top of page

Privacy Policy

1. Introduction
Alessandro Niccoli, with tax domicile in 56028 San Miniato (Pi), P.zza del Popolo, 21, protects the personal data of its potential customers and users ensuring that the processing of personal data, carried out in any manner, both automated and manual, takes place in full compliance with the protections and rights recognized by Regulation (EU) 2016/679 of the European Parliament and of the Council, of 27 April 2016, relating to the protection of individuals with regard to the processing of personal data, as well as the free circulation of such data (hereinafter the "Regulation") and by the additional applicable rules on the protection of personal data.

This privacy policy (hereinafter the "Privacy Policy") is intended to describe the management methods of the website, with reference to the processing of personal data of users / visitors who consult them pursuant to the Regulations.
Alessandro Niccoli, in line with the applicable regulations on the subject, intends to guarantee the protection and security in the processing of the personal data of each visitor, also in relation to internet accesses made from abroad, in line with the provisions of this Privacy Policy.

Unless otherwise specified and regulated by a specific privacy policy provided pursuant to article 13 of the Regulation, this Privacy Policy must also be understood as a document aimed at providing specific information referred to in articles 13 and 14 of the Regulation to those who find themselves in browse the Internet Sites and interact with the data controller through the services offered by the same Internet Sites.

It should be noted that this Privacy Policy is only applicable to the website and does not refer to other websites that may be consulted by the user while browsing by clicking on links and / or banners on the Internet Sites.
Alessandro Niccoli, as author of the book Nafis and the colored corridors and owner of the website, holds the role of data controller according to the relevant definition contained in article 4 at point 7) of the Regulations.

2. Type of data processed and purposes of the processing relating to navigation on the Internet Sites
The website offers informative and, sometimes, interactive content. While browsing the website, information about the user can be acquired in the following ways:

• Navigation data
The computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes: IP addresses, the type of browser used, the operating system, the domain name and the addresses of websites from which access or exit was made, information on the pages visited by users within the site, the time of access, the stay on the single page, the analysis of the internal path and other parameters relating to the operating system and the user's IT environment.

These technical / IT data are collected and used exclusively in an aggregate and non-identifying manner and could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.
• Data provided voluntarily by the visitor
This refers to all personal data freely released by the visitor on the Website, for example, to register and / or access a reserved area, request information on a specific product or service via a form, write to an e-mail address or call (in VoIP mode) a toll-free number to have direct contact with customer service. The processing of such personal data will be carried out on the basis of all the information contained in the specific information provided pursuant to articles 13 and 14 of the Regulation by the data controller Alessandro Niccoli upon the provision of personal data during registration as requested in the appropriate form.

In some and more, personal data may be processed for profiling purposes collected by cookies. The processing of such personal data will be conducted on the basis of what is indicated in each cookie policy present on each website in the specific Cookie Policy section.

3. Methods of data processing
The processing of personal data is carried out mainly using electronic procedures and media for the time strictly necessary, in accordance with Article 5 of the Regulation.

Personal data will be processed by the data controller limited to what is necessary for the pursuit of the main purpose. In particular, personal data will be processed for a period of time equal to the minimum necessary, as indicated by Recital 39 of the Regulation, i.e. until the termination of the contractual relationships in place between the data subject and the data controller without prejudice to a further period of conservation that may be imposed by law as also provided for by Recital 65 of the Regulation.

6. Redirect to external sites
The Website may use the so-called social plug-ins. Social plug-ins are special tools that allow you to incorporate the functions of the social network directly into the website (eg the "like" function of Facebook).
All social plug-ins present on the Internet Sites are marked with the respective logo owned by the social network platform.
When you visit a page of the Internet Sites and interact with the plug-in (eg by clicking the "like" button) or decide to leave a comment, the corresponding information is transmitted from the browser directly to the social network platform ( in this case Facebook) and stored by it.

For information on the purposes, type and methods of collection, processing, use and storage of personal data by the social network platform, as well as for the methods by which to exercise their rights, please consult the privacy policy of the individual social network. network.

5. Connection to / from third party sites
From the Internet Sites it is possible to connect through specific links to other third party websites.
In this regard, the data controller cannot be held responsible for any management of personal data by third party websites and for the management of authentication credentials provided by third parties.

6. Rights of interested parties
As foreseen by article 15 of the Regulation, the interested party can access their personal data, request their correction and updating, if incomplete or incorrect, request their cancellation if the collection took place in violation of a law or regulation, as well as oppose to the processing for legitimate and specific reasons.
In particular, we list below all the rights that can be exercised, at any time, towards the data controller and / or the joint data controllers:

Right of access: the right, pursuant to Article 15, paragraph 1 of the Regulation, to obtain from the data controller confirmation that personal data is being processed or not and, in this case, to obtain access to such personal data and the following information: a) the purposes of the processing; b) the categories of personal data in question; c) the recipients or categories of recipients to whom the personal data have been or will be communicated, in particular if they are recipients of third countries or international organizations; d) when possible, the retention period of personal data provided or, if not possible, the criteria used to determine this period; e) the existence of the right of the interested party to ask the data controller to correct or delete personal data or limit the processing of personal data concerning him or to oppose their treatment; f) the right to lodge a complaint with a supervisory authority; g) if the personal data are not collected from the data subject, all available information on their origin; h) the existence of an automated decision-making process, including profiling referred to in Article 22, paragraphs 1 and 4, of the Regulation and, at least in such cases, significant information on the logic used, as well as the importance and expected consequences of this treatment for the interested party. All this information can be found in the information that will always be available in the Privacy section of each of the websites.

Right of rectification: right to obtain, pursuant to Article 16 of the Regulation, the rectification of personal data that are inaccurate, taking into account the purposes of the processing; moreover, it is possible to obtain the integration of personal data that are incomplete, also by providing an additional declaration.

Right to cancellation: right to obtain, pursuant to Article 17, paragraph 1 of the Regulation, the cancellation of personal data without unjustified delay and the data controller will have the obligation to cancel your personal data, if even one of the following reasons: a) the personal data are no longer necessary with respect to the purposes for which they were collected or otherwise processed; b) you have revoked the consent on which the processing of your personal data is based and there is no other legal basis for their processing; c) the interested party has opposed the processing pursuant to Article 21, paragraph 1 or 2 of the Regulation and there is no longer any legitimate overriding reason to proceed with the processing of personal data; d) the personal data have been unlawfully processed; e) it is necessary to delete personal data to fulfill a legal obligation provided for by a community standard or internal law. In some cases, as required by article 17, paragraph 3 of the Regulation, the data controller is entitled not to delete your personal data if their processing is necessary, for example, to exercise the right to freedom of expression and information, for the fulfillment of a legal obligation, for reasons of public interest, for archiving purposes in the public interest, for scientific or historical research or for statistical purposes, for the assessment, exercise or defense of a right in court.


Right to limit the processing: right to obtain the limitation of processing, pursuant to Article 18 of the Regulation, in the event that one of the following hypotheses occurs, the interested party: a) has contested the accuracy of his personal data (the limitation will last for the period necessary for the data controller to verify the accuracy of such personal data); b) the processing is unlawful but you have opposed the cancellation of your personal data, requesting, instead, that its use be limited; c) although the data controller no longer needs it for processing purposes, personal data are used to ascertain, exercise or defend a right in court; d) has opposed the processing pursuant to Article 21, paragraph 1, of the Regulation and is awaiting verification of the possible prevalence of the data controller's legitimate reasons with respect to his own. In case of limitation of processing, personal data will be processed, except for conservation, only with the consent or for the assessment, exercise or defense of a right in court or to protect the rights of another natural or legal person or for reasons of significant public interest.

Right to data portability: right to request at any time and receive, pursuant to Article 20, paragraph 1 of the Regulation, all personal data processed by the data controller and / or by the joint data controllers in a structured, user-friendly format common and legible or request its transmission to another data controller without hindrance. In this case, it will be the responsibility of the interested party to provide us with all the exact details of the new data controller to whom he intends to transfer his personal data by providing us with written authorization.

Right to object: pursuant to article 21, paragraph 2 of the Regulation and as also reiterated by Recital 70, it is possible to object, at any time, to the processing of personal data if these are processed for direct marketing purposes, including profiling insofar as it is related to such direct marketing.

Right to lodge a complaint with the supervisory authority: without prejudice to the right to appeal in any other administrative or judicial office, if it is believed that the processing of personal data conducted by the data controller and / or by the joint data controllers is in violation of the Regulation and / or applicable legislation, it is possible to lodge a complaint with the competent Personal Data Protection Authority.

To exercise all the rights identified above, simply contact the data controller in the following ways:
• by writing to its headquarters 56028 San Miniato (Pi), P.zza del Popolo, 21;
• by sending an e-mail to for the kind attention of Alessandro Niccoli


bottom of page