Privacy Policy

Privacy Policy

Your privacy is one of our fundamental commitments at Alighieri SRL (referred to as “Alighieri” or “we”).

General Information


Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation — referred to as GDPR, the Regulation, or RGPD in this document) was adopted by the European Parliament and the Council of the European Union on April 27, 2016, and became directly applicable starting May 25, 2018. This Regulation expressly repeals Directive 95/46/EC, thus replacing the provisions of Romanian Law no. 677/2001 (now repealed).
The Regulation is directly applicable in all EU member states and protects the rights of all individuals located within the European Union. From a material perspective, it applies to all data controllers processing personal data. The Regulation does not apply to the processing of data related to legal entities — in particular, businesses with legal personality — including their names, legal type, and contact information.
Personal data is defined as any information relating to an identified or identifiable natural person (“data subject”). An identifiable person is someone who can be identified, directly or indirectly, particularly by reference to identifiers like a name, identification number, location data, an online identifier, or one or more characteristics specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.
Processing of personal data means any operation or set of operations performed on personal data, with or without automated means, such as collecting, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making available, aligning or combining, restricting, erasing, or destroying.

Data Controller Identity


In accordance with Article 4, point 7 of the Regulation, the “controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
The controller processing personal data through this website is Alighieri SRL.

Collection of Personal Data

What Personal Data Is Collected?


The controller of this website collects, stores, and processes the following personal data about you:


The GDPR generally prohibits the processing of special categories of personal data — such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health information, or sexual orientation (Article 9, paragraph 1). However, processing of such data is permitted under specific conditions, such as:
a. With the explicit consent of the data subject;
b. For obligations and rights in employment and social security law;
c. To protect vital interests when the subject cannot consent;
d. By legitimate bodies under strict safeguards;
e. If the data was made public by the subject;
f. For legal claims or court functions;
g. For important public interest reasons under EU or national law;
h. For preventive or occupational medicine, diagnosis, health or social care, or health system management;
i. For public health — e.g., controlling cross-border threats or maintaining quality and safety standards in healthcare;
j. For archiving, scientific/historical research, or statistics, under safeguards protecting rights and freedoms;


Obtaining Consent

General Principles


For personal data processing to be lawful, the GDPR requires a legal basis, such as the performance or initiation of a contract, fulfillment of a legal obligation, or freely given consent from the data subject. In cases based on consent, the controller must be able to prove that valid consent was obtained. Consent given under Directive 95/46/EC remains valid if it meets the conditions of the GDPR.
Consent must be granted through a clear affirmative action, such as a statement or checkbox, demonstrating the individual’s free, specific, informed, and unambiguous agreement to the processing of their personal data. If consent is given alongside other matters (e.g., terms and conditions), it must be presented clearly and separately.

Cookies


This site uses cookies. These small text files do not harm your device and do not contain viruses. Their purpose is to improve website usability, performance, and security.
Many of the cookies used are “session cookies” which are deleted automatically after you leave the site. Others may remain on your device until you delete them, enabling the website to recognize your browser on your next visit.
You can configure your browser to inform you when cookies are used and allow or block them individually. Alternatively, you can set your browser to always accept or reject cookies or delete them when you close the browser. Note: Disabling cookies may limit the website’s functionality.
Cookies necessary for electronic communication or specific functions you use (e.g., shopping cart) are stored based on Article 6(1)(f) of the GDPR — representing a legitimate interest of the operator in the technically error-free and optimized provision of services.
Other cookies, such as those used for tracking user behavior, are described in the Cookie Ppolicy and require your consent.

Server Log Files


The hosting provider automatically collects and stores information that your browser transmits to us in server log files. These may include:


Processing of such data is based on Article 6(1)(b) GDPR, as it is necessary for the performance of a contract or for taking pre-contractual steps at your request.

Contact Form


If you submit inquiries via the contact form, the information you enter (including contact details) will be stored to respond to your inquiry and any follow-up. These details will not be shared without your permission.
Data is processed based on Article 6(1)(a) GDPRyour consent. You may withdraw consent at any time by sending us an informal email. Data processed before withdrawal may still be lawfully processed.
We will retain the contact form data until:


Mandatory legal retention requirements remain unaffected.

Contact by Email or Phone


If you contact us via email, phone, or fax, your message and any provided personal data will be stored and processed solely to handle your request, based on your express consent.
Processing is lawful based on:


We will retain your data until:

Purpose of Collected Data Processing


Some of the data collected on this website is used for:

Providing Our Services

To offer services for your benefit (e.g., resolving issues related to our products or services, providing support, etc.).

Site Functionality and Optimization (Statistics & Analytics)
We continuously aim to improve your experience on our website. Therefore, we may collect and use feedback, satisfaction data, or responses to surveys and suggestion forms.

We may use your data for marketing or promotional activities. You can request us to stop processing your data for marketing purposes at any time via the methods described in this policy.

We may send you informational messages about offers, promotions, or other communications such as surveys or market research — only with your prior consent. You can withdraw that consent at any time.

In certain situations, we may use or share your data to:

Data processing is carried out in line with the GDPR, based on consent, contract execution, or legitimate interest (unless outweighed by the data subject’s rights, especially in the case of minors).

User Rights

Under the GDPR, your rights regarding personal data include:

Controller’s Obligations

Hosting

Personal data processed via this website alighieri.eu is stored on servers belonging to ………………
Data processing is based on:


The controller ensures that only adequate, relevant, and necessary data is processed lawfully, fairly, and transparently.
A contract is in place with the hosting provider to comply with GDPR Article 28, ensuring appropriate technical and organizational measures for data protection.
Data Encryption
This website uses SSL encryption for security and protection of transmitted data. You can recognize encryption via the padlock icon and “https://” prefix in your browser’s address bar.
When encryption is active, third parties cannot intercept the data you transmit.
If a data breach occurs that may pose a high risk to your rights and freedoms, we will inform you without undue delay — unless encryption or mitigation measures apply (as per Article 34(3) of the GDPR).

Data Protection Officer (DPO)
Appointing a DPO is not mandatory unless:

For questions or requests, contact:

Records of Processing Activities

According to the GDPR Regulation, the operator or the person authorized by the operator should maintain records of the processing activities under their responsibility for a reasonable period. These records should include the following information:


If applicable/possible:

The detailed obligation mentioned above does not apply to an enterprise or organization with fewer than 250 employees, unless the processing carried out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data or personal data relating to criminal convictions and offenses.

Appropriate Technical and Organizational Measures


Considering the current state of technology, the context, and purposes of the processing, as well as the risks to the rights and freedoms of individuals, the operator implements appropriate technical and organizational measures to ensure that, by default, only personal data that is necessary for each specific processing purpose is processed.

Notification to the Supervisory Authority in the Event of a Personal Data Breach

According to Article 33, Paragraph 1 of the GDPR, if a personal data breach occurs, we will notify the National Supervisory Authority for Personal Data Processing without undue delay and, if possible, within 72 hours of becoming aware of it, unless it is unlikely to result in a risk to the rights and freedoms of individuals.

Informing the Data Subject about the Personal Data Breach

As per Article 34 of the GDPR, if a personal data breach is likely to result in a high risk to the rights and freedoms of individuals, we will inform the data subject without undue delay about the breach, unless:

Social Media – plug-ins

Facebook Plug-ins (Like & Share Button)

This service uses social plugins (“plugins”) managed by the social network facebook.com. The plugins can be identified by the Facebook logo (a white “f” on a blue square or a “thumbs up” sign) or by the label “Facebook Social Plugin.”
To the extent that you use the Like button, you will like our website’s Facebook page without leaving it. If you use the Share button, you will share our website or specific content from it on your personal Facebook page, again, without leaving the site.
Through the plugin, Facebook receives the information you access on our site. If you are logged in to Facebook at the same time, Facebook can attribute the actions you take on the page to your account and, consequently, to you personally. When you interact with the plugins, for example by clicking the Like button or sharing specific content from the site, the corresponding information is transferred directly from your browser to Facebook and stored there. Even if you are not a Facebook member, it is still possible for the social network to obtain and store your IP address.
By clicking on one of these buttons, you agree to the use of this plugin and, therefore, to the transfer of personal data to Facebook. We do not have control over the nature and purpose of these data transmitted, nor over their further processing.
If you do not want Facebook to associate your visit to this site with your Facebook account information, you can choose not to log in.
Considering the ruling of July 16, 2020 (in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection provided by the EU-U.S. Privacy Shield is not adequate.
Therefore, the transfer of personal data to the U.S. and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers located outside the EU or the European Economic Area (EEA). It has also issued a set of clauses for data transfers from EU controllers to processors outside the EU or EEA. For more information on these clauses, we recommend visiting https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.
Facebook uses the Standard Contractual Clauses as an adequate guarantee for data protection, in accordance with the level of protection guaranteed by GDPR.
For more details, visit: Facebook EU Data Transfer Addendum, for information regarding the purpose and scope of data collection, processing, and further use by Facebook, as well as permissions and settings for privacy protection.

Instagram Plug-in

This website uses social plugins (“plugins”) managed by the social network Instagram, a service offered by Instagram Inc., located at 1601 Willow Road, Menlo Park, CA 94025, USA. The plugins can be identified by the Instagram logo or by being labeled with the term “Instagram Social Plugin.”
Through the plugin, Instagram is informed about the actions you take on our page. If you are logged in to your personal Instagram account on the social network at the same time, it may attribute the actions you take on the page to your Instagram account and, consequently, to you personally. When you access the plugins, the corresponding information is transferred from your browser to the social network and stored there. Even if you are not a member of Instagram, it is still possible for it to obtain and store your IP address.
By clicking on one of these buttons, you agree to the use of this plugin and, therefore, to the transfer of personal data to Instagram. We do not have control over the nature and purpose of these data transmitted, nor over their further processing.
Regarding the purpose and scope of data collection, processing, and further use of data by Instagram, as well as the permissions and settings for user privacy protection, you can consult Instagram’s privacy policies at: https://help.instagram.com/519522125107875.
If you are a member of Instagram and do not wish for it to collect your data through the plugin and link it to the data already stored on Instagram, you must log out of the social network before visiting this site.
Considering the ruling of July 16, 2020 (in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection offered by the EU-US Privacy Shield is not adequate.
Therefore, the transfer of personal data to the U.S. and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of Standard Contractual Clauses for data transfers from EU data controllers to data controllers located outside the EU or the European Economic Area (EEA). It has also issued a set of clauses for data transfers from EU controllers to processors outside the EU or EEA. For more information on these clauses, we recommend visiting https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.
Instagram uses the Standard Contractual Clauses as an adequate guarantee for data protection, in accordance with the level of protection guaranteed by GDPR.
For more details, visit: https://www.facebook.com/legal/EU_data_transfer_addendum.

Plugins and Tools

Google Web Fonts

This site uses Google Web Fonts to ensure uniform font usage across this website. When you access a page on this website, your browser will load the necessary web fonts for correct text and font display by establishing a connection to Google’s servers. Therefore, the use of Google Web Fonts is based on Article 6, Paragraph 1, letter f) GDPR, with a legitimate interest in presenting the font consistently across this website. If explicit consent is given in this regard (e.g., consent to cookie storage), data will be processed solely based on Article 6, Paragraph 1, letter a) GDPR.
For more information on how Google Web Fonts handles user data, consult Google’s Privacy Policy available at: https://policies.google.com/privacy?hl=en.

Google Maps


This site uses Google Maps, a mapping and localization service, via an API. The provider is Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, United States.
To ensure data protection on our site, you will notice that Google Maps is disabled when you first visit our site. A direct connection to Google’s servers will not be established until Google Maps is activated independently, i.e., with your consent, in accordance with Article 6, Paragraph 1, letter a) GDPR. This prevents data from being transferred to Google during your first visit. Once you activate the service, Google Maps will store your IP address, which is typically transferred to a Google server in the United States and stored there. The provider of this website has no control over this data transfer once Google Maps is activated.
Considering the ruling of July 16, 2020 (in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection provided by the EU-U.S. Privacy Shield is not adequate.
Therefore, the transfer of personal data to the U.S. and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of SCC for data transfers from EU data controllers to data controllers located outside the EU or EEA. It has also issued a set of clauses for data transfers from EU controllers to processors located outside the EU or EEA. For more information on these clauses, we recommend visiting https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_ro.
Google Maps uses Standard Contractual Clauses as an adequate guarantee for data protection, in accordance with the level of protection guaranteed by the GDPR. For more details, consult Google’s Privacy Statement at: https://policies.google.com/privacy.
Google reCAPTCHA
We use “Google reCAPTCHA” (hereinafter referred to as “reCAPTCHA”) on our website. The provider is Google Inc., located at 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). The purpose of reCAPTCHA is to determine whether the data entered on our website (e.g., information entered in a contact form) is provided by a human user or an automated program. To determine this, reCAPTCHA analyzes the behavior of website visitors based on a variety of parameters. This analysis is triggered automatically as soon as the visitor enters the site. For this analysis, reCAPTCHA evaluates a variety of data (e.g., the IP address, time spent on the site, or mouse movements initiated by the user). The data tracked during these analyses is sent to Google. The reCAPTCHA analyses run entirely in the background. Website visitors are not informed that an analysis is taking place.
The data is processed based on Article 6, Paragraph 1, letter f) GDPR. The operators of the website have a legitimate interest in protecting the operator’s web content from misuse by automated systems used for industrial espionage and against SPAM.
Considering the ruling of July 16, 2020 (in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection provided by the EU-US Privacy Shield is not adequate. Therefore, the transfer of personal data to the U.S. and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of SCC for data transfers from EU data controllers to data controllers established outside the EU or EEA. It has also issued a set of clauses for data transfers from EU controllers to processors established outside the EU or EEA. For more information on these clauses, we recommend visiting this link.
Google reCAPTCHA uses Standard Contractual Clauses as an adequate guarantee for data protection, in accordance with the level of protection guaranteed by GDPR. For more information, consult Google’s Privacy Statement here: https://policies.google.com/privacy and here: https://policies.google.com/terms?hl=en.

Audio Plugins


Our website uses plugins from the audio portals Spotify and Anchor. If you visit any of the pages on our website where a plugin from an audio service provider is integrated, a connection will be made to those servers. Consequently, the service provider’s server will receive information about the pages you have visited. Additionally, the provider will receive your IP address. This will happen even if you are not logged in to Spotify or Anchor or do not have an account with them.
If you are logged in to your account on the mentioned audio portals, you allow the providers to directly allocate your browsing patterns to your personal profile. You can prevent this by logging out of your account.
The use of these audio portals is based on our interest in presenting online content in an attractive manner. According to Article 6, Paragraph 1, letter f) GDPR, this is a legitimate interest.

Advertising and Analysis

Google Analytics


This site uses the features of the Google Analytics web analytics service. The provider of this service is Google Inc., located in the United States at 1600 Amphitheater Parkway, Mountain View, CA 94043.
Google Analytics uses so-called cookies. These text files are stored on your computer and allow for analysis of how users interact with the website. The information generated by cookies regarding your use of this website is typically transferred to a Google server in the United States, where it is stored.
The storage of Google Analytics cookies and the use of this analytics tool are based on Article 6, Paragraph 1, letter f) GDPR. The operator of this site has a legitimate interest in analyzing user patterns to optimize both the online services offered and the operator’s advertising activities.
Considering the ruling of July 16, 2020 (in case C-311/18 – Data Protection Commissioner/Facebook Ireland Limited, Maximillian Schrems), the European Court of Justice ruled that the protection provided by the EU-US Privacy Shield is not adequate.
Therefore, the transfer of personal data to the U.S. and other countries outside the European Economic Area (EEA) is based on the Standard Contractual Clauses (SCC) of the European Commission. The Commission has issued two sets of SCC for data transfers from EU data controllers to data controllers established outside the EU or the European Economic Area (EEA). It has also issued a set of clauses for data transfers from EU controllers to processors established outside the EU or EEA. For more information on these clauses, we recommend visiting this link.

Data transfer to the United States is based on the Standard Contractual Clauses (SCC) of the European Commission.

IP Anonymization
On this site, we have enabled the IP anonymization feature. As a result, the IP address will be shortened by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area before being transmitted to the United States. The full IP address will be sent to one of Google’s servers in the United States and will be anonymized there only in exceptional cases. On behalf of the operator of this site, Google will use this information to analyze your use of this website, generate reports on website activities, and provide other services related to website usage to the operator of this site. The IP address transmitted by your browser along with Google Analytics will not be merged with other data held by Google.

Demographic Parameters Provided by Google Analytics
This site uses the “demographic parameters” feature provided by Google Analytics, through which reports are generated offering information about the age, gender, and interests of website visitors. The sources of this information are interest-based advertising generated by Google, as well as data from third-party service providers. This data cannot be attributed to a specific individual. You have the option to disable this feature at any time by making relevant changes to your advertising settings in your Google account, or you can generally prevent the recording of your data by Google Analytics.

Storage Period
Data regarding user levels or incidents stored by Google related to cookies, user IDs, or advertising IDs (e.g., DoubleClick cookies, Android advertising ID) will be anonymized or deleted after a maximum of 14 months. For details, click on the following link: https://support.google.com/analytics/topic/2919631?hl=en&ref_topic=1008008.

Conclusion


This personal data processing policy has been generated in accordance with the provisions of Regulation no. 679/2016 regarding the protection of individuals with regard to the processing of personal data and the free movement of such data, as well as with other applicable national legal provisions.
We reserve the right to make any additions or changes to this policy. We recommend regularly consulting the Policy for accurate and updated information regarding personal data processing.
For more details regarding this GDPR Policy, as well as for exercising any of the rights mentioned above, a written notification can be sent to the contact details provided above.
Last updated: 01.04.2025

Check box on the contact form:
☐ I agree and have read the Privacy Policy, especially regarding the consent given for the processing of my personal data.

Get in touch

join us

HEADQUARTERS

  • Zug, Switzerland
  • Lisbon, Portugal
  • Cluj-Napoca, Romania

STAY IN TOUCH