Privacy Policy

pursuant to EU Reg. 2016/679 and current legislation

Introduction: the GDPR and privacy

The General Data Protection Regulation (GDPR) or General Data Protection Regulation is a regulation (EU 2016/679) with which the European Commission intends to strengthen and homogenise the protection of personal data of citizens and residents of the European Union, within or outside its borders. This regulation supersedes the privacy laws of individual states and has been in force since 25 May 2018.

For more information you can see the official text of the GDPR, the website of the privacy watchdog and the dedicated page on Wikipedia.

In accordance with the RGPD, this policy is intended to explain clearly and simply what personal data is collected through this website, where it is stored, for how long, for what purposes and how you can update it or request its deletion.

Who is the Data Controller: Studio Romano & Fuhr

Studio Romano & Fuhr s.r.l. (hereinafter referred to as the "Company") protects the confidentiality of your personal data and guarantees the necessary protection from any event that may put them at risk of violation.

As provided for by the European Union Regulation no. 679/2016 ("RGPD"), and in particular art. 13, below we provide the user ("Data Subject") with the information required by law regarding the processing of their personal data. and (which we will refer to as the "Website") are websites owned by Studio Romano & Fuhr - P.IVA IT06963720484 to which we will refer hereafter simply as the "Company".

Studio Romano & Fuhr s.r.l., our company, is based in Florence, via Pergolesi 1, postcode 50144 (Italy).

The Company operates the sites listed above and controls the management of personal data as described in this privacy policy, in accordance with current privacy laws (General Data Protection Regulation (GDPR) - EU Regulation 2016/679).

You can contact us by email at (PEC) or

On what legal basis does Azienda collect and manage personal data?

Company uses as a legal basis the need to process personal data for the performance of its services, which include the sale of tourism products and services, transactional communication of orders from its Website catalogue. Without collecting the required data, it would not be possible to provide the aforementioned services.

Company then relies on its legitimate business interests to provide its services, promote them, prevent fraud and spam and improve its services.

Where required by applicable law, we will ask for your consent before processing your personal data for direct marketing purposes.

What kind of data does the Company collect on the Website? (Type of data processed)

Company collects information that you provide to us via the contact and/or purchase forms on this site. For users requesting information or purchasing products or services this data includes your name, email, phone number and any other information you choose to include in your request.

For users wishing to join our affiliate programme we collect data on company name, official site, phone number and email, business interests, city and province, as well as the date of the request and the site from which the request originated.

For each form submission on our sites we also collect data about the browser and operating system used and the IP address, to combat spam and to identify any usability problems with our sites with particular configurations and devices.

When you visit our sites we automatically collect certain information. For example, your IP address, the date and time you access our site, the hardware, software or browser you use, and information about your computer's operating system and language settings. We also collect information about your clicks and the pages you have viewed, as well as information about which sites or marketing campaigns you used to arrive at our sites.

The Company does not ask you to provide any so-called "special" data, i.e., in accordance with the provisions of the GDPR (art. 9), personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data intended to uniquely identify a natural person, data concerning a person's health or sexual life or sexual orientation. In the event that the service requested from the Company requires the processing of such data, the interested party will be informed in advance and will be asked to give his/her consent.

Why does the Company collect this data on the Website? (Purpose of processing)

The data sent to us through the form on these sites are first and foremost used to provide the information, including any offers, explicitly requested through the form itself.

For the data relating to users who wish to join our affiliation programme, we collect the information that the user enters in the form in order to be able to send, by email or telephone, information and the contract for joining the affiliation programme as well as the related transactional communications of orders and anything else relevant to the service offered in the event that the user joins our affiliation programme.

Only with your express consent may we also send you any offers relating to services related to visibility on our sites or otherwise directed to products and services that we believe may be of interest to you.

The company keeps the request in its archives for statistical purposes and as a backup, so that it can be resent if necessary.

To those who make a request or purchase, Azienda also sends an email confirming that the request or purchase has been correctly made and this email may contain information, including links to articles and offers on Azienda websites.

Only with your explicit consent may we send you further commercial communications via email or SMS containing information and offers of interest about our Products and Services.

Further explicit consent may be required to send further commercial communications via email or SMS containing information and offers from third parties or partners of the Company.

Lastly, the data entered in the forms may be used to show you personalised online advertising campaigns (remarketing) instead of generic advertisements, through specialised platforms such as Google Adwords, Bing Ads, Facebook Advertising and Criteo. In this case, site users are grouped into virtual lists, in an aggregate form that cannot be traced back to individual users, based on the information entered and choices made on this site and others owned by the company, based on the site and pages visited and actions taken on the site such as sending an enquiry or subscribing to a newsletter. In this way we try to show you advertisements targeted to your interests, through advertising platforms such as Google Adwords, Bing Ads, Facebook Advertising and Criteo, instead of generic ads.

Where is the data collected stored and for how long? (Data retention)

The data collected both from our forms and from browsing our sites are acquired through the following platforms:

  • Google Analytics - for data related to site navigation and purchase.
  • Google Tag Manager - for data relating to site navigation and purchase.
  • Criteo - for data relating to purchases, navigation and choices made on the site.
  • InspectLet - for site navigation and shopping data.
  • Bing Ads - for site browsing and purchasing data.
  • Google AdWords - for site navigation and purchasing data.
  • Google Gmail - Each form generates an email addressed to Company which stores it in Gmail account(Google Suite)
  • Google Documents Pages - Data can be exported to documents stored in Google's service, Google Suite
  • Mailchimp - for requests sent via the forms and subscriptions to our newsletters
  • Amazon SES AWS - for requests sent via forms and subscriptions to our newsletters
  • On databases stored on our servers at the provider
  • On documents and databases stored at the company's premises in Florence, Italy.
  • On documents and databases stored at the Amazon AWS service

Transmission of collected data

The transmission of personal data as described in this Policy may include transfer outside the European Union to countries that do not have data protection laws as comprehensive and complete as those of the European Union countries. Where required by EU law, we will only transfer personal data to recipients that offer an adequate level of data protection. Google, Bing, Amazon, Facebook, Criteo and Mailchimp are leading international companies and their servers are distributed worldwide, including outside the EU countries. has its servers in Strasbourg, France. In some cases, data may also be stored in other data centres in the network. For more information please consult the data centre network or contact us. Company based in Florence, Italy

The Company relies on special procedures to prevent unauthorised access to data, as well as its misuse. Only authorised personnel may access personal data in the course of their work. We retain your personal data for as long as we deem necessary to enable you to use our services, to advertise our services, to conduct our business, to comply with legal obligations and to resolve disputes. All personal data held by us is governed by this Privacy Policy. If you have questions about a specific data retention period for certain types of personal data we process, please contact us as indicated below.

The data collected through the request and/or purchase forms arrive, in the form of email, both to Company, which operates the Websites, and to the sender. Other than the use stated in this policy, data is not shared with any other third party.

Data collected through the forms with which the user wishes to join the affiliate programme is not shared by Azienda with any third party.

Site navigation and usage data collected through tools such as Google Analytics is only shared in aggregate form (i.e., not attributable to individual users) with Azienda employees and partners.

Third parties to whom the Company entrusts the performance of certain activities such as tax compliance, IT or business consulting, fraud prevention, debt collection. In these cases the recipients of the communication are appointed as Data Processors

How does Azienda handle children's personal data?

The services offered by are intended only for persons over the age of 16. For persons under the age of 16, use of our services is only permitted with the consent of their parents or legal guardian. If we become aware of the processing of data of persons under 16 years of age without the valid consent of a relative or legal guardian, we reserve the right to delete such data.

How can you check, update and possibly delete personal data that you have shared with the Company?

At the request of the data controller and in accordance with current data protection laws (General Data Protection Regulation (GDPR) - EU Regulation 2016/679), Company undertakes to have the personal data in its possession reviewed, amended or deleted.

The easiest way to do this is to send us an email to or in which you can ask us to view, update or definitively delete the data concerning you that we have in our files.

Every communication from us sent via the Mailchimp platform, the server of this site, via the SMTP of the provider or via Amazon SES AWS also includes a link from which you can update your data and consent and possibly choose not to be contacted again in the future.

We do our best to respond promptly and comprehensively to every request as is our duty. It is always your right to lodge a complaint with the supervisory authority.

This Policy may be changed in the future, so please visit this page regularly to be aware of any updates.

Method of processing

The data is processed using computer and telematic tools and/or manually (e.g. on paper) for the time strictly necessary to achieve the purposes for which the data was collected and, in any case, in accordance with the relevant regulations in force.

Optional supply of data

Apart from that specified for navigation data, users/visitors are free to provide their personal data. Failure to provide them may only result in the impossibility of obtaining what has been requested.

Rights of data subjects

Users/visitors have the right to access their data at any time and to exercise the other rights (to request the origin of the data, the correction, updating or integration of inexact or incomplete data, or the cancellation or blocking of data processed in violation of the law, or to oppose their use for legitimate reasons) provided for in Article 7 of the Privacy Code, by contacting the data controller directly through the site or through the data below.

Data Controller

Studio Romano & Fuhr - via Pergolesi 1 - 50144, Firenze (FI) - P.IVA: 06963720484 - PEC:

Since the installation of Cookies and other tracking systems operated by third parties through the services used within this Application cannot be technically controlled by the Owner, any specific reference to Cookies and tracking systems installed by third parties is to be considered indicative. For complete information, please consult the privacy policy of any third party services listed in this document. Given the objective complexity associated with the identification of Cookie-based technologies and their very close integration with the operation of the web, Users are invited to contact the Owner should they wish to receive any further information on the use of Cookies themselves and on any use of the same - for example by third parties - carried out through this site.


All content on the site, including textual, photographic and graphic content, is the property of the Company, with the exception of photographic content owned by third parties and used with their consent. All the contents of the site are protected by Italian and European copyright laws; no content may be copied or imitated, even in part, without the written consent of Azienda.