To optimize your browsing experience this site uses cookies. By clicking Accept you authorize the use of cookies. More information
sign in for free to It's Tuscany, discover the beautiful territories of Tuscany, its products and its typical
Private entity
 Subscribe to the newsletter to receive offers on products and news from the territories
By submitting this form you agree to the processing of the personal data above, for the function of the requested service, the data will be protected according to the Decree n 196 of 30 June 2003 Legislative Decree No. 196 of 30/06/2003
 * By ticking the box you agree to  Terms and coditions  of It's Tuscany


Privacy policy


This document describes the methods this web site uses to treat the personal data of the users who consult the site and the methods used to process the personal data transmitted by data owners through the site to the Data Controller. This notice is published in accordance with article 13 of Legislative Decree no. 196/2003, the Privacy Act, regarding the data protection measures applied for the benefit of the persons who interact with the web services of It’s Tuscany, accessible on the Internet from the URL that corresponds to the Home Page of the official It’s Tuscany web site:

The notice concerns only the IT'S TUSCANY web site and does not apply to any other web sites that the user may consult by following links.


During consultation of the web site, or following voluntary registration at the web site, personal data concerning identified or identifiable persons is recorded. All personal data supplied or collected as a result of operations conducted on the web site will be processed by FLORENCE LAB SRL, (VAT no. 06796990486) with registered offices in Viale Antonio Gramsci 47, 50121 Firenze (Italy), which manages the data processing and maintains the web site.

For all inquiries regarding this privacy notice, send an e-mail to
The processing related to the web services of this web site is conducted at the registered office of FLORENCE LAB SRL as mentioned above and is handled only by technical personnel of the company itself.


The information gathered is used for various purposes. In detail, all the activities of gathering and successively processing data are conducted to achieve the following objectives:
Registration at the web site, creation and management of personal accounts – the information supplied by the user is used the manage the user account, allowing for the provision of many useful services. The user account is required to make reservations and purchases and to set personal preferences;
Online reservations for accommodation services and purchases – the personal data provided is necessary for completion and management of online reservations and for management of the purchases of consumer goods offered on the platform;

Marketing, commercial and advertising activities – based on the information provided by the user, personalised offers may be displayed on the web site, on the apps or third-party web sites or apps, in addition to notices of promotions or other advertising information. For additional information about how to interrupt or terminate the reception of personalised advertising, review your decisions regarding cookie policy.

In addition, if a user decides to participate in promotional activities such as lotteries or online contests, personal data will be used to manage the participation in these promotions;
Subscription to a newsletter – personal data is used to send notices about products and services that match the user’s interests when consulting the It’s Tuscany platform or when a user account is created. The user can cancel the subscription for these marketing communications at any time, very simply and very quickly, by just clicking on the “Unsubscribe” link that is present in every newsletter;

Communications – sharing personal data makes it possible to respond to the user whenever necessary such as replying to questions about an order, reservations, goods of interest or other matters. The purpose of communications is to provide an all-around service of assistance to the user and to send other administrative messages, such as security notices;
Marketing surveys – the user may be invited to participate in marketing studies. Any additional personal data provided for the purposes of a study will be used only with the user’s consent;

Improvement of services – personal data is also utilised for analyses conducted to improve services and enrich the user experience. The data can also be employed for tests, to resolve problems and to improve the functionality and quality of services. The main objective is to optimise and personalise the online platform to satisfy user expectations, making it easier and more enjoyable to use;

Reviews – personal data may also be processed, for example, if after making a purchase or reservation through the platform, the user is invited to compile a brief review or to release feedback. Account owners can opt to sign reviews with a user name/pseudonym (of their own choice, to be set in the personal Account area), instead of their real name. They can also choose to publish the review anonymously. In completing a review, the user will accept to publish it, for example, on the relevant page of our web site structure, our apps, social media apps, the structural site or the web sites of our commercial partners;

Legal purposes – finally, in some cases, personal data may be utilised to manage and resolve legal disputes, governmental inquiries and compliance controls or to enforce the conditions of use for the online services.

The Data Controller will make no use of the data provided other than for the purposes related to the services, among those listed above, to which each data owner has subscribed.


All data processing in relation to this web site will be conducted with electronic or remote access instruments, but it could also be handled manually on paper-based supports. Data treatment will be programmed in relation to the scope for which it was gathered, in accordance with safety measures in force and the purposes listed above. Specific procedures are utilised to prevent unauthorised access to data and improper use of data. Only authorised personnel will have access to personal data while carrying out their duties. Personal data will be processed only for the time strictly necessary to achieve the objectives for which it was gathered.


The data gathering forms to be compiled on this web site can request data that is strictly necessary for subscription to the services, the omission of which will impede acceptance of the user’s requests, and other optional information that is not strictly necessary to satisfy user demands or requests.

Navigational data gathered automatically

When a user visits the web site or makes use of its apps, the operating system structure and the software that control the functions of the web site automatically record some personal data, the transmission of which is implicitly required in the use of Internet communications protocols. The information is not gathered so that it can be associated with identified data owners, but it might, by its very nature, permit such identification.

This category of data includes IP addresses, the date and time of access to the service, the hardware, software and the browser in use together with information about the computer operating system, the application version and the language settings. Information about the user’s clicks and the pages visited can also be collected.
This data is used solely to extrapolate anonymous statistics regarding web site use and to monitor correct web site functioning. It is cancelled immediately following elaboration. The data could be used to ascertain responsibility in the case of potentially criminal electronic activity to the detriment of the web site. Aside from this possibility, currently data regarding web contacts does not persist for more than seven days.

Data provided voluntarily by the user

The data normally requested to make use of the web site services are names, addresses, contacts, credit card information, other payment details, names and addresses of order recipients or third-party data for reservations in hotels, for example. The sending of unsolicited, explicit and voluntary e-mail messages to the addresses indicated on the web site will result in the successive acquisition of the sender’s address, essential for responding to the requests, together with any other personal data included in the message.

Such information is necessary to guarantee better service for the user. The user is free not to provide his/her own data, in which case he/she will not be able to enjoy all the services offered by the web site. Data will also be gathered if a user contacts the service provider directly with requests for information or explanations.

Mobile devices

In the use of applications created by the Data Controller or its affiliates and, if applicable, when the user has consented to use of the position identification function on the mobile device, information about the user’s geographical position and his/her mobile device may be gathered. This data can be used to provide services and information based on positioning, such as search results and other personalised content. However, most mobile devices allow users to disactivate position identification services.

Third-party personal data provided by a user

The user may also provide data about third parties, for example in the case of delivering goods to a third-party address or making a hotel reservation for a third party. In these cases, during the purchase or reservation process, the user must provide the data for such third parties. In these cases, the information provided will be used only as required for the selected services.

Personal data gathered from other sources

In addition to the data provided directly by the user, the Data Controller might receive other information from other sources, such as the commercial partners offering their services on the It’s Tuscany platform.
When making use of the It’s Tuscany platform, the user communicates the details of orders and/or reservations to the suppliers of goods and services who then send them to the Data Controller. The Data Controller also relies on external providers to handle payments from users to suppliers. Such providers share the information about payments, to assist in handling the user’s reservations and provide the best possible experience.

Social networks are useful in several ways: they facilitate the use of the It’s Tuscany platform, they promote the products of our commercial partners, they advertise, improve and facilitate the use of our services. For example, social plug-ins of reference such as the Facebook “Like” and the Google Plus “+1” are visible on the web site.
It is also possible to access the account through a social media account. After the user has logged in to the first time through his/her social media account, it will always be possible to login to through the same social media account. If the user chooses to access through social media, the social media provider may allow the user to share information with If the user chooses to share information, the social media provider usually informs the user which information will be shared (for example: e-mail address, age or photograph of the data owner, list of contacts, status update, etc.) as configured in the user account.


Users’ personal data are an important component but ceding such information to third parties is not an activity that FLORENCE LAB SRL conducts. However, it is necessary to communicate some personal data to third parties to fulfil contractual obligations. In detail, the Data Controller may communicate personal data subject to treatment to:

Marketplace vendors and commercial partners

FLORENCE LAB SRL works closely with external companies that manage their online shops on the platform, offering users the possibility to purchase goods and to utilise services. When a purchase is made, vendors must have access to the personal data of the buyer to complete the order. Similarly, anyone who wants to reserve accommodations must communicate their personal data (such as name, contact and payment information, names and data of other guests and any personal preferences to be indicated at the time of making the reservation) to complete their reservations. Conferral of such data is necessary to complete orders and reservations.

External suppliers of services
FLORENCE LAB SRL relies on external companies and physical persons to conduct some activities. Some examples of the activities are: completing orders, delivering shipments, sending surface and electronic mail, analysing data, supplying marketing assistance, making credit card payments and providing customer services. Some examples of the suppliers are: the post office and shippers/couriers to send documentation and deliver materials, banking institutions to manage collection and sending of payment regarding execution of contracts, also fraud identification and prevention.
These parties have access only to the personal data required to carry out their duties, thus they cannot use the data for other purposes and they are obliged to treat such data in conformity to this privacy notice and the provisions in force that apply to the protection of personal data.
Protection of and other parties
Account and personal data will be shared with the police as required by the law or, if essential, to identify, prevent or to prosecute fraud or crime. Therefore, it is only when expressly required by the law that access to such data is granted to the parties entitled by provisions to conduct such activities. Personal data can be shared with competent authorities to protect the safety of, its users and commercial partners.

It’s Tuscany services are offered only to adults. Information about minors is gathered only with parental consent and is limited to cases such as hotel reservations or the purchase of other travel services.


Conferral of personal data for the purposes as defined above is obligatory; refusal to provide personal data will prevent realization of any requests.

The user is free to choose not to provide personal data even though communication of such data could be necessary to enable fulfilment of contractual obligations and to execute user requests such as forwarding a purchase order, making a hotel reservation or making use of some other functions of For this reason, the user undertakes to inform the Data Controller of any corrections, integrations and/or updates to personal data.

If a user does not want to receive e-mails or other mail with advertising, promotions and marketing, etc. or does not want to consent to use of the personal data gathered to personalise third party advertising that will be displayed for him/her, the user can review and revise his/her newsletter and notification preferences.


Data owners can write to this address,, to correct personal data as recorded in our records, and to pose questions about management of personal data or this Privacy Policy.
Pursuant to art. 7 of Legislative Decree no. 196/2003, the Privacy Act:
1.The data owner is entitled to obtain confirmation or denial of the existence of his/her own personal data, even if not yet recorded, and to receive communication of such data in an intelligible form;

2.The data owner is also entitled to obtain indication of the origin of the personal data, the purposes and methods of data treatment, of the logic applied in the case of processing with the use of electronic instruments, of the identification data of the Data Controller, Data Supervisor, the designated representative and of the parties and categories of parties to which personal data can be communicated or which can acquire knowledge of it in the roles of designated representative on State territory, Data Supervisors and designated employees.

3.The data owner is also entitled to obtain a) updating, correction or, if interested, integration of the data; b) cancellation, transformation into an anonymous format or blockage of data processed in violation of the law, including data for which conservation is not necessary in relation to the purposes for which it was gathered or successively processed; c) a declaration that the operations at letters a) and b) were made known, including the relevant content, to those to whom the data was communicated or diffused, except in the case that such a fulfilment is evidently impossible or would require adoption of manifestly disproportionate means with respect to the protected right.


The Privacy Policy may well be subject to revision from time to time, so users are invited to check the version published on the web site frequently to verify any changes. Unless otherwise stated, this Privacy Policy applies to all the personal data we have for the user and his/her account. In any case, when a user decides to utilise the platform, this notice must be expressly accepted.


This Privacy Policy notice is automatically available for consultation in recent browser editions incorporating
the P3P standard (Platform for Privacy Preferences Project) of the World Wide Web Consortium ( We will make every effort to activate interoperability between the web site functionalities and the automatic mechanisms of privacy control available in some products utilised by users.
Considering that the automatic mechanisms of privacy control have not yet reached a level of reliability that is substantially free of errors and malfunctioning, this notice constitutes the Privacy Policy of this web site, subject to revision, and is published for consultation online at, together with the various superseded editions.



Cookies are small data fragments that websites send to and register on your device (usually the browser) during your navigation on the sites themselves. Such cookies are retransmitted to the websites during your next visit to the same site. During navigation, the user may also receive cookies from third-party web sites or servers that host some elements (such as images, maps, sounds, or links to specific pages on other domains) present on the web site that the user is currently visiting. Another important distinction is between session and permanent cookies. The former have a limited term and are cancelled when the browser is closed, while the latter have a longer validity and are not automatically cancelled by closing the browser .

Browsers normally conserve many cookies with extended terms of validity and a great variety of purposes. For this reason, it is necessary to be able to distinguish among them.


a. Technical cookies

Technical cookies serve only to transmit a communication on a network. They are normally installed directly by the Data Controller or manager of a web site. Their purpose is to visualise a web site, to make it function correctly, to create an account, to login and the manage reservations and purchases.

Technical cookies are indispensable for correct functioning of the web site. They are classified as:

- navigation or session cookies that guarantee normal navigation and fruition of a website (allowing, for example, for making purchases or providing valid credentials for access to reserved areas);

- analytical cookies, which are similar to technical cookies if used directly by a web master to collect information in aggregate form about the number of users on a site and about how the users visit the website itself, to understand what is functional and what is not; to optimise and improve the web site and its apps; to assess the effectiveness of marketing and communications. The extrapolated data includes the visits to the web pages, the entry and exit web pages, the type of platform, opened e-mail messages and date and time information. This type of cookie reveals how the user interacts with the web site. Analytical cookies are also used in online advertising campaigns to understand how the user interacts with the web site and apps after visualising online advertising, including advertising on third party web sites. Commercial partners may also use analytical cookies to verify whether their users take advantage of offers integrated on their web sites;

- functional cookies allow for navigation based on a series of selective criteria (such as the language, the products chosen for purchase, or memorising registration information to avoid having to enter the data manually for each access) to enhance the service rendered to the user. These cookies conserve user preferences and help make web site visits and applications more efficient. Technical cookies are indispensable for correct functioning of the web site but add functionalities and improve the navigation experience.

b. Profiling cookies

Profiling cookies of this web site and third parties, useful for inserting personalised advertising messages on this and other web sites, are configured to create a user profile for sending advertising messages aligned with the preferences expressed by the user during web navigation. Considering the potential invasiveness of such devices in the private sphere, provisions are in place to ensure that users are adequately informed about their use and can therefore express informed consent.


The user is entitled select/deselect individual cookies and is informed that the elimination of some cookies can impede navigation or make it quite difficult.
A simple procedure is available to configure the browser to disactivate cookies.

  1. Open Firefox.

  2. Press the “Alt” key on the keyboard.

  3. Select “Tools” and then “Options” on the instrument panel at the top of the screen.

  4. Select the “Privacy” tab.

  5. Go “Chronology” and select “Personalised settings”. Deselect “Accept cookies” and save the preferences.

Internet Explorer:

  1. Open Internet Explorer .

  2. Select “Tools” and then “Internet options”.

  3. Select the “Privacy” tab and move the slider to the desired privacy level (toward the top to block all cookies or

    toward the bottom to allow all cookies).

  4. Then click OK.

Google Chrome:

  1. Open Google Chrome.

  2. Click the “Tools” icon.

  3. Select “Settings” and then “Advanced settings”.

  4. Under the “Privacy” heading, select “Contents settings”.

5. Deselect the cookies on the “Cookies” tab and save your preferences.


  1. Open Safari.

  2. Select the “Preferences” menu, then select the “Security” tab in the dialogue window that follows.

  3. In the “Accept cookies” section, specify when Safari should save cookies from web sites. For more information,

    click the “Help” button, identified by a question mark.


To maintain the distinction between our responsibility and that of third parties regarding the information provided and the consent obtained for acquisition of third party cookies through our web site, users are invited to consult the notices and methods of expressing consent to third parties provided at the following links:

Google: LinkedIn:


The user can send an e-mail to with any questions, suggestions or comments about this notice. The notice may well be subject to revision in the future, so it will be useful to visit this page regularly to verify any changes.