top of page
  • Black Instagram Icon
  • Black Facebook Icon

Privacy Policy

​Extended privacy policy​

​

1. Data controller

​

The data controller is:

Sogit S.r.l.

Via Sempione Nord 91/o, 28838 Stresa (Vb)

Piva 01231240035
Email: info@villavalesca.com

​

2. Types of data collected

​

Whilst browsing and using the website www.villavalesca.com  the following personal data may be collected:

  • Data provided voluntarily by the user: first name, surname, email address, telephone number, postal address, payment details, any messages sent via the contact form, comments or reviews.

  • Browsing data: IP address, browser information, access logs, page response times, duration of visits and interactions with the website.

  • Credentials: any passwords or other authentication data associated with accounts are managed by Wix using encryption systems; the data controller does not have access to passwords in plain text.

  • Payment data: if the user makes a purchase, payment details (e.g. credit card, necessary data) are processed via certified providers (Wix Payments) that comply with security and compliance standards such as PCI-DSS.

  • Cookies and tracking tools: used for technical, statistical and marketing purposes. Further information is available in the[Cookie Policy].

​

3. Purposes of the processing

​

The data collected is processed for the following purposes:

To provide and manage the services and products offered.

To manage orders, payments and e-commerce activities via Wix Payments.

To provide customer service and technical support.

To send informational and promotional communications (subject to consent).

Compile anonymous statistics and improve the website and services.

Comply with legal obligations and requests from the relevant authorities.

Protect the data controller’s rights (e.g. dispute resolution or debt recovery).

​

4. Legal basis for processing

​

The processing of data is based on:

  • Performance of a contract or pre-contractual measures (Article 6(1)(b) of the GDPR).

  • User consent (Article 6(1)(a) of the GDPR) for marketing activities or newsletters.

  • Compliance with legal obligations (Art. 6(1)(c) GDPR).

  • Legitimate interests of the data controller (Art. 6(1)(f) GDPR) to ensure security and prevent misuse.

​

5. How and with whom data is shared

​

Personal data is processed electronically and on paper, with appropriate technical and organisational measures in place to ensure its security.

The data may be disclosed to:

  • Technical service providers: Wix.com (hosting, platform management, authentication, secure environment, analytics tools, logs, etc.). Wix is committed to providing tools and infrastructure that comply with the GDPR. Centro Assistenza Wix+2dev.wix.com+2

  • Payment provider: Wix Payments, in accordance with their regulations and security protocols (including PCI-DSS standards).

  • External contractors, data processors, consultants and suppliers who assist with technical management, marketing and customer support.

  • Public authorities, where required by law.

​

6. Transfer of data outside the EU

​

Data collected via Wix or other providers may also be stored or processed in countries outside the European Economic Area.

In such cases, the transfer takes place in accordance with Articles 44 et seq. of the GDPR, either through adequacy decisions by the European Commission or through Standard Contractual Clauses that ensure an adequate level of protection.

​

7. Data retention period

​

Order and payment data: retained for the period necessary to comply with tax and legal obligations, normally for up to 10 years.

Data for marketing activities: until consent is withdrawn, and in any case for a maximum period (e.g. 24 months), unless otherwise required by contractual or legal obligations.

Browsing data, cookies and system logs: retained for as long as necessary for technical, statistical or abuse prevention purposes; also governed by the Cookie Policy.

​

8. Rights of data subjects

​

You have the right to:

  • access your personal data;

  • request rectification or erasure;

  • obtain restriction of processing;

  • object to processing (in particular for marketing purposes);

  • withdraw consent at any time (without affecting the lawfulness of processing based on consent prior to withdrawal);

  • request data portability;

  • lodge a complaint with the Data Protection Authority (www.garanteprivacy.it).

​

Requests may be addressed to the Data Controller by email at info@villavalesca.com or by post to: Sogit S.r.l. – Via Sempione Nord 91/o, 28838 Stresa (Vb)

​

9. Changes to this policy

​

The data controller reserves the right to amend this policy at any time. Any changes will be published on this page, with the date of the last update clearly displayed.

​

Last updated: 18 February 2026

bottom of page