General terms and conditions of use of the platform

These general terms and conditions of contract and use of the platform (hereinafter, the “General Terms and Conditions” or “Agreement”) constitute the terms and conditions governing access to the “Terre dei Malaspina” platform (hereinafter, the “Platform”) and the use of all services available therein (hereinafter, the “Platform Services”) by any public or private entity or organization, or by a natural person acting as a professional (hereinafter collectively, the “Participating Entities”), that meets at least one of the following conditions:

A) Owns, manages, and/or directly protects a place of recognized environmental and/or cultural value, e.g., a park, protected area, archaeological park, UNESCO site, botanical garden, historic garden, itinerary, etc. (hereinafter, the “Location”) in the Terre dei Malaspina area, which encompasses a vast territory spanning the provinces of Alessandria, Pavia, and Piacenza.

B) Offers and organizes activities, events, shows, excursions, treks, guided tours, exhibitions, installations, itineraries, guided tours, festivals, conferences, workshops, courses, events, services, etc. (hereinafter, “Experiences”) within a Locality in the Terre dei Malaspina area, which encompasses a vast territory spanning the provinces of Alessandria, Pavia, and Piacenza.

These General Terms and Conditions are deemed to be known through their publication at https://www.terredeimalaspina.it/condizioni-generali-di-contratto-e-utilizzo/ and are included in the registration form on the website www.terredeimalaspina.it. These General Terms and Conditions completely replace any previous versions of the General Terms and Conditions, which therefore cease to be effective from the date of publication on the website. Any changes will be communicated to the participating Organization using the methods indicated in Article 20 below.

Provider Identification:

The Contract is entered into by the participating Organization with the Thara Rothas Association (hereinafter, also “Thara Rothas”), Tax Code and VAT No. 06545680966, with registered office in Milan (MI), Via Lovanio, 4, and operational headquarters in Varzi (PV), Via Pietro Mazza 6, represented by its legal representative pro tempore (also, the “Party”). Thara Rothas, in fact, owns and exclusively manages the Services of the Platform www.terredeimalaspina.it and administers all functions by providing the Platform Services to the participating Organizations and also to end users (“User(s)”).

As administrator of the Platform, Thara Rothas is specifically responsible for:
– defining contractual relationships and managing sublicenses of use of the Platform to the participating Organizations;
– managing relationships with the participating Organizations for the administration of the Locations and Experiences (as defined below);
– management of the area for booking and/or pre-sales of the Experiences that the participating Reality offers to Users.

Art. 1 – Premises/Definitions/Annexes

1.1. The preamble constitutes an integral and substantial part of these General Terms and Conditions.

1.2. Thara Rothas owns the online digital platform called Terre dei Malaspina, which it sublicenses to the participating entities. The platform was designed and developed by J’eco srl, which holds the rights to the source code, its use, and its reproducibility, and which licenses it to Thara Rothas.

1.3. The Platform is accessible via the Internet in SaaS (Software as a Service) mode. Through the Web Content Management System (hereinafter, “WebCMS”), participating entities can promote their locations and experiences and use the Platform Services described in Article 2 below.

1.4. The WebCMS of the Terre dei Malaspina Platform is a tool reserved for entities, organizations, professional users, creatives, and hobbyists, and by signing the Agreement, participating entities expressly declare themselves to be such.

Art. 2 – Object of the General Conditions – Platform Services

2.1. These General Terms and Conditions cover the following services, collectively defined as “Platform Services”:

a) a free sublicense for use of the Platform via WebCMS;
b) the free promotion service by the participating Organization of its Locations and its Experiences (hereinafter “Content”);
c) the booking service for Experiences offered by the participating Organizations free of charge to users (hereinafter “Free Booking Service”), referred to in Article 8 below;
d) the pre-sale service for Experiences offered by the participating Organizations to users for a fee (hereinafter “Paid Booking Service”), referred to in Article 9 below.
2.2. Thara Rothas, in compliance with the terms and conditions of these General Terms and Conditions, grants the Participating Company a personal, free, revocable, non-exclusive, non-transferable, non-assignable sublicense, limited to the uses permitted by these General Terms and Conditions of the Terre dei Malaspina Platform. This sublicense allows the Participating Company to directly and independently publish its Content through the WebCMS application. Due to the nature and operation of the Platform, the Participating Company directly and completely independently manages the features made available in its profile, and it is the Participating Company itself, under its own exclusive responsibility, that uses the tools provided by the Platform, as specified below.

2.3. In addition to the free sublicense referred to in Article 2.2 above, the Platform allows the Participating Company to manage the free and/or paid Booking Service, as specified in Articles 8 and 9 below.

Art. 3 – Archives

3.1. All publications by participating Organizations on the Platform are accessible online by Users 24 hours a day, 7 days a week, 365 days a year, without prejudice to the provisions of Articles 11, 12, and 13 below.

3.2. The Content that each participating Organization submits to the system is published under its own exclusive responsibility and will populate the Platform’s Content Archive.

3.3. For free and/or paid Booking Services, all booking and purchase requests for Experiences received through the Platform and managed by Thara Rothas will be stored in the Booking Archive.

Art. 4 – Methods of activation and access to the Platform

4.1. To request Platform Services, the Participating Company must complete the registration form in the “Become a Participating Company” section. Before submitting the form, the Participating Company must carefully read these General Terms and Conditions, along with Appendix A) Commercial Offer.

Thara Rothas subsequently carries out an accreditation process. Following this process, the Participating Company will receive, at the email address provided during registration, an email containing a temporary password and user ID. These must be changed by the Participating Company upon its first access to the Platform’s Reserved Area (hereinafter, the “Reserved Area”); upon this access, the Participating Company must expressly accept these General Terms and Conditions.

4.2. Subsequently, the Participating Company will access the Platform Services using its User ID and password, as modified above (hereinafter, the “Authentication Credentials”), which the Participating Company is solely responsible for safeguarding to ensure confidentiality. From that moment, the Participating Company is identifiable to Users, who may enter into contracts with it. Thara Rothas is in no way a party to these contracts and assumes no liability for such contracts.

4.4. Authentication Credentials are personal, confidential, and non-transferable. Access to the Reserved Area and use of the Platform must comply with these General Conditions. In particular, the Participating Company undertakes to maintain its Authentication Credentials with the utmost confidentiality and is therefore also responsible for their safekeeping. The Participating Company is therefore solely responsible for any damage caused by the use of the Authentication Credentials by unauthorized third parties. The Participating Company undertakes to immediately notify Thara Rothas of any theft, loss, misappropriation, or appropriation of its Authentication Credentials by unauthorized third parties, including for the purposes of reporting any data breaches, pursuant to Articles 33 and 34 of European Regulation 2016/679. The Participating Company also undertakes to change its password at least once every 6 (six) months.

4.5. Both during registration and through the Reserved Area within the Platform, the Participating Company is required to provide up-to-date, complete, and accurate information and contact details (specifically, email address, tax code, and VAT number). Any attempt to violate the security of the Platform or to perform reverse engineering constitutes unlawful conduct and is grounds for liability. The Participating Company is required to promptly notify Thara Rothas in the event of unauthorized use of access to the Platform and its Services, or any other security breach. Thara Rothas is not responsible for any damage or disruption resulting from unauthorized use of access using the Participating Company’s authentication credentials.

Art. 5 – Declarations, obligations and responsibilities of the participating entity

5.1. To access the Platform’s Reserved Area, it is essential to complete the “mandatory fields” provided in the registration form. With specific reference to the email address, the Participating Company declares that it is active, attributable to it, and can be used for the purposes of carrying out activities related to the execution of these General Conditions. The Participating Company remains solely responsible for the activities carried out using its authentication credentials.

5.2. It is the Participating Company’s responsibility to verify that all information (Content, Experiences, and anything else published) submitted by it is up-to-date and truthful. Thara Rothas is not subject to any control and/or verification. Therefore, Thara Rothas cannot be held liable for any detrimental consequences that may be suffered by Users and/or third parties as a result of such activity by the Participating Company. It is therefore the Participating Company’s responsibility to directly carry out the necessary modifications and/or deletions, using the Platform’s tools, if the conditions are met. The Participating Company declares that it is aware that the pages relating to the Locations and its Experiences are created by the system based on the Content it enters and manages using the WebCMS application. With particular reference to the images and information published, the Participating Company declares that it holds the rights to use and publish them and that no content or image violates any right, patent, copyright, trademark, intellectual property, or contractual right of any natural person, company, firm, organization, or other entity. The Participating Company therefore undertakes not to post Content that violates applicable laws and regulations, including, in particular, copyright or other intellectual or industrial property rights, or that violates or enables others to violate privacy and personal data protection laws.

5.4. The Participating Company acknowledges that the information provided through the Content and through the use of the Platform Services will be published and entered into the respective Archives exactly as provided, without any burden of verification or control on Thara Rothas, except as provided in Article 6.2 below. The Participating Company also acknowledges that Thara Rothas has the right to automatically remove, without notice and without this being considered a breach of contract in any way, any Content it deems, in its sole discretion, including upon notification by third parties, to be unlawful, untrue, or inactive for more than 24 months.

5.5. The Participating Company undertakes to use the Platform exclusively for lawful purposes and, in any case, in compliance with the legal provisions regarding the protection of personal data and intellectual property, and to indemnify and hold Thara Rothas harmless from any third-party claims or demands arising from the use or abuse of the services in question. No information or Content may contain obscene, offensive, or other prohibited material (information that may contain forms or content of a pedophilic, pornographic, obscene, blasphemous, offensive, defamatory, or otherwise unsuitable for minors).

5.7. It is also expressly prohibited to transmit files that are potentially infected with viruses, of unsafe origin, or potentially harmful. In general, it is prohibited to use the Platform or take actions that could damage, disable, overload, or impair its functionality, or interfere with its use by third parties.

5.8. The Participating Entity expressly declares and acknowledges that the sublicense of use and the free and/or paid Booking Services offered through the Platform are intended solely to promote its business, its Locations, and the Experiences offered, and to connect it with Users with whom it enters into separate contracts, to which Thara Rothas is not a party. In the case of free and paid Booking Services, the provisions further specified in the following articles 8 and 9 apply.

Art. 6 – Obligations and responsibilities of Thara Rothas

6.1. Under no circumstances may Thara Rothas be involved in relationships that may arise between the participating Business and the Users of the Platform in relation to the Content published and the Experiences booked by the Users. Consequently, Thara Rothas cannot, for any reason, be held liable for breaches of contract or be involved in disputes that may arise in relation to the Content offered and the Experiences booked, or any contract concluded between the participating Business and a User, nor for any damages, direct or indirect, that may arise from the performance or non-performance of services or contracts concluded between the participating Business and the User.

6.2. The only form of control that Thara Rothas may exercise on its own initiative over the content posted by the participating Business is to prevent the publication of Content or comments that are inappropriate to the services offered on the Platform or that are unlawful, even upon notification by the Users themselves.

6.3 Thara Rothas is not responsible for the content of the General Terms and Conditions for Users and other contracts and documents governing the contractual relationship between the participating Company and the User, and therefore will not be liable for any disputes by the User relating to such contracts and documents. In the event of judicial or extrajudicial disputes relating to the aforementioned contracts, in which Thara Rothas becomes involved, the participating Company undertakes to indemnify and hold harmless the User from any liability.

Art. 7 – Completion and conclusion of the contract

7.1. To access the Platform Services, the Participating Company must follow the procedure indicated in Article 4 above. After logging in to the Platform—using the Authentication Credentials modified upon first access—and accepting these General Conditions, the Participating Company will receive an activation confirmation email (hereinafter “Activation Confirmation”). The Contract is deemed concluded and the Platform Services are deemed activated upon receipt of the Activation Confirmation email by the Participating Company.

7.3. Through this email, the Participating Company will also receive the legal information, including these Contract Conditions, which it will print and/or store on a durable medium.

7.4. The Participating Company declares that it is aware that these General Conditions, including the Attachments, are available for consultation and, therefore, knowledgeable, directly at the link https://www.terredeimalaspina.it/condizioni-generali-di-contratto-e-utilizzo/.

Art. 8 – Free Booking Service

8.1. Use of the free Booking Service by the Participating Organization entails the free issuance and sending, to Users who request it, a booking code for the Experience, within the number limits made available by the Participating Organization for that specific Experience, for collection of the entry ticket at the location indicated by the Participating Organization (e.g., ticket offices). The issuance of the relevant entry ticket/ticket is handled exclusively and directly by the Participating Organization. It is therefore understood that all taxes and any royalties payable for the issuance of the aforementioned tickets are paid by the Participating Organization itself.

8.2. The General Terms and Conditions for Users are available at the following link: https://www.terredeimalaspina.it/condizioni-generali-di-uso/.

Art. 9 – Paid Booking Service – Fees – Exclusion of refunds to Users by Thara Rothas.

9.1. The Paid Booking Service available on the Platform allows for advance payment of paid Experiences to Users who purchase them through the Participating Organization’s Experience Platform. This allows the User to be issued a unique code for collecting the entry ticket (e.g., ticket) at the location indicated by the Participating Organization (e.g., ticket office). The relevant entry ticket is issued exclusively and directly by the Participating Organization. It is therefore understood that all taxes and any royalties payable for the issuance of the aforementioned tickets are paid by the Participating Organization itself.

9.2 Use of the Paid Booking Service by the Participating Organization automatically and inextricably implies the granting to Thara Rothas of an irrevocable mandate with representation to collect payments from Users on behalf of the Participating Organization, relating to the fees due for the advance sale of the Experiences. The General Terms and Conditions for Users are available at the following link: https://www.terredeimalaspina.it/condizioni-generali-di-uso/.

9.3. The participating Company, through its Reserved Area, displays to Users the total cost of the Experiences published on the Platform, indicating the price to be paid, including the cost of the service provided by Thara Rothas (hereinafter the “Service Fee”), as set forth in Annex A) Commercial and Economic Conditions (hereinafter the “Commercial Offer”). The User therefore pays Thara Rothas, as the agent of the participating Company, an amount that includes both the pre-sale fee and the cost of the service provided by Thara Rothas.

9.4. Fees. Upon receipt of payment from the User, Thara Rothas will pay the collected fee to the Participating Organization by the last day of the month following the actual collection date, deducting the Service Fee calculated as indicated in the Commercial Offer. Thara Rothas will send the Participating Organization an invoice and a monthly report of collections (which can always be consulted by the Participating Organization through the dedicated section of the Reserved Area). Payment of fees by Thara Rothas to the Participating Organization will be made to the bank details entered in the Reserved Area by the Participating Organization. All taxes and any royalties payable for ticket issuance are paid by the Participating Organization.

9.5. Exclusion of reimbursement to Users by Thara Rothas. The Participating Company expressly acknowledges and accepts its obligation to promptly notify both Thara Rothas and the User of any cancellation of the Experience, and in any case no later than 3 days after the date originally scheduled for the Experience. To this end, the Participating Company expressly agrees to be solely responsible to both the Users and Thara Rothas for the timely reimbursement of the full price paid for the Experience. Under no circumstances may the Participating Company request a refund of the Service Fees from Thara Rothas, as these fees represent compensation for the paid booking service already provided by Thara Rothas and, in any case, are independent of the subsequent provision of the Experience-related service by the Participating Company.

9.6. All activities related to the Experience concern exclusively the Participating Company and the User. Thara Rothas is therefore not responsible towards the participating Organization or the User for any breach of the contract concluded between them. The General Terms and Conditions for Users are available at the following link: https://www.terredeimalaspina.it/condizioni-generali-di-uso/.

Art. 10 – Non-fulfilment by the participating entity – Express termination clause

10.1. Thara Rothas may terminate the contract governed by these General Conditions at any time, with immediate effect, pursuant to Article 1456 of the Italian Civil Code, by means of certified email (PEC) or registered mail with return receipt, and without notice, in the event that the Participating Entity:
a) fails to provide, or has failed to provide, updated, complete, truthful, and accurate personal information (with particular reference, for example, to the requirement of being a professional or having an Italian office);
b) uses or has used the Platform in violation of any of the provisions of Article 5, or if, in any case, such use is deemed, at Thara Rothas’ sole discretion, to be incompatible with the nature and purpose of the Platform;
c) the Participating Entity’s insolvency, declaration of bankruptcy, or admission to insolvency proceedings, or liquidation or dissolution.
d) failure to reimburse the User for the paid Booking in the event of cancellation of an Experience.

10.2. The right to compensation for any damages remains unaffected and without prejudice to any other remedies provided by law or by these General Conditions.

Art. 11 – Suspension and/or Interruption of Services

11.1. The Platform, accessible via a direct internet connection, is available 7 days a week, 24 hours a day, except for maintenance, updates, or backups (*), which Thara Rothas communicates to the Participating Entity with 48 (forty-eight) business hours’ notice, unless the work involves the execution of maintenance, modifications, and/or unscheduled and/or non-schedulable and technically essential maintenance.

(*) The availability of web-based services is understood to be without prejudice to suspensions for technical reasons and, at the sole discretion of Thara Rothas, necessary to ensure the best continuation of the services, such as:

– routine maintenance of hardware systems;

– implementation of new versions of basic software in the systems;

– operations aimed at routine and extraordinary maintenance, correction of any anomalies, or uploading updates;

– archive backup operations;

– archive restoration operations, including at the request of the Participating Entity;

– situations that could imply or result in a reduction or otherwise insufficient level of data access security;

– emergency situations requiring extraordinary interventions on hardware, software, and network components, if these are necessary to allow normal use or restoration of services;

– events of force majeure or otherwise beyond Thara Rothas’s ability to predict.

Art. 12 – Suspension and/or Interruption of the Free Booking Services and other free services of the Platform

12.1. Under no circumstances will the inability to use and/or the suspension or interruption, in the presence of proven security and/or confidentiality issues, of the free Booking Services and other free Platform services constitute a breach of contract by Thara Rothas and give rise to any compensation for damages. In any case, Thara Rothas will do everything necessary to restore the service as quickly as possible.

12.2. In addition to the provisions of Article 12.1, Thara Rothas has the right to suspend the provision of the Services, pursuant to and for the purposes of Article 1460 of the Italian Civil Code, automatically and without notice, in the event that the Participating Company violates any of the provisions of Article 5.

Art. 13 – Suspension and/or Interruption of Paid Booking Services and Limitations of Thara Rothas’ Liability

13.1. Without prejudice to the notification to the Participating Organizations referred to in Article 11.1 above, Thara Rothas undertakes to restore the paid Booking Services within 72 (seventy-two) business hours of the suspension and/or interruption.

13.2. Thara Rothas is not responsible for interruptions exceeding the times indicated above and therefore declines any liability, either towards its Participating Organizations or towards third parties, for delays, malfunctions, suspensions, and/or interruptions in the provision of services caused by:

a) unforeseeable circumstances, catastrophic events, and force majeure;

b) malfunction or non-compliance of the connection tools equipped by the Participating Organization or those used by it;

c) tampering with or interventions on the services or equipment performed by the Participating Organization or by third parties not authorized by Thara Rothas;

d) incorrect use of the Platform Services by the Participating Organization or in a manner that does not comply with these General Conditions;

e) justified reasons of security and/or confidentiality;

g) any other cause not attributable to gross negligence or willful misconduct by Thara Rothas, including cyber attacks by third parties on the Platform and its other IT tools and online connections.

13.3. The Participating Company acknowledges and accepts that, in all of the cases listed above and in any other case in which a suspension and/or interruption of services occurs not due to gross negligence or willful misconduct attributable to Thara Rothas, the latter is in no way liable to the Participating Company for the unavailability of the service. The Participating Company, therefore, acknowledges and accepts that it may not make any claim for damages, reimbursement, or compensation against Thara Rothas for the suspension or interruption of services that has occurred and releases it from any liability in this regard.

13.4. In any case, the compensation for damages or any other form of indemnity and/or restitution requested from Thara Rothas for suspension and/or interruption of services – if due – may not exceed the amount of the last monthly fee paid by the participating Company for the provision of the paid Booking Service.

Art. 14 – Management of reports from participating entities regarding interruptions and malfunctions of the Platform

14.1. The Participating Company, by accessing its Reserved Area, must promptly notify Thara Rothas of any interruptions, malfunctions, or service disruptions, and in any case no later than 24 (twenty-four) business hours after discovery. Assistance may also be requested by telephone or email at assistenza@terredeimalaspina.it during the days/times indicated below:
Tel. +39 02 87280598, Monday to Friday, 9:00 am to 5:00 pm

14.2. Thara Rothas guarantees that the report will be processed within 24 (twenty-four) business hours of notification and will be resolved as quickly as possible, in any case no later than 10 (ten) business days after notification.

14.3. In the case of paid Booking Services, as indicated in Article 13.1. Thara Rothas undertakes to restore service within 72 (seventy-two) business hours of notification by the Participating Organization, unless any of the causes indicated in Article 13.2 apply.

14.4. Any damages suffered by the Participating Organization as a result of failure or delay in reporting such malfunctions and/or disruptions are the responsibility of the Participating Organization and will not be charged to Thara Rothas.

14.5. In any case, the compensation for damages or any other form of compensation and/or refund requested from Thara Rothas for suspension and/or interruption of services—if applicable—may not exceed the amount of the last monthly fee paid by the Participating Organization for the paid Booking Service. Therefore, no compensation is due for free Booking Services and other free services.

Art. 15 – Customer care via email

15.1. Thara Rothas provides Users with customer care assistance in Italian and English and undertakes to promptly respond, via email, to questions posed by Users regarding the provision of the Platform Services. Customer Care is provided by Thara Rothas from Monday to Friday (excluding Italian national holidays) from 9:00 am to 5:00 pm.

15.2. For questions not related to the provision of the Platform Services (e.g., questions about Locations and Experiences), Thara Rothas undertakes to promptly forward the emails received from Users to the participating Company, in order to respond to the User as quickly as possible.

Art. 16 – Complaints

16.1. Unless otherwise provided in these General Conditions, any complaint or dispute between the parties may be sent by email, fax, or letter, using the contact information at the bottom of the page, in accordance with the provisions of Article 22.

Art. 17 – Duration of the contract – Withdrawal

17.1. The Agreement for the Platform Services begins on the date of receipt of the Activation Confirmation email and has no expiration date. Either party may terminate the Agreement at any time by sending a registered letter and/or certified email to the other party with 60 (sixty) days’ notice.

Art. 18 – Intellectual and industrial property rights on the Platform.

18.1. Thara Rothas is the exclusive licensee of the trademarks and distinctive signs published on the Platform, as well as of the Platform itself. Access to the Platform grants a sublicense to the Participating Company to use such trademarks and distinctive signs to the extent strictly necessary for the use of the Platform Services. Therefore, any further or different use is prohibited unless previously authorized in writing by Thara Rothas.

18.2. All Thara Rothas material published on the Platform is protected by intellectual property rights, in accordance with applicable copyright legislation.

Art. 19 – Ownership and management of the Archives

19.1. In compliance with these General Terms and Conditions, Thara Rothas manages the following archives, which are also accessible to the participating Organization:

a) Content Archive, containing, in addition to the personal data and contact information of the participating Organizations, information on the Locations and Experiences and other Services offered by the participating Organization to Users (including photos, etc.);

b) Booking Archive, containing, in addition to the personal data of the Users and the information required to make a booking, ticket requests, including the description of the booked service.

19.2 Upon termination of the Contract, for any reason, the participating Organization acknowledges that Thara Rothas will retain the information contained in the Content and Booking Archive for the following 6 (six) months. After the aforementioned deadline, the Participating Organization hereby authorizes Thara Rothas to delete or anonymize all data (and all related backup copies) not recovered, for any reason, without any compensation to the Participating Organization.

19.3. Obligations to retain data for documentary, accounting, and tax purposes remain unaffected.

Art. 20 – Amendments to the General Conditions – Right of withdrawal by the participating Company

20.1. Thara Rothas reserves the right to modify these General Terms and Conditions and the fees for the Paid Booking Service at any time, as indicated in Appendix A) Commercial Offer.

20.2. In the event of changes to the General Terms and Conditions, the new General Terms and Conditions will be communicated to the Participating Entity via email with a link to the modified sections.

20.3. The new General Terms and Conditions will be deemed accepted if the Participating Entity continues to use the services available on the platform after their notification.

20.4. In any case, the Participating Entity has the right to communicate its withdrawal within 15 (fifteen) days of notification of the aforementioned changes, by email to amministrazione@terredeimalaspina.it.

20.5. In the event of changes to the fees for the paid Booking service indicated in Annex A) Commercial Offer, these will be effective from the month following the publication or communication of the change, without prejudice to the right of the participating Company to withdraw within the terms indicated in the previous art. 20.4.

Art. 21 – Confidentiality and protection of personal data

21.1 The Parties declare that they have mutually communicated the information referred to in Articles 13 and 14 of European Regulation 2016/679 regarding the processing of personal data provided for the signing and execution of the Contract itself and that they are aware of their rights pursuant to Article 15 et seq. of the aforementioned regulation.

21.2. Thara Rothas and the Participating Company acknowledge that the data controller of Users’ personal data, as defined in Article 4, paragraph 1, no. 7, of European Regulation 679/2016, processed for the purposes and in connection with the execution of the General Conditions, is and remains the Participating Company, as it determines the purposes and means of the processing.

21.3. With regard to the processing of Personal Data for the purposes of using the Platform Services, the Participating Company declares and guarantees that the processing is carried out in full compliance with applicable laws, including European Regulation 2016/679, internal regulations, and the provisions of the Italian Data Protection Authority.

21.4. It is further understood that Thara Rothas, as owner and operator of the Platform, is responsible for the processing of personal data held by the Participating Company, as per the data processor appointment agreement, pursuant to Article 28 of European Regulation 2016/679 attached to these General Conditions. The Data Processor must comply with the obligations and instructions issued by the Participating Company, as Data Controller, set out in Annex B) to this Agreement, of which it forms an integral and substantial part, referred to as the “Annex Appointment of External Data Processor/Participating Company.”

21.5. The participating entity consents to Thara Rothas using the data collected in connection with the use of the Platform Services for its own statistical purposes and to improve its services. The data is processed after irreversible anonymization.

Art. 22 – Communications between the parties

22.1. For the purposes of communications pursuant to these General Conditions, the parties, unless otherwise provided by law or contained in these General Conditions, elect their domicile:

a) for Thara Rothas: at its operational headquarters;

b) for the participating Company: at the headquarters indicated in the registration form.

22.2. The Parties shall promptly communicate, during the term of the Contract, any change in their respective addresses, including email addresses. In the event of failure to communicate such changes, all communications and/or notifications made to the previously indicated addresses will be fully effective and valid.

Art. 23 – Applicable law/Competent court

23.1. This Agreement is concluded in Italy and is governed by Italian law. Reference is made to Italian law for anything not expressly provided for herein.

23.2. Any dispute relating to these General Terms and Conditions and the Agreement entered into between the parties shall be subject to the exclusive jurisdiction of the Court of Milan.

Attachments:

Appendix A – Commercial or Economic Conditions
Appendix B – Appointment of External Manager Thara Rothas / Participating Company
Appendix C – Information on the Processing of Personal Data on the Terre dei Malaspina Platform for Participating Companies

The parties declare that approval of these General Conditions and the clauses referred to, pursuant to Articles 1341 and 1342 of the Italian Civil Code, through the so-called “point-and-click” procedure satisfies the written form requirement.

Pursuant to Articles 1341 and 1342 of the Italian Civil Code, the Participating Company declares its express approval of the following clauses:

2 (Subject of the General Conditions – Platform Services); 5 (Declarations, Obligations, and Responsibilities of the Participating Company); 6 (Obligations and Responsibilities of Thara Rothas); 10 (Breach of Contract by the Participating Company – Express Termination Clause); 11 (Suspension and/or Interruption of Services); 12 (Suspension and/or Interruption of Free Booking Services and Other Free Platform Services); 13 (Suspension and/or Interruption of Paid Booking Services and Limitations of Thara Rothas’ Liability); 14 (Management of Participating Businesses’ Reports of Platform Interruptions and Malfunctions); 17 (Term of the Contract, Termination); 20 (Changes to the General Terms and Conditions – Participating Businesses’ Right of Termination); 23 (Applicable Law/Jurisdiction)

Latest Version: September 23, 2025

***

Annex A) Commercial or economic conditions

This Annex A) Commercial or Economic Conditions (hereinafter the “Commercial Offer”) is an integral part of the General Conditions and constitutes the terms and conditions governing commercial relationships with all participating Terre dei Malaspina Properties.

Consistent with the provisions of Art. 2 – Subject of the General Conditions – Platform Services of the General Conditions, this Commercial Offer provides:

1. a free sublicense for use of the Platform via WebCMS;
2. a free promotion service by the participating Property for its Locations and Experiences;
3. a free Experience booking service for Users.
4. payment for the paid Experience presale service, also for Users.

With reference to the aforementioned point 4. Paid Experience presale service, this Commercial Offer defines the service cost presented to the participating Property, as described below.

Pursuant to the provisions of paragraph 2 of Article 9 – Paid Booking Service – Fees – Exclusion of Reimbursement to Users by Thara Rothas of the General Conditions, “the use of the Paid Booking Service by the participating Entity automatically and inextricably entails the granting to Thara Rothas of an irrevocable mandate with representation to collect payments from Users on behalf of the participating Entity, relating to the fees due for the pre-sale of the Experiences.”

The platform does not charge fixed costs. Any costs displayed to the participating Company are variable, meaning they are directly related to sales actually concluded with Users.

All costs displayed to the participating Company are proportional to the payments made by Users and collected by Terre dei Malaspina on behalf of the participating Company. These fees are applied in numbered commission Tyers (hereinafter “Tier” or “Tiers”), proportional to the arithmetic mean (the sum of the numerical values divided by the number of numerical values considered) of the transaction value on a calendar month basis (from the first to the last day of month XXX), as follows:

– Tier 1: 19%, if the arithmetic mean of transactions is between €5.00 and €200.00
– Tier 2: 12%, if the arithmetic mean of transactions is greater than €200.00
– Tier 3: 24%, if the arithmetic mean of transactions is less than €5.00

All fees include VAT and any other charges. No additional fees are charged to participating entities.

From the day of registration on the platform until the last day of the second month, the Participating Business will be subject to the Entry Tier corresponding to Tier 1. Terre dei Malaspina verifies the arithmetic mean of the value of transactions made on behalf of the Participating Business during the previous calendar month each month and applies any Tier changes, which are valid from the first to the last day of the following calendar month. If Terre dei Malaspina receives no revenue on behalf of a Participating Business during an entire calendar month, the Participating Business will be subject to the same Tier as the previous month for the following calendar month.

Pursuant to the provisions of Art. 9 – Paid Booking Service – Fees – Exclusion of Refunds to Users by Thara Rothas of the General Conditions:

The relevant ticket/entry pass is issued exclusively and directly by the Participating Business, which the User is required to collect from the location indicated by the Participating Business (e.g., ticket offices). It is therefore understood that all taxes and any royalties payable for the issuance of the aforementioned tickets are paid by the participating Organization.

Upon receipt of payment from the User, Terre dei Malaspina will, by the last day of the month following the date of actual collection, pay the collected amount to the participating Organization in its name and on its behalf, withholding the amount corresponding to the Service Fee. Terre dei Malaspina will then send the invoice to the participating Organization and the monthly report of collections (which, however, can always be consulted by the participating Organization through the dedicated section of the Reserved Area).
The participating Organization expressly agrees to be solely responsible to both Users and Terre dei Malaspina for the timely execution of the Experiences and, if applicable, for refunding Users the full price paid for the Experience booking. Under no circumstances may the Participating Business request reimbursement of Service Fees from Terre dei Malaspina, as these fees represent compensation for the paid booking service already provided by Terre dei Malaspina and, in any case, are independent of the subsequent provision of the Experience by the Participating Business.

Terre dei Malaspina reserves the right to formulate Customized Commercial and Economic Conditions for the platform, supplementing or replacing this Commercial Offer.

—

Example of application of the Tiers

Participating Business A registers with Terre dei Malaspina.

During months 1, 2, and 3, Participating Business 1 uses the Location and Experience Promotion Service and the Booking Service for free Experiences. During this period, Participating Business A, which uses the free services offered by the platform, does not receive any invoices from Terre dei Malaspina.

During month 4, Participating Business A, which is promoting a new experience, begins using the paid Experience presale service. Therefore, during month 4, Terre dei Malaspina presales a total of 10 experiences on behalf of Participating Business A, equivalent to a total revenue of €320.00, broken down as follows:
– 3 experiences of €10.00
– 3 experiences of €30.00
– 3 experiences of €30.00 4 experiences of €50.00

During month 5, Terre dei Malaspina verifies the arithmetic mean of the value of transactions made on behalf of Participating Organization A during the previous calendar month.

Total monthly revenue / number of experiences = arithmetic mean of the value of transactions
320.00 / (3 + 3 + 4) = 32.00

The Entry Level applies to the revenue for month 4. Participating Organization A, therefore, pays Terre dei Malaspina the amount (including taxes and any other charges) of €60.80 (equal to 19% of €320.00). By the last day of the following month (i.e., month 5 in the example), Terre dei Malaspina pays Participating Organization A the sum of €259.20 (equal to €320.00 minus €60.80).

Since the arithmetic average of the takings during month 4 is between €5.00 and €200.00, during month 6, Tier 1 is applied to participating Reality A.

During month 6, Terre dei Malaspina pre-sells a total of 26 experiences on behalf of Participating Company A, equivalent to a total proceeds of €5,300.00, broken down as follows:

10 experiences of €50.00
16 experiences of €300.00

Total monthly proceeds / number of experiences = arithmetic mean of transaction value
5,300.00 / (10 + 16) = 203.85

As explained above, Tier 1 applies to the proceeds for month 6. Participating Company A, therefore, pays Terre dei Malaspina the amount (inclusive of taxes and any other charges) of €1,007.00 (equal to 19% of €5,300.00). By the last day of the following month (i.e., month 7 in the example), Terre dei Malaspina pays Participating Company A the sum of €4,293.00 (equal to €5,300.00 minus €1,007.00).

Since the arithmetic average of the collections during month 6 is greater than €200, during month 7, Participating Company A is assigned to Tier 2.

***

Annex B) Appointment of external manager Thara Rothas / Participating entity

ADDENDUM TO THE CONTRACT IN COMPLIANCE WITH EU REGULATION NO. 679/16
DEED OF APPOINTMENT AS DATA PROCESSOR
DATA PROCESSING AGREEMENT (DPA)

This agreement for the protection of personal data is concluded between: Entity and Organization, public or private, or Natural Person in the capacity of professional, or the subject indicated in the Contract as “Participating Entity” (hereinafter the “Participating Entity” or “Data Controller”), and Thara Rothas, with registered office in Milan (MI) – 20154, via Gercino 6 and operational headquarters in Varzi (PV) – 27057, Via Pietro Mazza 6, VAT number 06545680966 (hereinafter: the “Supplier” or “Data Processor”), hereinafter, jointly, the “Parties” or severally the “Party”

Given that:

The Participating Company has signed one or more contracts with the Supplier (hereinafter the “Contract”);
the Parties intend to regulate in this Agreement the terms and conditions of the processing of personal data performed by the Supplier in the context of the Contract and the provision of the Services (as defined below) and the responsibilities associated with such processing, including the commitment undertaken by the Supplier as Data Controller pursuant to Article 28 of the European General Data Protection Regulation No. 679 of 27 April 2016 (hereinafter the “GDPR”).

In view of the above, the Parties agree as follows.

Purpose and Scope
The purpose of these standard contractual clauses (hereinafter “Clauses”) is to ensure compliance with Article 28, paragraphs 3 and 4, of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
These Clauses apply to the processing of personal data specified in Annex I.
These Clauses are without prejudice to the obligations to which the Data Controller is subject under Regulation (EU) 2016/679.
These Clauses do not, in themselves, ensure compliance with the obligations relating to international transfers pursuant to Chapter V of Regulation (EU) 2016/679.

Obligations of the parties

Processing delegated to the Processor
The Processor is authorized to process the data necessary for the performance of the assigned task on behalf of the Data Controller. The type of data processed, both common and potentially sensitive, is that strictly necessary to carry out the activities related to and instrumental to the service offered by the Processor.
The Processor processes personal data only for the specific purposes of processing set out in Annex I, unless otherwise instructed by the Data Controller.

Technical and organizational measures

In particular, in carrying out its activities as agreed in the Contract, the Data Processor, taking into account the state of the art and the nature, scope, context, and purposes of the processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, carries out the processing operations entrusted to it in compliance with the Regulation, the security measures provided therein (Article 32), the relevant provisions issued/to be issued by the Italian Data Protection Authority (hereinafter referred to as the “Authority”), and these instructions. This is done in such a way as to minimize, through the adoption of adequate and preventive security measures, the risks of a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
The security measures adopted by the Data Processor must be modified and constantly updated by the Data Processor, through the application of any additional technical, logistical, organizational, and procedural measures as may be prescribed by the Data Controller or the Guarantor. The Data Processor will promptly notify the Data Controller of any changes made from time to time. The Data Controller reserves the right to request the Data Processor to adopt additional measures.

Notification of a personal data breach

Pursuant to Article 33, paragraph 2, in the event of a personal data breach, even if only potential, the Data Processor is required to inform the Data Controller without undue delay and in any case within one (1) working day after becoming aware of the breach and to assist the Data Controller in ensuring compliance with the obligations set out in Articles 32 to 34, taking into account the nature of the processing and the information available to him.

Persons authorized to process data

Pursuant to Article 28, paragraph 3, letter b) of the Regulation, the Data Processor grants access to the personal data being processed to its staff members only to the extent strictly necessary for the implementation, management, and monitoring of the contract. The Data Processor ensures that the persons authorized to process the personal data received have committed to confidentiality or are under an appropriate legal obligation of confidentiality.
The Data Processor will always keep an updated list of the names of the persons authorized to process the personal data available to the Data Controller.

Obligations of the Data Controller

The Processor and any persons collaborating with it are expressly prohibited from disclosing or otherwise using the personal data of third parties of which they have become aware in the performance of their duties, other than as expressly provided in this appointment or subsequently received from the Data Controller. It is also expressly prohibited to transfer to third parties, even free of charge, the personal data undergoing processing, even if not organized in a database and for any purpose other than those contemplated in the Contract and this appointment.
The Processor may, where strictly necessary, authorize the transfer, even temporarily, outside the European Union, in any form or by any means, of personal data undergoing processing, only if it is carried out in compliance with the provisions of Articles 44 et seq. of the Regulation. Except for the aforementioned cases, the transfer, even temporarily, in any form or by any means, of personal data undergoing processing to a country outside the European Union is prohibited when the legal system of the country of destination or transit of the data does not ensure an adequate level of data protection.

Sub-data controller

The processor has the general authorization of the controller to engage subprocessors on the basis of an agreed list. The processor shall specifically inform the controller in writing of any intended changes to this list concerning the addition or replacement of subprocessors, thus giving the controller sufficient time to object to such changes before engaging the subprocessor(s) in question.
The list of subprocessors authorized by the controller is set out in Annex II.
Where, with the prior authorization of the controller, a processor engages another processor to perform specific processing activities on behalf of the controller, it shall impose on that other processor, by means of a contract or other binding legal act, the same data protection obligations as those contained in this appointment, in particular by providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the Regulation.
The processor remains fully responsible to the controller for the subprocessor’s fulfillment of its obligations under the contract it has entered into with the processor. The processor shall notify the controller of any breach by the subprocessor of its contractual obligations.

Assistance to the Data Controller and response to requests from interested parties

The Data Processor shall promptly notify the Data Controller of any request, order, or inspection activity received from the Italian Data Protection Authority, the Judicial Authority, or other Public Authorities. The Data Processor, who hereby undertakes to do so, shall promptly execute the orders of the Italian Data Protection Authority, the Judicial Authority, or other Public Authorities, with the support of the Data Controller.
The Data Processor shall assist the Data Controller in fulfilling its obligations to respond to requests from data subjects to exercise their rights, pursuant to Articles 15 et seq. of the Regulation, taking into account the nature of the processing, regardless of the means used, by data subjects in connection with the processing operations related to the performance of the Contract referred to in the preamble, and any other request received from any entity regarding privacy and in relation to the personal data processed on behalf of the Data Controller, with whom the response will be coordinated.

Register of categories of processing activities

Where applicable, the Processor must maintain a Register of processing activities carried out under its responsibility in the name and on behalf of the Data Controller (Article 30). The Register, which may be in electronic format, must contain a comprehensive set of information, which the Processor also collects by liaising with the various internal and/or external offices or units within the company that process personal data on behalf of the Data Controller.

Controls and audit activities

The Processor shall allow the Data Controller, providing full cooperation, to conduct periodic checks within its own organization and that of any third parties directly appointed by the Data Controller, regarding the adequacy of the security measures adopted, compliance with applicable data protection legislation, and compliance with instructions received.
The Data Controller acknowledges and agrees that the cost of such checks, audits, or inspections will be borne by the Data Controller, unless the aforementioned checks, audits, or inspections reveal any failures and/or violations by the Data Controller of its obligations.
As an alternative to the above-mentioned inspections and checks, the Data Controller may request from the Data Controller the documents representing the results of the periodic checks and audits that the Data Controller must conduct pursuant to Art. 32, paragraph 1, letter d) of the GDPR.

Data Protection Officer

The Data Processor shall communicate to the Data Controller the name and contact details of its Data Protection Officer (DPO), if it has designated one in accordance with Article 37 of the European Data Protection Regulation.

Final provisions

Failure to Comply with the Clauses and Termination
The Processor shall be liable for any damages caused to the Data Controller and/or third parties involved in the performance of the Contract due to unlawful or non-compliant data processing, failure or negligence in the performance of the tasks assigned to it, failure to comply with the obligations set forth in the Contract, this appointment, and/or any instructions received.
In any case, the Processor undertakes to indemnify and hold the Data Controller harmless from any liability for damages suffered by third parties involved due to and/or as a result of the personal data processing operations carried out by the Processor in the performance of the Contract.
Term and Termination of Data Processing
This appointment is free of charge and lasts for the duration of the Contract. It shall be deemed revoked upon termination of the Contract, for any reason whatsoever, or by the sole decision of the Data Controller.
In the event, pursuant to Article 28, paragraph 3, letter b), g) The Processor shall cease all processing of data acquired in the performance of the agreed-upon activity and destroy it, providing the Controller with appropriate certification of such activity, unless Union or Member State law requires the retention of personal data.
In any case, the Processor hereby undertakes to comply with the provisions and prohibitions set forth in applicable legislation, including for the period following the expiration or termination of this appointment.

—

ANNEX I – Description of the treatment

Categories of data subjects whose personal data are processed:

Participating entities: Individuals belonging to public or private entities, or individuals acting as professionals who register and access the Members’ Area to propose Locations and Experiences
End users: Individuals who, on their own behalf or representing groups, register on the platform, access services, and make free and paid reservations

Categories of personal data processed: Identification and contact data; administrative and financial data; IP address.

Nature of processing: General data

Purposes for which personal data is processed: Provision of services via the online platform, as described in the contract between the parties

Duration of processing: Duration of the contract between the parties

—

ANNEX II – List of persons appointed as other sub-processors.

As required by point 6 of the Addendum, the following is a list of other sub-processors authorized by the Data Controller.

Sub-processors
Registered office address of the company
Type of processing
Associazione Thara Rothas, Milan (MI), via Lovanio, 4
Provision of services on the Terre dei Malaspina platform – Payment processing

Annex C) Information on the processing of personal data on the Terre dei Malaspina platform for participating entities

In accordance with the requirements of EU Regulation 679/2016 on the Protection of Personal Data (hereinafter, the “Regulation”), we provide you with information on how your personal data is processed when you interact with this website and use our services.

This information is addressed to participating entities that use Terre dei Malaspina (hereinafter, the “Platform”), as defined in the “General Conditions” Agreement.

Users who use the services on the “Terre dei Malaspina” platform are subject to our data processing information or “Privacy Policy” at the following link: https://www.terredeimalaspina.it/privacy-policy/

Data Controller
The Data Controller, pursuant to Articles 4 and 24 of EU Regulation 2016/679, is Thara Rothas, with registered office at Via Lovanio, 4 in Milan (MI) and operational headquarters at Via Pietro Mazza 6 in Varzi (PV). Email: info@thararothas.it Certified Email: thara.rothas@pec.it

Type of Data Collected
Article 4, paragraph 1 of the Regulation states that “Personal Data” means any information relating to an identified or identifiable natural person (hereinafter, the “Data Subject”). The following will be collected and processed:
Identification data
Contact information
Data relating to the contractual and administrative-accounting relationship
Browsing data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified data subjects, but by its very nature, it could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server response (successful, error, etc.), and other parameters relating to the user’s operating system and IT environment.
This data is used solely to obtain anonymous statistical information on site usage and to verify its correct functioning, and is deleted immediately after processing.
The data could be used to ascertain liability in the event of hypothetical cybercrimes against the site.

Purpose of processing and legal basis for processing
Your personal data will be processed for the following purposes and on the legal basis indicated below:

Registration of Terre dei Malaspina and account creation
For the conclusion and proper performance of the contract to which the participating entity is a party or for the implementation of pre-contractual measures adopted at the request of the same, for the information and/or services/products requested, as set forth in the “General Conditions” document.
If the participating entity decides to join the Platform and our services, we will process the account data and contact information. Mandatory information required for registration is marked with an “*” in the respective input field. Failure to complete all mandatory information may make it impossible to complete the account creation process. We use the personal data provided during registration to create the participating entity’s profile (e.g., Park, Institution, or Organization, and the Personal Profile) and identify you upon each login. This feature allows each participating Reality to create and edit only its own content.
Furthermore, we may process data for:
Administrative and accounting purposes, i.e., to carry out organizational, administrative, financial, and accounting activities, such as internal organizational activities and activities necessary for the fulfillment of contractual and pre-contractual obligations;
Legal obligations, i.e., to fulfill obligations established by law, by an Authority, by a regulation, or by European legislation.
Support to the participating Reality, to provide support or information about its page and the services available to it.

LEGAL BASIS:
Processing is necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the data subject’s request;
Processing is necessary to fulfill a legal obligation;
Processing is necessary for the pursuit of the data controller’s legitimate interests.
Defense of a right in court
We may use your personal data to defend our rights in and out of court in the event of contractual or non-contractual breaches to the detriment of the Data Controller, for example, to pursue any debt collection actions, should this become necessary due to failure to pay the amounts stipulated in the contract within the agreed deadlines.
LEGAL BASIS: Processing is necessary for the pursuit of the data controller’s legitimate interests.
Website analysis and improvement
Analysis of statistical data on aggregated or anonymous data, for the purpose of monitoring the proper functioning of the Website, traffic, usability, and interest.
LEGAL BASIS: Processing necessary for the pursuit of the legitimate interest of the data controller.
Sending information that may be of interest to you. Soft spam
Sending newsletters for commercial and promotional purposes, including communications on systems or updates on our services and/or activities offered by the data controller.
LEGAL BASIS: Processing necessary for the pursuit of the legitimate interest of the data controller.
Direct Marketing
Subject to consent and until objected, for the Data Controller’s direct marketing activities, direct sales, sending newsletters and promotional, commercial, or event-related material, by the Data Controller and its affiliated companies, via automated email, fax, SMS, MMS, or other means, as well as operator-assisted telephone calls, including automated calls, and postal mail and other informational materials.
LEGAL BASIS: The data subject has given consent to the processing of their personal data for one or more specific purposes.
Refusal to provide data
Providing data is necessary in some cases, as refusal to provide it could result in the failure to conclude or incorrect performance of the contract to which you are a party and/or failure to comply with the legal obligations to which the Data Controller is subject. Providing data for processing that requires consent is optional; failure to provide it will not prevent you from using the products/services offered by the Data Controller. Even if you provide consent, you will still have the right to subsequently object, in whole or in part, to the processing of your data for the purposes set out above, by simply making a request to the Data Controller at the contact details indicated above.
Data Retention Period
In general, Personal Data will be retained for the time strictly necessary to achieve the purposes for which it was collected and processed, including the retention period required by applicable legislation and, in any case, for a maximum period of 10 years from the termination of the relationship with the Data Controller and for a maximum period of 2 years or until you object (opt out) for the purposes for which your consent is required, except where the Data Controller needs to defend its rights in court.
Disclosure of Data
The personal data we collect for the purposes described in this policy may be disclosed to third parties who perform activities related to those set forth in the Contract, who may act as data controllers or, where applicable, will be appointed as data processors. Specifically, the data may be processed by the following entities or categories of entities:
Service management companies, including Thara Rothas, where the contractual relationship so requires;
Companies and consultants, in the field of legal, accounting, and tax assistance and consultancy;
Entities providing services for the management of information systems and telecommunications networks, including email, website management, and newsletters;
Competent authorities, for compliance with legal obligations and/or provisions of public bodies, upon request.
The complete and updated list of entities processing the Data as data controllers is available upon request from the company.
Transfer of data abroad
No User’s personal data is transferred to a third country outside the European Union or to international organizations. If personal data is transferred to countries outside the European Union, the transfers will be carried out in compliance with the provisions established by the EU Regulation to ensure an adequate level of protection. Specifically, transfers will be carried out through the conclusion of Standard Contractual Clauses approved by the European Commission, a copy of which can be obtained by sending a request to the contact details provided in this policy.
Rights of the data subject

You may exercise your rights under Articles 15, 16, 17, 18, 19, 20, and 21 of EU Regulation 2016/679 at any time by requesting from the data controller: access to your personal data, rectification, erasure, restriction of processing, and data portability, where applicable. Furthermore, you have the right to object, at any time, to data processing based on consent and/or legitimate interest. To no longer receive automated direct marketing communications (e.g., emails, text messages), simply use the appropriate automatic unsubscribe services or send an email at any time to privacy@terredeimalaspina.it with the subject line “Unsubscribe.”
To exercise the above rights, the data subject may contact the Data Controller at the following address: privacy@terredeimalaspina.it
Without prejudice to any other administrative or judicial remedy, if you believe that the processing of your data violates the provisions of EU Regulation 2016/679, pursuant to Article 15, letter f) of the aforementioned EU Regulation 2016/679, you have the right to lodge a complaint with the Italian Data Protection Authority (www.garanteprivacy.it).
Changes to this Privacy Policy
This policy may be subject to changes and additions, which will be notified in advance to Users and participating entities.

Version dated February 25, 2025