visittuscany.com is the official tourism website of the Region of Tuscany and offers users a general overview of the entire cultural and touristic patrimony of Tuscany as well as the possibility to contribute, through dedicated spaces, to spreading knowledge about the region.
visittuscany.com was created and is managed by the Fondazione Sistema Toscana (hereinafter also referred to as “FST”), a legally recognized private law entity operating as an in-house providing of the Region of Tuscany, an instrument for the implementation of the following regional institutional purposes:
a) development of digital communication for the valorization and promotion of cultural heritage and activities, research and innovation, information society and knowledge;
b) promotion of the integration between cultural offerings and tourism offerings;
c) promotion and diffusion of film and audiovisuals and educational initiatives;
d) film commission activities;
e) promotion and valorization of Tuscan identity and development of youthful policies and rights.
In compliance with national legislation (Legislative Decree 30 June 2003 n.196, Code regarding the protection of personal data) and community law (European regulation for the protection of personal data n. 679/2016, GDPR) and subsequent amendments, this site respects and protects the privacy of visitors and users, making every possible and proportionate effort not to infringe upon the rights of users.
This privacy policy is valid only for visitors / users and for the online activities of this website and does not apply to information collected through different channels. The purpose of the privacy policy is to provide maximum transparency regarding the information that the site collects and how it uses it.
The Data Controller pursuant to the laws in force is:
Regione Toscana - Giunta regionale
Piazza Duomo, 10
50122 Firenze
The Data Processor, responsible for the processing of the data, by appointment of the Data Controller, pursuant to the laws in force is:
Fondazione Sistema Toscana
Via Duca d’Aosta, 9
50129 Firenze
The Data Protection Officers (DPOs) of the Data Controller and of the Data Processor can be reached at the following e-mail addresses:
Data Protection Officer of the Regione Toscana - Giunta regionale (regional council): urp_dpo@regione.toscana.it
Data Protection Officer of Fondazione Sistema Toscana: dpo@fst.it
Legal basis of the data processing is the Regional Law 86/2016, art. 4, the data are processed for the performance of tasks carried out in the public interests or in the exercise of Region of Tuscany official authority.
The website uses log files which conserve data collected automatically during a visit to the website. The data collected could be the following:
• Internet Protocol address (IP);
• Browser type and parameters of the device used to access the website;
• Name of the internet service provider (ISP);
• Date and time of visit;
• Webpage the visitor connected from (referral), as well as the subsequent page upon exiting;
• The number of clicks;
• Geolocation (longitude and latitude) of the device (smartphone, tablet, ...) used for this site, via GPS, mobile network, or IP address.
The geolocation of the User's device is processed in an automated and totally anonymous way for the sole purpose of georeferencing the device on a map, calculating the distances between the location of the device and the place User wants to visit, as well as for statistical purposes and for definition of the areas of local use of the Application itself.
To ensure security (anti-spam filters, firewall, survey of viruses), the data registered automatically could be used, in accordance with the relevant current laws, to block attempts to damage the website or other users, as well as damaging or criminal activities. Such data are never used for identifying and profiling the user but are only intended to safeguard the website and its users.
The data collected from the website during its operation are used exclusively for the aims indicated and are conserved for the time necessary for carrying out precise activities or, if applicable, until there is a cancellation request for accounts registered to the website. The data collected from the website will never be passed to third parties for any reason, unless there is a legitimate request from judicial authorities and only in cases allowed by law.
By accessing and navigating the website, users accept that the aforementioned data are processed for the previously mentioned purposes of IT security and preventing illegal activities. The user can request that their data be cancelled and/or exercise their rights as protected by current laws.
The data is processed at the Data Center ex TIX (Tuscany Internet Exchange), Via San Piero a Quaracchi n. 250 - Florence, now part of the Sistema Cloud della Toscana (SCT - Tuscany Cloud System).
In compliance with community law (European Regulation for the protection of personal data 2016/679, Art. 28, par. 3), organizations who process personal data on behalf of Data Controller or Data Processor have been appointed as Data (Sub-)Processors, to ensure compliance with the requirements of the Regulation.
visittuscany.com collects and shares in the regional tourist information system textual and multimedia content (texts, images, sounds, films, graphics, trademarks, logos, audiovisuals, etc., hereinafter "content") for the purpose of tourist information and promotion of Tuscany as a destination.
The content is produced by:
All those who provide content through the participation in project by visittuscany.com expressly accept the following legal conditions:
All content is protected by current copyright and intellectual property law and, therefore, unauthorized reproduction, use of the content and/or making it available to the public (including through file sharing) is not permitted to the external provider. Those who violate this prohibition incur civil and criminal liabilities as provided by law.
“Where to stay” – https://accommodations.visittuscany.com/ – shows accommodation facilities according to the following order of priority:
Within each of the above three groups the order of presentation of the accommodation facilities is random, updated every 30 minutes.
The Accommodations facilities and Deals are instead presented on the homepage of Visit as well as in other sections of this site and its widget, with random order, updated every 60 min.
The order, random, generated periodically, is valid for all users/sessions until the subsequent periodic "re-order".
This type of service allows you to view and interact with content hosted on external platforms directly from the pages of this site.
Visittuscany.com may use these platforms. It is possible that, even if users do not use the service, it collects traffic data relating to the pages in which it is installed.
Google Fonts (Google, Inc.)
Google Fonts is a font style visualization service managed by Google, Inc. that allows this site to integrate such content within its pages.
Personal Data collected: Usage data and various types of data as specified in the privacy policy of the service.
Place of date processing: United States - Privacy Policy.
Widget Google Maps (Google, Inc.)
Google Maps is a map display service managed by Google, Inc. that allows this site to integrate such content within its pages.
Personal Data collected: Cookies and Usage Data.
Place of data processing: United States - Privacy Policy.
Visittuscany.com may contain links to other websites or social media that are not necessarily under the control of the Data Controller and of the Data Processor.
The user is encouraged to carefully read the conditions and terms of operation and use of these sites. The Data Controller and the Data Processor do not assume responsibility either for the unauthorized use of user's data or for any further monitoring or profiling that may be carried out by the aforementioned sites.
visittuscany.com may use cookies, small strings of texts that allow for the website to conserve data regarding users’ preferences in order to improve the site’s operation, simplify navigation by automating processes (ex. login, language) and analyze site use.
Session cookies are essential for distinguishing connected users and are useful for ensuring that a requested function not be provided to the wrong user, as well as for security purposes so as to avoid damaging attacks on the website. Session cookies do not contain personal data and last only as long as the session does, that is, until the browser is closed. Consent in not needed for them.
Session cookies, and more generally functionality cookies used by the website are strictly necessary cookies for operating the site; they are those connected to a user’s request for a specific function (like login).
Statistics, marketing/tracking and social media cookies are described in detail in following sections.
The first time an user / visitor accesses the website he can manage consent settings and decide which cookies to accept.
User / visitor can also change the settings in subsequent accesses.
Deleting cookies does not preclude use of the site.
Users / visitors can set the computer browser to accept / reject all cookies or display a warning every time a cookie is proposed, in order to evaluate whether to accept it or not.
By default, almost all web browsers are set to automatically accept cookies.
Users / visitors can still change the default setting, or disable cookies (i.e. block them permanently), by setting the highest level of protection in the browser, however, disabling them can compromise the use of site functions.
In any case, it remains possible to delete or remove cookies from your device, using the appropriate functions present in the browser. Deleting the cookies does not preclude the use of the site, but involves the repetition of the authentication procedure, or the re-submission of the access credentials.
There are also components (plugins) for the most popular browsers that allow:
• the management (display, cancellation, block) of cookies
• disabling third party JavaScript pages
• visualization of the technologies used by the site
• the visualization and (selective) blocking of the different tracking mechanisms
Cookies can be disabled directly from the browser used, thus denying / revoking consent for the use of cookies. It should be noted that disabling cookies can impede upon the correct use of some functions on the website.
visittuscany.com uses the tools Google Analytics and Tag Manager for monitoring access to the website (number of accesses, new users, number of sessions, visualizations of a page, type of device and browser, etc.) and receiving information regarding user behaviour on the website (referral, duration of sessions, bounce rate, etc.) for statistical and market study purposes. FST does not collect users’ personal data because the information related to accessing the website and user behaviour are provided by Google Analytics and Tag Manager in an aggregated and non-personalized/anonymous form. However, FST does not respond to the processing of data collected by Google Inc. through Analytics and Tag Manager. Google could use, unbeknownst to FST, personal data for contextualizing and personalizing advertisements on their marketing network. Information about the two Google tools that may be used are as follows:
Google Ads conversion tracking (Google Inc.)
Google Ads conversion tracking is a statistics service provided by Google LLC or by Google Ireland Limited, depending on the location in which visittuscany.com is used. It connects data from the Google Ads network with the actions performed internally on visittuscany.com
Personal Data processed: Cookies and Usage Data.
Place of processing: USA - Privacy Policy.
Google Ads Remarketing (Google Inc.)
Google Ads Remarketing is a remarketing and behavioral targeting service provided by Google LLC or by Google Ireland Limited, depending on the location in which visittuscany.com is used. It connects the activity of visittuscany.com with the Google Ads advertising network and DoubleClick Cookies.
Google installs cookies to study and improve advertising, with remarketing actions, in order to send the user messages in line with their interests. Remarketing also helps reach users who have visited the site, depending on the type of interaction they have had with it.
Users can choose not to use Google cookies for ad personalization by visiting the Google ad settings.
Personal Data processed: Cookies and Usage Data.
Place of processing: USA - Privacy Policy - Opt Out.
Remarketing with Google Analytics
Remarketing with Google Analytics is a remarketing and behavioral targeting service provided by Google LLC or by Google Ireland Limited, depending on the location in which visittuscany.com is used. It links the tracking activity carried out by Google Analytics and its Cookies with the Google Ads advertising network and Doubleclick Cookies.
Google Analytics uses cookies to perform actions such as the publication of ads and product pages or to monitor their performance.
Personal Data processed: Cookies and Usage Data.
Place of processing: United States - Privacy Policy - Opt Out; Ireland - Privacy Policy - Opt Out.
visittuscany.com uses cookies from social networks, which are used to allow for sharing content on social networks. These plugins are programed so as to not register cookies when accessing the page, safeguarding the user’s privacy. The cookies are registered, if allowed by the social networks, only when the user effectively and voluntarily uses the plugin. It should be kept in mind that if the user navigates when logged into the social network, they already consented to the use of cookies transmitted through this website when registering with the social network.
The collection and use of data obtained via the plugin are regulated according to the related privacy policies of the social networks, which users are advised to refer to.
visittuscany.com’s code may contain Facebook Pixel, a tool for collecting statistical data that allows website managers to measure the effectiveness of their advertising by understanding the actions people take on their websites.
Facebook installs cookies for analyzing and improving advertising through remarketing activities in order to send users messages in line with their interests. Remarketing helps reach users who have visited the websites.
The "Pinterest Tag" from Pinterest Europe Ltd, a conversion tracking technology, is installed in the code of the visittuscany.com website. The cookie is installed if the visit originates from a Pinterest pin and is not used for personal identification. The tag interacts with the cookie and records and may track certain actions (e.g., search queries or visits to website pages). When such certain actions are performed, the browser uses the Pinterest tag to transmit some information about the action (type of action, time, type of browser used). This transmission allows Pinterest to generate statistics about Visituscany.com usage behavior. Visituscany.com does not receive any information with which users can be personally identified.
Personal Data Collected: Cookies and Usage Data.
Place of processing: Ireland - Privacy Policy.
Installed in the code of the visittuscany.com website is the "TikTok Pixel", a conversion tracking service made available by TikTok Technology Limited. The TikTok Pixel is an analytical tool that helps to understand user behavior on the website and can enable analysis of TikTok's ad conversions based on defined events and analysis of user actions on the site (type of action, time of day, type of browser used).
Personal Data Collected: Cookies and Usage Data.
Place of processing: Ireland - Privacy Policy.
With the aim of increasingly responding to the needs of those using the website, visittuscany.com uses HotJar, a monitoring tool that allows for the analysis of user behaviour, acquiring information about actions, such as clicks, taps, page scrolling, mouse movements, etc.. The data is collected in such a way that it is not traced to the user.
HotJar is a service provided by Hotjar Ltd.
Personal Data collected: Cookies and various types of data as specified in the privacy policy of the service.
Place of data processing: EU - Privacy Policy.
Visittuscany.com uses Clarity, a monitoring tool that allows the analysis of user interaction on the website to identify which areas of a page the cursor passes over or that are clicked on with the mouse, so that the areas attracting the greatest interest can be recognized (heat mapping). Clarity may record sessions and make them available for later analysis.
Clarity is a service provided by Microsoft Ireland Operations Limited.
Personal Data collected: Cookies, usage data and various types of data as specified in the privacy policy of the service.
Place of data processing: EU – Privacy Policy.
Periodically, the visittuscany.com staff may use SEMrush, digital marketing tool that allow for the processing of statistics regarding the performance of the website’s content on social media channels tied to the digital promotion of tourism in Tuscany.
Semrush is a service provided by Semrush Inc. and the subsidiary SEMrush CZ s.r.o.
Personal Data collected: Cookies and various types of data as specified in the privacy policy of the service.
Place of data processing: United States and EU - Privacy Policy.
visittuscany.com uses Sojern pixel to collect information on users navigation and to track cookies for advertising purposes. Through Sojern pixel, data on users travel intentions are collected, however no information is collected that can personally identify them, such as name, address, email address, or telephone number. Examples of the data acquired are: information on the destination, dates, length of stay and number of travellers.
Sojern is a service provided by Sojern, Inc.
Personal Data collected: Cookies and various types of data as specified in the privacy policy of the service.
Place of processing: United States - Privacy Policy.
By filling in the forms made available on visittuscany.co with their data, users/visitors agree to periodically receive updates on news relating to the subject of the form.
Personal data collected: common data and e-mail address.
Communications are sent via e-mail to those who explicitly request them by filling out the aforementioned forms and authorizing the owner to process their personal data. Providing this data is optional, but by refusing to provide personal data, the user will be unable to send content via the form.
Website users can choose to subscribe to the visittuscany.com newsletter in order to periodically receive updates about the newest changes to the website. The tool used to send and manage the newsletter is Mailchimp, a service provided by The Rocket Science Group, LLC that manages email addresses and sending emails.
Personal data collected: common data and email addresses
Processing location: United States – Privacy Policy.
The newsletter is sent via email to those who specifically request to receive it by filling out the dedicated form and authorizing FST to process users’ personal data. Providing this data is optional, but by refusing to provide data, the user will be unable to subscribe to the newsletter.
First access: at first access, the site presents to the user a banner through which the user can choose cookie settings according to his/her preferences and change them at any time through the "Cookie settings" button in the footer of the site.
Geolocation: when accessing some pages of the website for the first time, users will see a message that gives them the option of accepting or refusing the geolocation of their own device, via GPS, mobile network, or IP address, by visittuscany.com. By providing their consent, users authorize the Data Controller and the Data Processor to use all the tools listed in this policy for the purposes listed and for the type of personal data indicated.
Contact form: by filling in their personal data on the contact form accessible on the page https://www.visittuscany.com/en/contact/, users authorize their use for the purposes of responding to requests for information or anything else indicated in the form’s header. In all cases, the user fully accepts the legal conditions and terms of use of visittuscany.com and all the websites/subdomains attributable to visittuscany.com.
These services may collect data related to user message visualization date and time, as well as user interaction with them. Personal data collected by contact form are: name, surname, email address and other types of data as specified in the privacy policy of the service.
This site processes user data in compliance with legal requirements, taking appropriate security measures to prevent unauthorized access, disclosure, modification or unauthorized destruction of data. The data processing is carried out using IT and / or telematic tools, with organizational methods and logic strictly related to the purposes indicated. In addition to the Data Controller and Data Processor, in some cases, categories of employees (administrative, commercial, marketing, legal, system administrators) or external subjects (such as third party technical service providers, hosting providers, IT companies, communication agencies) may have access to the data) appropriately appointed in compliance with current regulations.
In accordance with EU Regulation 679/2016 (GDPR) and national legislation, users can, within the procedures and limits provided by current law, exercise the following rights:
In addition, all rights that are recognized by current law.
Requests, including the right to oppose processing, can be addressed to the Data Controller and the Data Processor.
The general conditions apply to each one of these aforementioned projects, with the exception of the specific points indicated in their individual policies.
This privacy policy is updated as of December 19, 2022