Privacy policy
Privacy Policy pursuant to Regulation (EU) 2016/679 (GDPR)
This Privacy Policy is provided in accordance with Regulation (EU) 2016/679 (“GDPR”) and describes how we collect, use, store, and protect the personal data of users who interact with our website.
1. Data Controller
The Data Controller is:
Rocas Srl
Registered Office: Vicolo di San Marco Vecchio 26, Florence, Italy
Email: info@toc-toc.it
Certified Email (PEC): rocas.srl@pec.it
2. Types of Data Collected
We may process the following categories of personal data:
Data voluntarily provided: such as name, email address, phone number, and any other information provided through the forms on the website.
Browsing data: such as IP address, browser type, operating system, time spent on pages, and other technical information automatically collected through cookies and similar technologies (see section 6).
3. Purpose and Legal Basis of Processing
The collected data is used for the following purposes:
To respond to requests for information submitted via the website (legal basis: performance of pre-contractual measures – Art. 6.1.b GDPR).
To provide our services and manage bookings (legal basis: performance of a contract – Art. 6.1.b GDPR).
To send promotional and marketing communications (only with explicit consent – Art. 6.1.a GDPR).
To comply with legal or regulatory obligations (Art. 6.1.c GDPR).
To ensure website security and prevent fraudulent activities (legitimate interest – Art. 6.1.f GDPR).
4. Data Processing Methods
Data processing is carried out using manual and/or digital tools, in compliance with the security measures required by the GDPR, to ensure the confidentiality, integrity, and availability of personal data.
5. Data Retention
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected. Specifically:
Data collected for contractual purposes will be stored for the duration of the relationship and as required by legal obligations (e.g., tax purposes).
Data processed for marketing purposes will be stored until consent is withdrawn, or for a maximum of 24 months.
6. Cookies and Tracking Technologies
This website uses technical cookies and, with consent, third-party analytics or profiling cookies.
7. Data Disclosure
Personal data may be disclosed to:
Employees and collaborators authorized to process the data.
Technical service providers or contractual partners (e.g., IT providers, payment processors), acting as Data Processors under Article 28 GDPR.
Public authorities, when required by law.
Data will not be disclosed or transferred outside the European Economic Area unless adequate safeguards are in place pursuant to Articles 44 et seq. of the GDPR.
8. Data Subject Rights
Under Articles 15–22 of the GDPR, users have the right to:
Access their personal data;
Request rectification, erasure, or restriction of processing;
Object to processing;
Withdraw consent at any time (without affecting the lawfulness of processing based on prior consent);
Receive their data in a structured, commonly used, and machine-readable format (data portability);
Lodge a complaint with the Data Protection Authority (www.garanteprivacy.it).
Requests may be sent to the Data Controller using the contact details provided above.
9. Policy Updates
We reserve the right to update or modify this Privacy Policy at any time. Any changes will take effect immediately upon being published on this page. We encourage users to review this policy periodically.
Last updated: 09/04/2025
This Privacy Policy is provided in accordance with Regulation (EU) 2016/679 (“GDPR”) and describes how we collect, use, store, and protect the personal data of users who interact with our website.
1. Data Controller
The Data Controller is:
Rocas Srl
Registered Office: Vicolo di San Marco Vecchio 26, Florence, Italy
Email: info@toc-toc.it
Certified Email (PEC): rocas.srl@pec.it
2. Types of Data Collected
We may process the following categories of personal data:
Data voluntarily provided: such as name, email address, phone number, and any other information provided through the forms on the website.
Browsing data: such as IP address, browser type, operating system, time spent on pages, and other technical information automatically collected through cookies and similar technologies (see section 6).
3. Purpose and Legal Basis of Processing
The collected data is used for the following purposes:
To respond to requests for information submitted via the website (legal basis: performance of pre-contractual measures – Art. 6.1.b GDPR).
To provide our services and manage bookings (legal basis: performance of a contract – Art. 6.1.b GDPR).
To send promotional and marketing communications (only with explicit consent – Art. 6.1.a GDPR).
To comply with legal or regulatory obligations (Art. 6.1.c GDPR).
To ensure website security and prevent fraudulent activities (legitimate interest – Art. 6.1.f GDPR).
4. Data Processing Methods
Data processing is carried out using manual and/or digital tools, in compliance with the security measures required by the GDPR, to ensure the confidentiality, integrity, and availability of personal data.
5. Data Retention
Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected. Specifically:
Data collected for contractual purposes will be stored for the duration of the relationship and as required by legal obligations (e.g., tax purposes).
Data processed for marketing purposes will be stored until consent is withdrawn, or for a maximum of 24 months.
6. Cookies and Tracking Technologies
This website uses technical cookies and, with consent, third-party analytics or profiling cookies.
7. Data Disclosure
Personal data may be disclosed to:
Employees and collaborators authorized to process the data.
Technical service providers or contractual partners (e.g., IT providers, payment processors), acting as Data Processors under Article 28 GDPR.
Public authorities, when required by law.
Data will not be disclosed or transferred outside the European Economic Area unless adequate safeguards are in place pursuant to Articles 44 et seq. of the GDPR.
8. Data Subject Rights
Under Articles 15–22 of the GDPR, users have the right to:
Access their personal data;
Request rectification, erasure, or restriction of processing;
Object to processing;
Withdraw consent at any time (without affecting the lawfulness of processing based on prior consent);
Receive their data in a structured, commonly used, and machine-readable format (data portability);
Lodge a complaint with the Data Protection Authority (www.garanteprivacy.it).
Requests may be sent to the Data Controller using the contact details provided above.
9. Policy Updates
We reserve the right to update or modify this Privacy Policy at any time. Any changes will take effect immediately upon being published on this page. We encourage users to review this policy periodically.
Last updated: 09/04/2025