry and are not shared with third parties.
Blog comments
The commenting system collects name, email address, and comment text. These data are necessary for publishing the comment and preventing spam.
Consultations and professional assignments
When a consultation or professional assignment is requested, the data provided are used solely for evaluating and, if applicable, carrying out the assignment. A specific privacy notice is provided in such cases.
Data collected automatically
During browsing, the following information may be collected and stored in the server log files:
- IP address
- Browser type and operating system
- Date and time of visit
- Pages visited
- Referring page (referral)
These data are used exclusively in aggregate, anonymous form for website operation and security purposes.
Data provided voluntarily
The website may collect personal data provided voluntarily through:
- Contact form: name, email address, message
- Commenting system: name, email address, comment
- Registration for the reserved area: name, email address
Data are processed at the data controller's premises and on the server hosting the website, located within the European Economic Area. Content delivery is provided by Cloudflare, Inc. (San Francisco, USA), which acts as a data processor. Data transfers to Cloudflare are governed by Standard Contractual Clauses (SCCs) approved by the European Commission. For more information: Cloudflare Privacy Policy.
Processing is carried out using electronic tools with procedures and logic strictly related to the stated purposes, adopting appropriate security measures to prevent unauthorised access, disclosure, modification, or destruction of data.
- Browsing data (server logs): up to 30 days.
- Contact data (forms and communications): for the time necessary to handle the enquiry, and in any case no longer than 24 months from the last contact.
- Accounting data (relating to professional assignments): 5 years, as required by tax regulations.
- Comments: retained until deleted by the author or the data controller.
Data are not sold or transferred to third parties for commercial purposes. They may be disclosed to third parties only in the following cases:
- Upon request by judicial authorities, in the cases provided for by law.
- To technical service providers necessary for the operation of the website (hosting, content delivery), who act as data processors.
The website contains links to external platforms (Facebook, Instagram, LinkedIn, Twitter/X, TripAdvisor, Spotify). These are simple hyperlinks and do not install cookies or transfer personal data. When interacting with such platforms, their respective privacy policies apply.
Under the GDPR, you may exercise the following rights by contacting the data controller via the Contact page:
- Access: obtain confirmation of the existence of personal data and receive a copy.
- Rectification: request the correction of inaccurate or incomplete data.
- Erasure: request the deletion of your data, in the cases provided for by law.
- Restriction: request the restriction of processing in certain circumstances.
- Portability: receive your data in a structured, machine-readable format.
- Objection: object to processing based on legitimate interest.
You may also lodge a complaint with the competent supervisory authority (Datatilsynet in Denmark, or the relevant authority in your country of residence).
The website uses the HTTPS protocol with SSL/TLS encryption to protect communications between the browser and the server. Access to data is limited to authorised personnel.
All information and materials provided through A Spasso con Elena's services, communicated by email, or included in tour programmes are confidential and personalised. Forwarding them to third parties without the explicit consent of A Spasso con Elena is not permitted.